Fouf
-
Compteur de contenus
4 -
Inscription
-
Dernière visite
Fouf's Achievements
Junior Member (3/12)
0
Réputation sur la communauté
-
désolé de répondre que maintenant voici le rapport hijackThis merci d'avance Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:28:53, on 23/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Philips\Philips SPC220NC Webcam\TrayMin220.exe C:\Program Files\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter\WLANUTL.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\lxcrcoms.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\VMware\VMware Workstation\vmware-authd.exe C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe C:\WINDOWS\system32\vmnat.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16 O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: TrayMin220.lnk = ? O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ? O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Absolute Poker\Absolute Poker.lnk O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Absolute Poker\Absolute Poker.lnk O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {B102CE69-5C2F-4363-9E6D-C61B61FD92DD} (OGGPlay.UserControl1) - http://familiafm.streamonfiber.com/player/...vex/oggplay.CAB O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: avast! Mail Scanner avast!upnphost (avast!upnphost) - Unknown owner - C:\WINDOWS\ O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Aide et support helpsvcsrservice (helpsvcsrservice) - Unknown owner - C:\WINDOWS\ O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe O23 - Service: Service de numéro de série du lecteur multimédia portable WmdmPmSNTlntSvr (WmdmPmSNTlntSvr) - Unknown owner - C:\WINDOWS\ -- End of file - 8558 bytes
-
merci de ta réponse voici le rapport HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:25:46, on 21/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: (no name) - {DAB7019C-F110-4E34-ADC3-B2A62ECE4A2C} - C:\WINDOWS\system32\pmnll.dll (file missing) O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: TrayMin220.lnk = ? O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ? O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Absolute Poker\Absolute Poker.lnk O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Absolute Poker\Absolute Poker.lnk O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {B102CE69-5C2F-4363-9E6D-C61B61FD92DD} (OGGPlay.UserControl1) - http://familiafm.streamonfiber.com/player/...vex/oggplay.CAB O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O20 - Winlogon Notify: mljgfef - mljgfef.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: avast! Mail Scanner avast!upnphost (avast!upnphost) - Unknown owner - C:\WINDOWS\ O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Aide et support helpsvcsrservice (helpsvcsrservice) - Unknown owner - C:\WINDOWS\ O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe O23 - Service: Service de numéro de série du lecteur multimédia portable WmdmPmSNTlntSvr (WmdmPmSNTlntSvr) - Unknown owner - C:\WINDOWS\ -- End of file - 8038 bytes
-
salut je viens de finir le nettoyage avec combofix je te met le rapport comme prévu merci d'avance ComboFix 08-06-20.4 - Administrateur 2008-06-22 12:03:53.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.304 [GMT 2:00] Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Administrateur\Bureau\CFScript.txt * Création d'un nouveau point de restauration FILE :: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rbnpsrv.exe/r C:\WINDOWS\system32\blackster.scr C:\WINDOWS\system32\bthhxugo.dll C:\WINDOWS\system32\ctfmona.exe C:\WINDOWS\system32\ctfmonb.bmp C:\WINDOWS\system32\gzmrotate.dll C:\WINDOWS\system32\phndmsah.dll C:\WINDOWS\system32\pufjtggn.dll C:\WINDOWS\system32\WinCtrl32(2).dll . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrateur\Application Data\urlredir.cfg C:\WINDOWS\system32\blackster.scr C:\WINDOWS\system32\ctfmonb.bmp C:\WINDOWS\system32\phndmsah.dll C:\WINDOWS\system32\pufjtggn.dll C:\WINDOWS\system32\WinCtrl32(2).dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_WINVL77 -------\Service_iiX00 -------\Service_isX03 -------\Service_lbV11 -------\Service_pkK77 -------\Service_Winbb36 -------\Service_Wincm41 -------\Service_Windn74 -------\Service_Wines47 -------\Service_Winex85 -------\Service_Winff77 -------\Service_Winfk52 -------\Service_Winfk66 -------\Service_Winfp00 -------\Service_Winhm41 -------\Service_Winid22 -------\Service_Winii30 -------\Service_Winis22 -------\Service_Winjo77 -------\Service_Winot30 -------\Service_Winpk82 -------\Service_Winpp71 -------\Service_Winql22 -------\Service_Winqv82 -------\Service_Winrc06 -------\Service_Winrm30 -------\Service_Winrr06 -------\Service_Winty44 -------\Service_Winuu47 -------\Service_Winvg58 -------\Service_Winvl55 -------\Service_Winvl77 -------\Service_Winwc36 -------\Service_Winxd22 -------\Service_Winxs60 -------\Service_Winye85 ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-22 to 2008-06-22 )))))))))))))))))))))))))))))))))))) . 2008-06-21 22:34 . 2008-06-21 22:35 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-06-21 22:33 . 2008-06-21 22:33 <REP> d-------- C:\Program Files\MSXML 4.0 2008-06-21 12:18 . 2008-06-21 12:30 <REP> d-------- C:\Program Files\Globe7 2008-06-21 12:18 . 2008-06-21 12:18 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Globe7 2008-06-21 11:48 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-21 11:48 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-21 11:47 . 