Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Plantage au démarrage

Invité Fouf

Par Invité Fouf
dans Analyses et éradication malwares

 Partager

Messages recommandés

Invité Fouf

Invité Fouf

Posté(e)
Posté(e)

Mon pc, plante au démarrage, j'ai fait quelques nettoyages, pouvez vous me renseigner sur quelques choses de suspectes en regardant mes rapports de combofix et hijackthis

 

Combofix:

 

ComboFix 08-06-20.4 - Administrateur 2008-06-21 11:05:01.1 - NTFSx86 NETWORK

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.503 [GMT 2:00]

Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Administrateur\Application Data\Adssite Advanced Toolbar

C:\Documents and Settings\Administrateur\Application Data\Adssite Advanced Toolbar\advertbuttons.xml

C:\Documents and Settings\Administrateur\Application Data\Adssite Advanced Toolbar\selected.xml

C:\Documents and Settings\Administrateur\Application Data\AXPDefender

C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Protector 2008.lnk

C:\Documents and Settings\Administrateur\Application Data\urlredir.cfg

C:\Documents and Settings\Administrateur\ravmonlog

C:\Documents and Settings\All Users\Bureau\Malware Protector 2008.lnk

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malware Protector 2008

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malware Protector 2008.lnk

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malware Protector 2008\How to Register Malware Protector 2008.lnk

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malware Protector 2008\License Agreement.lnk

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malware Protector 2008\Malware Protector 2008.lnk

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malware Protector 2008\Register Malware Protector 2008.lnk

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malware Protector 2008\Uninstall.lnk

C:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll

C:\Program Files\webhancer

C:\Program Files\webhancer\Programs\license.txt

C:\Program Files\webhancer\Programs\readme.txt

C:\Program Files\webhancer\Programs\sporder.dll

C:\Program Files\webhancer\Programs\whagent.exe

C:\Program Files\webhancer\Programs\whagent.ini

C:\WINDOWS\cookies.ini

C:\WINDOWS\system32\88055.exe

C:\WINDOWS\system32\adssite-remove.exe

C:\WINDOWS\system32\bthhxugo.dll

C:\WINDOWS\system32\cktejxws.ini

C:\WINDOWS\system32\ctfmona.exe

C:\WINDOWS\system32\cvdfnred.ini

C:\WINDOWS\system32\drivers\Winxx25.sys

C:\WINDOWS\system32\dyqcgubx.ini

C:\WINDOWS\system32\eosrhfbl.ini

C:\WINDOWS\system32\farmbkxl.ini

C:\WINDOWS\system32\farrlwuv.ini

C:\WINDOWS\system32\fccyaaBs.dll

C:\WINDOWS\system32\finimmid.ini

C:\WINDOWS\system32\gzmrot-uninst.exe

C:\WINDOWS\system32\hikpeyln.ini

C:\WINDOWS\system32\hjfdvgcf.ini

C:\WINDOWS\system32\hwcghlht.ini

C:\WINDOWS\system32\iiaogsdm.ini

C:\WINDOWS\system32\jmjdtowq.ini

C:\WINDOWS\system32\kcopt.dll

C:\WINDOWS\system32\KernelDrv.exe

C:\WINDOWS\system32\ksvcl.dll

C:\WINDOWS\system32\kxixslew.ini

C:\WINDOWS\system32\lanmandrv.sys

C:\WINDOWS\system32\lanmanwrk.exe

C:\WINDOWS\system32\llnmp.ini

C:\WINDOWS\system32\llnmp.ini2

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\mysidesearch_sidebar.dll

C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe

C:\WINDOWS\system32\oguxhhtb.ini

C:\WINDOWS\system32\okokfcxv.ini

C:\WINDOWS\system32\PAHkRXyb.ini2

C:\WINDOWS\system32\pqvmbsgh.ini

C:\WINDOWS\system32\qkkxhgyt.ini

C:\WINDOWS\system32\qlsmkang.ini

C:\WINDOWS\system32\qmopt.dll

C:\WINDOWS\system32\qoMfcaBT.dll

C:\WINDOWS\system32\rqvcuxuv.ini

C:\WINDOWS\system32\rxwmiive.ini

C:\WINDOWS\system32\sBaayccf.ini

C:\WINDOWS\system32\sBaayccf.ini2

C:\WINDOWS\system32\serpwwlb.ini

C:\WINDOWS\system32\tejwqiti.ini

C:\WINDOWS\system32\thysfyqp.ini

C:\WINDOWS\system32\urvxfhxv.ini

C:\WINDOWS\system32\vfhmjssh.ini

C:\WINDOWS\system32\vtnbuoqs.ini

C:\WINDOWS\system32\vtUOHbaW.dll

C:\WINDOWS\system32\wgccyxky.ini

C:\WINDOWS\system32\WinCtrl32.dl_

C:\WINDOWS\system32\WinCtrl32.dll

C:\WINDOWS\system32\wvUoPgDu.dll

C:\WINDOWS\system32\wybtrael.ini

C:\WINDOWS\system32\ycneqwrl.ini

C:\WINDOWS\system32\ydcmjpdo.ini

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_LANMANDRV

-------\Legacy_WINXX25

-------\Service_lanmandrv

-------\Service_Winxx25

 

 

((((((((((((((((((((((((((((( Fichiers crs 2008-05-21 to 2008-06-21 ))))))))))))))))))))))))))))))))))))

.

 

2008-06-21 10:42 . 2008-06-21 10:42 268 --ah----- C:\sqmdata00.sqm

2008-06-21 10:42 . 2008-06-21 10:42 244 --ah----- C:\sqmnoopt00.sqm

2008-06-20 20:49 . 2008-06-21 10:56 0 --a------ C:\WINDOWS\win.ini

2008-06-18 00:26 . 2008-06-18 00:26 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\TaoUSign

2008-06-16 19:06 . 2008-06-16 19:06 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\shcen3j0etap

2008-06-16 16:12 . 2008-06-16 16:12 20,786 --a------ C:\WINDOWS\system32\phndmsah.dll

2008-06-14 23:45 . 2008-06-14 23:45 20,786 --a------ C:\WINDOWS\system32\pufjtggn.dll

2008-06-13 23:43 . 2008-06-13 23:43 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\AXPFixer

2008-06-13 22:44 . 2008-06-13 22:44 32 --a-s---- C:\WINDOWS\system32\1759711545.dat

2008-06-12 11:31 . 2008-06-12 11:31 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Samsung

2008-06-12 11:26 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll

2008-06-12 11:26 . 2007-07-03 16:58 106,792 --a------ C:\WINDOWS\system32\drivers\sscdmdm.sys

2008-06-12 11:26 . 2007-07-03 16:54 80,552 --a------ C:\WINDOWS\system32\drivers\sscdbus.sys

2008-06-12 11:26 . 2007-07-03 16:57 11,944 --a------ C:\WINDOWS\system32\drivers\sscdmdfl.sys

2008-06-12 11:26 . 2007-07-03 17:00 9,256 --a------ C:\WINDOWS\system32\drivers\sscdwhnt.sys

