Aller au contenu

Garreck

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    10

  • Inscription

  • Dernière visite

Garreck's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. Garreck
    Je me permets de faire un up
  2. Garreck
    Bonsoir, Hier, alors que je souhaitais ouvrir un fichier powerpoint (donc en .ppt) qui était situé sur ma clef USB depuis mon PC tournant sous Vista avec Powerpoint (version 2007; version d'évaluation), le logiciel m'affiche un curieux message d'erreur, en me disant qu' "aucun convertisseur de texte n'est installé pour ce type de fichier". Voici la capture d'écran lors du message d'erreur: Je ne vois vraiment pas d'où cela peut venir, je n'ai jamais eu cela auparavant. Merci d'avance pour votre aide, Cordialement, Garreck.
  3. Garreck
    D'accord, merci
  4. Garreck
    Merci pour le lien Antivir est installé, et j'ai lancé un scan pour que tout soit nikel =) (La fenêtre de scan se nomme "Luke Filewalker", on est sensé y voir un jeu de mot ? ) Je vais passé sur Mac OS dans environ un mois, mais je vais quand même faire la Maj du service pack, c'est toujours utile d'avoir un windows sous la main! Sur ce, merci beaucoup pour votre aide, et bonne continuation sur vos sites
  5. Garreck
    Je n'ai pas ce dossier, mais j'ai un dossier C:\ComboFix, je le supprime ? J'ai fais ta manipulation Merci pour le lien de l'antivirus J'ai déjà lu le topic de prévention, j'ai téléchargé Antivir, le firewall Combo ansi que MalwareBytes' Anti-malware^^ Etant en SP2, dois-je passer en SP3? (comme tu le conseillais sur d'autres topics) Merci en tout cas (encore et encore)
  6. Garreck
    Le voilà: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:16:02, on 26/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\LClock\LClock.exe C:\WINDOWS\system32\atwtusb.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Orbitdownloader\orbitdm.exe C:\Program Files\Orbitdownloader\orbitnet.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\MSN Messenger\livecall.exe C:\Documents and Settings\Julien\Bureau\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\AddOn\AcrobatReader\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: (no name) - {A20A76AD-7A29-4756-87FE-70C334CB40C0} - (no file) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZUxdm080YYFR O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://m6video.m6.fr/1click/install/files/installer2.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://poussinette2988.spaces.msn.com//Pho...ad/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Julien/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg -- End of file - 9536 bytes Content que ça aille mieux (rassuré aussi, plus de fond d'écran d'un rouge sanguinaire ) Merci =)
  7. Garreck
    Bonjour =) Voici le rapport Combofix: ComboFix 08-08-24.03 - Julien 2008-08-26 12:56:02.2 - NTFSx86 Endroit: C:\Documents and Settings\Julien\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Julien\Bureau\CFScript.txt FILE :: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\MyWebSearch Email Plugin.lnk C:\Documents and Settings\Julien\Menu Démarrer\Programmes\Démarrage\MyWebSearch Email Plugin.lnk C:\upload_moi_JULIEN.tar.gz C:\WINDOWS\pss\MyWebSearch Email Plugin.lnk C:\WINDOWS\qalkfxor.dll C:\WINDOWS\rqbmvpso.dll C:\WINDOWS\rvoelbxt.exe C:\WINDOWS\system32\rqttBcfe.ini . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\upload_moi_JULIEN.tar.gz C:\WINDOWS\privacy_danger C:\WINDOWS\privacy_danger\images\capt.gif C:\WINDOWS\privacy_danger\images\danger.jpg C:\WINDOWS\privacy_danger\images\down.gif C:\WINDOWS\privacy_danger\images\spacer.gif C:\WINDOWS\privacy_danger\index.htm C:\WINDOWS\qalkfxor.dll C:\WINDOWS\rqbmvpso.dll C:\WINDOWS\rvoelbxt.exe C:\WINDOWS\system32\rqttBcfe.ini . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-26 to 2008-08-26 )))))))))))))))))))))))))))))))))))) . 2008-08-25 16:18 . 2008-08-25 16:18 <REP> d-------- C:\Documents and Settings\Julien\Application Data\Malwarebytes 2008-08-25 16:17 . 2008-08-25 16:18 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-25 16:17 . 2008-08-25 16:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-25 16:17 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-25 16:17 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-24 23:07 . 2008-08-24 23:36 <REP> d-------- C:\Program Files\Meracl ImageMap Generator 2008-08-20 13:25 . 2008-08-20 13:25 244 --ah----- C:\sqmnoopt12.sqm 2008-08-20 13:25 . 2008-08-20 13:25 232 --ah----- C:\sqmdata12.sqm 2008-08-18 19:57 . 2008-08-18 19:57 <REP> d-------- C:\Documents and Settings\Julien\Application Data\DivX 2008-08-18 19:52 . 2008-08-19 14:25 <REP> d-------- C:\Program Files\Avidemux 2.4 2008-08-18 19:49 . 2008-08-18 19:49 <REP> d-------- C:\Program Files\bobyte 2008-08-18 19:11 . 2008-07-23 18:50 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe 2008-08-18 19:11 . 2008-07-23 18:50 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe 2008-08-18 13:28 . 2008-08-18 13:35 <REP> d-------- C:\Program Files\Yamb 2008-08-13 19:24 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-12 21:49 . 2008-08-12 21:50 <REP> d-------- C:\Program Files\FileZilla FTP Client 2008-08-12 14:11 . 2008-08-12 14:11 <REP> d-------- C:\Documents and Settings\Julien\Application Data\Grisoft 2008-08-12 14:11 . 2008-08-12 14:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-08-12 14:11 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-08-12 01:16 . 2008-08-12 01:16 <REP> d-------- C:\Program Files\Uniblue 2008-08-12 01:16 . 2008-08-12 01:16 <REP> d-------- C:\Documents and Settings\Julien\.LocalCooling 2008-08-12 00:38 . 2008-08-12 12:41 <REP> d-------- C:\Program Files\Arovax AntiSpyware 2008-08-12 00:38 . 2008-08-12 00:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Arovax 2008-08-10 20:29 . 2008-08-12 00:48 <REP> d-------- C:\Unreal Anthology 2008-08-10 20:29 . 1995-07-26 01:00 98,588 --a------ C:\WINDOWS\system32\THREED32.ocx 2008-08-10 20:29 . 