2008-06-21 11:47 268 --ah----- C:\sqmdata01.sqm 2008-06-21 11:47 . 2008-06-21 11:47 244 --ah----- C:\sqmnoopt01.sqm 2008-06-21 11:41 . 2008-06-21 22:35 <REP> d--h----- C:\WINDOWS\$hf_mig$ 2008-06-21 11:28 . 2008-06-21 11:28 <REP> d-------- C:\Program Files\CCleaner 2008-06-21 10:42 . 2008-06-21 10:42 268 --ah----- C:\sqmdata00.sqm 2008-06-21 10:42 . 2008-06-21 10:42 244 --ah----- C:\sqmnoopt00.sqm 2008-06-20 20:49 . 2008-06-21 10:56 0 --a------ C:\WINDOWS\win.ini 2008-06-18 00:26 . 2008-06-18 00:26 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\TaoUSign 2008-06-16 19:06 . 2008-06-16 19:06 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\shcen3j0etap 2008-06-13 23:43 . 2008-06-13 23:43 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\AXPFixer 2008-06-13 22:44 . 2008-06-13 22:44 32 --a-s---- C:\WINDOWS\system32\1759711545.dat 2008-06-12 11:31 . 2008-06-12 11:31 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Samsung 2008-06-12 11:26 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll 2008-06-12 11:26 . 2007-07-03 16:58 106,792 --a------ C:\WINDOWS\system32\drivers\sscdmdm.sys 2008-06-12 11:26 . 2007-07-03 16:54 80,552 --a------ C:\WINDOWS\system32\drivers\sscdbus.sys 2008-06-12 11:26 . 2007-07-03 16:57 11,944 --a------ C:\WINDOWS\system32\drivers\sscdmdfl.sys 2008-06-12 11:26 . 2007-07-03 17:00 9,256 --a------ C:\WINDOWS\system32\drivers\sscdwhnt.sys 2008-06-12 11:26 . 2007-07-03 17:00 9,256 --a------ C:\WINDOWS\system32\drivers\sscdwh.sys 2008-06-12 11:26 . 2007-07-03 16:56 9,256 --a------ C:\WINDOWS\system32\drivers\sscdcmnt.sys 2008-06-12 11:26 . 2007-07-03 16:56 9,256 --a------ C:\WINDOWS\system32\drivers\sscdcm.sys 2008-06-12 11:25 . 2008-06-12 11:26 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers 2008-06-12 11:25 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys 2008-06-12 11:25 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-06-12 11:24 . 2008-06-12 11:24 <REP> d-------- C:\Program Files\Samsung 2008-06-10 13:06 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-06-10 13:06 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-06-10 13:06 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-06-10 12:35 . 2008-06-10 12:36 <REP> d-------- C:\Program Files\Windows Live 2008-06-10 12:35 . 2008-06-10 12:35 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-06-10 12:35 . 2008-06-10 12:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-06-03 00:59 . 2008-06-03 00:59 <REP> d-------- C:\Program Files\UltraVNC 2008-06-03 00:37 . 2008-06-03 00:37 <REP> d--hs---- C:\found.000 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-22 10:07 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware 2008-06-22 10:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware 2008-06-21 20:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-06-21 19:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-06-21 09:48 --------- d-----w C:\Program Files\lx_cats 2008-06-16 16:49 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\FaxCtr 2008-06-12 09:28 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-10 18:55 --------- d-----w C:\Program Files\WinamaxPoker 2008-06-10 10:36 --------- d-----w C:\Program Files\MSN Messenger 2008-06-07 17:16 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\VMware 2008-05-24 04:54 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\dvdcss 2008-05-20 09:47 --------- d-----w C:\Program Files\Everest Poker 2008-05-08 16:57 --------- d-----w C:\Program Files\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2008-04-28 15:03 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\uTorrent 2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-04-15 13:23 3,426,072 ----a-w C:\WINDOWS\system32\d3dx9_32.dll 2008-04-09 14:18 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-02-09 16:53 24,192 ----a-w C:\Documents and Settings\Administrateur\usbsermptxp.sys 2008-02-09 16:53 22,768 ----a-w C:\Documents and Settings\Administrateur\usbsermpt.sys . ------- Sigcheck ------- 2007-10-30 19:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\dllcache\tcpip.sys 2007-10-30 19:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( snapshot_2008-06-21_13.58.47,46 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-21 09:33:33 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-22 10:07:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-14 17:59:52 272,768 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys + 2008-03-01 12:58:06 124,928 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll + 2008-03-01 12:58:06 347,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll + 2008-03-01 12:58:06 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll + 2008-03-01 12:58:06 133,120 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll + 2008-03-01 12:58:06 63,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll + 2008-02-29 08:56:41 70,656 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe + 2008-03-01 12:58:06 153,088 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll + 2008-03-01 12:58:06 230,400 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll + 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll + 2008-03-01 12:58:07 383,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll + 2008-03-01 12:58:07 384,512 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll + 2008-03-01 12:58:08 6,066,176 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll + 2008-03-01 12:58:08 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll + 2008-03-01 12:58:08 267,776 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll + 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe + 2008-02-29 08:57:05 625,664 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe + 2008-03-01 12:58:08 27,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll + 2008-03-01 12:58:08 459,264 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll + 2008-03-01 12:58:08 52,224 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll + 2008-03-01 16:28:10 3,591,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll + 2008-03-01 12:58:09 478,208 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll + 2008-03-01 12:58:10 193,024 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll + 2008-03-01 12:58:10 671,232 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll + 2008-03-01 12:58:10 102,912 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll + 2008-03-01 12:58:10 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll + 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe + 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll + 2008-03-01 12:58:10 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll + 2008-03-01 12:58:10 1,159,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll + 2008-03-01 12:58:11 233,472 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll + 2008-03-01 12:58:11 826,368 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll + 2006-10-26 19:13:08 14,674,216 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\XL12CNV.EXE - 2008-06-21 09:36:32 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe + 2008-06-21 20:36:16 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe - 2008-06-21 09:36:33 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe + 2008-06-21 20:36:17 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe - 2008-06-21 09:36:32 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe + 2008-06-21 20:36:17 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe - 2008-06-21 09:36:33 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe + 2008-06-21 20:36:17 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe - 2008-06-21 09:36:33 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe + 2008-06-21 20:36:17 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe - 2008-06-21 09:36:33 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe + 2008-06-21 20:36:17 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe - 2008-06-21 09:36:32 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe + 2008-06-21 20:36:17 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe - 2008-06-21 09:36:32 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe + 2008-06-21 20:36:17 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe - 2008-06-21 09:36:33 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe + 2008-06-21 20:36:17 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe - 2008-06-21 09:36:33 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe + 2008-06-21 20:36:17 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe - 2008-06-21 09:36:32 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe + 2008-06-21 20:36:17 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe + 2008-06-21 20:33:51 32,768 ----a-r C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe - 2008-03-01 12:58:06 124,928 ----a-w C:\WINDOWS\system32\advpack.dll + 2008-04-23 04:16:39 124,928 ----a-w C:\WINDOWS\system32\advpack.dll - 2008-03-01 12:58:06 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll + 2008-04-23 04:16:39 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll - 2008-03-01 12:58:06 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll + 2008-04-23 04:16:39 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll - 2008-03-01 12:58:06 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll + 2008-04-23 04:16:39 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll - 2008-03-01 12:58:06 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll + 2008-04-23 04:16:39 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll - 2008-03-01 12:58:06 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll + 2008-04-23 04:16:39 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll - 2008-02-29 08:56:41 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe + 2008-04-22 07:41:08 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe - 2008-03-01 12:58:06 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll + 2008-04-23 04:16:39 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll - 2008-03-01 12:58:06 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll + 2008-04-23 04:16:39 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll - 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll + 2008-04-20 05:07:51 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll - 2008-03-01 12:58:07 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll + 2008-04-23 04:16:39 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll - 2008-03-01 12:58:07 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll + 2008-04-23 04:16:39 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll - 2008-03-01 12:58:08 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll + 2008-04-23 04:16:39 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll - 2008-03-01 12:58:08 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll + 2008-04-23 04:16:39 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll - 2008-03-01 12:58:08 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll + 2008-04-23 04:16:39 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll - 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe + 2008-04-22 07:39:58 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe - 2008-02-29 08:57:05 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe + 2008-04-22 07:41:30 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe - 2008-03-01 12:58:08 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll + 2008-04-23 04:16:40 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll - 2008-03-01 12:58:08 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll + 2008-04-23 04:16:40 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll - 2008-03-01 12:58:08 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll + 2008-04-23 04:16:40 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll - 2008-03-01 16:28:10 3,591,680 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll + 2008-04-23 20:16:42 3,591,680 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll - 2008-03-01 12:58:09 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll + 2008-04-23 04:16:40 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll - 2008-03-01 12:58:10 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll + 2008-04-23 04:16:40 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll - 2008-03-01 12:58:10 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll + 2008-04-23 04:16:40 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll - 2008-03-01 12:58:10 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll + 2008-04-23 04:16:40 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll - 2008-03-01 12:58:10 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll + 2008-04-23 04:16:40 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll - 2007-10-29 22:43:32 1,293,824 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll + 2008-05-07 05:15:36 1,293,824 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll - 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys + 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys - 2008-03-01 12:58:10 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll + 2008-04-23 04:16:40 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll - 2008-03-01 12:58:10 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll + 2008-04-23 04:16:40 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll - 2008-03-01 12:58:11 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll + 2008-04-23 04:16:40 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll - 2008-03-01 12:58:11 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll + 2008-04-23 04:16:40 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll - 2008-03-01 12:58:06 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll + 2008-04-23 04:16:39 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll - 2008-03-01 12:58:06 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll + 2008-04-23 04:16:39 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll - 2008-03-01 12:58:06 133,120 ------w C:\WINDOWS\system32\extmgr.dll + 2008-04-23 04:16:39 133,120 ------w C:\WINDOWS\system32\extmgr.dll - 2008-03-01 12:58:06 63,488 ----a-w C:\WINDOWS\system32\icardie.dll + 2008-04-23 04:16:39 63,488 ----a-w C:\WINDOWS\system32\icardie.dll - 2008-02-29 08:56:41 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe + 2008-04-22 07:41:08 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe - 2008-03-01 12:58:06 153,088 ------w C:\WINDOWS\system32\ieakeng.dll + 2008-04-23 04:16:39 153,088 ------w C:\WINDOWS\system32\ieakeng.dll - 2008-03-01 12:58:06 230,400 ------w C:\WINDOWS\system32\ieaksie.dll + 2008-04-23 04:16:39 230,400 ------w C:\WINDOWS\system32\ieaksie.dll - 2008-02-15 05:44:25 161,792 ------w C:\WINDOWS\system32\ieakui.dll + 2008-04-20 05:07:51 161,792 ------w C:\WINDOWS\system32\ieakui.dll - 2008-03-01 12:58:07 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll + 2008-04-23 04:16:39 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll - 2008-03-01 12:58:07 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll + 2008-04-23 04:16:39 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll - 2008-03-01 12:58:08 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll + 2008-04-23 04:16:39 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll - 2008-03-01 12:58:08 44,544 ------w C:\WINDOWS\system32\iernonce.dll + 2008-04-23 04:16:39 44,544 ------w C:\WINDOWS\system32\iernonce.dll - 2008-03-01 12:58:08 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll + 2008-04-23 04:16:39 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll - 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe + 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe - 2008-03-01 12:58:08 27,648 ------w C:\WINDOWS\system32\jsproxy.dll + 2008-04-23 04:16:40 27,648 ------w C:\WINDOWS\system32\jsproxy.dll - 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe + 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe - 2008-03-01 12:58:08 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll + 2008-04-23 04:16:40 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll - 2008-03-01 12:58:08 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll + 2008-04-23 04:16:40 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll - 2008-03-01 