2008-06-12 11:26 . 2007-07-03 17:00 9,256 --a------ C:\WINDOWS\system32\drivers\sscdwh.sys

2008-06-12 11:26 . 2007-07-03 16:56 9,256 --a------ C:\WINDOWS\system32\drivers\sscdcmnt.sys

2008-06-12 11:26 . 2007-07-03 16:56 9,256 --a------ C:\WINDOWS\system32\drivers\sscdcm.sys

2008-06-12 11:25 . 2008-06-12 11:26 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers

2008-06-12 11:25 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys

2008-06-12 11:25 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-06-12 11:24 . 2008-06-12 11:24 <REP> d-------- C:\Program Files\Samsung

2008-06-10 13:06 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-06-10 13:06 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-06-10 13:06 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-06-10 12:35 . 2008-06-10 12:36 <REP> d-------- C:\Program Files\Windows Live

2008-06-10 12:35 . 2008-06-10 12:35 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller

2008-06-10 12:35 . 2008-06-10 12:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-06-03 00:59 . 2008-06-03 00:59 <REP> d-------- C:\Program Files\UltraVNC

2008-06-03 00:37 . 2008-06-03 00:37 <REP> d--hs---- C:\found.000

2008-06-03 00:18 . 2008-06-03 00:25 14,848 --a------ C:\WINDOWS\system32\WinCtrl32(2).dll

2008-06-03 00:17 . 2008-06-21 10:49 269,334 --a------ C:\WINDOWS\system32\ctfmonb.bmp

2008-06-03 00:17 . 2008-06-21 10:49 160,256 --a------ C:\WINDOWS\system32\blackster.scr

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-21 08:50 --------- d-----w C:\Program Files\lx_cats

2008-06-21 08:49 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware

2008-06-21 08:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware

2008-06-20 18:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater

2008-06-16 16:49 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\FaxCtr

2008-06-12 09:28 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-06-10 18:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-06-10 18:55 --------- d-----w C:\Program Files\WinamaxPoker

2008-06-10 10:36 --------- d-----w C:\Program Files\MSN Messenger

2008-06-07 17:16 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\VMware

2008-05-24 04:54 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\dvdcss

2008-05-20 09:47 --------- d-----w C:\Program Files\Everest Poker

2008-05-08 16:57 --------- d-----w C:\Program Files\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter

2008-04-28 15:03 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\uTorrent

2008-02-09 16:53 24,192 ----a-w C:\Documents and Settings\Administrateur\usbsermptxp.sys

2008-02-09 16:53 22,768 ----a-w C:\Documents and Settings\Administrateur\usbsermpt.sys

.

 

------- Sigcheck -------

 

2007-10-30 19:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\dllcache\tcpip.sys

2007-10-30 19:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\drivers\tcpip.sys

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les lments vides & les lments initiaux lgitimes ne sont pas lists

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DAB7019C-F110-4E34-ADC3-B2A62ECE4A2C}]

C:\WINDOWS\system32\pmnll.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45 1052672]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2005-09-15 21:11 68856]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]

"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [ ]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-11-21 19:27 106496]

"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-05 14:00 160768]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljgfef]

mljgfef.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.yv12"= yv12vfw.dll

"VIDC.NTN1"= ntcodec.ax

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\chW06.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iiX00.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\isX03.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lbV11.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pkK77.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winbb36.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wincm41.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windn74.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wines47.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winex85.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winff77.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfk52.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfk66.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfp00.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winhm41.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winid22.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winii30.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winis22.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjo77.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winot30.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winpk82.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winpp71.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winql22.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winqv82.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winrc06.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winrm30.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winrr06.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winty44.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winuu47.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winvg58.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winvl55.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winvl77.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwc36.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winxd22.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winxs60.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winye85.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\advap32]

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rbnpsrv.exe/r

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmona]

C:\WINDOWS\system32\ctfmona.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\f0ae05ca]

C:\WINDOWS\system32\bthhxugo.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hid_start]

C:\WINDOWS\system32\gzmrotate.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\WINDOWS\\system32\\lxcrcoms.exe"=

"C:\\Program Files\\SopCast\\SopCast.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"C:\\Documents and Settings\\Administrateur\\Application Data\\SopCast\\adv\\SopAdver.exe"=

"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"C:\\Program Files\\TVAnts\\Tvants.exe"=

"C:\\Program Files\\UltraVNC\\vncviewer.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"12416:TCP"= 12416:TCP:NortonAV

"14204:TCP"= 14204:TCP:NortonAV

"12687:TCP"= 12687:TCP:NortonAV

"13645:TCP"= 13645:TCP:NortonAV

"17044:TCP"= 17044:TCP:NortonAV

"15188:TCP"= 15188:TCP:NortonAV

"13574:TCP"= 13574:TCP:NortonAV

"15754:TCP"= 15754:TCP:NortonAV

"16093:TCP"= 16093:TCP:NortonAV

"15589:TCP"= 15589:TCP:NortonAV

"18717:TCP"= 18717:TCP:NortonAV

"14350:TCP"= 14350:TCP:NortonAV

"16964:TCP"= 16964:TCP:NortonAV

 

R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 14:00]

R3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-11-18 14:36]

S0 iiX00;iiX00;C:\WINDOWS\system32\Drivers\iiX00.sys []

S0 isX03;isX03;C:\WINDOWS\system32\Drivers\isX03.sys []

S0 lbV11;lbV11;C:\WINDOWS\system32\Drivers\lbV11.sys []

S0 pkK77;pkK77;C:\WINDOWS\system32\Drivers\pkK77.sys []

S0 Winbb36;Winbb36;C:\WINDOWS\system32\Drivers\Winbb36.sys []

S0 Wincm41;Wincm41;C:\WINDOWS\system32\Drivers\Wincm41.sys []

S0 Windn74;Windn74;C:\WINDOWS\system32\Drivers\Windn74.sys []

S0 Wines47;Wines47;C:\WINDOWS\system32\Drivers\Wines47.sys []

S0 Winex85;Winex85;C:\WINDOWS\system32\Drivers\Winex85.sys []

S0 Winff77;Winff77;C:\WINDOWS\system32\Drivers\Winff77.sys []

S0 Winfk52;Winfk52;C:\WINDOWS\system32\Drivers\Winfk52.sys []

S0 Winfk66;Winfk66;C:\WINDOWS\system32\Drivers\Winfk66.sys []

S0 Winfp00;Winfp00;C:\WINDOWS\system32\Drivers\Winfp00.sys []

S0 Winhm41;Winhm41;C:\WINDOWS\system32\Drivers\Winhm41.sys []

S0 Winid22;Winid22;C:\WINDOWS\system32\Drivers\Winid22.sys []

S0 Winii30;Winii30;C:\WINDOWS\system32\Drivers\Winii30.sys []

S0 Winis22;Winis22;C:\WINDOWS\system32\Drivers\Winis22.sys []

S0 Winjo77;Winjo77;C:\WINDOWS\system32\Drivers\Winjo77.sys []

S0 Winot30;Winot30;C:\WINDOWS\system32\Drivers\Winot30.sys []