1995-07-26 01:00 48,640 --a------ C:\WINDOWS\system32\GRID32.ocx 2008-08-10 20:29 . 1997-01-16 10:11 44,831 --a------ C:\WINDOWS\system32\PICCLP32.ocx 2008-08-10 20:29 . 1995-07-26 01:00 43,502 --a------ C:\WINDOWS\system32\MSOUTL32.ocx 2008-08-07 12:56 . 2008-08-12 12:42 <REP> d-------- C:\Documents and Settings\Julien\Application Data\skypePM 2008-08-07 12:56 . 2008-08-07 12:56 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat 2008-08-07 12:54 . 2008-08-12 14:54 <REP> d-------- C:\Documents and Settings\Julien\Application Data\Skype 2008-08-07 12:53 . 2008-08-12 00:47 <REP> d-------- C:\Program Files\Skype 2008-08-07 12:53 . 2008-08-12 00:43 <REP> d-------- C:\Program Files\Fichiers communs\Skype 2008-08-07 12:52 . 2008-08-07 12:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype 2008-08-04 22:29 . 2008-08-18 15:10 <REP> d-------- C:\downloads 2008-08-04 22:29 . 2008-08-04 22:29 <REP> d-------- C:\Documents and Settings\Julien\Application Data\GrabPro 2008-08-04 22:28 . 2008-08-12 12:41 <REP> d-------- C:\Program Files\Orbitdownloader 2008-08-04 22:28 . 2008-08-26 13:25 <REP> d-------- C:\Documents and Settings\Julien\Application Data\Orbit 2008-08-04 14:14 . 2008-08-04 14:14 244 --ah----- C:\sqmnoopt11.sqm 2008-08-04 14:14 . 2008-08-04 14:14 232 --ah----- C:\sqmdata11.sqm 2008-08-03 00:49 . 2008-08-12 00:44 <REP> d-------- C:\Program Files\iPod 2008-07-29 00:18 . 2008-08-12 00:39 <REP> d-------- C:\Documents and Settings\Julien\iWizz 2008-07-29 00:17 . 2008-08-12 00:44 <REP> d-------- C:\Program Files\iWizz 2008-07-29 00:17 . 2008-07-29 00:17 <REP> d-------- C:\Documents and Settings\Julien\.bitrock 2008-07-28 19:04 . 2008-07-28 19:04 6,144 --ahs---- C:\Thumbs.db 2008-07-28 17:12 . 2008-08-12 00:48 <REP> d-------- C:\Program Files\Zeb-Utility 2008-07-26 10:04 . 2003-01-20 09:35 1,040,384 --a------ C:\WINDOWS\system32\libgfl190.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-25 18:36 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-08-24 21:07 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE 2008-08-24 21:07 249,856 ------w C:\WINDOWS\Setup1.exe 2008-08-23 18:41 --------- d-----w C:\Program Files\FileZilla 2008-08-23 18:40 --------- d-----w C:\Documents and Settings\Julien\Application Data\FileZilla 2008-08-22 20:49 1,445 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err 2008-08-19 12:34 --------- d-----w C:\Documents and Settings\Julien\Application Data\Vso 2008-08-19 12:29 --------- d-----w C:\Documents and Settings\Julien\Application Data\gtk-2.0 2008-08-18 17:11 --------- d-----w C:\Program Files\DivX 2008-08-12 10:38 --------- d-----w C:\Program Files\Google 2008-08-11 22:47 --------- d-----w C:\Program Files\VideoLAN 2008-08-11 22:46 --------- d-----w C:\Program Files\Paint.NET 2008-08-11 22:46 --------- d-----w C:\Program Files\OpenOffice.org 2.1 2008-08-11 22:46 --------- d-----w C:\Program Files\OLYMPUS 2008-08-11 22:46 --------- d-----w C:\Program Files\Nvu 2008-08-11 22:46 --------- d-----w C:\Program Files\NudgeMania 2008-08-11 22:46 --------- d-----w C:\Program Files\NSC 2008-08-11 22:46 --------- d-----w C:\Program Files\Notepad++ 2008-08-11 22:46 --------- d-----w C:\Program Files\MSXML 6.0 2008-08-11 22:46 --------- d-----w C:\Program Files\MSXML 4.0 2008-08-11 22:46 --------- d-----w C:\Program Files\MSN Pictures Displayer 2008-08-11 22:45 --------- d-----w C:\Program Files\MSN Messenger 2008-08-11 22:45 --------- d-----w C:\Program Files\MSBuild 2008-08-11 22:45 --------- d-----w C:\Program Files\Movies2iPhone 2008-08-11 22:45 --------- d-----w C:\Program Files\MoviePod 2008-08-11 22:45 --------- d-----w C:\Program Files\Miranda-IM 2008-08-11 22:45 --------- d-----w C:\Program Files\Microsoft.NET 2008-08-11 22:45 --------- d-----w C:\Program Files\Microsoft Works 2008-08-11 22:45 --------- d-----w C:\Program Files\Microsoft Visual Studio 8 2008-08-11 22:43 --------- d-----w C:\Program Files\GIMP-2.0 2008-08-11 22:43 --------- d-----w C:\Program Files\GameSpy Arcade 2008-08-11 22:43 --------- d-----w C:\Program Files\Games-Masters.com 2008-08-11 22:43 --------- d-----w C:\Program Files\Free Buttons(2).org 2008-08-11 22:43 --------- d-----w C:\Program Files\Fichiers communs\xing shared 2008-08-11 22:43 --------- d-----w C:\Program Files\Fichiers communs\Vbox 2008-08-11 22:43 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-08-11 22:43 --------- d-----w C:\Program Files\Fichiers communs\SWF Studio 2008-08-11 22:43 --------- d-----w C:\Program Files\Fichiers communs\River Past 2008-08-11 22:43 --------- d-----w C:\Program Files\Fichiers communs\Real 2008-08-11 22:41 --------- d-----w C:\Program Files\Eidos Interactive 2008-08-11 22:40 --------- d-----w C:\Program Files\Bethesda Softworks 2008-08-11 22:40 --------- d-----w C:\Program Files\Azureus 2008-08-11 22:40 --------- d-----w C:\Program Files\AVSMedia 2008-08-11 22:40 --------- d-----w C:\Program Files\AviSynth 2.5 2008-08-11 22:40 --------- d-----w C:\Program Files\Audacity 2008-08-11 22:40 --------- d-----w C:\Program Files\Apple Software Update 2008-08-11 22:40 --------- d-----w C:\Program Files\AoA MP4 Converter 2008-08-11 22:39 --------- d-----w C:\Program Files\Anuman Interactive 2008-08-11 22:39 --------- d-----w C:\Program Files\Alwil Software 2008-08-11 22:39 --------- d-----w C:\Program Files\Ahead 2008-08-11 22:39 --------- d-----w C:\Documents and Settings\Julien\Application Data\avidemux 2008-08-11 22:30 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-11 22:21 --------- d-----w C:\Documents and Settings\Julien\Application Data\My Games 2008-08-11 21:27 --------- d-----w C:\Documents and Settings\Julien\Application Data\Lavasoft 2008-07-24 21:15 --------- d-----w C:\Documents and Settings\Julien\Application Data\.purple 2008-07-10 07:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys 2008-06-30 16:05 --------- d-----w C:\Documents and Settings\Julien\Application Data\Apple Computer 2008-06-26 13:34 --------- d-----w C:\Documents