Aller au contenu

victord92

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    6

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par victord92

  1. victord92
    Bonsoir, je t'envois mon rapport: ComboFix 08-03-03.6 - Victor 2008-03-04 19:11:05.4 - NTFSx86 Endroit: C:\Documents and Settings\Victor\Bureau\Logiciel Securite\ComboFix.exe Command switches used :: C:\Documents and Settings\Victor\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\DOCUME~1\Victor\LOCALS~1\Temp\adxapie.sys C:\WINDOWS\BMabb34a46.xml C:\WINDOWS\pskt.ini C:\WINDOWS\S227122B3.tmp C:\WINDOWS\system32\CF3690.exe C:\windows\system32\ddccb.dll C:\windows\system32\mljgh.dll C:\WINDOWS\system32\sstqp.dll_old . ((((((((((((((((((((((((((((( Fichiers créés 2008-02-04 to 2008-03-04 )))))))))))))))))))))))))))))))))))) . 2008-03-04 13:45 . 2008-03-04 13:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-04 13:45 . 2008-03-04 13:45 1,409 --a------ C:\WINDOWS\QTFont.for 2008-03-03 23:08 . 2008-03-03 23:08 <REP> d-------- C:\WINDOWS\RaidTool 2008-03-03 23:08 . 2008-03-03 23:08 <REP> d-------- C:\RaidTool 2008-03-03 23:08 . 2007-03-21 16:23 1,953,792 --a------ C:\WINDOWS\system32\xRaidSetup.exe 2008-03-03 23:08 . 2007-03-20 21:15 143,360 --a------ C:\WINDOWS\system32\xRaidAPI.dll 2008-03-03 23:07 . 2007-03-24 11:20 46,208 --a------ C:\WINDOWS\system32\drivers\jraid.sys 2008-03-03 23:07 . 2006-02-07 19:52 6,912 --a------ C:\WINDOWS\system32\drivers\JGOGO.sys 2008-03-03 23:02 . 2008-03-03 23:02 <REP> d-------- C:\Intel 2008-03-03 22:54 . 2005-08-21 17:16 247,808 --a------ C:\WINDOWS\system32\drivers\ADIHdAud.sys 2008-03-03 22:54 . 2005-08-21 17:16 139,776 --a------ C:\WINDOWS\system32\drivers\adidts.sys 2008-03-03 22:54 . 2005-08-21 17:16 93,824 --a------ C:\WINDOWS\system32\drivers\aeaudio.sys 2008-03-03 22:54 . 2005-08-21 17:16 24,064 --a------ C:\WINDOWS\system32\PostProc.dll 2008-03-03 22:32 . 2008-03-03 22:32 <REP> d-------- C:\Program Files\Analog Devices 2008-03-03 22:32 . 2001-09-11 15:20 1,285,632 --------- C:\WINDOWS\system32\SMMedia.dll 2008-03-03 22:32 . 2005-05-04 09:20 53,248 --------- C:\WINDOWS\system32\wdmioctl.dll 2008-03-03 22:32 . 2006-07-10 15:42 49,152 --a------ C:\WINDOWS\system32\DSndUp.exe 2008-03-03 22:32 . 2002-04-17 15:05 45,056 --------- C:\WINDOWS\system32\CleanUp.exe 2008-03-03 21:06 . 2008-03-03 21:06 <REP> d-------- C:\Program Files\Fichiers communs\AirDefense 2008-03-03 21:06 . 2008-03-03 21:06 <REP> d-------- C:\Program Files\AirDefense 2008-03-03 21:06 . 2008-03-03 21:06 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AirDefense 2008-03-03 20:52 . 2008-03-03 20:52 <REP> d-------- C:\Documents and Settings\Victor\Application Data\Ethereal 2008-03-03 20:50 . 2008-03-03 20:50 <REP> d-------- C:\Program Files\Ethereal 2008-03-03 20:49 . 2008-03-03 20:50 <REP> d-------- C:\Temp 2008-03-03 20:49 . 2008-03-03 20:50 <REP> d-------- C:\Program Files\WinPcap 2008-03-03 13:04 . 2008-03-03 13:09 <REP> d-------- C:\ComboFix(2) 2008-03-02 22:46 . 2008-03-02 23:10 <REP> d-------- C:\Program Files\Navilog1 2008-03-02 22:41 . 2008-01-29 16:52 245,760 --a------ C:\Program Files\Uninstall Ask Toolbar.dll 2008-03-02 20:05 . 2007-12-29 20:12 266,240 --a------ C:\Program Files\Uninstall Pando Toolbar.dll 2008-03-02 15:35 . 2008-03-02 18:55 299 --a------ C:\WINDOWS\wininit.ini 2008-03-02 14:58 . 2008-03-02 14:59 <REP> d-------- C:\Program Files\CCleaner 2008-03-02 14:56 . 2008-03-02 14:56 <REP> d-------- C:\Program Files\Lavasoft 2008-03-02 14:54 . 2008-03-02 14:54 <REP> d-------- C:\Program Files\Spybot - Search & Destroy 2008-03-02 14:54 . 2008-03-02 17:37 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2008-03-02 12:16 . 2008-03-03 11:17 <REP> d-------- C:\VundoFix Backups 2008-03-01 19:07 . 2008-03-01 19:07 <REP> d-------- C:\WINDOWS\report 2008-03-01 19:07 . 2008-03-01 19:07 <REP> d-------- C:\WINDOWS\AU_Backup 2008-03-01 19:07 . 2008-03-01 19:07 35,245,521 --a------ C:\WINDOWS\VPTNFILE.131 2008-03-01 19:07 . 2008-03-01 19:07 35,245,521 --a------ C:\WINDOWS\LPT$VPN.131 2008-03-01 19:07 . 2008-03-01 19:07 1,922,894 --a------ C:\WINDOWS\tsc.ptn 2008-03-01 19:07 . 2008-03-01 19:07 1,163,344 --a------ C:\WINDOWS\vsapi32.dll 2008-03-01 19:07 . 2008-03-01 19:07 267,845 --a------ C:\WINDOWS\tsc.exe 2008-03-01 19:07 . 2008-03-01 19:07 86,094 --a------ C:\WINDOWS\BPMNT.dll 2008-03-01 19:07 . 2008-03-01 19:07 71,749 --a------ C:\WINDOWS\hcextoutput.dll 2008-03-01 19:07 . 2008-03-01 23:41 823 --a------ C:\WINDOWS\tsc.ini 2008-03-01 19:06 . 2008-03-01 19:07 <REP> d-------- C:\WINDOWS\AU_Temp 2008-03-01 19:06 . 2008-03-01 19:06 <REP> d-------- C:\WINDOWS\AU_Log 2008-03-01 19:06 . 2008-03-01 19:06 170 --a------ C:\WINDOWS\GetServer.ini 2008-03-01 19:05 . 2008-03-01 19:05 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL 2008-03-01 19:05 . 2008-03-01 19:05 286,720 --a------ C:\WINDOWS\PATCH.EXE 2008-03-01 19:05 . 2008-03-01 19:05 69,689 --a------ C:\WINDOWS\UNZIP.DLL 2008-03-01 12:08 . 2008-03-01 12:59 <REP> d-------- C:\Program Files\_REPLACE_ 2008-03-01 10:55 . 2008-03-01 18:21 <REP> d-------- C:\PacSteam 2008-02-29 20:56 . 2006-01-29 11:48 45,056 --a------ C:\WINDOWS\system32\Synsopos.exe 2008-02-29 20:43 . 2008-02-29 20:44 <REP> d-------- C:\Program Files\Steinberg 2008-02-29 20:43 . 2008-02-29 20:43 <REP> d-------- C:\Documents and Settings\Victor\Application Data\Steinberg 2008-02-15 08:35 . 2008-02-15 08:35 <REP> d-------- C:\Documents and Settings\Victor\Application Data\Microsoft Games 2008-02-13 20:44 . 2008-02-14 20:00 <REP> d-------- C:\Documents and Settings\Victor\Application Data\FileZilla 2008-02-13 20:43 . 2008-02-14 19:54 <REP> d-------- C:\Program Files\FileZilla FTP Client 2008-02-13 16:25 . 2008-02-13 16:25 0 --a------ C:\WINDOWS\Irremote.ini 2008-02-13 15:29 . 2005-11-21 06:48 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL 2008-02-13 15:29 . 2005-11-21 06:48 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS 2008-02-13 15:14 . 2008-02-13 15:31 <REP> d-------- C:\Program Files\SlySoft 2008-02-13 15:11 . 2008-02-13 15:11 <REP> d-------- C:\Documents and Settings\Victor\Application Data\InfraRecorder 2008-02-12 21:10 . 2008-02-12 21:10 <REP> d-------- C:\Program Files\Java 2008-02-12 21:10 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-02-12 21:06 . 2008-02-12 21:06 <REP> d-------- C:\Program Files\Fichiers communs\Java 2008-02-12 20:43 . 2008-02-12 20:43 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield 2008-02-12 20:40 . 2008-02-12 20:40 <REP> d-------- C:\Program Files\Fichiers communs\InstallShield Shared 2008-02-12 20:40 . 2008-02-12 20:40 <REP> d-------- C:\Program Files\eJay 2008-02-12 15:29 . 2008-02-12 15:29 <REP> d-------- C:\Program Files\Microsoft Silverlight 2008-02-12 15:28 . 2008-02-12 15:28 <REP> d-------- C:\Program Files\directx 2008-02-12 14:50 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll 2008-02-12 14:50 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll 2008-02-12 14:50 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll 2008-02-12 14:50 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll 2008-02-12 14:50 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll 2008-02-11 19:29 . 2001-10-05 09:48 225,280 --a------ C:\WINDOWS\system32\rfwdres.dll 2008-02-11 19:29 . 