S0 Winpk82;Winpk82;C:\WINDOWS\system32\Drivers\Winpk82.sys []

S0 Winpp71;Winpp71;C:\WINDOWS\system32\Drivers\Winpp71.sys []

S0 Winql22;Winql22;C:\WINDOWS\system32\Drivers\Winql22.sys []

S0 Winqv82;Winqv82;C:\WINDOWS\system32\Drivers\Winqv82.sys []

S0 Winrc06;Winrc06;C:\WINDOWS\system32\Drivers\Winrc06.sys []

S0 Winrm30;Winrm30;C:\WINDOWS\system32\Drivers\Winrm30.sys []

S0 Winrr06;Winrr06;C:\WINDOWS\system32\Drivers\Winrr06.sys []

S0 Winty44;Winty44;C:\WINDOWS\system32\Drivers\Winty44.sys []

S0 Winuu47;Winuu47;C:\WINDOWS\system32\Drivers\Winuu47.sys []

S0 Winvg58;Winvg58;C:\WINDOWS\system32\Drivers\Winvg58.sys []

S0 Winvl55;Winvl55;C:\WINDOWS\system32\Drivers\Winvl55.sys []

S0 Winvl77;Winvl77;C:\WINDOWS\system32\Drivers\Winvl77.sys []

S0 Winwc36;Winwc36;C:\WINDOWS\system32\Drivers\Winwc36.sys []

S0 Winxd22;Winxd22;C:\WINDOWS\system32\Drivers\Winxd22.sys []

S0 Winxs60;Winxs60;C:\WINDOWS\system32\Drivers\Winxs60.sys []

S0 Winye85;Winye85;C:\WINDOWS\system32\Drivers\Winye85.sys []

S3 NUVision;Hauppauge WinTV USB (PAL/SECAM);C:\WINDOWS\system32\DRIVERS\NUVision.sys [1999-09-07 19:14]

S3 SPC220NC;Philips SPC220NC Webcam;C:\WINDOWS\system32\DRIVERS\SPC220NC.SYS [2007-01-09 17:59]

S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{196916fa-77cb-11dc-92e7-005056c00008}]

\Shell\AutoRun\command - J:\LaunchU3.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{487f0ba9-ec7d-11dc-93dc-005056c00008}]

\Shell\AutoRun\command - tmf3w3g0.com

\Shell\explore\Command - tmf3w3g0.com

\Shell\open\Command - tmf3w3g0.com

 

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-21 11:09:52

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cachs ...

 

Balayage cach autostart entries ...

 

Balayage des fichiers cachs ...

 

Scan termin avec succŠs

Les fichiers cachs: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avast!upnphost]

"ImagePath"="ð%|x\01\09 srv"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvcsrservice]

"ImagePath"="ð%|x\01\09 srv"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSNTlntSvr]

"ImagePath"="ð%|x\01\09 srv"

.

Temps d'accomplissement: 2008-06-21 11:16:14 - machine was rebooted

ComboFix-quarantined-files.txt 2008-06-21 09:16:12

 

Pre-Run: 4,598,771,712 octets libres

Post-Run: 4,528,566,272 octets libres

 

356 --- E O F --- 2008-06-10 18:59:52

 

HijackThis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:25:46, on 21/06/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Safe mode with network support

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: (no name) - {DAB7019C-F110-4E34-ADC3-B2A62ECE4A2C} - C:\WINDOWS\system32\pmnll.dll (file missing)

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: TrayMin220.lnk = ?

O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Absolute Poker\Absolute Poker.lnk

O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Absolute Poker\Absolute Poker.lnk

O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe

O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe

O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe

O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe

O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe

O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {B102CE69-5C2F-4363-9E6D-C61B61FD92DD} (OGGPlay.UserControl1) - http://familiafm.streamonfiber.com/player/...vex/oggplay.CAB

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O20 - Winlogon Notify: mljgfef - mljgfef.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: avast! Mail Scanner avast!upnphost (avast!upnphost) - Unknown owner - C:\WINDOWS\

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Aide et support helpsvcsrservice (helpsvcsrservice) - Unknown owner - C:\WINDOWS\

O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

O23 - Service: Service de numéro de série du lecteur multimédia portable WmdmPmSNTlntSvr (WmdmPmSNTlntSvr) - Unknown owner - C:\WINDOWS\

 

--

End of file - 8038 bytes

HaTe-LoVe-AnGer Member

HaTe-LoVe-AnGer

Posté(e)
Posté(e)

Bonjour,

 

Ouh la machine rootkité :P

 

Il faudrait que tu installes la Console de Récupération avant de faire quoique ce soit.

 

Si tu peux démarrer et accéder au bureau, fais ça de cette façon (si impossible indique le et on changera de méthode) :

 

  • Nous allons installer la Console de Récupération sur ton PC. Cela permettra de réparer ton système au cas où le PC ne redémarrerait plus suite à la désinfection.

 

  • Lorsque tu as cliqué sur le lien correspondant à la version de ton Windows, tu seras dirigé sur une page: clique sur le bouton Télécharger afin de récupérer le pack d'installation et enregistre ce fichier sur le bureau. Ne modifie surtout pas le nom du fichier.

 

Windows XP sans Service Pack >

 

Microsoft Windows XP Édition familiale

Microsoft Windows XP Professionnel

 

Windows XP Service Pack 1 (SP1) >

 

Microsoft Windows XP Édition familiale SP1

Microsoft Windows XP Professionnel SP1

 

Windows XP Service Pack 2 (SP2) >

 

Microsoft Windows XP Édition familiale SP2

Microsoft Windows XP Professionnel SP2

 

  • Fait un glisser/déposer de ce fichier sur le fichier ComboFix.exe comme sur la capture ci dessous :

tmmwkp7dnb.gif

 

  • Suis les indications à l'écran pour lancer ComboFix et lorsqu'on te le demande, accepte le Contrat de Licence d'Utilisateur Final pour installer la Console de Récupération Microsoft.
  • Lorsque ce sera terminé, un message te disant que la Console a bien été installée apparait, puis un rapport nommé CF_RC.txt va s'afficher: poste le contenu de ce rapport.

 

Note : A présent lorsque tu démarreras ton PC, tu auras un choix à faire : soit démarrer Windows normalement, ou utiliser la Console de Récupération.

 

@+

Fouf Junior Member

Fouf

Posté(e)
Posté(e)

Merci de répondre aussi vite.

 

J'ai fait ce que tu m'as dit.

 

Il faut également savoir que depuis que j'ai supprimer un truc qui s'appelait ctfmona.exe (et pas ctfmon.exe), j'ai eu de nouveau accès au gestionnaire de processus. Mais je viens de remarquer que je ne peut pas changer de fond d'écran. Dans "Propriété de l'affichage", je n'ai plus d'onglet.

 

Voila mon nouveau rapport avec ComboFix:

 

 

ComboFix 08-06-20.4 - Administrateur 2008-06-21 13:55:23.2 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.386 [GMT 2:00]

Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\Administrateur\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

* Création d'un nouveau point de restauration

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Administrateur\Application Data\urlredir.cfg

 

.