16:28:10 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll + 2008-04-23 20:16:42 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll - 2008-03-01 12:58:09 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll + 2008-04-23 04:16:40 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll - 2008-03-01 12:58:10 193,024 ------w C:\WINDOWS\system32\msrating.dll + 2008-04-23 04:16:40 193,024 ------w C:\WINDOWS\system32\msrating.dll - 2008-03-01 12:58:10 671,232 ------w C:\WINDOWS\system32\mstime.dll + 2008-04-23 04:16:40 671,232 ------w C:\WINDOWS\system32\mstime.dll - 2003-04-18 14:46:22 1,233,920 ----a-w C:\WINDOWS\system32\msxml4.dll + 2007-05-08 13:03:04 1,275,392 ----a-w C:\WINDOWS\system32\msxml4.dll - 2008-03-01 12:58:10 102,912 ------w C:\WINDOWS\system32\occache.dll + 2008-04-23 04:16:40 102,912 ------w C:\WINDOWS\system32\occache.dll - 2008-06-21 09:38:08 42,434 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-06-22 09:53:07 42,434 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-06-21 09:38:08 60,214 ----a-w C:\WINDOWS\system32\perfc00C.dat + 2008-06-22 09:53:07 60,214 ----a-w C:\WINDOWS\system32\perfc00C.dat - 2008-06-21 09:38:08 317,772 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-06-22 09:53:07 317,772 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-06-21 09:38:08 396,828 ----a-w C:\WINDOWS\system32\perfh00C.dat + 2008-06-22 09:53:07 396,828 ----a-w C:\WINDOWS\system32\perfh00C.dat - 2008-03-01 12:58:10 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll + 2008-04-23 04:16:40 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll - 2006-12-10 13:10:04 15,664 ------w C:\WINDOWS\system32\spmsg.dll + 2007-11-30 11:19:06 18,296 ------w C:\WINDOWS\system32\spmsg.dll - 2008-03-01 12:58:10 105,984 ----a-w C:\WINDOWS\system32\url.dll + 2008-04-23 04:16:40 105,984 ----a-w C:\WINDOWS\system32\url.dll - 2008-03-01 12:58:10 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll + 2008-04-23 04:16:40 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll - 2008-03-01 12:58:11 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll + 2008-04-23 04:16:40 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll + 2008-06-22 10:07:17 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_688.dat + 2008-06-22 10:07:30 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_84.dat + 2007-05-08 13:06:44 1,275,392 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll + 2007-04-18 08:36:40 82,432 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45 1052672] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2005-09-15 21:11 68856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.yv12"= yv12vfw.dll "VIDC.NTN1"= ntcodec.ax [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\WINDOWS\\system32\\lxcrcoms.exe"= "C:\\Program Files\\SopCast\\SopCast.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Documents and Settings\\Administrateur\\Application Data\\SopCast\\adv\\SopAdver.exe"= "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "C:\\Program Files\\TVAnts\\Tvants.exe"= "C:\\Program Files\\UltraVNC\\vncviewer.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Globe7\\Globe7Phone.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "12416:TCP"= 12416:TCP:NortonAV "14204:TCP"= 14204:TCP:NortonAV "12687:TCP"= 12687:TCP:NortonAV "13645:TCP"= 13645:TCP:NortonAV "17044:TCP"= 17044:TCP:NortonAV "15188:TCP"= 15188:TCP:NortonAV "13574:TCP"= 13574:TCP:NortonAV "15754:TCP"= 15754:TCP:NortonAV "16093:TCP"= 16093:TCP:NortonAV "15589:TCP"= 15589:TCP:NortonAV "18717:TCP"= 18717:TCP:NortonAV "14350:TCP"= 14350:TCP:NortonAV "16964:TCP"= 16964:TCP:NortonAV R3 SPC220NC;Philips SPC220NC Webcam;C:\WINDOWS\system32\DRIVERS\SPC220NC.SYS [2007-01-09 17:59] R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 14:00] S3 NUVision;Hauppauge WinTV USB (PAL/SECAM);C:\WINDOWS\system32\DRIVERS\NUVision.sys [1999-09-07 19:14] S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-11-18 14:36] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{196916fa-77cb-11dc-92e7-005056c00008}] \Shell\AutoRun\command - J:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{487f0ba9-ec7d-11dc-93dc-005056c00008}] \Shell\AutoRun\command - tmf3w3g0.com \Shell\explore\Command - tmf3w3g0.com \Shell\open\Command - tmf3w3g0.com . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-22 12:07:36 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avast!upnphost] "ImagePath"="ð%€|x\01\09 srv" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvcsrservice] "ImagePath"="ð%€|x\01\09 srv" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv] "ImagePath"="\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSNTlntSvr] "ImagePath"="ð%€|x\01\09 srv" . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Philips\Philips SPC220NC Webcam\TrayMin220.exe C:\Program Files\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter\WLANUTL.exe C:\WINDOWS\system32\lxcrcoms.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\VMware\VMware Workstation\vmware-authd.exe C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe C:\WINDOWS\system32\vmnat.exe C:\WINDOWS\system32\searchindexer.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\searchprotocolhost.exe C:\WINDOWS\system32\searchfilterhost.exe . ************************************************************************** . Temps d'accomplissement: 2008-06-22 12:13:56 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-22 10:13:52 ComboFix2.txt 2008-06-21 11:59:49 ComboFix3.txt 2008-06-21 09:16:15 Pre-Run: 4,178,751,488 octets libres Post-Run: 4,174,786,560 octets libres 438 --- E O F --- 2008-06-21 20:36:19