and Settings\Julien\Application Data\OpenOffice.org2 2008-06-21 14:17 144,784 ----a-w C:\Documents and Settings\Julien\Application Data\GDIPFONTCACHEV1.DAT 2006-11-27 18:04 4 -c--a-w C:\Program Files\SpeechMillLAIPTTSout.pol 2006-11-27 18:04 4 -c--a-w C:\Program Files\SpeechMillLAIPTTSin.pol 2004-06-18 14:47 496,342 -c--a-w C:\Program Files\Aethereality - Romantics.abr 1999-07-07 00:00 6 -csh--r C:\WINDOWS\@@desktop@@.dat 2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll . ------- Sigcheck ------- 2007-06-13 15:22 1885696 f6a1fb157cd2242d2574ea9ec5af473d C:\WINDOWS\explorer.exe 2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2002-08-30 14:00 1398784 e19211efcf80a80f77b9f9d7951ace89 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe 2004-08-20 01:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe 2007-06-13 15:22 1885696 f6a1fb157cd2242d2574ea9ec5af473d C:\WINDOWS\ServicePackFiles\i386\explorer.exe 2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\system32\dllcache\explorer.exe 2002-08-30 14:00 1008128 82fe0d400cb1ac937234467b927b867a C:\WINDOWS\system32\VITrans\explorer.exe . ((((((((((((((((((((((((((((( snapshot@2008-08-25_23.01.24.43 ))))))))))))))))))))))))))))))))))))))))) . - 2007-07-30 17:19:20 92,504 -c--a-w C:\WINDOWS\system32\cdm.dll + 2008-07-18 20:10:48 94,920 ----a-w C:\WINDOWS\system32\cdm.dll - 2007-07-30 17:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll + 2008-07-18 20:10:48 94,920 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll - 2007-07-30 17:19:36 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll + 2008-07-18 20:09:44 563,912 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll - 2007-07-30 17:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe + 2008-07-18 20:10:42 53,448 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe - 2007-07-30 17:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll + 2008-07-18 20:09:42 1,811,656 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll - 2007-07-30 17:19:32 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll + 2008-07-18 20:09:46 325,832 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll - 2007-07-30 17:18:40 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll + 2008-07-18 20:10:20 36,552 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll - 2007-07-30 17:19:28 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll + 2008-07-18 20:09:44 205,000 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll + 2008-07-18 20:10:20 36,552 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll + 2008-07-18 20:10:40 45,768 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll - 2007-07-30 17:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll + 2008-07-18 20:09:44 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll - 2007-07-30 17:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe + 2008-07-18 20:10:42 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe - 2007-07-30 17:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll + 2008-07-18 20:09:42 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll - 2007-07-30 17:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll + 2008-07-18 20:09:46 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll - 2007-07-30 17:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll + 2008-07-18 20:10:20 36,552 ----a-w C:\WINDOWS\system32\wups.dll - 2007-07-30 17:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll + 2008-07-18 20:10:40 45,768 ----a-w C:\WINDOWS\system32\wups2.dll - 2007-07-30 17:19:28 203,096 -c--a-w C:\WINDOWS\system32\wuweb.dll + 2008-07-18 20:09:44 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll + 2008-08-26 11:20:01 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6b8.dat - 2008-08-25 20:37:43 32,768 --sha-w C:\WINDOWS\Temp\Temporary Internet Files\Temporary Internet Files\Content.IE5\index.dat + 2008-08-26 11:24:35 32,768 --sha-w C:\WINDOWS\Temp\Temporary Internet Files\Temporary Internet Files\Content.IE5\index.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-20 02:27 65536] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224] "atwtusb"="atwtusb.exe" [2005-09-21 18:08 290816 C:\WINDOWS\system32\ATWTUSB.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.mpng"= C:\Program Files\t@b\0.947\686\tabdec.dll "vidc.mvjp"= C:\Program Files\t@b\0.947\686\tabdec.dll "vidc.444p"= C:\Program Files\t@b\0.947\686\tabdec.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^EPSON Status Monitor 3 Environment Check 2.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\EPSON Status Monitor 3 Environment Check 2.lnk backup=C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\InterVideo WinCinema Manager.lnk backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Iolo Macro Magic.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Iolo Macro Magic.lnk backup=C:\WINDOWS\pss\Iolo Macro Magic.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Orbit.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Orbit.lnk backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Julien^Menu Démarrer^Programmes^Démarrage^LocalCooling.lnk] path=C:\Documents and Settings\Julien\Menu Démarrer\Programmes\Démarrage\LocalCooling.lnk backup=C:\WINDOWS\pss\LocalCooling.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Julien^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.1.lnk] path=C:\Documents and Settings\Julien\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.1.lnk backup=C:\WINDOWS\pss\OpenOffice.org 2.1.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Julien^Menu Démarrer^Programmes^Démarrage^Stardock ObjectDock.lnk] path=C:\Documents and Settings\Julien\Menu Démarrer\Programmes\Démarrage\Stardock ObjectDock.lnk backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Julien^Menu Démarrer^Programmes^Démarrage^Y'z ToolBar.lnk] path=C:\Documents and Settings\Julien\Menu Démarrer\Programmes\Démarrage\Y'z ToolBar.lnk backup=C:\WINDOWS\pss\Y'z ToolBar.