((((((((((((((((((((((((((((( Fichiers créés 2008-05-21 to 2008-06-21 ))))))))))))))))))))))))))))))))))))

.

 

2008-06-21 12:18 . 2008-06-21 12:30 <REP> d-------- C:\Program Files\Globe7

2008-06-21 12:18 . 2008-06-21 12:18 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Globe7

2008-06-21 11:47 . 2008-06-21 11:47 268 --ah----- C:\sqmdata01.sqm

2008-06-21 11:47 . 2008-06-21 11:47 244 --ah----- C:\sqmnoopt01.sqm

2008-06-21 11:41 . 2008-06-21 11:41 <REP> d-------- C:\WINDOWS\LastGood

2008-06-21 11:41 . 2008-06-21 11:41 <REP> d--h----- C:\WINDOWS\$hf_mig$

2008-06-21 11:28 . 2008-06-21 11:28 <REP> d-------- C:\Program Files\CCleaner

2008-06-21 10:42 . 2008-06-21 10:42 268 --ah----- C:\sqmdata00.sqm

2008-06-21 10:42 . 2008-06-21 10:42 244 --ah----- C:\sqmnoopt00.sqm

2008-06-20 20:49 . 2008-06-21 10:56 0 --a------ C:\WINDOWS\win.ini

2008-06-18 00:26 . 2008-06-18 00:26 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\TaoUSign

2008-06-16 19:06 . 2008-06-16 19:06 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\shcen3j0etap

2008-06-16 16:12 . 2008-06-16 16:12 20,786 --a------ C:\WINDOWS\system32\phndmsah.dll

2008-06-14 23:45 . 2008-06-14 23:45 20,786 --a------ C:\WINDOWS\system32\pufjtggn.dll

2008-06-13 23:43 . 2008-06-13 23:43 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\AXPFixer

2008-06-13 22:44 . 2008-06-13 22:44 32 --a-s---- C:\WINDOWS\system32\1759711545.dat

2008-06-12 11:31 . 2008-06-12 11:31 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Samsung

2008-06-12 11:26 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll

2008-06-12 11:26 . 2007-07-03 16:58 106,792 --a------ C:\WINDOWS\system32\drivers\sscdmdm.sys

2008-06-12 11:26 . 2007-07-03 16:54 80,552 --a------ C:\WINDOWS\system32\drivers\sscdbus.sys

2008-06-12 11:26 . 2007-07-03 16:57 11,944 --a------ C:\WINDOWS\system32\drivers\sscdmdfl.sys

2008-06-12 11:26 . 2007-07-03 17:00 9,256 --a------ C:\WINDOWS\system32\drivers\sscdwhnt.sys

2008-06-12 11:26 . 2007-07-03 17:00 9,256 --a------ C:\WINDOWS\system32\drivers\sscdwh.sys

2008-06-12 11:26 . 2007-07-03 16:56 9,256 --a------ C:\WINDOWS\system32\drivers\sscdcmnt.sys

2008-06-12 11:26 . 2007-07-03 16:56 9,256 --a------ C:\WINDOWS\system32\drivers\sscdcm.sys

2008-06-12 11:25 . 2008-06-12 11:26 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers

2008-06-12 11:25 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys

2008-06-12 11:25 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-06-12 11:24 . 2008-06-12 11:24 <REP> d-------- C:\Program Files\Samsung

2008-06-10 13:06 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-06-10 13:06 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-06-10 13:06 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-06-10 12:35 . 2008-06-10 12:36 <REP> d-------- C:\Program Files\Windows Live

2008-06-10 12:35 . 2008-06-10 12:35 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller

2008-06-10 12:35 . 2008-06-10 12:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-06-03 00:59 . 2008-06-03 00:59 <REP> d-------- C:\Program Files\UltraVNC

2008-06-03 00:37 . 2008-06-03 00:37 <REP> d--hs---- C:\found.000

2008-06-03 00:18 . 2008-06-03 00:25 14,848 --a------ C:\WINDOWS\system32\WinCtrl32(2).dll

2008-06-03 00:17 . 2008-06-21 10:49 269,334 --a------ C:\WINDOWS\system32\ctfmonb.bmp

2008-06-03 00:17 . 2008-06-21 10:49 160,256 --a------ C:\WINDOWS\system32\blackster.scr

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-21 09:48 --------- d-----w C:\Program Files\lx_cats

2008-06-21 09:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-06-21 09:33 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware

2008-06-21 09:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware

2008-06-20 18:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater

2008-06-16 16:49 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\FaxCtr

2008-06-12 09:28 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-06-10 18:55 --------- d-----w C:\Program Files\WinamaxPoker

2008-06-10 10:36 --------- d-----w C:\Program Files\MSN Messenger

2008-06-07 17:16 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\VMware

2008-05-24 04:54 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\dvdcss

2008-05-20 09:47 --------- d-----w C:\Program Files\Everest Poker

2008-05-08 16:57 --------- d-----w C:\Program Files\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter

2008-04-28 15:03 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\uTorrent

2008-04-15 13:23 3,426,072 ----a-w C:\WINDOWS\system32\d3dx9_32.dll

2008-04-09 14:18 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-02-09 16:53 24,192 ----a-w C:\Documents and Settings\Administrateur\usbsermptxp.sys

2008-02-09 16:53 22,768 ----a-w C:\Documents and Settings\Administrateur\usbsermpt.sys

.

 

------- Sigcheck -------

 

2007-10-30 19:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\dllcache\tcpip.sys

2007-10-30 19:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\drivers\tcpip.sys

.

((((((((((((((((((((((((((((( snapshot@2008-06-21_11.16.00.12 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-06-21 09:09:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-06-21 09:33:33 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2006-10-26 19:17:08 11,072 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\XLCALL32.DLL

- 2008-06-10 18:59:46 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe

+ 2008-06-21 09:36:32 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe

- 2008-06-10 18:59:46 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe

+ 2008-06-21 09:36:33 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe

- 2008-06-10 18:59:46 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe

+ 2008-06-21 09:36:32 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe

- 2008-06-10 18:59:46 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe

+ 2008-06-21 09:36:33 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe

- 2008-06-10 18:59:46 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe

+ 2008-06-21 09:36:33 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe

- 2008-06-10 18:59:47 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe

+ 2008-06-21 09:36:33 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe

- 2008-06-10 18:59:46 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe

+ 2008-06-21 09:36:32 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe

- 2008-06-10 18:59:46 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe

+ 2008-06-21 09:36:32 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe

- 2008-06-10 18:59:46 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe

+ 2008-06-21 09:36:33 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe

- 2008-06-10 18:59:47 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe

+ 2008-06-21 09:36:33 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe

- 2008-06-10 18:59:46 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe

+ 2008-06-21 09:36:32 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe

- 2008-06-21 08:56:41 42,298 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-06-21 09:38:08 42,434 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-06-21 08:56:41 59,974 ----a-w C:\WINDOWS\system32\perfc00C.dat