2002-04-09 09:19 126,976 --a------ C:\WINDOWS\system32\rfshext.dll 2008-02-11 19:29 . 2001-10-05 09:48 24,576 --a------ C:\WINDOWS\system32\rfstrres.dll 2008-02-11 19:29 . 2001-10-05 09:48 24,576 --a------ C:\WINDOWS\system32\rfshres.dll 2008-02-10 21:03 . 2008-02-13 20:18 <REP> d-------- C:\Program Files\NetDrive 2008-02-10 21:03 . 2002-08-29 15:43 499,712 --a------ C:\WINDOWS\system32\RFHelper.dll 2008-02-10 21:03 . 2002-04-12 15:14 139,264 --a------ C:\WINDOWS\system32\RFNP32.dll 2008-02-10 21:03 . 2001-10-05 09:47 36,864 --a------ C:\WINDOWS\system32\rfhres.dll 2008-02-10 20:55 . 2008-02-10 20:55 <REP> d-------- C:\Program Files\Fichiers communs\DirectX 2008-02-10 20:55 . 1998-10-07 13:08 327,168 --a------ C:\WINDOWS\IsUn040c.exe 2008-02-10 20:48 . 2008-02-14 15:22 <REP> d-------- C:\Program Files\TYPSoft FTP Server 2008-02-10 09:54 . 2008-02-10 09:54 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Syncrosoft 2008-02-10 09:51 . 2008-02-29 20:57 <REP> d-------- C:\Program Files\Syncrosoft 2008-02-10 09:51 . 2007-02-23 12:57 757,760 --a------ C:\WINDOWS\system32\SYNSOACC.dll 2008-02-10 09:51 . 2006-01-29 11:48 147,456 --a------ C:\WINDOWS\system32\SynsoLChk.dll 2008-02-10 09:51 . 2006-01-29 11:48 147,425 --a------ C:\WINDOWS\system32\SYNSOACC-Aide.chm 2008-02-10 09:51 . 2006-01-29 11:48 120,468 --a------ C:\WINDOWS\system32\SYNSOACC-Hilfe.chm 2008-02-10 09:51 . 2006-01-29 11:48 114,279 --a------ C:\WINDOWS\system32\SYNSOACC-Help.chm 2008-02-10 09:51 . 2006-11-23 17:20 18,432 --a------ C:\WINDOWS\system32\drivers\synasUSB.sys 2008-02-09 23:27 . 2008-02-09 23:27 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\PCToolsFirewallPlus 2008-02-09 21:05 . 2008-02-09 21:06 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft 2008-02-09 12:36 . 2008-02-09 12:36 <REP> d-------- C:\Documents and Settings\Victor\Application Data\PCToolsFirewallPlus 2008-02-09 12:26 . 2008-02-11 17:44 <REP> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-04 18:07 --------- d-----w C:\Program Files\Steam 2008-03-04 10:08 --------- d-----w C:\Documents and Settings\Victor\Application Data\AVG7 2008-03-03 22:08 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-03 16:00 --------- d-----w C:\Documents and Settings\Victor\Application Data\uTorrent 2008-03-02 19:22 --------- d-----w C:\Program Files\GameFace Messenger 2008-03-02 19:05 --------- d-----w C:\Program Files\Yahoo! 2008-03-01 14:16 --------- d-----w C:\Program Files\eMule 2008-02-22 07:00 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\AVG7 2008-02-15 06:38 --------- d-----w C:\Program Files\Microsoft Games 2008-02-13 15:29 --------- d-----w C:\Program Files\Nero 2008-02-13 15:29 --------- d-----w C:\Program Files\Fichiers communs\Nero 2008-02-13 15:29 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero 2008-02-09 20:05 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-02-01 15:17 --------- d-----w C:\Program Files\FX Uninstall Information 2008-01-30 18:32 --------- d-----w C:\Program Files\VirtualDJ 2008-01-30 14:03 --------- d-----w C:\Documents and Settings\Victor\Application Data\La Bataille pour la Terre du Milieu ™ II 2008-01-29 18:22 22,328 ----a-w C:\windows\system32\drivers\PnkBstrK.sys 2008-01-29 17:27 --------- d-----w C:\Program Files\THQ 2008-01-29 15:28 --------- d-----w C:\Program Files\Astonsoft 2008-01-29 15:00 --------- d-----w C:\Documents and Settings\Victor\Application Data\DeepBurner 2008-01-17 20:10 --------- d-----w C:\Program Files\iTunes 2008-01-17 20:10 --------- d-----w C:\Program Files\iPod 2008-01-17 20:09 --------- d-----w C:\Program Files\QuickTime 2008-01-16 12:26 --------- d-----w C:\Documents and Settings\Victor\Application Data\InstallShield Installation Information 2008-01-16 10:15 --------- d-----w C:\Program Files\Electronic Arts 2008-01-15 11:58 --------- d-----w C:\Program Files\Aspyr 2008-01-14 18:58 --------- d-----w C:\Documents and Settings\Victor\Application Data\AVS4YOU 2008-01-14 18:57 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia 2008-01-14 18:57 --------- d-----w C:\Program Files\AVS4YOU 2008-01-14 18:57 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU 2008-01-14 16:33 --------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment 2008-01-13 14:05 --------- d-----w C:\Program Files\DAEMON Tools Lite 2008-01-13 14:03 --------- d-----w C:\Documents and Settings\Victor\Application Data\DAEMON Tools 2008-01-13 09:02 715,248 ----a-w C:\windows\system32\drivers\sptd.sys 2008-01-12 20:32 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Nero 2007-12-10 11:55 22,328 ----a-w C:\Documents and Settings\Victor\Application Data\PnkBstrK.sys 2007-09-19 14:15 19,136 ----a-w C:\Documents and Settings\Alexandre\Application Data\GDIPFONTCACHEV1.DAT 2007-09-18 17:49 19,136 ----a-w C:\Documents and Settings\Victor\Application Data\GDIPFONTCACHEV1.DAT 2006-08-27 14:38 1,015,973 --sha-r C:\Program Files\serial.tde 2006-05-28 15:46 397,306 --sha-r C:\Program Files\wunauclt.zip 2006-05-28 15:46 397,306 --sha-r C:\Program Files\wunauclt.tbe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6106418-61EB-4090-8E08-A987FE7B138A}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E4509171-B173-459A-9DC3-ADB8780EC9C0}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-14 19:24 68856] "UberIcon"="C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe" [2006-02-05 13:20 180224] "ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2006-03-02 13:00 15360] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-09 08:29 86016] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-28 19:58 579072] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-09 08:29 7561216] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 08:12 729088] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-08-21 17:16 847872] "JMB36X IDE Setup"="C:\windows\RaidTool\xInsIDE.exe" [2007-03-20 14:36 36864] "36X Raid Configurer"="C:\windows\system32\xRaidSetup.exe" [2007-03-21 16:23 1953792] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 07:16 219136] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat"= "C:\\Program Files\\GRISOFT\\AVG7\\avginet.exe"= "C:\\Program Files\\GRISOFT\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\GRISOFT\\AVG7\\avgcc.exe"= "C:\\Program Files\\GRISOFT\\AVG7\\avgemc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\Steam\\SteamApps\\marcel526\\counter-strike source\\hl2.exe"= "C:\\Program Files\\Steam\\SteamApps\\marcel526\\day of defeat source\\hl2.exe"= "C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"= "C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"= "C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"= "C:\\Program Files\\Steam\\SteamApps\\marcel526\\half-life 2 deathmatch\\hl2.exe"= "C:\\Program Files\\Steam\\steam.exe"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "C:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\patchget.dat"= "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"= "C:\\Program Files\\Steam\\SteamApps\\stef92\\condition zero\\hl.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "Y:\\Jeux\\Warhammer 40.000 Mark of Chaos\\Warhammer.exe"= "C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"= "C:\\Program Files\\Aspyr\\Guitar Hero III\\gh3.