-
Merci de répondre aussi vite. J'ai fait ce que tu m'as dit. Il faut également savoir que depuis que j'ai supprimer un truc qui s'appelait ctfmona.exe (et pas ctfmon.exe), j'ai eu de nouveau accès au gestionnaire de processus. Mais je viens de remarquer que je ne peut pas changer de fond d'écran. Dans "Propriété de l'affichage", je n'ai plus d'onglet. Voila mon nouveau rapport avec ComboFix: ComboFix 08-06-20.4 - Administrateur 2008-06-21 13:55:23.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.386 [GMT 2:00] Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Administrateur\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe * Création d'un nouveau point de restauration . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrateur\Application Data\urlredir.cfg . ((((((((((((((((((((((((((((( Fichiers créés 2008-05-21 to 2008-06-21 )))))))))))))))))))))))))))))))))))) . 2008-06-21 12:18 . 2008-06-21 12:30 <REP> d-------- C:\Program Files\Globe7 2008-06-21 12:18 . 2008-06-21 12:18 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Globe7 2008-06-21 11:47 . 2008-06-21 11:47 268 --ah----- C:\sqmdata01.sqm 2008-06-21 11:47 . 2008-06-21 11:47 244 --ah----- C:\sqmnoopt01.sqm 2008-06-21 11:41 . 2008-06-21 11:41 <REP> d-------- C:\WINDOWS\LastGood 2008-06-21 11:41 . 2008-06-21 11:41 <REP> d--h----- C:\WINDOWS\$hf_mig$ 2008-06-21 11:28 . 2008-06-21 11:28 <REP> d-------- C:\Program Files\CCleaner 2008-06-21 10:42 . 2008-06-21 10:42 268 --ah----- C:\sqmdata00.sqm 2008-06-21 10:42 . 2008-06-21 10:42 244 --ah----- C:\sqmnoopt00.sqm 2008-06-20 20:49 . 2008-06-21 10:56 0 --a------ C:\WINDOWS\win.ini 2008-06-18 00:26 . 2008-06-18 00:26 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\TaoUSign 2008-06-16 19:06 . 2008-06-16 19:06 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\shcen3j0etap 2008-06-16 16:12 . 2008-06-16 16:12 20,786 --a------ C:\WINDOWS\system32\phndmsah.dll 2008-06-14 23:45 . 2008-06-14 23:45 20,786 --a------ C:\WINDOWS\system32\pufjtggn.dll 2008-06-13 23:43 . 2008-06-13 23:43 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\AXPFixer 2008-06-13 22:44 . 2008-06-13 22:44 32 --a-s---- C:\WINDOWS\system32\1759711545.dat 2008-06-12 11:31 . 2008-06-12 11:31 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Samsung 2008-06-12 11:26 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll 2008-06-12 11:26 . 2007-07-03 16:58 106,792 --a------ C:\WINDOWS\system32\drivers\sscdmdm.sys 2008-06-12 11:26 . 2007-07-03 16:54 80,552 --a------ C:\WINDOWS\system32\drivers\sscdbus.sys 2008-06-12 11:26 . 2007-07-03 16:57 11,944 --a------ C:\WINDOWS\system32\drivers\sscdmdfl.sys 2008-06-12 11:26 . 2007-07-03 17:00 9,256 --a------ C:\WINDOWS\system32\drivers\sscdwhnt.sys 2008-06-12 11:26 . 2007-07-03 17:00 9,256 --a------ C:\WINDOWS\system32\drivers\sscdwh.sys 2008-06-12 11:26 . 2007-07-03 16:56 9,256 --a------ C:\WINDOWS\system32\drivers\sscdcmnt.sys 2008-06-12 11:26 . 2007-07-03 16:56 9,256 --a------ C:\WINDOWS\system32\drivers\sscdcm.sys 2008-06-12 11:25 . 2008-06-12 11:26 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers 2008-06-12 11:25 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys 2008-06-12 11:25 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-06-12 11:24 . 2008-06-12 11:24 <REP> d-------- C:\Program Files\Samsung 2008-06-10 13:06 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-06-10 13:06 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-06-10 13:06 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-06-10 12:35 . 2008-06-10 12:36 <REP> d-------- C:\Program Files\Windows Live 2008-06-10 12:35 . 2008-06-10 12:35 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-06-10 12:35 . 2008-06-10 12:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-06-03 00:59 . 2008-06-03 00:59 <REP> d-------- C:\Program Files\UltraVNC 2008-06-03 00:37 . 2008-06-03 00:37 <REP> d--hs---- C:\found.000 2008-06-03 00:18 . 2008-06-03 00:25 14,848 --a------ C:\WINDOWS\system32\WinCtrl32(2).dll 2008-06-03 00:17 . 2008-06-21 10:49 269,334 --a------ C:\WINDOWS\system32\ctfmonb.bmp 2008-06-03 00:17 . 2008-06-21 10:49 160,256 --a------ C:\WINDOWS\system32\blackster.scr . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-21 09:48 --------- d-----w C:\Program Files\lx_cats 2008-06-21 09:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-06-21 09:33 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware 2008-06-21 09:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware 2008-06-20 18:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-06-16 16:49 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\FaxCtr 2008-06-12 09:28 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-10 18:55 --------- d-----w C:\Program Files\WinamaxPoker 2008-06-10 10:36 --------- d-----w C:\Program Files\MSN Messenger 2008-06-07 17:16 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\VMware 2008-05-24 04:54 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\dvdcss 2008-05-20 09:47 --------- d-----w C:\Program Files\Everest Poker 2008-05-08 16:57 --------- d-----w C:\Program Files\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter 2008-04-28 15:03 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\uTorrent 2008-04-15 13:23 3,426,072 ----a-w C:\WINDOWS\system32\d3dx9_32.dll 2008-04-09 