+ 2008-06-21 09:38:08 60,214 ----a-w C:\WINDOWS\system32\perfc00C.dat

- 2008-06-21 08:56:41 317,636 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-06-21 09:38:08 317,772 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2008-06-21 08:56:41 396,410 ----a-w C:\WINDOWS\system32\perfh00C.dat

+ 2008-06-21 09:38:08 396,828 ----a-w C:\WINDOWS\system32\perfh00C.dat

+ 2008-06-21 09:33:37 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_420.dat

+ 2008-06-21 09:33:56 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_97c.dat

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DAB7019C-F110-4E34-ADC3-B2A62ECE4A2C}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45 1052672]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2005-09-15 21:11 68856]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

 

C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\

Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

 

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2005-09-15 21:11:51 125624]

TrayMin220.lnk - C:\Program Files\Philips\Philips SPC220NC Webcam\TrayMin220.exe [2007-10-13 14:43:05 278528]

Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter\WLANUTL.exe [2008-05-08 18:57:39 757760]

Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljgfef]

mljgfef.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.yv12"= yv12vfw.dll

"VIDC.NTN1"= ntcodec.ax

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\chW06.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iiX00.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\isX03.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lbV11.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pkK77.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winbb36.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wincm41.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windn74.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wines47.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winex85.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winff77.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfk52.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfk66.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfp00.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winhm41.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winid22.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winii30.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winis22.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjo77.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winot30.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winpk82.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winpp71.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winql22.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winqv82.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winrc06.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winrm30.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winrr06.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winty44.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winuu47.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winvg58.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winvl55.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winvl77.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwc36.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winxd22.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winxs60.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winye85.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\advap32]

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rbnpsrv.exe/r

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmona]

C:\WINDOWS\system32\ctfmona.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\f0ae05ca]

C:\WINDOWS\system32\bthhxugo.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hid_start]

C:\WINDOWS\system32\gzmrotate.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\WINDOWS\\system32\\lxcrcoms.exe"=

"C:\\Program Files\\SopCast\\SopCast.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"C:\\Documents and Settings\\Administrateur\\Application Data\\SopCast\\adv\\SopAdver.exe"=

"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"C:\\Program Files\\TVAnts\\Tvants.exe"=

"C:\\Program Files\\UltraVNC\\vncviewer.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\Globe7\\Globe7Phone.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"12416:TCP"= 12416:TCP:NortonAV

"14204:TCP"= 14204:TCP:NortonAV

"12687:TCP"= 12687:TCP:NortonAV

"13645:TCP"= 13645:TCP:NortonAV

"17044:TCP"= 17044:TCP:NortonAV

"15188:TCP"= 15188:TCP:NortonAV

"13574:TCP"= 13574:TCP:NortonAV

"15754:TCP"= 15754:TCP:NortonAV

"16093:TCP"= 16093:TCP:NortonAV

"15589:TCP"= 15589:TCP:NortonAV

"18717:TCP"= 18717:TCP:NortonAV

"14350:TCP"= 14350:TCP:NortonAV

"16964:TCP"= 16964:TCP:NortonAV

 

R3 SPC220NC;Philips SPC220NC Webcam;C:\WINDOWS\system32\DRIVERS\SPC220NC.SYS [2007-01-09 17:59]

R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 14:00]

R3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-11-18 14:36]

S0 iiX00;iiX00;C:\WINDOWS\system32\Drivers\iiX00.sys []

S0 isX03;isX03;C:\WINDOWS\system32\Drivers\isX03.sys []

S0 lbV11;lbV11;C:\WINDOWS\system32\Drivers\lbV11.sys []

S0 pkK77;pkK77;C:\WINDOWS\system32\Drivers\pkK77.sys []

S0 Winbb36;Winbb36;C:\WINDOWS\system32\Drivers\Winbb36.sys []

S0 Wincm41;Wincm41;C:\WINDOWS\system32\Drivers\Wincm41.sys []

S0 Windn74;Windn74;C:\WINDOWS\system32\Drivers\Windn74.sys []

S0 Wines47;Wines47;C:\WINDOWS\system32\Drivers\Wines47.sys []

S0 Winex85;Winex85;C:\WINDOWS\system32\Drivers\Winex85.sys []

S0 Winff77;Winff77;C:\WINDOWS\system32\Drivers\Winff77.sys []

S0 Winfk52;Winfk52;C:\WINDOWS\system32\Drivers\Winfk52.sys []

S0 Winfk66;Winfk66;C:\WINDOWS\system32\Drivers\Winfk66.sys []

S0 Winfp00;Winfp00;C:\WINDOWS\system32\Drivers\Winfp00.sys []

S0 Winhm41;Winhm41;C:\WINDOWS\system32\Drivers\Winhm41.sys []

S0 Winid22;Winid22;C:\WINDOWS\system32\Drivers\Winid22.sys []

S0 Winii30;Winii30;C:\WINDOWS\system32\Drivers\Winii30.sys []

S0 Winis22;Winis22;C:\WINDOWS\system32\Drivers\Winis22.sys []

S0 Winjo77;Winjo77;C:\WINDOWS\system32\Drivers\Winjo77.sys []

S0 Winot30;Winot30;C:\WINDOWS\system32\Drivers\Winot30.sys []

S0 Winpk82;Winpk82;C:\WINDOWS\system32\Drivers\Winpk82.sys []

S0 Winpp71;Winpp71;C:\WINDOWS\system32\Drivers\Winpp71.sys []

S0 Winql22;Winql22;C:\WINDOWS\system32\Drivers\Winql22.sys []

S0 Winqv82;Winqv82;C:\WINDOWS\system32\Drivers\Winqv82.sys []

S0 Winrc06;Winrc06;C:\WINDOWS\system32\Drivers\Winrc06.sys []

S0 Winrm30;Winrm30;C:\WINDOWS\system32\Drivers\Winrm30.sys []

S0 Winrr06;Winrr06;C:\WINDOWS\system32\Drivers\Winrr06.sys []

S0 Winty44;Winty44;C:\WINDOWS\system32\Drivers\Winty44.sys []

S0 Winuu47;Winuu47;C:\WINDOWS\system32\Drivers\Winuu47.sys []

S0 Winvg58;Winvg58;C:\WINDOWS\system32\Drivers\Winvg58.sys []

S0 Winvl55;Winvl55;C:\WINDOWS\system32\Drivers\Winvl55.sys []

S0 Winvl77;Winvl77;C:\WINDOWS\system32\Drivers\Winvl77.sys []

S0 Winwc36;Winwc36;C:\WINDOWS\system32\Drivers\Winwc36.sys []

S0 Winxd22;Winxd22;C:\WINDOWS\system32\Drivers\Winxd22.sys []

S0 Winxs60;Winxs60;C:\WINDOWS\system32\Drivers\Winxs60.sys []

S0 Winye85;Winye85;C:\WINDOWS\system32\Drivers\Winye85.sys []

S3 NUVision;Hauppauge WinTV USB (PAL/SECAM);C:\WINDOWS\system32\DRIVERS\NUVision.sys [1999-09-07 19:14]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{196916fa-77cb-11dc-92e7-005056c00008}]

\Shell\AutoRun\command - J:\LaunchU3.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{487f0ba9-ec7d-11dc-93dc-005056c00008}]

\Shell\AutoRun\command - tmf3w3g0.com

\Shell\explore\Command - tmf3w3g0.com

\Shell\open\Command - tmf3w3g0.com

 

*Newly Created Service* - CATCHME

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-21 13:57:30

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

Scan terminé avec succès

Les fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\avast!upnphost]

"ImagePath"="ð%€|x\01\09 srv"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\helpsvcsrservice]

"ImagePath"="ð%€|x\01\09 srv"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]

"ImagePath"="\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WmdmPmSNTlntSvr]

"ImagePath"="ð%€|x\01\09 srv"

.