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "Y:\\Teminer\\Jeux\\Team Fortress 2\\hl2.exe"= "Y:\\Jeux\\Sega rally\\SEGA Rally_SSE1.exe"= "C:\\Program Files\\VirtualDJ\\virtualdj.exe"= "C:\\Program Files\\Steam\\SteamApps\\stef92\\counter-strike source\\hl2.exe"= "C:\\Program Files\\TYPSoft FTP Server\\ftpserv.exe"= "C:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "56107:TCP"= 56107:TCP:Pando P2P TCP Listening Port "56107:UDP"= 56107:UDP:Pando P2P UDP Listening Port "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R1 SSHDRV52;SSHDRV52;C:\WINDOWS\system32\drivers\SSHDRV52.sys [2007-07-28 16:00] R2 ADFirewall;AirDefense Personal Service;c:\program files\airdefense\airdefense personal enterprise agent\airdefense.exe [2005-08-30 19:42] R2 WebDriveFSD;WebDrive File System Driver;C:\Program Files\NetDrive\rffsd.sys [2001-07-29 00:36] S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 09:57] S3 SynasUSB;SynasUSB;C:\windows\system32\drivers\SynasUSB.sys [2006-11-23 17:20] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-04 19:18:05 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . --------------------- DLLs a chargé sous des processus courants --------------------- PROCESS: C:\windows\system32\winlogon.exe -> C:\windows\system32\RFHelper.dll PROCESS: C:\windows\explorer.exe [6.00.2900.3156] -> C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon.dll -> C:\windows\system32\RFHelper.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\windows\system32\nvsvc32.exe C:\windows\system32\PnkBstrA.exe C:\Program Files\NetDrive\wdservice.exe C:\windows\system32\wscntfy.exe . ************************************************************************** . Temps d'accomplissement: 2008-03-04 19:22:09 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-04 18:22:06 ComboFix2.txt 2008-03-03 22:35:05 . 2008-02-13 02:06:42 --- E O F --- Bonsoir, et merci pour votre aide
  2. victord92
    Bonsoir voila mon rapport de ComboFix: ComboFix 08-03-03.6 - Victor 2008-03-03 23:19:21.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1520 [GMT 1:00] Endroit: C:\Documents and Settings\Victor\Bureau\Logiciel Securite\ComboFix.exe Command switches used :: C:\Documents and Settings\Victor\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\WINDOWS\BMabb34a46.xml C:\WINDOWS\pskt.ini C:\WINDOWS\S227122B3.tmp C:\WINDOWS\system32\CF3690.exe C:\WINDOWS\system32\sstqp.dll_old . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BMabb34a46.xml C:\WINDOWS\pskt.ini C:\WINDOWS\S227122B3.tmp C:\WINDOWS\system32\CF3690.exe C:\windows\system32\drivers\npf.sys C:\windows\system32\packet.dll C:\windows\system32\pthreadVC.dll C:\WINDOWS\system32\sstqp.dll_old C:\windows\system32\wanpacket.dll C:\windows\system32\wpcap.dll . ---- Previous Run ------- . C:\windows\system32\gebyv.dll C:\windows\system32\ksmpfdlx.dll C:\windows\system32\mcrh.tmp C:\windows\system32\roowhgab.dll C:\windows\system32\vturpmj.dll C:\WINDOWS\system32\vybeg.ini C:\WINDOWS\system32\vybeg.ini2 C:\WINDOWS\system32\xldfpmsk.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_NM -------\LEGACY_NPF -------\nm -------\NPF ((((((((((((((((((((((((((((( Fichiers créés 2008-02-03 to 2008-03-03 )))))))))))))))))))))))))))))))))))) . 2008-03-03 23:08 . 2008-03-03 23:08 <REP> d-------- C:\WINDOWS\RaidTool 2008-03-03 23:08 . 2008-03-03 23:08 <REP> d-------- C:\RaidTool 2008-03-03 23:08 . 2007-03-21 16:23 1,953,792 --a------ C:\WINDOWS\system32\xRaidSetup.exe 2008-03-03 23:08 . 2007-03-20 21:15 143,360 --a------ C:\WINDOWS\system32\xRaidAPI.dll 2008-03-03 23:07 . 2007-03-24 11:20 46,208 --a------ C:\WINDOWS\system32\drivers\jraid.sys 2008-03-03 23:07 . 2006-02-07 19:52 6,912 --a------ C:\WINDOWS\system32\drivers\JGOGO.sys 2008-03-03 23:02 . 2008-03-03 23:02 <REP> d-------- C:\Intel 2008-03-03 22:54 . 2005-08-21 17:16 247,808 --a------ C:\WINDOWS\system32\drivers\ADIHdAud.sys 2008-03-03 22:54 . 2005-08-21 17:16 139,776 --a------ C:\WINDOWS\system32\drivers\adidts.sys 2008-03-03 22:54 . 2005-08-21 17:16 93,824 --a------ C:\WINDOWS\system32\drivers\aeaudio.sys 2008-03-03 22:54 . 2005-08-21 17:16 24,064 --a------ C:\WINDOWS\system32\PostProc.dll 2008-03-03 22:32 . 2008-03-03 22:32 <REP> d-------- C:\Program Files\Analog Devices 2008-03-03 22:32 . 2001-09-11 15:20 1,285,632 --------- C:\WINDOWS\system32\SMMedia.dll 2008-03-03 22:32 . 2005-05-04 09:20 53,248 --------- C:\WINDOWS\system32\wdmioctl.dll 2008-03-03 22:32 . 2006-07-10 15:42 49,152 --a------ C:\WINDOWS\system32\DSndUp.exe 2008-03-03 22:32 . 2002-04-17 15:05 45,056 --------- C:\WINDOWS\system32\CleanUp.exe 2008-03-03 21:06 . 2008-03-03 21:06 <REP> d-------- C:\Program Files\Fichiers communs\AirDefense 2008-03-03 21:06 . 2008-03-03 21:06 <REP> d-------- C:\Program Files\AirDefense 2008-03-03 21:06 . 2008-03-03 21:06 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AirDefense 2008-03-03 20:52 . 2008-03-03 20:52 <REP> d-------- C:\Documents and Settings\Victor\Application Data\Ethereal 2008-03-03 20:50 . 2008-03-03 20:50 <REP> d-------- C:\Program Files\Ethereal 2008-03-03 20:49 . 2008-03-03 20:50 <REP> d-------- C:\Temp 2008-03-03 20:49 . 2008-03-03 20:50 <REP> d-------- C:\Program Files\WinPcap 2008-03-03 13:04 . 2008-03-03 13:09 <REP> d-------- C:\ComboFix(2) 2008-03-02 22:46 . 2008-03-02 23:10 <REP> d-------- C:\Program Files\Navilog1 2008-03-02 22:41 . 2008-01-29 16:52 245,760 --a------ C:\Program Files\Uninstall Ask Toolbar.dll 2008-03-02 20:05 . 2007-12-29 20:12 266,240 --a------ C:\Program Files\Uninstall Pando Toolbar.dll 2008-03-02 15:35 . 2008-03-02 18:55 299 --a------ C:\WINDOWS\wininit.ini 2008-03-02 14:58 . 2008-03-02 14:59 <REP> d-------- C:\Program Files\CCleaner 2008-03-02 14:56 . 2008-03-02 14:56 <REP> d-------- C:\Program Files\Lavasoft 2008-03-02 14:54 . 2008-03-02 14:54 <REP> d-------- C:\Program Files\Spybot - Search & Destroy 2008-03-02 14:54 . 2008-03-02 17:37 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2008-03-02 12:16 . 2008-03-03 11:17 <REP> d-------- C:\VundoFix Backups 2008-03-01 19:07 . 2008-03-01 19:07 <REP> d-------- C:\WINDOWS\report 2008-03-01 19:07 . 2008-03-01 19:07 <REP> d-------- C:\WINDOWS\AU_Backup 2008-03-01 19:07 . 2008-03-01 19:07 35,245,521 --a------ C:\WINDOWS\VPTNFILE.131 2008-03-01 19:07 . 2008-03-01 19:07 35,245,521 --a------ C:\WINDOWS\LPT$VPN.131 2008-03-01 19:07 . 2008-03-01 19:07 1,922,894 --a------ C:\WINDOWS\tsc.ptn 2008-03-01 19:07 . 2008-03-01 19:07 1,163,344 --a------ C:\WINDOWS\vsapi32.dll 2008-03-01 19:07 . 2008-03-01 19:07 267,845 --a------ C:\WINDOWS\tsc.exe 2008-03-01 19:07 . 2008-03-01 19:07 86,094 --a------ C:\WINDOWS\BPMNT.dll 2008-03-01 19:07 . 2008-03-01 19:07 71,749 --a------ C:\WINDOWS\hcextoutput.dll 2008-03-01 19:07 . 2008-03-01 23:41 823 --a------ C:\WINDOWS\tsc.ini 2008-03-01 19:06 . 2008-03-01 19:07 <REP> d-------- C:\WINDOWS\AU_Temp 2008-03-01 19:06 . 2008-03-01 19:06 <REP> d-------- C:\WINDOWS\AU_Log 2008-03-01 19:06 . 2008-03-01 19:06 170 --a------ C:\WINDOWS\GetServer.ini 2008-03-01 19:05 . 2008-03-01 19:05 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL 2008-03-01 19:05 . 2008-03-01 19:05 286,720 --a------ C:\WINDOWS\PATCH.EXE 2008-03-01 19:05 . 2008-03-01 19:05 69,689 --a------ C:\WINDOWS\UNZIP.DLL 2008-03-01 12:08 . 2008-03-01 12:59 <REP> d-------- C:\Program Files\_REPLACE_ 2008-03-01 10:55 . 2008-03-01 18:21 <REP> d-------- C:\PacSteam 2008-02-29 20:56 . 