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] --a------ 2008-07-10 09:47 116040 C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Arovax AntiSpyware] --a------ 2007-09-21 14:56 1966080 C:\Program Files\Arovax AntiSpyware\ArovaxAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blaero Start Orb] --a------ 2006-07-30 20:32 575488 C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-20 01:09 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] --a------ 2003-03-11 11:11 114688 C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a------ 2003-03-11 11:24 155648 C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] --a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2008-07-23 14:11 21738792 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler] --a------ 2006-05-03 11:48 307200 C:\Program Files\Styler\Styler.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TransBar] --a------ 2005-06-01 21:41 65536 C:\Documents and Settings\Julien\Local Settings\Application Data\AKSoftware\TransBar\TransBar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar] --a------ 2006-12-25 09:14 6083072 C:\Program Files\Vista Sidebar\sidebar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip] --a------ 2006-10-06 10:21 942080 C:\Program Files\VisualTooltip\VisualToolTip.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT] --a------ 2004-08-23 15:50 122880 C:\PROGRA~1\Wanadoo\Shell.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH] --------- 2004-08-23 14:49 20480 C:\PROGRA~1\Wanadoo\Watch.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\FileZilla\\FileZilla.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "C:\\Program Files\\Orbitdownloader\\orbitnet.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 11:21] R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 11:21] R1 PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.sys [2007-07-15 03:37] R2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-04-26 11:21] R3 {5C8B2B62-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-A;C:\WINDOWS\system32\drivers\A311.sys [2003-03-13 19:13] R3 {5C8B2B65-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-B;C:\WINDOWS\system32\drivers\A310.sys [2003-03-13 19:13] R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\DRIVERS\DP83815.SYS [2003-04-23 04:39] S1 aiptektp;HyperPen;C:\WINDOWS\system32\DRIVERS\aiptektp.sys [2004-07-07 16:02] S3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 21:12] S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2005-07-13 17:37] S3 wampapache;wampapache;c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe [2007-09-05 09:59] S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld [] S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\System32\ZDCndis5.SYS [] . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-New - C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-26 13:22:53 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . --------------------- DLLs a charg‚ sous des processus courants --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\Program Files\RocketDock\RocketDock.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\system32\FTRTSVC.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Orbitdownloader\orbitdm.exe C:\Program Files\Orbitdownloader\orbitnet.exe C:\WINDOWS\system32\verclsid.exe . ************************************************************************** . Temps d'accomplissement: 2008-08-26 13:45:15 - machine was rebooted [Julien] ComboFix-quarantined-files.txt 2008-08-26 11:44:55 ComboFix2.txt 2008-08-25 21:05:25 Pre-Run: 3,584,925,696 octets libres Post-Run: 3,566,620,672 octets libres 352 --- E O F --- 2008-08-13 18:36:20 --------------------------------- --------------------------------- Et le rapport Hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 13:47:40, on 26/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\LClock\LClock.exe C:\WINDOWS\system32\atwtusb.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Orbitdownloader\orbitdm.exe C:\Program Files\Orbitdownloader\orbitnet.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Julien\Mes documents\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\AddOn\AcrobatReader\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: (no name) - {A20A76AD-7A29-4756-87FE-70C334CB40C0} - (no file) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZUxdm080YYFR O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://m6video.m6.fr/1click/install/files/installer2.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://poussinette2988.spaces.msn.com//Pho...ad/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice (file missing) O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe Merci beaucoup d'avance
  8. Garreck
    Rebonsoir, voici le rapport: WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn Merci (encore)
  9. Garreck
    Rebonsoir, voici le rapport: ComboFix 08-08-24.03 - Julien 2008-08-25 21:34:54.1 - NTFSx86 Endroit: C:\Documents and Settings\Julien\Bureau\ComboFix.exe AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . ADS - svchost.exe: deleted 228 bytes in 1 streams. ADS - ntoskrnl.exe: deleted 228 bytes in 1 streams. ADS - explorer.exe: deleted 132 bytes in 1 streams. (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Julien\Application Data\macromedia\Flash Player\#SharedObjects\ZVRMS4BH\static.youku.com C:\Documents and Settings\Julien\Application Data\macromedia\Flash Player\#SharedObjects\ZVRMS4BH\static.youku.com\v1.0.0192\v\swf\qplayer.swf\youku.sol C:\Documents and Settings\Julien\Application Data\macromedia\Flash Player\#SharedObjects\ZVRMS4BH\static.youku.com\v1.0.0284\v\swf\qplayer.swf\qplayer.sol C:\Documents and Settings\Julien\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com C:\Documents and Settings\Julien\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com\settings.sol C:\Program Files\FunWebProducts C:\Program Files\FunWebProducts\ScreenSaver\Images\0275F672.urr