Temps d'accomplissement: 2008-06-21 13:59:48

ComboFix-quarantined-files.txt 2008-06-21 11:59:03

ComboFix2.txt 2008-06-21 09:16:15

 

Pre-Run: 4,342,067,200 octets libres

Post-Run: 4,321,734,656 octets libres

 

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

 

335 --- E O F --- 2008-06-21 09:36:37

HaTe-LoVe-AnGer Member

HaTe-LoVe-AnGer

Posté(e)
Posté(e) (modifié)

Okay c'est bien on va pouvoir passer au nettoyage :P

 

Copie le texte se situant dans le cadre ci-dessous (CTRL+C) :

 

Driver::
iiX00
isX03
lbV11
pkK77
Winbb36
Wincm41
Windn74
Wines47
Winex85
Winff77
Winfk52
Winfk66
Winfp00
Winhm41
Winid22
Winii30
Winis22
Winjo77
Winot30
Winpk82
Winpp71
Winql22
Winqv82
Winrc06
Winrm30
Winrr06
Winty44
Winuu47
Winvg58
Winvl55
Winvl77
Winwc36
Winxd22
Winxs60
Winye85

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljgfef]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\chW06.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iiX00.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\isX03.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lbV11.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pkK77.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winbb36.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wincm41.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windn74.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wines47.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winex85.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winff77.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfk52.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfk66.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfp00.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winhm41.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winid22.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winii30.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winis22.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjo77.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winot30.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winpk82.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winpp71.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winql22.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winqv82.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winrc06.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winrm30.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winrr06.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winty44.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winuu47.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winvg58.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winvl55.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winvl77.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwc36.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winxd22.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winxs60.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winye85.sys]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\advap32]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmona]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\f0ae05ca]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hid_start]
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]

File::
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rbnpsrv.exe/r
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp
C:\WINDOWS\system32\ctfmona.exe
C:\WINDOWS\system32\bthhxugo.dll
C:\WINDOWS\system32\gzmrotate.dll
C:\WINDOWS\system32\phndmsah.dll
C:\WINDOWS\system32\pufjtggn.dll
C:\WINDOWS\system32\WinCtrl32(2).dll
C:\WINDOWS\system32\ctfmonb.bmp
C:\WINDOWS\system32\blackster.scr

 

Note 1 : Déconnecte toi de Internet et désactive temporairement les logiciels résidents de protection (pare-feu, antivirus, etc..)

 

Note 2 : Si tu es sous Windows Vista, tu dois désactiver l'UAC pour utiliser ce fix.

 

Ouvre le Bloc-Notes : Démarrer > Tous les programmes > Accessoires > Bloc-Notes.

 

  • Colles y le texte (CTRL+V)
  • Enregistre ce fichier dans : Bureau
  • Nom du fichier : CFScript
  • Type du fichier : tous les fichiers !!
  • Clique sur Enregistrer
  • Quitte le Bloc Notes

 

Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture ci dessous :

 

cfscriptws3.gif

 

  • Cela va relancer Combofix : au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
  • Patiente le temps du scan et ne touche à rien. Le bureau va disparaitre à plusieurs reprises : c'est normal.
  • Quand le nettoyage sera terminé, un rapport sera généré. Copie/Colle son contenu sur le forum ( C:\ComboFix.txt ).

 

Note 3 : N'oublie pas de réactiver les protections si elles ont été stoppées ainsi que l'UAC.

 

@+

Modifié par HaTe-LoVe-AnGer
Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Juste en passant, pour ceux qui lisent (et ils sont nombreux apparemment).

ComboFix n'est en aucun cas un outil de scan ou diagnostic. N'utiliser que prescrit par des gens formés pour cet outil.

 

Bonne désinfection à vous deux.

Fouf Junior Member

Fouf

Posté(e)
Posté(e)

salut je viens de finir le nettoyage avec combofix je te met le rapport comme prévu merci d'avance

 

 

 

 

ComboFix 08-06-20.4 - Administrateur 2008-06-22 12:03:53.3 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.304 [GMT 2:00]

Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\Administrateur\Bureau\CFScript.txt

* Création d'un nouveau point de restauration

 

FILE ::

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rbnpsrv.exe/r

C:\WINDOWS\system32\blackster.scr

C:\WINDOWS\system32\bthhxugo.dll

C:\WINDOWS\system32\ctfmona.exe

C:\WINDOWS\system32\ctfmonb.bmp

C:\WINDOWS\system32\gzmrotate.dll

C:\WINDOWS\system32\phndmsah.dll

C:\WINDOWS\system32\pufjtggn.dll

C:\WINDOWS\system32\WinCtrl32(2).dll

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Administrateur\Application Data\urlredir.cfg

C:\WINDOWS\system32\blackster.scr

C:\WINDOWS\system32\ctfmonb.bmp

C:\WINDOWS\system32\phndmsah.dll

C:\WINDOWS\system32\pufjtggn.dll

C:\WINDOWS\system32\WinCtrl32(2).dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_WINVL77

-------\Service_iiX00

-------\Service_isX03

-------\Service_lbV11

-------\Service_pkK77

-------\Service_Winbb36

-------\Service_Wincm41

-------\Service_Windn74

-------\Service_Wines47

-------\Service_Winex85

-------\Service_Winff77

-------\Service_Winfk52

-------\Service_Winfk66

-------\Service_Winfp00

-------\Service_Winhm41

-------\Service_Winid22

-------\Service_Winii30

-------\Service_Winis22

-------\Service_Winjo77

-------\Service_Winot30

-------\Service_Winpk82

-------\Service_Winpp71

-------\Service_Winql22

-------\Service_Winqv82

-------\Service_Winrc06

-------\Service_Winrm30

-------\Service_Winrr06

-------\Service_Winty44

-------\Service_Winuu47

-------\Service_Winvg58

-------\Service_Winvl55

-------\Service_Winvl77

-------\Service_Winwc36

-------\Service_Winxd22

-------\Service_Winxs60

-------\Service_Winye85

 

 

((((((((((((((((((((((((((((( Fichiers crs 2008-05-22 to 2008-06-22 ))))))))))))))))))))))))))))))))))))

.