2006-01-29 11:48 45,056 --a------ C:\WINDOWS\system32\Synsopos.exe 2008-02-29 20:43 . 2008-02-29 20:44 <REP> d-------- C:\Program Files\Steinberg 2008-02-29 20:43 . 2008-02-29 20:43 <REP> d-------- C:\Documents and Settings\Victor\Application Data\Steinberg 2008-02-15 08:35 . 2008-02-15 08:35 <REP> d-------- C:\Documents and Settings\Victor\Application Data\Microsoft Games 2008-02-13 20:44 . 2008-02-14 20:00 <REP> d-------- C:\Documents and Settings\Victor\Application Data\FileZilla 2008-02-13 20:43 . 2008-02-14 19:54 <REP> d-------- C:\Program Files\FileZilla FTP Client 2008-02-13 16:25 . 2008-02-13 16:25 0 --a------ C:\WINDOWS\Irremote.ini 2008-02-13 15:29 . 2005-11-21 06:48 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL 2008-02-13 15:29 . 2005-11-21 06:48 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS 2008-02-13 15:14 . 2008-02-13 15:31 <REP> d-------- C:\Program Files\SlySoft 2008-02-13 15:11 . 2008-02-13 15:11 <REP> d-------- C:\Documents and Settings\Victor\Application Data\InfraRecorder 2008-02-12 21:10 . 2008-02-12 21:10 <REP> d-------- C:\Program Files\Java 2008-02-12 21:10 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-02-12 21:06 . 2008-02-12 21:06 <REP> d-------- C:\Program Files\Fichiers communs\Java 2008-02-12 20:43 . 2008-02-12 20:43 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield 2008-02-12 20:40 . 2008-02-12 20:40 <REP> d-------- C:\Program Files\Fichiers communs\InstallShield Shared 2008-02-12 20:40 . 2008-02-12 20:40 <REP> d-------- C:\Program Files\eJay 2008-02-12 15:29 . 2008-02-12 15:29 <REP> d-------- C:\Program Files\Microsoft Silverlight 2008-02-12 15:28 . 2008-02-12 15:28 <REP> d-------- C:\Program Files\directx 2008-02-12 14:50 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll 2008-02-12 14:50 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll 2008-02-12 14:50 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll 2008-02-12 14:50 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll 2008-02-12 14:50 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll 2008-02-11 19:29 . 2001-10-05 09:48 225,280 --a------ C:\WINDOWS\system32\rfwdres.dll 2008-02-11 19:29 . 2002-04-09 09:19 126,976 --a------ C:\WINDOWS\system32\rfshext.dll 2008-02-11 19:29 . 2001-10-05 09:48 24,576 --a------ C:\WINDOWS\system32\rfstrres.dll 2008-02-11 19:29 . 2001-10-05 09:48 24,576 --a------ C:\WINDOWS\system32\rfshres.dll 2008-02-10 21:03 . 2008-02-13 20:18 <REP> d-------- C:\Program Files\NetDrive 2008-02-10 21:03 . 2002-08-29 15:43 499,712 --a------ C:\WINDOWS\system32\RFHelper.dll 2008-02-10 21:03 . 2002-04-12 15:14 139,264 --a------ C:\WINDOWS\system32\RFNP32.dll 2008-02-10 21:03 . 2001-10-05 09:47 36,864 --a------ C:\WINDOWS\system32\rfhres.dll 2008-02-10 20:55 . 2008-02-10 20:55 <REP> d-------- C:\Program Files\Fichiers communs\DirectX 2008-02-10 20:55 . 1998-10-07 13:08 327,168 --a------ C:\WINDOWS\IsUn040c.exe 2008-02-10 20:48 . 2008-02-14 15:22 <REP> d-------- C:\Program Files\TYPSoft FTP Server 2008-02-10 09:54 . 2008-02-10 09:54 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Syncrosoft 2008-02-10 09:51 . 2008-02-29 20:57 <REP> d-------- C:\Program Files\Syncrosoft 2008-02-10 09:51 . 2007-02-23 12:57 757,760 --a------ C:\WINDOWS\system32\SYNSOACC.dll 2008-02-10 09:51 . 2006-01-29 11:48 147,456 --a------ C:\WINDOWS\system32\SynsoLChk.dll 2008-02-10 09:51 . 2006-01-29 11:48 147,425 --a------ C:\WINDOWS\system32\SYNSOACC-Aide.chm 2008-02-10 09:51 . 2006-01-29 11:48 120,468 --a------ C:\WINDOWS\system32\SYNSOACC-Hilfe.chm 2008-02-10 09:51 . 2006-01-29 11:48 114,279 --a------ C:\WINDOWS\system32\SYNSOACC-Help.chm 2008-02-10 09:51 . 2006-11-23 17:20 18,432 --a------ C:\WINDOWS\system32\drivers\synasUSB.sys 2008-02-09 23:27 . 2008-02-09 23:27 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\PCToolsFirewallPlus 2008-02-09 21:05 . 2008-02-09 21:06 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft 2008-02-09 12:36 . 2008-02-09 12:36 <REP> d-------- C:\Documents and Settings\Victor\Application Data\PCToolsFirewallPlus 2008-02-09 12:26 . 2008-02-11 17:44 <REP> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2008-02-09 12:06 . 2008-02-09 12:06 <REP> d-------- C:\Program Files\Ashampoo 2008-02-09 11:44 . 2008-02-09 11:44 <REP> d-------- C:\Documents and Settings\LocalService\Bureau . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-03 22:08 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-03 19:17 --------- d-----w C:\Program Files\Steam 2008-03-03 16:01 --------- d-----w C:\Documents and Settings\Victor\Application Data\AVG7 2008-03-03 16:00 --------- d-----w C:\Documents and Settings\Victor\Application Data\uTorrent 2008-03-02 19:22 --------- d-----w C:\Program Files\GameFace Messenger 2008-03-02 19:05 --------- d-----w C:\Program Files\Yahoo! 2008-03-01 14:16 --------- d-----w C:\Program Files\eMule 2008-02-22 07:00 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\AVG7 2008-02-15 06:38 --------- d-----w C:\Program Files\Microsoft Games 2008-02-13 15:29 --------- d-----w C:\Program Files\Nero 2008-02-13 15:29 --------- d-----w C:\Program Files\Fichiers communs\Nero 2008-02-13 15:29 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero 2008-02-09 20:05 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-02-01 15:17 --------- d-----w C:\Program Files\FX Uninstall Information 2008-01-30 18:32 --------- d-----w C:\Program Files\VirtualDJ 2008-01-30 14:03 --------- d-----w C:\Documents and Settings\Victor\Application Data\La Bataille pour la Terre du Milieu ™ II 2008-01-29 18:22 22,328 ----a-w C:\windows\system32\drivers\PnkBstrK.sys 2008-01-29 17:27 --------- d-----w C:\Program Files\THQ 2008-01-29 15:28 --------- d-----w C:\Program Files\Astonsoft 2008-01-29 15:00 --------- d-----w C:\Documents and Settings\Victor\Application Data\DeepBurner 2008-01-17 20:10 --------- d-----w C:\Program Files\iTunes 2008-01-17 20:10 --------- d-----w C:\Program Files\iPod 2008-01-17 20:09 --------- d-----w C:\Program Files\QuickTime 2008-01-16 12:26 --------- d-----w C:\Documents and Settings\Victor\Application Data\InstallShield Installation Information 2008-01-16 10:15 --------- d-----w C:\Program Files\Electronic Arts 2008-01-15 11:58 --------- d-----w C:\Program Files\Aspyr 2008-01-14 18:58 --------- d-----w C:\Documents and Settings\Victor\Application Data\AVS4YOU 2008-01-14 18:57 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia 2008-01-14 18:57 --------- d-----w C:\Program Files\AVS4YOU 2008-01-14 18:57 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU 2008-01-14 16:33 --------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment 2008-01-13 14:05 --------- d-----w C:\Program Files\DAEMON Tools Lite 2008-01-13 14:03 --------- d-----w C:\Documents and Settings\Victor\Application Data\DAEMON Tools 2008-01-13 09:02 715,248 ----a-w C:\windows\system32\drivers\sptd.sys 2008-01-12 20:32 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Nero 2007-12-10 11:55 22,328 ----a-w C:\Documents and Settings\Victor\Application Data\PnkBstrK.sys 2007-09-19 14:15 19,136 ----a-w C:\Documents and Settings\Alexandre\Application Data\GDIPFONTCACHEV1.DAT 2007-09-18 17:49 19,136 ----a-w C:\Documents and Settings\Victor\Application Data\GDIPFONTCACHEV1.DAT 2006-08-27 14:38 1,015,973 --sha-r C:\Program Files\serial.tde 2006-05-28 15:46 397,306 --sha-r C:\Program Files\wunauclt.zip 2006-05-28 15:46 397,306 --sha-r C:\Program Files\wunauclt.tbe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CFC7C3F-E4EA-4A37-9545-E37C8C5298EA}] C:\windows\system32\mljgh.