C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html C:\Program Files\FunWebProducts\Shared\Cache\MySignatureInsertBtn-new.html C:\Program Files\FunWebProducts\Shared\Cache\MySignatureInsertBtn.html C:\Program Files\FunWebProducts\Shared\Cache\MySignaturePreviewBtn-new.html C:\Program Files\FunWebProducts\Shared\Cache\MySignaturePreviewBtn.html C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html C:\Program Files\MyWebSearch C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL C:\Program Files\MyWebSearch\bar\Cache\00034D27 C:\Program Files\MyWebSearch\bar\Cache\0004A0C0 C:\Program Files\MyWebSearch\bar\Cache\00064529 C:\Program Files\MyWebSearch\bar\Cache\0010223F.bin C:\Program Files\MyWebSearch\bar\Cache\00102424.bin C:\Program Files\MyWebSearch\bar\Cache\00102675.bin C:\Program Files\MyWebSearch\bar\Cache\0010DB00.bin C:\Program Files\MyWebSearch\bar\Cache\0010DE9A.bin C:\Program Files\MyWebSearch\bar\Cache\0010E457.bin C:\Program Files\MyWebSearch\bar\Cache\0010E8BC.bin C:\Program Files\MyWebSearch\bar\Cache\0024F59B.bin C:\Program Files\MyWebSearch\bar\Cache\00448CE3 C:\Program Files\MyWebSearch\bar\Cache\00AC0D3A C:\Program Files\MyWebSearch\bar\Cache\00ACEDE5.bin C:\Program Files\MyWebSearch\bar\Cache\00ACFBA1.bin C:\Program Files\MyWebSearch\bar\Cache\00ACFD47.bin C:\Program Files\MyWebSearch\bar\Cache\00E86E80 C:\Program Files\MyWebSearch\bar\Cache\files.ini C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S C:\Program Files\MyWebSearch\bar\History\search C:\Program Files\MyWebSearch\bar\Settings\prevcfg.htm C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat C:\Program Files\MyWebSearch\bar\Settings\settings.dat C:\Program Files\MyWebSearch\bar\Settings\settings.htm C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL C:\Program Files\newdotnet C:\Program Files\newdotnet\readme.html C:\Program Files\PCHealthCenter C:\Program Files\PCHealthCenter\0.gif C:\Program Files\PCHealthCenter\1.exe C:\Program Files\PCHealthCenter\1.gif C:\Program Files\PCHealthCenter\1.ico C:\Program Files\PCHealthCenter\2.exe C:\Program Files\PCHealthCenter\2.gif C:\Program Files\PCHealthCenter\2.ico C:\Program Files\PCHealthCenter\3.exe C:\Program Files\PCHealthCenter\3.gif C:\Program Files\PCHealthCenter\4.exe C:\Program Files\PCHealthCenter\5.exe C:\Program Files\PCHealthCenter\7.exe C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\envk.exe C:\WINDOWS\privacy_danger C:\WINDOWS\privacy_danger\images\capt.gif C:\WINDOWS\privacy_danger\images\danger.jpg C:\WINDOWS\privacy_danger\images\down.gif C:\WINDOWS\privacy_danger\images\spacer.gif C:\WINDOWS\privacy_danger\index.htm C:\WINDOWS\system32\ahqorh.dll C:\WINDOWS\system32\f3PSSavr.scr C:\WINDOWS\system32\fcccdAQk.dll C:\WINDOWS\system32\hbqqrooj.dll C:\WINDOWS\system32\mTAJQXyb.ini C:\WINDOWS\system32\mTAJQXyb.ini2 C:\WINDOWS\system32\qmraekyy.dll C:\WINDOWS\system32\wvUmjIcY.dll C:\WINDOWS\system32\yykearmq.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_6TO4 -------\Service_6to4 -------\Service_poof ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-25 to 2008-08-25 )))))))))))))))))))))))))))))))))))) . 2008-08-25 18:57 . 2008-08-25 18:57 996,460 --a------ C:\upload_moi_JULIEN.tar.gz 2008-08-25 16:18 . 2008-08-25 16:18 <REP> d-------- C:\Documents and Settings\Julien\Application Data\Malwarebytes 2008-08-25 16:17 . 2008-08-25 16:18 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-25 16:17 . 2008-08-25 16:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-25 16:17 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-25 16:17 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-24 23:07 . 2008-08-24 23:36 <REP> d-------- C:\Program Files\Meracl ImageMap Generator 2008-08-23 23:35 . 2008-08-24 20:32 347 --ahs---- C:\WINDOWS\system32\rqttBcfe.ini 2008-08-23 23:26 . 2008-08-23 19:26 188,416 --a------ C:\WINDOWS\rqbmvpso.dll 2008-08-23 23:26 . 2008-08-23 19:26 155,648 --a------ C:\WINDOWS\qalkfxor.dll 2008-08-23 23:26 . 2008-08-23 19:26 86,016 --a------ C:\WINDOWS\rvoelbxt.exe 2008-08-20 13:25 . 2008-08-20 13:25 244 --ah----- C:\sqmnoopt12.sqm 2008-08-20 13:25 . 2008-08-20 13:25 232 --ah----- C:\sqmdata12.sqm 2008-08-18 19:57 . 2008-08-18 19:57 <REP> d-------- C:\Documents and Settings\Julien\Application Data\DivX 2008-08-18 19:52 . 2008-08-19 14:25 <REP> d-------- C:\Program Files\Avidemux 2.4 2008-08-18 19:49 . 2008-08-18 19:49 <REP> d-------- C:\Program Files\bobyte 2008-08-18 19:11 . 2008-07-23 18:50 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe 2008-08-18 19:11 . 2008-07-23 18:50 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe 2008-08-18 13:28 . 2008-08-18 13:35 <REP> d-------- C:\Program Files\Yamb 2008-08-13 19:24 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-12 21:49 . 2008-08-12 21:50 <REP> d-------- C:\Program Files\FileZilla FTP Client 2008-08-12 14:11 . 2008-08-12 14:11 <REP> d-------- C:\Documents and Settings\Julien\Application Data\Grisoft 2008-08-12 14:11 . 2008-08-12 14:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-08-12 14:11 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-08-12 01:16 . 2008-08-12 01:16 <REP> d-------- C:\Program Files\Uniblue 2008-08-12 01:16 . 2008-08-12 01:16 <REP> d-------- C:\Documents and Settings\Julien\.LocalCooling 2008-08-12 00:38 . 2008-08-12 12:41 <REP> d-------- C:\Program Files\Arovax AntiSpyware 2008-08-12 00:38 . 2008-08-12 00:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Arovax 2008-08-10 20:29 . 2008-08-12 00:48 <REP> d-------- C:\Unreal Anthology 2008-08-10 20:29 . 1995-07-26 01:00 98,588 --a------ C:\WINDOWS\system32\THREED32.ocx 2008-08-10 20:29 . 1995-07-26 01:00 48,640 --a------ C:\WINDOWS\system32\GRID32.ocx 2008-08-10 20:29 . 1997-01-16 10:11 44,831 --a------ C:\WINDOWS\system32\PICCLP32.ocx 2008-08-10 20:29 . 1995-07-26 01:00 43,502 --a------ C:\WINDOWS\system32\MSOUTL32.ocx 2008-08-07 12:56 . 2008-08-12 12:42 <REP> d-------- C:\Documents and Settings\Julien\Application Data\skypePM 2008-08-07 12:56 . 