 

2008-06-21 22:34 . 2008-06-21 22:35 1,374 --a------ C:\WINDOWS\imsins.BAK

2008-06-21 22:33 . 2008-06-21 22:33 <REP> d-------- C:\Program Files\MSXML 4.0

2008-06-21 12:18 . 2008-06-21 12:30 <REP> d-------- C:\Program Files\Globe7

2008-06-21 12:18 . 2008-06-21 12:18 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Globe7

2008-06-21 11:48 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-21 11:48 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-21 11:47 . 2008-06-21 11:47 268 --ah----- C:\sqmdata01.sqm

2008-06-21 11:47 . 2008-06-21 11:47 244 --ah----- C:\sqmnoopt01.sqm

2008-06-21 11:41 . 2008-06-21 22:35 <REP> d--h----- C:\WINDOWS\$hf_mig$

2008-06-21 11:28 . 2008-06-21 11:28 <REP> d-------- C:\Program Files\CCleaner

2008-06-21 10:42 . 2008-06-21 10:42 268 --ah----- C:\sqmdata00.sqm

2008-06-21 10:42 . 2008-06-21 10:42 244 --ah----- C:\sqmnoopt00.sqm

2008-06-20 20:49 . 2008-06-21 10:56 0 --a------ C:\WINDOWS\win.ini

2008-06-18 00:26 . 2008-06-18 00:26 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\TaoUSign

2008-06-16 19:06 . 2008-06-16 19:06 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\shcen3j0etap

2008-06-13 23:43 . 2008-06-13 23:43 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\AXPFixer

2008-06-13 22:44 . 2008-06-13 22:44 32 --a-s---- C:\WINDOWS\system32\1759711545.dat

2008-06-12 11:31 . 2008-06-12 11:31 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Samsung

2008-06-12 11:26 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll

2008-06-12 11:26 . 2007-07-03 16:58 106,792 --a------ C:\WINDOWS\system32\drivers\sscdmdm.sys

2008-06-12 11:26 . 2007-07-03 16:54 80,552 --a------ C:\WINDOWS\system32\drivers\sscdbus.sys

2008-06-12 11:26 . 2007-07-03 16:57 11,944 --a------ C:\WINDOWS\system32\drivers\sscdmdfl.sys

2008-06-12 11:26 . 2007-07-03 17:00 9,256 --a------ C:\WINDOWS\system32\drivers\sscdwhnt.sys

2008-06-12 11:26 . 2007-07-03 17:00 9,256 --a------ C:\WINDOWS\system32\drivers\sscdwh.sys

2008-06-12 11:26 . 2007-07-03 16:56 9,256 --a------ C:\WINDOWS\system32\drivers\sscdcmnt.sys

2008-06-12 11:26 . 2007-07-03 16:56 9,256 --a------ C:\WINDOWS\system32\drivers\sscdcm.sys

2008-06-12 11:25 . 2008-06-12 11:26 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers

2008-06-12 11:25 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys

2008-06-12 11:25 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-06-12 11:24 . 2008-06-12 11:24 <REP> d-------- C:\Program Files\Samsung

2008-06-10 13:06 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-06-10 13:06 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-06-10 13:06 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-06-10 12:35 . 2008-06-10 12:36 <REP> d-------- C:\Program Files\Windows Live

2008-06-10 12:35 . 2008-06-10 12:35 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller

2008-06-10 12:35 . 2008-06-10 12:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-06-03 00:59 . 2008-06-03 00:59 <REP> d-------- C:\Program Files\UltraVNC

2008-06-03 00:37 . 2008-06-03 00:37 <REP> d--hs---- C:\found.000

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-22 10:07 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware

2008-06-22 10:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware

2008-06-21 20:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-06-21 19:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater

2008-06-21 09:48 --------- d-----w C:\Program Files\lx_cats

2008-06-16 16:49 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\FaxCtr

2008-06-12 09:28 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-06-10 18:55 --------- d-----w C:\Program Files\WinamaxPoker

2008-06-10 10:36 --------- d-----w C:\Program Files\MSN Messenger

2008-06-07 17:16 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\VMware

2008-05-24 04:54 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\dvdcss

2008-05-20 09:47 --------- d-----w C:\Program Files\Everest Poker

2008-05-08 16:57 --------- d-----w C:\Program Files\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll

2008-04-28 15:03 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\uTorrent

2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-04-15 13:23 3,426,072 ----a-w C:\WINDOWS\system32\d3dx9_32.dll

2008-04-09 14:18 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-02-09 16:53 24,192 ----a-w C:\Documents and Settings\Administrateur\usbsermptxp.sys

2008-02-09 16:53 22,768 ----a-w C:\Documents and Settings\Administrateur\usbsermpt.sys

.

 

------- Sigcheck -------

 

2007-10-30 19:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\dllcache\tcpip.sys

2007-10-30 19:20 360064 ecf02439fd31bbd0dbc2ec05600cf08a C:\WINDOWS\system32\drivers\tcpip.sys

.

((((((((((((((((((((((((((((( snapshot_2008-06-21_13.58.47,46 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-06-21 09:33:33 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-06-22 10:07:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-06-14 17:59:52 272,768 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys

+ 2008-03-01 12:58:06 124,928 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll

+ 2008-03-01 12:58:06 347,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll

+ 2008-03-01 12:58:06 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll

+ 2008-03-01 12:58:06 133,120 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll

+ 2008-03-01 12:58:06 63,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll

+ 2008-02-29 08:56:41 70,656 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe

+ 2008-03-01 12:58:06 153,088 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll

+ 2008-03-01 12:58:06 230,400 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll

+ 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll

+ 2008-03-01 12:58:07 383,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll

+ 2008-03-01 12:58:07 384,512 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll

+ 2008-03-01 12:58:08 6,066,176 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll

+ 2008-03-01 12:58:08 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll

+ 2008-03-01 12:58:08 267,776 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll

+ 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe

+ 2008-02-29 08:57:05 625,664 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe

+ 2008-03-01 12:58:08 27,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll

+ 2008-03-01 12:58:08 459,264 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll

+ 2008-03-01 12:58:08 52,224 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll

+ 2008-03-01 16:28:10 3,591,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll

+ 2008-03-01 12:58:09 478,208 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll

+ 2008-03-01 12:58:10 193,024 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll

+ 2008-03-01 12:58:10 671,232 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll

+ 2008-03-01 12:58:10 102,912 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll

+ 2008-03-01 12:58:10 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll

+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe

+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll

+ 2008-03-01 12:58:10 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll

+ 2008-03-01 12:58:10 1,159,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll

+ 2008-03-01 12:58:11 233,472 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll

+ 2008-03-01 12:58:11 826,368 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll

+ 2006-10-26 19:13:08 14,674,216 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\XL12CNV.EXE