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{137C17F0-BF6A-4C6B-9324-1E47CBED91D2}] C:\windows\system32\sstqp.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{44CF759F-BDBB-48F7-A19C-08E63057A0B1}] C:\windows\system32\gebcy.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59BAD8B0-441F-4345-BB76-820872CEB357}] C:\windows\system32\jkkji.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9AF369C5-3E0D-4614-9886-72EC51DAFF32}] C:\windows\system32\ddccb.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-14 19:24 68856] "UberIcon"="C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe" [2006-02-05 13:20 180224] "ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2006-03-02 13:00 15360] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-09 08:29 86016] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-28 19:58 579072] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-09 08:29 7561216] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 08:12 729088] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-08-21 17:16 847872] "JMB36X IDE Setup"="C:\windows\RaidTool\xInsIDE.exe" [2007-03-20 14:36 36864] "36X Raid Configurer"="C:\windows\system32\xRaidSetup.exe" [2007-03-21 16:23 1953792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 07:16 219136] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat"= "C:\\Program Files\\GRISOFT\\AVG7\\avginet.exe"= "C:\\Program Files\\GRISOFT\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\GRISOFT\\AVG7\\avgcc.exe"= "C:\\Program Files\\GRISOFT\\AVG7\\avgemc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\Steam\\SteamApps\\marcel526\\counter-strike source\\hl2.exe"= "C:\\Program Files\\Steam\\SteamApps\\marcel526\\day of defeat source\\hl2.exe"= "C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"= "C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"= "C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"= "C:\\Program Files\\Steam\\SteamApps\\marcel526\\half-life 2 deathmatch\\hl2.exe"= "C:\\Program Files\\Steam\\steam.exe"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "C:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\patchget.dat"= "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"= "C:\\Program Files\\Steam\\SteamApps\\stef92\\condition zero\\hl.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "Y:\\Jeux\\Warhammer 40.000 Mark of Chaos\\Warhammer.exe"= "C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"= "C:\\Program Files\\Aspyr\\Guitar Hero III\\gh3.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "Y:\\Teminer\\Jeux\\Team Fortress 2\\hl2.exe"= "C:\\WINDOWS\\system32\\drivers\\Wingen\\system.exe"= "Y:\\Jeux\\Sega rally\\SEGA Rally_SSE1.exe"= "C:\\Program Files\\VirtualDJ\\virtualdj.exe"= "C:\\Program Files\\Steam\\SteamApps\\stef92\\counter-strike source\\hl2.exe"= "C:\\Program Files\\TYPSoft FTP Server\\ftpserv.exe"= "C:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "56107:TCP"= 56107:TCP:Pando P2P TCP Listening Port "56107:UDP"= 56107:UDP:Pando P2P UDP Listening Port "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R1 SSHDRV52;SSHDRV52;C:\WINDOWS\system32\drivers\SSHDRV52.sys [2007-07-28 16:00] R2 ADFirewall;AirDefense Personal Service;c:\program files\airdefense\airdefense personal enterprise agent\airdefense.exe [2005-08-30 19:42] R2 WebDriveFSD;WebDrive File System Driver;C:\Program Files\NetDrive\rffsd.sys [2001-07-29 00:36] S3 adxapie;adxapie;C:\DOCUME~1\Victor\LOCALS~1\Temp\adxapie.sys [] S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 09:57] S3 SynasUSB;SynasUSB;C:\windows\system32\drivers\SynasUSB.sys [2006-11-23 17:20] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-03 23:30:46 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . --------------------- DLLs a chargé sous des processus courants --------------------- PROCESS: C:\windows\system32\winlogon.exe -> C:\windows\system32\RFHelper.dll PROCESS: C:\windows\explorer.exe [6.00.2900.3156] -> C:\windows\system32\RFHelper.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\windows\system32\nvsvc32.exe C:\windows\system32\PnkBstrA.exe C:\Program Files\NetDrive\wdservice.exe C:\windows\system32\wscntfy.exe . ************************************************************************** . Temps d'accomplissement: 2008-03-03 23:35:04 - machine was rebooted [Victor] ComboFix-quarantined-files.txt 2008-03-03 22:35:00 . 2008-02-13 02:06:42 --- E O F --- Voila et encore merci pour ton aide.
  3. victord92
    Re,voila mon rapport: ComboFix 08-03-03.6 - Victor 2008-03-03 13:04:20.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1581 [GMT 1:00] Endroit: C:\Documents and Settings\Victor\Bureau\ComboFix(2).exe AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\windows\system32\gebyv.dll C:\windows\system32\ksmpfdlx.dll C:\windows\system32\mcrh.tmp C:\windows\system32\roowhgab.dll C:\windows\system32\vturpmj.dll C:\WINDOWS\system32\vybeg.ini C:\WINDOWS\system32\vybeg.ini2 C:\WINDOWS\system32\xldfpmsk.ini . ((((((((((((((((((((((((((((( Fichiers créés 2008-02-03 to 2008-03-03 )))))))))))))))))))))))))))))))))))) . 2008-03-03 13:04 . 2006-03-02 13:00 539,136 --a------ C:\WINDOWS\system32\CF3690.exe 2008-03-03 12:50 . 2008-03-03 12:52 <REP> d-------- C:\QooBox 2008-03-03 12:50 . 2000-08-31 08:00 212,480 --a------ C:\WINDOWS\system32\swxcacls.exe 2008-03-03 12:50 . 2000-08-31 08:00 161,792 --a------ C:\WINDOWS\system32\swreg.exe 2008-03-03 12:50 . 2000-08-31 08:00 136,704 --a------ C:\WINDOWS\system32\swsc.exe 2008-03-03 12:50 . 2000-08-31 08:00 98,816 --a------ C:\WINDOWS\system32\sed.exe 2008-03-03 12:50 . 2000-08-31 08:00 80,412 --a------ C:\WINDOWS\system32\grep.exe 2008-03-03 12:50 . 2000-08-31 08:00 73,728 --a------ C:\WINDOWS\system32\fdsv.exe 2008-03-03 12:50 . 2000-08-31 08:00 68,096 --a------ C:\WINDOWS\system32\zip.exe 2008-03-03 12:50 . 2000-08-31 08:00 49,152 --a------ C:\WINDOWS\system32\VFind.exe 2008-03-03 12:50 . 2000-08-31 08:00 28,160 --a------ C:\WINDOWS\Nircmd.exe 2008-03-02 22:46 . 2008-03-02 23:10 <REP> d-------- C:\Program Files\Navilog1 2008-03-02 22:41 . 2008-01-29 16:52 245,760 --a------ C:\Program Files\Uninstall Ask Toolbar.dll 2008-03-02 20:05 . 2007-12-29 20:12 266,240 --a------ C:\Program Files\Uninstall Pando Toolbar.dll 2008-03-02 15:35 . 2008-03-02 18:55 299 --a------ C:\WINDOWS\wininit.ini 2008-03-02 14:58 . 2008-03-02 14:59 <REP> d-------- C:\Program Files\CCleaner 2008-03-02 14:56 . 2008-03-02 14:56 <REP> d-------- C:\Program Files\Lavasoft 2008-03-02 14:54 . 2008-03-02 14:54 <REP> d-------- C:\Program Files\Spybot - Search & Destroy 2008-03-02 14:54 . 2008-03-02 17:37 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2008-03-02 13:51 . 2008-03-02 13:51 291,328 --------- C:\WINDOWS\system32\sstqp.dll_old 2008-03-02 12:16 . 2008-03-03 11:17 <REP> d-------- C:\VundoFix Backups 2008-03-01 19:07 . 2008-03-01 19:07 <REP> d-------- C:\WINDOWS\report 2008-03-01 19:07 . 2008-03-01 19:07 <REP> d-------- C:\WINDOWS\AU_Backup 2008-03-01 19:07 . 