14:18 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-02-09 16:53 24,192 ----a-w C:\Documents and Settings\Administrateur\usbsermptxp.sys 2008-02-09 16:53 22,768 ----a-w C:\Documents and Settings\Administrateur\usbsermpt.sys . ------- Sigcheck ------- 2007-10-30 19:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\dllcache\tcpip.sys 2007-10-30 19:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( snapshot@2008-06-21_11.16.00.12 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-21 09:09:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-21 09:33:33 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2006-10-26 19:17:08 11,072 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\XLCALL32.DLL - 2008-06-10 18:59:46 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe + 2008-06-21 09:36:32 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe - 2008-06-10 18:59:46 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe + 2008-06-21 09:36:33 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe - 2008-06-10 18:59:46 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe + 2008-06-21 09:36:32 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe - 2008-06-10 18:59:46 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe + 2008-06-21 09:36:33 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe - 2008-06-10 18:59:46 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe + 2008-06-21 09:36:33 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe - 2008-06-10 18:59:47 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe + 2008-06-21 09:36:33 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe - 2008-06-10 18:59:46 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe + 2008-06-21 09:36:32 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe - 2008-06-10 18:59:46 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe + 2008-06-21 09:36:32 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe - 2008-06-10 18:59:46 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe + 2008-06-21 09:36:33 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe - 2008-06-10 18:59:47 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe + 2008-06-21 09:36:33 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe - 2008-06-10 18:59:46 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe + 2008-06-21 09:36:32 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe - 2008-06-21 08:56:41 42,298 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-06-21 09:38:08 42,434 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-06-21 08:56:41 59,974 ----a-w C:\WINDOWS\system32\perfc00C.dat + 2008-06-21 09:38:08 60,214 ----a-w C:\WINDOWS\system32\perfc00C.dat - 2008-06-21 08:56:41 317,636 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-06-21 09:38:08 317,772 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-06-21 08:56:41 396,410 ----a-w C:\WINDOWS\system32\perfh00C.dat + 2008-06-21 09:38:08 396,828 ----a-w C:\WINDOWS\system32\perfh00C.dat + 2008-06-21 09:33:37 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_420.dat + 2008-06-21 09:33:56 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_97c.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DAB7019C-F110-4E34-ADC3-B2A62ECE4A2C}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45 1052672] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2005-09-15 21:11 68856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360] C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2005-09-15 21:11:51 125624] TrayMin220.lnk - C:\Program Files\Philips\Philips SPC220NC Webcam\TrayMin220.exe [2007-10-13 14:43:05 278528] Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter\WLANUTL.exe [2008-05-08 18:57:39 757760] Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljgfef] mljgfef.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.yv12"= yv12vfw.dll "VIDC.NTN1"= ntcodec.ax [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\chW06.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iiX00.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\isX03.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lbV11.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pkK77.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winbb36.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wincm41.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windn74.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wines47.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winex85.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winff77.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfk52.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfk66.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfp00.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winhm41.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winid22.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winii30.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winis22.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjo77.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winot30.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winpk82.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winpp71.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winql22.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winqv82.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winrc06.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winrm30.