2008-08-07 12:56 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat 2008-08-07 12:54 . 2008-08-12 14:54 <REP> d-------- C:\Documents and Settings\Julien\Application Data\Skype 2008-08-07 12:53 . 2008-08-12 00:47 <REP> d-------- C:\Program Files\Skype 2008-08-07 12:53 . 2008-08-12 00:43 <REP> d-------- C:\Program Files\Fichiers communs\Skype 2008-08-07 12:52 . 2008-08-07 12:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype 2008-08-04 22:29 . 2008-08-18 15:10 <REP> d-------- C:\downloads 2008-08-04 22:29 . 2008-08-04 22:29 <REP> d-------- C:\Documents and Settings\Julien\Application Data\GrabPro 2008-08-04 22:28 . 2008-08-12 12:41 <REP> d-------- C:\Program Files\Orbitdownloader 2008-08-04 22:28 . 2008-08-25 22:39 <REP> d-------- C:\Documents and Settings\Julien\Application Data\Orbit 2008-08-04 14:14 . 2008-08-04 14:14 244 --ah----- C:\sqmnoopt11.sqm 2008-08-04 14:14 . 2008-08-04 14:14 232 --ah----- C:\sqmdata11.sqm 2008-08-03 00:49 . 2008-08-12 00:44 <REP> d-------- C:\Program Files\iPod 2008-07-29 00:18 . 2008-08-12 00:39 <REP> d-------- C:\Documents and Settings\Julien\iWizz 2008-07-29 00:17 . 2008-08-12 00:44 <REP> d-------- C:\Program Files\iWizz 2008-07-29 00:17 . 2008-07-29 00:17 <REP> d-------- C:\Documents and Settings\Julien\.bitrock 2008-07-28 19:04 . 2008-07-28 19:04 6,144 --ahs---- C:\Thumbs.db 2008-07-28 17:12 . 2008-08-12 00:48 <REP> d-------- C:\Program Files\Zeb-Utility 2008-07-26 10:04 . 2003-01-20 09:35 1,040,384 --a------ C:\WINDOWS\system32\libgfl190.dll 2008-07-25 10:36 . 2008-07-25 10:36 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe 2008-07-25 10:36 . 2008-07-25 10:36 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-25 18:36 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-08-24 21:07 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE 2008-08-24 21:07 249,856 ------w C:\WINDOWS\Setup1.exe 2008-08-23 18:41 --------- d-----w C:\Program Files\FileZilla 2008-08-23 18:40 --------- d-----w C:\Documents and Settings\Julien\Application Data\FileZilla 2008-08-22 20:49 1,445 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err 2008-08-19 12:34 --------- d-----w C:\Documents and Settings\Julien\Application Data\Vso 2008-08-19 12:29 --------- d-----w C:\Documents and Settings\Julien\Application Data\gtk-2.0 2008-08-18 17:11 --------- d-----w C:\Program Files\DivX 2008-08-12 10:38 --------- d-----w C:\Program Files\Google 2008-08-11 22:47 --------- d-----w C:\Program Files\VideoLAN 2008-08-11 22:46 --------- d-----w C:\Program Files\Paint.NET 2008-08-11 22:46 --------- d-----w C:\Program Files\OpenOffice.org 2.1 2008-08-11 22:46 --------- d-----w C:\Program Files\OLYMPUS 2008-08-11 22:46 --------- d-----w C:\Program Files\Nvu 2008-08-11 22:46 --------- d-----w C:\Program Files\NudgeMania 2008-08-11 22:46 --------- d-----w C:\Program Files\NSC 2008-08-11 22:46 --------- d-----w C:\Program Files\Notepad++ 2008-08-11 22:46 --------- d-----w C:\Program Files\MSXML 6.0 2008-08-11 22:46 --------- d-----w C:\Program Files\MSXML 4.0 2008-08-11 22:46 --------- d-----w C:\Program Files\MSN Pictures Displayer 2008-08-11 22:45 --------- d-----w C:\Program Files\MSN Messenger 2008-08-11 22:45 --------- d-----w C:\Program Files\MSBuild 2008-08-11 22:45 --------- d-----w C:\Program Files\Movies2iPhone 2008-08-11 22:45 --------- d-----w C:\Program Files\MoviePod 2008-08-11 22:45 --------- d-----w C:\Program Files\Miranda-IM 2008-08-11 22:45 --------- d-----w C:\Program Files\Microsoft.NET 2008-08-11 22:45 --------- d-----w C:\Program Files\Microsoft Works 2008-08-11 22:45 --------- d-----w C:\Program Files\Microsoft Visual Studio 8 2008-08-11 22:43 --------- d-----w C:\Program Files\GIMP-2.0 2008-08-11 22:43 --------- d-----w C:\Program Files\GameSpy Arcade 2008-08-11 22:43 --------- d-----w C:\Program Files\Games-Masters.com 2008-08-11 22:43 --------- d-----w C:\Program Files\Free Buttons(2).org 2008-08-11 22:43 --------- d-----w C:\Program Files\Fichiers communs\xing shared 2008-08-11 22:43 --------- d-----w C:\Program Files\Fichiers communs\Vbox 2008-08-11 22:43 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-08-11 22:43 --------- d-----w C:\Program Files\Fichiers communs\SWF Studio 2008-08-11 22:43 --------- d-----w C:\Program Files\Fichiers communs\River Past 2008-08-11 22:43 --------- d-----w C:\Program Files\Fichiers communs\Real 2008-08-11 22:41 --------- d-----w C:\Program Files\Eidos Interactive 2008-08-11 22:40 --------- d-----w C:\Program Files\Bethesda Softworks 2008-08-11 22:40 --------- d-----w C:\Program Files\Azureus 2008-08-11 22:40 --------- d-----w C:\Program Files\AVSMedia 2008-08-11 22:40 --------- d-----w C:\Program Files\AviSynth 2.5 2008-08-11 22:40 --------- d-----w C:\Program Files\Audacity 2008-08-11 22:40 --------- d-----w C:\Program Files\Apple Software Update 2008-08-11 22:40 --------- d-----w C:\Program Files\AoA MP4 Converter 2008-08-11 22:39 --------- d-----w C:\Program Files\Anuman Interactive 2008-08-11 22:39 --------- d-----w C:\Program Files\Alwil Software 2008-08-11 22:39 --------- d-----w C:\Program Files\Ahead 2008-08-11 22:39 --------- d-----w C:\Documents and Settings\Julien\Application Data\avidemux 2008-08-11 22:30 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-11 22:21 --------- d-----w C:\Documents and Settings\Julien\Application Data\My Games 2008-08-11 21:27 --------- d-----w C:\Documents and Settings\Julien\Application Data\Lavasoft 2008-07-24 21:15 --------- d-----w C:\Documents and Settings\Julien\Application Data\.purple 2008-07-10 07:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys 2008-06-30 16:05 --------- d-----w C:\Documents and Settings\Julien\Application Data\Apple Computer 2008-06-26 13:34 --------- d-----w C:\Documents and Settings\Julien\Application Data\OpenOffice.org2 2008-06-21 14:17 144,784 ----a-w C:\Documents and Settings\Julien\Application Data\GDIPFONTCACHEV1.DAT 2006-11-27 18:04 4 -c--a-w C:\Program