2008-03-01 19:07 35,245,521 --a------ C:\WINDOWS\VPTNFILE.131 2008-03-01 19:07 . 2008-03-01 19:07 35,245,521 --a------ C:\WINDOWS\LPT$VPN.131 2008-03-01 19:07 . 2008-03-01 19:07 1,922,894 --a------ C:\WINDOWS\tsc.ptn 2008-03-01 19:07 . 2008-03-01 19:07 1,163,344 --a------ C:\WINDOWS\vsapi32.dll 2008-03-01 19:07 . 2008-03-01 19:07 267,845 --a------ C:\WINDOWS\tsc.exe 2008-03-01 19:07 . 2008-03-01 19:07 86,094 --a------ C:\WINDOWS\BPMNT.dll 2008-03-01 19:07 . 2008-03-01 19:07 71,749 --a------ C:\WINDOWS\hcextoutput.dll 2008-03-01 19:07 . 2008-03-01 23:41 823 --a------ C:\WINDOWS\tsc.ini 2008-03-01 19:06 . 2008-03-01 19:07 <REP> d-------- C:\WINDOWS\AU_Temp 2008-03-01 19:06 . 2008-03-01 19:06 <REP> d-------- C:\WINDOWS\AU_Log 2008-03-01 19:06 . 2008-03-01 19:06 170 --a------ C:\WINDOWS\GetServer.ini 2008-03-01 19:05 . 2008-03-01 19:05 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL 2008-03-01 19:05 . 2008-03-01 19:05 286,720 --a------ C:\WINDOWS\PATCH.EXE 2008-03-01 19:05 . 2008-03-01 19:05 69,689 --a------ C:\WINDOWS\UNZIP.DLL 2008-03-01 12:08 . 2008-03-01 12:59 <REP> d-------- C:\Program Files\_REPLACE_ 2008-03-01 10:55 . 2008-03-01 18:21 <REP> d-------- C:\PacSteam 2008-02-29 20:56 . 2006-01-29 11:48 45,056 --a------ C:\WINDOWS\system32\Synsopos.exe 2008-02-29 20:43 . 2008-02-29 20:44 <REP> d-------- C:\Program Files\Steinberg 2008-02-29 20:43 . 2008-02-29 20:43 <REP> d-------- C:\Documents and Settings\Victor\Application Data\Steinberg 2008-02-29 17:57 . 2008-03-03 10:28 99,478 --a------ C:\WINDOWS\BMabb34a46.xml 2008-02-29 17:57 . 2008-03-03 12:52 21 --a------ C:\WINDOWS\pskt.ini 2008-02-15 08:35 . 2008-02-15 08:35 <REP> d-------- C:\Documents and Settings\Victor\Application Data\Microsoft Games 2008-02-13 20:44 . 2008-02-14 20:00 <REP> d-------- C:\Documents and Settings\Victor\Application Data\FileZilla 2008-02-13 20:43 . 2008-02-14 19:54 <REP> d-------- C:\Program Files\FileZilla FTP Client 2008-02-13 16:25 . 2008-02-13 16:25 0 --a------ C:\WINDOWS\Irremote.ini 2008-02-13 15:29 . 2005-11-21 06:48 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL 2008-02-13 15:29 . 2005-11-21 06:48 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS 2008-02-13 15:16 . 2008-02-13 15:18 24 --ahs---- C:\WINDOWS\S227122B3.tmp 2008-02-13 15:14 . 2008-02-13 15:31 <REP> d-------- C:\Program Files\SlySoft 2008-02-13 15:11 . 2008-02-13 15:11 <REP> d-------- C:\Documents and Settings\Victor\Application Data\InfraRecorder 2008-02-12 21:10 . 2008-02-12 21:10 <REP> d-------- C:\Program Files\Java 2008-02-12 21:10 . 2007-09-24 23:31 139,264 --a------ C:\WINDOWS\system32\javaws.exe 2008-02-12 21:10 . 2007-09-24 22:30 135,168 --a------ C:\WINDOWS\system32\javaw.exe 2008-02-12 21:10 . 2007-09-24 22:30 135,168 --a------ C:\WINDOWS\system32\java.exe 2008-02-12 21:10 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-02-12 21:06 . 2008-02-12 21:06 <REP> d-------- C:\Program Files\Fichiers communs\Java 2008-02-12 20:43 . 2008-02-12 20:43 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield 2008-02-12 20:40 . 2008-02-12 20:40 <REP> d-------- C:\Program Files\Fichiers communs\InstallShield Shared 2008-02-12 20:40 . 2008-02-12 20:40 <REP> d-------- C:\Program Files\eJay 2008-02-12 15:29 . 2008-02-12 15:29 <REP> d-------- C:\Program Files\Microsoft Silverlight 2008-02-12 15:28 . 2008-02-12 15:28 <REP> d-------- C:\Program Files\directx 2008-02-12 14:50 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll 2008-02-12 14:50 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll 2008-02-12 14:50 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll 2008-02-12 14:50 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll 2008-02-12 14:50 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll 2008-02-11 19:29 . 2001-10-05 09:48 225,280 --a------ C:\WINDOWS\system32\rfwdres.dll 2008-02-11 19:29 . 2002-04-09 09:19 126,976 --a------ C:\WINDOWS\system32\rfshext.dll 2008-02-11 19:29 . 2001-10-05 09:48 24,576 --a------ C:\WINDOWS\system32\rfstrres.dll 2008-02-11 19:29 . 2001-10-05 09:48 24,576 --a------ C:\WINDOWS\system32\rfshres.dll 2008-02-10 21:03 . 2008-02-13 20:18 <REP> d-------- C:\Program Files\NetDrive 2008-02-10 21:03 . 2002-08-29 15:43 499,712 --a------ C:\WINDOWS\system32\RFHelper.dll 2008-02-10 21:03 . 2002-04-12 15:14 139,264 --a------ C:\WINDOWS\system32\RFNP32.dll 2008-02-10 21:03 . 2001-10-05 09:47 36,864 --a------ C:\WINDOWS\system32\rfhres.dll 2008-02-10 20:55 . 2008-02-10 20:55 <REP> d-------- C:\Program Files\Fichiers communs\DirectX 2008-02-10 20:55 . 1998-10-07 13:08 327,168 --a------ C:\WINDOWS\IsUn040c.exe 2008-02-10 20:48 . 2008-02-14 15:22 <REP> d-------- C:\Program Files\TYPSoft FTP Server 2008-02-10 09:54 . 2008-02-10 09:54 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Syncrosoft 2008-02-10 09:51 . 2008-02-29 20:57 <REP> d-------- C:\Program Files\Syncrosoft 2008-02-10 09:51 . 2007-02-23 12:57 757,760 --a------ C:\WINDOWS\system32\SYNSOACC.dll 2008-02-10 09:51 . 2006-01-29 11:48 147,456 --a------ C:\WINDOWS\system32\SynsoLChk.dll 2008-02-10 09:51 . 2006-01-29 11:48 147,425 --a------ C:\WINDOWS\system32\SYNSOACC-Aide.chm 2008-02-10 09:51 . 2006-01-29 11:48 120,468 --a------ C:\WINDOWS\system32\SYNSOACC-Hilfe.chm 2008-02-10 09:51 . 2006-01-29 11:48 114,279 --a------ C:\WINDOWS\system32\SYNSOACC-Help.chm 2008-02-10 09:51 . 2006-11-23 17:20 18,432 --a------ C:\WINDOWS\system32\drivers\synasUSB.sys 2008-02-09 23:27 . 2008-02-09 23:27 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\PCToolsFirewallPlus 2008-02-09 21:05 . 2008-02-09 21:06 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft 2008-02-09 12:36 . 2008-02-09 12:36 <REP> d-------- C:\Documents and Settings\Victor\Application Data\PCToolsFirewallPlus 2008-02-09 12:26 . 2008-02-11 17:44 <REP> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2008-02-09 12:06 . 2008-02-09 12:06 <REP> d-------- C:\Program Files\Ashampoo 2008-02-09 11:44 . 2008-02-09 11:44 <REP> d-------- C:\Documents and Settings\LocalService\Bureau 2008-02-08 20:34 . 2008-02-08 20:34 <REP> d-------- C:\Program Files\Alwil Software . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-03 12:03 --------- d-----w C:\Program Files\Mozilla Firefox 2008-03-03 11:59 2,145,386,496 --sha-w C:\pagefile.sys 2008-03-03 10:32 --------- d-----w C:\Program Files\Steam 2008-03-03 09:24 --------- d-----w C:\Documents and Settings\Victor\Application Data\AVG7 2008-03-02 20:41 --------- d-----w C:\Program Files\Internet Explorer 2008-03-02 19:22 --------- d-----w C:\Program Files\GameFace Messenger 2008-03-02 19:05 --------- d-----w C:\Program Files\Yahoo! 