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winrr06.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winty44.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winuu47.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winvg58.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winvl55.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winvl77.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwc36.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winxd22.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winxs60.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winye85.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\advap32] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rbnpsrv.exe/r [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmona] C:\WINDOWS\system32\ctfmona.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\f0ae05ca] C:\WINDOWS\system32\bthhxugo.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hid_start] C:\WINDOWS\system32\gzmrotate.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\WINDOWS\\system32\\lxcrcoms.exe"= "C:\\Program Files\\SopCast\\SopCast.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Documents and Settings\\Administrateur\\Application Data\\SopCast\\adv\\SopAdver.exe"= "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "C:\\Program Files\\TVAnts\\Tvants.exe"= "C:\\Program Files\\UltraVNC\\vncviewer.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Globe7\\Globe7Phone.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "12416:TCP"= 12416:TCP:NortonAV "14204:TCP"= 14204:TCP:NortonAV "12687:TCP"= 12687:TCP:NortonAV "13645:TCP"= 13645:TCP:NortonAV "17044:TCP"= 17044:TCP:NortonAV "15188:TCP"= 15188:TCP:NortonAV "13574:TCP"= 13574:TCP:NortonAV "15754:TCP"= 15754:TCP:NortonAV "16093:TCP"= 16093:TCP:NortonAV "15589:TCP"= 15589:TCP:NortonAV "18717:TCP"= 18717:TCP:NortonAV "14350:TCP"= 14350:TCP:NortonAV "16964:TCP"= 16964:TCP:NortonAV R3 SPC220NC;Philips SPC220NC Webcam;C:\WINDOWS\system32\DRIVERS\SPC220NC.SYS [2007-01-09 17:59] R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 14:00] R3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-11-18 14:36] S0 iiX00;iiX00;C:\WINDOWS\system32\Drivers\iiX00.sys [] S0 isX03;isX03;C:\WINDOWS\system32\Drivers\isX03.sys [] S0 lbV11;lbV11;C:\WINDOWS\system32\Drivers\lbV11.sys [] S0 pkK77;pkK77;C:\WINDOWS\system32\Drivers\pkK77.sys [] S0 Winbb36;Winbb36;C:\WINDOWS\system32\Drivers\Winbb36.sys [] S0 Wincm41;Wincm41;C:\WINDOWS\system32\Drivers\Wincm41.sys [] S0 Windn74;Windn74;C:\WINDOWS\system32\Drivers\Windn74.sys [] S0 Wines47;Wines47;C:\WINDOWS\system32\Drivers\Wines47.sys [] S0 Winex85;Winex85;C:\WINDOWS\system32\Drivers\Winex85.sys [] S0 Winff77;Winff77;C:\WINDOWS\system32\Drivers\Winff77.sys [] S0 Winfk52;Winfk52;C:\WINDOWS\system32\Drivers\Winfk52.sys [] S0 Winfk66;Winfk66;C:\WINDOWS\system32\Drivers\Winfk66.sys [] S0 Winfp00;Winfp00;C:\WINDOWS\system32\Drivers\Winfp00.sys [] S0 Winhm41;Winhm41;C:\WINDOWS\system32\Drivers\Winhm41.sys [] S0 Winid22;Winid22;C:\WINDOWS\system32\Drivers\Winid22.sys [] S0 Winii30;Winii30;C:\WINDOWS\system32\Drivers\Winii30.sys [] S0 Winis22;Winis22;C:\WINDOWS\system32\Drivers\Winis22.sys [] S0 Winjo77;Winjo77;C:\WINDOWS\system32\Drivers\Winjo77.sys [] S0 Winot30;Winot30;C:\WINDOWS\system32\Drivers\Winot30.sys [] S0 Winpk82;Winpk82;C:\WINDOWS\system32\Drivers\Winpk82.sys [] S0 Winpp71;Winpp71;C:\WINDOWS\system32\Drivers\Winpp71.sys [] S0 Winql22;Winql22;C:\WINDOWS\system32\Drivers\Winql22.sys [] S0 Winqv82;Winqv82;C:\WINDOWS\system32\Drivers\Winqv82.sys [] S0 Winrc06;Winrc06;C:\WINDOWS\system32\Drivers\Winrc06.sys [] S0 Winrm30;Winrm30;C:\WINDOWS\system32\Drivers\Winrm30.sys [] S0 Winrr06;Winrr06;C:\WINDOWS\system32\Drivers\Winrr06.sys [] S0 Winty44;Winty44;C:\WINDOWS\system32\Drivers\Winty44.sys [] S0 Winuu47;Winuu47;C:\WINDOWS\system32\Drivers\Winuu47.sys [] S0 Winvg58;Winvg58;C:\WINDOWS\system32\Drivers\Winvg58.sys [] S0 Winvl55;Winvl55;C:\WINDOWS\system32\Drivers\Winvl55.sys [] S0 Winvl77;Winvl77;C:\WINDOWS\system32\Drivers\Winvl77.sys [] S0 Winwc36;Winwc36;C:\WINDOWS\system32\Drivers\Winwc36.sys [] S0 Winxd22;Winxd22;C:\WINDOWS\system32\Drivers\Winxd22.sys [] S0 Winxs60;Winxs60;C:\WINDOWS\system32\Drivers\Winxs60.sys [] S0 Winye85;Winye85;C:\WINDOWS\system32\Drivers\Winye85.sys [] S3 NUVision;Hauppauge WinTV USB (PAL/SECAM);C:\WINDOWS\system32\DRIVERS\NUVision.sys [1999-09-07 19:14] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{196916fa-77cb-11dc-92e7-005056c00008}] \Shell\AutoRun\command - J:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{487f0ba9-ec7d-11dc-93dc-005056c00008}] \Shell\AutoRun\command - tmf3w3g0.com \Shell\explore\Command - tmf3w3g0.com \Shell\open\Command - tmf3w3g0.com *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-21 13:57:30 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\avast!upnphost] "ImagePath"="ð%€|x\01\09 srv" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\helpsvcsrservice] "ImagePath"="ð%€|x\01\09 srv" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv] "ImagePath"="\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WmdmPmSNTlntSvr] "ImagePath"="ð%€|x\01\09 srv" . Temps d'accomplissement: 2008-06-21 13:59:48 ComboFix-quarantined-files.txt 2008-06-21 11:59:03 ComboFix2.txt 2008-06-21 09:16:15 Pre-Run: 4,342,067,200 octets libres Post-Run: 4,321,734,656 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons 335 --- E O F --- 2008-06-21 09:36:37