Files\SpeechMillLAIPTTSout.pol 2006-11-27 18:04 4 -c--a-w C:\Program Files\SpeechMillLAIPTTSin.pol 2004-06-18 14:47 496,342 -c--a-w C:\Program Files\Aethereality - Romantics.abr 1998-08-24 10:09 10,000 ----a-w C:\WINDOWS\inf\unregpn.exe 1999-07-07 00:00 6 -csh--r C:\WINDOWS\@@desktop@@.dat 2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll . ------- Sigcheck ------- 2007-06-13 15:22 1885696 f6a1fb157cd2242d2574ea9ec5af473d C:\WINDOWS\explorer.exe 2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2002-08-30 14:00 1398784 e19211efcf80a80f77b9f9d7951ace89 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe 2004-08-20 01:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe 2007-06-13 15:22 1885696 f6a1fb157cd2242d2574ea9ec5af473d C:\WINDOWS\ServicePackFiles\i386\explorer.exe 2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\system32\dllcache\explorer.exe 2002-08-30 14:00 1008128 82fe0d400cb1ac937234467b927b867a C:\WINDOWS\system32\VITrans\explorer.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{F4FCB8FD-9E2C-43F3-8580-680B2D8EB138}"= "C:\WINDOWS\qalkfxor.dll" [2008-08-23 19:26 155648] [HKEY_CLASSES_ROOT\clsid\{f4fcb8fd-9e2c-43f3-8580-680b2d8eb138}] [HKEY_CLASSES_ROOT\qalkfxor.1] [HKEY_CLASSES_ROOT\TypeLib\{B6714679-D1D1-41CD-B964-6CBC52FC78BC}] [HKEY_CLASSES_ROOT\qalkfxor] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-20 02:27 65536] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224] "atwtusb"="atwtusb.exe" [2005-09-21 18:08 290816 C:\WINDOWS\system32\ATWTUSB.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1] Source= file:///C:\WINDOWS\privacy_danger\index.htm FriendlyName= Privacy Protection [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "rqbmvpso"= {8BA87228-AD72-43F2-BC7C-007D3E065E3C} - C:\WINDOWS\rqbmvpso.dll [2008-08-23 19:26 188416] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=ahqorh.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.mpng"= C:\Program Files\t@b\0.947\686\tabdec.dll "vidc.mvjp"= C:\Program Files\t@b\0.947\686\tabdec.dll "vidc.444p"= C:\Program Files\t@b\0.947\686\tabdec.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^EPSON Status Monitor 3 Environment Check 2.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\EPSON Status Monitor 3 Environment Check 2.lnk backup=C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\InterVideo WinCinema Manager.lnk backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Iolo Macro Magic.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Iolo Macro Magic.lnk backup=C:\WINDOWS\pss\Iolo Macro Magic.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^MyWebSearch Email Plugin.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\MyWebSearch Email Plugin.lnk backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Orbit.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Orbit.lnk backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Julien^Menu Démarrer^Programmes^Démarrage^LocalCooling.lnk] path=C:\Documents and Settings\Julien\Menu Démarrer\Programmes\Démarrage\LocalCooling.lnk backup=C:\WINDOWS\pss\LocalCooling.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Julien^Menu Démarrer^Programmes^Démarrage^MyWebSearch Email Plugin.lnk] path=C:\Documents and Settings\Julien\Menu Démarrer\Programmes\Démarrage\MyWebSearch Email Plugin.lnk backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Julien^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.1.lnk] path=C:\Documents and Settings\Julien\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.1.lnk backup=C:\WINDOWS\pss\OpenOffice.org 2.1.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Julien^Menu Démarrer^Programmes^Démarrage^Stardock ObjectDock.lnk] path=C:\Documents and Settings\Julien\Menu Démarrer\Programmes\Démarrage\Stardock ObjectDock.lnk backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Julien^Menu Démarrer^Programmes^Démarrage^Y'z ToolBar.lnk] path=C:\Documents and Settings\Julien\Menu Démarrer\Programmes\Démarrage\Y'z ToolBar.lnk backup=C:\WINDOWS\pss\Y'z ToolBar.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] --a------ 2008-07-10 09:47 116040 C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Arovax AntiSpyware] --a------ 2007-09-21 14:56 1966080 C:\Program Files\Arovax AntiSpyware\ArovaxAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blaero Start Orb] --a------ 2006-07-30 20:32 575488 C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-20 01:09 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] --a------ 2003-03-11 11:11 114688 C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a------ 2003-03-11 11:24 155648 C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] --a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2008-07-23 14:11 21738792 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler] --a------ 2006-05-03 11:48 307200 C:\Program Files\Styler\Styler.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TransBar] --a------ 2005-06-01 21:41 65536 C:\Documents and Settings\Julien\Local Settings\Application Data\AKSoftware\TransBar\TransBar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar] --a------ 2006-12-25 09:14 6083072 C:\Program Files\Vista Sidebar\sidebar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip] --a------ 2006-10-06 10:21 942080 C:\Program Files\VisualTooltip\VisualToolTip.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT] --a------ 2004-08-23 15:50 122880 C:\PROGRA~1\Wanadoo\Shell.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH] --------- 2004-08-23 14:49 20480 C:\PROGRA~1\Wanadoo\Watch.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\FileZilla\\FileZilla.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "C:\\Program Files\\Orbitdownloader\\orbitnet.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 11:21] R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 11:21] R1 PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.sys [2007-07-15 03:37] R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\DRIVERS\DP83815.SYS [2003-04-23 04:39] S1 aiptektp;HyperPen;C:\WINDOWS\system32\DRIVERS\aiptektp.sys [2004-07-07 16:02] S3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 21:12] . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' . - - - - ORPHANS REMOVED - - - - BHO-{E9A7F8AE-3B47-4113-8C7E-C2F0ADB8B62B} - C:\WINDOWS\system32\byXQJATm.dll HKCU-Run-LeechGet - (no file) HKLM-Run-6ce91a53 - C:\WINDOWS\system32\qmraekyy.dll HKU-Default-Run-ALUAlert - C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe MSConfigStartUp-AnyDVD - C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe MSConfigStartUp-CloneCDTray - C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe MSConfigStartUp-FLMLABTECMOUSE - C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe MSConfigStartUp-InCD - C:\Program Files\Ahead\InCD\InCD.exe MSConfigStartUp-MyWebSearch Email Plugin - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe MSConfigStartUp-New - C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL MSConfigStartUp-PSPVideo9 - C:\Program Files\pspvideo9\pspvideo9.exe MSConfigStartUp-TXP - c:\program files\topthemesxp\txp.exe MSConfigStartUp-Veoh - C:\Program Files\Veoh Networks\Veoh\VeohClient.exe MSConfigStartUp-Videora - C:\Program Files\Videora\Videora.exe MSConfigStartUp-WinampAgent - C:\Program Files\Winamp\winampa.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\33fi4eaq.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT469748&SearchSource=3&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/firefox?client=firefox-a&rls=org.mozilla:fr:official FF -: plugin - C:\AddOn\AcrobatReader\Reader\browser\nppdf32.dll FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-25 22:35:42 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... C:\WINDOWS\privacy_danger C:\WINDOWS\system32\wuauclt.exe.wusetup.699937.bak 53080 bytes executable C:\WINDOWS\system32\wuaueng.dll.wusetup.708968.bak 1712984 bytes executable Scan termin‚ avec succŠs Les fichiers cach‚s: 3 ************************************************************************** . --------------------- DLLs a charg‚ sous des processus courants --------------------- PROCESS: C:\WINDOWS\Explorer.EXE -> C:\Program Files\LClock\LC.dll -> C:\WINDOWS\rqbmvpso.dll -> C:\Program Files\RocketDock\RocketDock.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\system32\FTRTSVC.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\slserv.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Orbitdownloader\orbitdm.exe C:\Program Files\Orbitdownloader\orbitnet.exe . ************************************************************************** . Temps d'accomplissement: 2008-08-25 23:05:20 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-25 21:05:00 Pre-Run: 3,749,859,328 octets libres Post-Run: 3,636,457,472 octets libres 450 --- E O F --- 2008-08-13 18:36:20 Merci beaucoup d'avance
  10. Garreck
    Bonsoir à tous, Mon ordinateur a été infecté par - je pense - un malware. J'ai des BSOD fréquents, plantages au démarage, et j'ai eu un fond d'écran rouge avec "Your privacy is in danger". Bref.. Aussi, quelques pubs par-ci par là, Internet Explorer qui se démarre tout seul.. (Cependant le navigateur que j'utilise le plus souvent est Firefox) Mon antivirus est Avast! (mais d'après ce que j'ai lu je vais vite changer). ------------------------------------------------------------------------------------------------------------------------------- ------------------------------------------------------------------------------------------------------------------------------- Voici le rapport HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 20:22:38, on 25/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\LClock\LClock.exe C:\WINDOWS\system32\atwtusb.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\explorer.exe C:\Program Files\Alwil Software\Avast4\setup\avast.setup C:\Documents and Settings\Julien\Mes documents\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\AddOn\AcrobatReader\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O2 - BHO: (no name) - {74CE56FF-3469-47C0-93E1-D0CB8B203EA9} - C:\WINDOWS\system32\wvUmjIcY.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: {16a42d8b-949c-8358-c834-c8c14082433d} - {d3342804-1c8c-438c-8538-c949b8d24a61} - C:\WINDOWS\system32\ahqorh.dll O2 - BHO: (no name) - {E9A7F8AE-3B47-4113-8C7E-C2F0ADB8B62B} - C:\WINDOWS\system32\byXQJATm.dll (file missing) O3 - Toolbar: (no name) - {A20A76AD-7A29-4756-87FE-70C334CB40C0} - (no file) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll O3 - Toolbar: qalkfxor - {F4FCB8FD-9E2C-43F3-8580-680B2D8EB138} - C:\WINDOWS\qalkfxor.dll O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [6ce91a53] rundll32.exe "C:\WINDOWS\system32\qmraekyy.dll",b O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZUxdm080YYFR O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://m6video.m6.fr/1click/install/files/installer2.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://poussinette2988.spaces.msn.com//Pho...ad/MsnPUpld.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/23ba7c7bfa5cfb...RdxIE601_fr.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: ahqorh.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: wvUmjIcY - C:\WINDOWS\SYSTEM32\wvUmjIcY.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: rqbmvpso - {8BA87228-AD72-43F2-BC7C-007D3E065E3C} - C:\WINDOWS\rqbmvpso.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice (file missing) O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe ------------------------------------------------------------------------------------------------------------------------------- ------------------------------------------------------------------------------------------------------------------------------- J'ai aussi fait un rapport DiagHelp, si cela peut vous aider Rapport DiagHelp: Je vous remercie beaucoup d'avance pour votre aide! Garreck
×
×
  • Créer...