2008-03-01 17:41 --------- d-----w C:\Documents and Settings\Victor\Application Data\uTorrent 2008-03-01 14:16 --------- d-----w C:\Program Files\eMule 2008-02-22 07:00 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\AVG7 2008-02-15 07:30 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-15 06:38 --------- d-----w C:\Program Files\Microsoft Games 2008-02-13 15:29 --------- d-----w C:\Program Files\Nero 2008-02-13 15:29 --------- d-----w C:\Program Files\Fichiers communs\Nero 2008-02-13 15:29 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero 2008-02-12 20:06 --------- d-----w C:\Program Files\Fichiers communs 2008-02-10 19:54 107,888 ----a-w C:\windows\system32\CmdLineExt.dll 2008-02-09 20:05 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-02-04 23:09 18,214,008 ----a-w C:\windows\system32\MRT.exe 2008-02-01 15:17 --------- d-----w C:\Program Files\FX Uninstall Information 2008-01-30 18:32 --------- d-----w C:\Program Files\VirtualDJ 2008-01-30 14:03 --------- d-----w C:\Documents and Settings\Victor\Application Data\La Bataille pour la Terre du Milieu ™ II 2008-01-29 18:22 22,328 ----a-w C:\windows\system32\drivers\PnkBstrK.sys 2008-01-29 18:22 103,736 ----a-w C:\windows\system32\PnkBstrB.exe 2008-01-29 17:27 --------- d-----w C:\Program Files\THQ 2008-01-29 15:28 --------- d-----w C:\Program Files\Astonsoft 2008-01-29 15:00 --------- d-----w C:\Documents and Settings\Victor\Application Data\DeepBurner 2008-01-17 20:10 --------- d-----w C:\Program Files\iTunes 2008-01-17 20:10 --------- d-----w C:\Program Files\iPod 2008-01-17 20:09 --------- d-----w C:\Program Files\QuickTime 2008-01-16 12:26 --------- d-----w C:\Documents and Settings\Victor\Application Data\InstallShield Installation Information 2008-01-16 10:15 --------- d-----w C:\Program Files\Electronic Arts 2008-01-15 11:58 --------- d-----w C:\Program Files\Aspyr 2008-01-14 18:58 --------- d-----w C:\Documents and Settings\Victor\Application Data\AVS4YOU 2008-01-14 18:57 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia 2008-01-14 18:57 --------- d-----w C:\Program Files\AVS4YOU 2008-01-14 18:57 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU 2008-01-14 16:33 --------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment 2008-01-13 14:05 --------- d-----w C:\Program Files\DAEMON Tools Lite 2008-01-13 14:03 --------- d-----w C:\Documents and Settings\Victor\Application Data\DAEMON Tools 2008-01-13 09:02 715,248 ----a-w C:\windows\system32\drivers\sptd.sys 2008-01-12 20:32 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Nero 2008-01-11 05:36 44,544 ----a-w C:\windows\system32\pngfilt.dll 2007-12-29 19:07 3,251 ----a-w C:\windows\system32\sdbackup.reg 2007-12-19 22:53 347,136 ----a-w C:\windows\system32\dxtmsft.dll 2007-12-14 10:32 12,632 ----a-w C:\windows\system32\lsdelete.exe 2007-12-11 06:47 66,872 ----a-w C:\windows\system32\PnkBstrA.exe 2007-12-10 11:55 22,328 ----a-w C:\Documents and Settings\Victor\Application Data\PnkBstrK.sys 2007-12-08 05:08 3,592,192 ----a-w C:\windows\system32\mshtml.dll 2007-12-07 18:59 45,056 ----a-w C:\windows\system32\sstunst2.exe 2007-12-06 11:02 70,656 ----a-w C:\windows\system32\ie4uinit.exe 2007-12-06 11:00 13,824 ----a-w C:\windows\system32\ieudinit.exe 2007-12-06 04:59 161,792 ----a-w C:\windows\system32\ieakui.dll 2007-12-04 18:41 550,912 ------w C:\windows\system32\oleaut32.dll 2007-09-19 14:15 19,136 ----a-w C:\Documents and Settings\Alexandre\Application Data\GDIPFONTCACHEV1.DAT 2007-09-18 17:49 19,136 ----a-w C:\Documents and Settings\Victor\Application Data\GDIPFONTCACHEV1.DAT 2006-08-27 14:38 1,015,973 --sha-r C:\Program Files\serial.tde 2006-06-23 06:48 32,768 ----a-r C:\windows\inf\UpdateUSB.exe 2006-05-28 15:46 397,306 --sha-r C:\Program Files\wunauclt.zip 2006-05-28 15:46 397,306 --sha-r C:\Program Files\wunauclt.tbe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CFC7C3F-E4EA-4A37-9545-E37C8C5298EA}] C:\windows\system32\mljgh.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{137C17F0-BF6A-4C6B-9324-1E47CBED91D2}] C:\windows\system32\sstqp.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{44CF759F-BDBB-48F7-A19C-08E63057A0B1}] C:\windows\system32\gebcy.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59BAD8B0-441F-4345-BB76-820872CEB357}] C:\windows\system32\jkkji.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9AF369C5-3E0D-4614-9886-72EC51DAFF32}] C:\windows\system32\ddccb.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-14 19:24 68856] "UberIcon"="C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe" [2006-02-05 13:20 180224] "ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2006-03-02 13:00 15360] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-09 08:29 86016] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-05-18 13:26 729088] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-28 19:58 579072] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-09 08:29 7561216] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 07:16 219136] C:\Documents and Settings\Victor\Menu D‚marrer\Programmes\D‚marrage\ RocketDock.lnk - C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe [2006-05-14 21:47:48 344064] UberIcon.lnk - C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe [2006-02-05 13:20:14 180224] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat"= "C:\\Program Files\\GRISOFT\\AVG7\\avginet.exe"= "C:\\Program Files\\GRISOFT\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\GRISOFT\\AVG7\\avgcc.exe"= "C:\\Program Files\\GRISOFT\\AVG7\\avgemc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\Steam\\SteamApps\\marcel526\\counter-strike source\\hl2.exe"= "C:\\Program Files\\Steam\\SteamApps\\marcel526\\day of defeat source\\hl2.exe"= "C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"= "C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"= "C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"= "C:\\Program Files\\Steam\\SteamApps\\marcel526\\half-life 2 deathmatch\\hl2.exe"= "C:\\Program Files\\Steam\\steam.exe"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "C:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\patchget.dat"= "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"= "C:\\Program Files\\Steam\\SteamApps\\stef92\\condition zero\\hl.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "Y:\\Jeux\\Warhammer 40.000 Mark of Chaos\\Warhammer.exe"= "C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"= "C:\\Program Files\\Aspyr\\Guitar Hero III\\gh3.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "Y:\\Teminer\\Jeux\\Team Fortress 2\\hl2.exe"= "C:\\WINDOWS\\system32\\drivers\\Wingen\\system.exe"= "Y:\\Jeux\\Sega rally\\SEGA Rally_SSE1.exe"= "C:\\Program Files\\VirtualDJ\\virtualdj.exe"= "C:\\Program Files\\Steam\\SteamApps\\stef92\\counter-strike source\\hl2.exe"= "C:\\Program Files\\TYPSoft FTP Server\\ftpserv.exe"= "C:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "56107:TCP"= 56107:TCP:Pando P2P TCP Listening Port "56107:UDP"= 56107:UDP:Pando P2P UDP Listening Port "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R1 SSHDRV52;SSHDRV52;C:\WINDOWS\system32\drivers\SSHDRV52.sys [2007-07-28 16:00] R2 WebDriveFSD;WebDrive File System Driver;C:\Program Files\NetDrive\rffsd.sys [2001-07-29 00:36] S3 adxapie;adxapie;C:\DOCUME~1\Victor\LOCALS~1\Temp\adxapie.sys [] S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 09:57] S3 SynasUSB;SynasUSB;C:\windows\system32\drivers\SynasUSB.sys [2006-11-23 17:20] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-03 13:09:05 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . --------------------- DLLs a chargé sous des processus courants --------------------- PROCESS: C:\windows\system32\winlogon.exe -> C:\windows\system32\RFHelper.dll PROCESS: C:\windows\explorer.exe [6.00.2900.3156] -> C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon.dll -> C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\MouseHook2.dll -> C:\windows\system32\RFHelper.dll . Merci encore pour ton aide.
  4. victord92
    Bonjour Apollo, voici mon rapport: BTFix 1.081 (par bibi26) - 03/03/2008 11:11:29 - Analyse Lancé depuis C:\Documents and Settings\Victor\Bureau\BTFix\BTFix.exe ---> Fichiers/Dossiers trouvés ---> Analyse terminée VundoFix V6.7.8 Checking Java version... Scan started at 12:16:44 02/03/2008 Listing files found while scanning.... C:\windows\system32\jsrnymyk.dll C:\windows\system32\lgfavmwi.dll C:\windows\system32\pqtss.ini C:\windows\system32\pqtss.ini2 C:\windows\system32\sstqp.dll C:\windows\system32\vturpmj.dll C:\windows\system32\xrevbqsn.dll Beginning removal... Attempting to delete C:\windows\system32\jsrnymyk.dll C:\windows\system32\jsrnymyk.dll Has been deleted! Attempting to delete C:\windows\system32\lgfavmwi.dll C:\windows\system32\lgfavmwi.dll Has been deleted! Attempting to delete C:\windows\system32\pqtss.ini C:\windows\system32\pqtss.ini Has been deleted! Attempting to delete C:\windows\system32\pqtss.ini2 C:\windows\system32\pqtss.ini2 Has been deleted! Attempting to delete C:\windows\system32\sstqp.dll C:\windows\system32\sstqp.dll Has been deleted! Attempting to delete C:\windows\system32\vturpmj.dll C:\windows\system32\vturpmj.dll Could not be deleted. Attempting to delete C:\windows\system32\xrevbqsn.dll C:\windows\system32\xrevbqsn.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.7.8 Checking Java version... Scan started at 13:07:15 02/03/2008 Listing files found while scanning.... C:\windows\system32\gebcy.dll C:\windows\system32\hgojnimb.dll C:\windows\system32\vturpmj.dll C:\windows\system32\ycbeg.ini C:\windows\system32\ycbeg.ini2 Beginning removal... Attempting to delete C:\windows\system32\gebcy.dll C:\windows\system32\gebcy.dll Could not be deleted. Attempting to delete C:\windows\system32\hgojnimb.dll C:\windows\system32\hgojnimb.dll Could not be deleted. Attempting to delete C:\windows\system32\vturpmj.dll C:\windows\system32\vturpmj.dll Could not be deleted. Attempting to delete C:\windows\system32\ycbeg.ini C:\windows\system32\ycbeg.ini Has been deleted! Attempting to delete C:\windows\system32\ycbeg.ini2 C:\windows\system32\ycbeg.ini2 Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\windows\system32\gebcy.dll C:\windows\system32\gebcy.dll Has been deleted! Attempting to delete C:\windows\system32\hgojnimb.dll C:\windows\system32\hgojnimb.dll Has been deleted! Attempting to delete C:\windows\system32\vturpmj.dll C:\windows\system32\vturpmj.dll Could not be deleted. Attempting to delete C:\windows\system32\ycbeg.ini C:\windows\system32\ycbeg.ini Has been deleted! Attempting to delete C:\windows\system32\ycbeg.ini2 C:\windows\system32\ycbeg.ini2 Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.7.8 Checking Java version... Scan started at 17:42:45 02/03/2008 Listing files found while scanning.... C:\windows\system32\pqtss.ini C:\windows\system32\pqtss.ini2 C:\windows\system32\sstqp.dll C:\windows\system32\ujllqpse.dll C:\windows\system32\vturpmj.dll Beginning removal... Attempting to delete C:\windows\system32\pqtss.ini C:\windows\system32\pqtss.ini Has been deleted! Attempting to delete C:\windows\system32\pqtss.ini2 C:\windows\system32\pqtss.ini2 Has been deleted! Attempting to delete C:\windows\system32\ujllqpse.dll C:\windows\system32\ujllqpse.dll Could not be deleted. Attempting to delete C:\windows\system32\vturpmj.dll C:\windows\system32\vturpmj.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\windows\system32\ujllqpse.dll C:\windows\system32\ujllqpse.dll Has been deleted! Attempting to delete C:\windows\system32\vturpmj.dll C:\windows\system32\vturpmj.dll Could not be deleted. Performing Repairs to the registry. Done! VundoFix V6.7.8 Checking Java version... Scan started at 19:12:55 02/03/2008 Listing files found while scanning.... No infected files were found. VundoFix V6.7.8 Checking Java version... Scan started at 10:31:55 03/03/2008 Listing files found while scanning.... C:\windows\system32\daglpigy.dll C:\windows\system32\ijkkj.ini C:\windows\system32\ijkkj.ini2 C:\windows\system32\jkkji.dll C:\windows\system32\vturpmj.dll Beginning removal... Attempting to delete C:\windows\system32\daglpigy.dll C:\windows\system32\daglpigy.dll Could not be deleted. Attempting to delete C:\windows\system32\ijkkj.ini C:\windows\system32\ijkkj.ini Has been deleted! Attempting to delete C:\windows\system32\ijkkj.ini2 C:\windows\system32\ijkkj.ini2 Has been deleted! Attempting to delete C:\windows\system32\jkkji.dll C:\windows\system32\jkkji.dll Has been deleted! Attempting to delete C:\windows\system32\vturpmj.dll C:\windows\system32\vturpmj.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\windows\system32\daglpigy.dll C:\windows\system32\daglpigy.dll Has been deleted! Attempting to delete C:\windows\system32\vturpmj.dll C:\windows\system32\vturpmj.dll Could not be deleted. Performing Repairs to the registry. Done! Voila et encore merci pour ton aide.
  5. victord92
    BTFix 1.081 (par bibi26) - 02/03/2008 22:42:15 - Nettoyage - Mode normal Lancé depuis C:\Documents and Settings\Victor\Bureau\BTFix\BTFix.exe ---> Fichiers/dossiers supprimés (Première passe) - Fichiers temporaires effacés - C:\Program Files\AskTBar\bar\History\ - C:\Program Files\AskTBar\bar\Settings\ - C:\Program Files\AskTBar\bar\ - C:\Program Files\AskTBar\PopSwatr\History\ - C:\Program Files\AskTBar\PopSwatr\ - C:\Program Files\AskTBar\ ---> Nettoyage terminé Search Navipromo version 3.4.8 commencé le 02/03/2008 à 22:47:40,68 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 25.02.2008 à 20h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 7.0.5730.13 Système de fichiers : NTFS Executé en mode normal *** Recherche Programmes installés *** *** Recherche dossiers dans C:\windows *** *** Recherche dossiers dans C:\Program Files *** *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 *** *** Recherche dossiers dans "C:\Documents and Settings\Victor\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\Victor\locals~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\Victor\MENUDM~1\PROGRA~1" *** *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net Aucun Fichier trouvé *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans C:\windows\system32 * * Recherche dans "C:\Documents and Settings\Victor\locals~1\applic~1" * *** Recherche fichiers *** *** Recherche clés spécifiques dans le Registre *** *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans C:\windows\system32 : * Dans "C:\Documents and Settings\Victor\locals~1\applic~1" : 3)Recherche Certificats : Certificat Egroup absent ! 4)Recherche fichiers connus : C:\windows\system32\ijkkj.ini2 trouvé ! infection Vundo possible non traitée par cet outil ! *** Analyse terminée le 02/03/2008 à 23:09:16,89 *** Merci Apollo pour ton aide.
  6. victord92
    Bonjour J'ai été infecté par le virus "LOP" Il ouvre des fenêtres de IE7 et de Firefox lorsque j'essaie de me connecter sur le web. Ces fenêtres me proposent d'installer des antivirus ou des antispywares. J'espère que vous pourrez m'aider à analyser mon rapport hyjackthis. Merci Victor Logfile of HijackThis v1.99.1 Scan saved at 20:30:32, on 02/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\windows\system32\cisvc.exe C:\windows\system32\nvsvc32.exe C:\windows\system32\PnkBstrA.exe C:\Program Files\NetDrive\wdservice.exe C:\windows\Explorer.EXE C:\windows\system32\wscntfy.exe C:\windows\system32\ctfmon.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe C:\windows\system32\wuauclt.exe C:\Documents and Settings\Victor\Bureau\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [uberIcon] "C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan/fr...n_principal.htm (file missing) O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.zebulon.fr/outils/antivirus/kav...can_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Unknown owner - C:\Program Files\a-squared Anti-Malware\a2service.exe (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdservice.exe
×
×
  • Créer...