- 2008-06-21 09:36:32 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe

+ 2008-06-21 20:36:16 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe

- 2008-06-21 09:36:33 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe

+ 2008-06-21 20:36:17 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe

- 2008-06-21 09:36:32 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe

+ 2008-06-21 20:36:17 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe

- 2008-06-21 09:36:33 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe

+ 2008-06-21 20:36:17 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe

- 2008-06-21 09:36:33 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe

+ 2008-06-21 20:36:17 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe

- 2008-06-21 09:36:33 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe

+ 2008-06-21 20:36:17 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe

- 2008-06-21 09:36:32 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe

+ 2008-06-21 20:36:17 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe

- 2008-06-21 09:36:32 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe

+ 2008-06-21 20:36:17 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe

- 2008-06-21 09:36:33 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe

+ 2008-06-21 20:36:17 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe

- 2008-06-21 09:36:33 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe

+ 2008-06-21 20:36:17 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe

- 2008-06-21 09:36:32 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe

+ 2008-06-21 20:36:17 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe

+ 2008-06-21 20:33:51 32,768 ----a-r C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe

- 2008-03-01 12:58:06 124,928 ----a-w C:\WINDOWS\system32\advpack.dll

+ 2008-04-23 04:16:39 124,928 ----a-w C:\WINDOWS\system32\advpack.dll

- 2008-03-01 12:58:06 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll

+ 2008-04-23 04:16:39 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll

- 2008-03-01 12:58:06 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

+ 2008-04-23 04:16:39 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

- 2008-03-01 12:58:06 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll

+ 2008-04-23 04:16:39 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll

- 2008-03-01 12:58:06 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll

+ 2008-04-23 04:16:39 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll

- 2008-03-01 12:58:06 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll

+ 2008-04-23 04:16:39 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll

- 2008-02-29 08:56:41 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe

+ 2008-04-22 07:41:08 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe

- 2008-03-01 12:58:06 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll

+ 2008-04-23 04:16:39 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll

- 2008-03-01 12:58:06 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll

+ 2008-04-23 04:16:39 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll

- 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll

+ 2008-04-20 05:07:51 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll

- 2008-03-01 12:58:07 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll

+ 2008-04-23 04:16:39 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll

- 2008-03-01 12:58:07 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll

+ 2008-04-23 04:16:39 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll

- 2008-03-01 12:58:08 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll

+ 2008-04-23 04:16:39 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll

- 2008-03-01 12:58:08 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll

+ 2008-04-23 04:16:39 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll

- 2008-03-01 12:58:08 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll

+ 2008-04-23 04:16:39 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll

- 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe

+ 2008-04-22 07:39:58 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe

- 2008-02-29 08:57:05 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe

+ 2008-04-22 07:41:30 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe

- 2008-03-01 12:58:08 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll

+ 2008-04-23 04:16:40 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll

- 2008-03-01 12:58:08 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll

+ 2008-04-23 04:16:40 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll

- 2008-03-01 12:58:08 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll

+ 2008-04-23 04:16:40 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll

- 2008-03-01 16:28:10 3,591,680 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll

+ 2008-04-23 20:16:42 3,591,680 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll

- 2008-03-01 12:58:09 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll

+ 2008-04-23 04:16:40 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll

- 2008-03-01 12:58:10 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll

+ 2008-04-23 04:16:40 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll

- 2008-03-01 12:58:10 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll

+ 2008-04-23 04:16:40 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll

- 2008-03-01 12:58:10 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll

+ 2008-04-23 04:16:40 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll

- 2008-03-01 12:58:10 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

+ 2008-04-23 04:16:40 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

- 2007-10-29 22:43:32 1,293,824 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll

+ 2008-05-07 05:15:36 1,293,824 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll

- 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys

+ 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys

- 2008-03-01 12:58:10 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll

+ 2008-04-23 04:16:40 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll

- 2008-03-01 12:58:10 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll

+ 2008-04-23 04:16:40 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll

- 2008-03-01 12:58:11 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll

+ 2008-04-23 04:16:40 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll

- 2008-03-01 12:58:11 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll

+ 2008-04-23 04:16:40 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll

- 2008-03-01 12:58:06 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll

+ 2008-04-23 04:16:39 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll

- 2008-03-01 12:58:06 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll

+ 2008-04-23 04:16:39 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll

- 2008-03-01 12:58:06 133,120 ------w C:\WINDOWS\system32\extmgr.dll

+ 2008-04-23 04:16:39 133,120 ------w C:\WINDOWS\system32\extmgr.dll

- 2008-03-01 12:58:06 63,488 ----a-w C:\WINDOWS\system32\icardie.dll

+ 2008-04-23 04:16:39 63,488 ----a-w C:\WINDOWS\system32\icardie.dll

- 2008-02-29 08:56:41 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe

+ 2008-04-22 07:41:08 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe

- 2008-03-01 12:58:06 153,088 ------w C:\WINDOWS\system32\ieakeng.dll

+ 2008-04-23 04:16:39 153,088 ------w C:\WINDOWS\system32\ieakeng.dll

- 2008-03-01 12:58:06 230,400 ------w C:\WINDOWS\system32\ieaksie.dll

+ 2008-04-23 04:16:39 230,400 ------w C:\WINDOWS\system32\ieaksie.dll

- 2008-02-15 05:44:25 161,792 ------w C:\WINDOWS\system32\ieakui.dll

+ 2008-04-20 05:07:51 161,792 ------w C:\WINDOWS\system32\ieakui.dll

- 2008-03-01 12:58:07 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll

+ 2008-04-23 04:16:39 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll

- 2008-03-01 12:58:07 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll

+ 2008-04-23 04:16:39 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll

- 2008-03-01 12:58:08 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll

+ 2008-04-23 04:16:39 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll

- 2008-03-01 12:58:08 44,544 ------w C:\WINDOWS\system32\iernonce.dll

+ 2008-04-23 04:16:39 44,544 ------w C:\WINDOWS\system32\iernonce.dll

- 2008-03-01 12:58:08 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll

+ 2008-04-23 04:16:39 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll

- 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe

+ 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe

- 2008-03-01 12:58:08 27,648 ------w C:\WINDOWS\system32\jsproxy.dll

+ 2008-04-23 04:16:40 27,648 ------w C:\WINDOWS\system32\jsproxy.dll

- 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe

+ 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe

- 2008-03-01 12:58:08 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll

+ 2008-04-23 04:16:40 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll

- 2008-03-01 12:58:08 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll

+ 2008-04-23 04:16:40 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll

- 2008-03-01 16:28:10 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll

+ 2008-04-23 20:16:42 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll

- 2008-03-01 12:58:09 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll

+ 2008-04-23 04:16:40 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll

- 2008-03-01 12:58:10 193,024 ------w C:\WINDOWS\system32\msrating.dll

+ 2008-04-23 04:16:40 193,024 ------w C:\WINDOWS\system32\msrating.dll

- 2008-03-01 12:58:10 671,232 ------w C:\WINDOWS\system32\mstime.dll

+ 2008-04-23 04:16:40 671,232 ------w C:\WINDOWS\system32\mstime.dll

- 2003-04-18 14:46:22 1,233,920 ----a-w C:\WINDOWS\system32\msxml4.dll

+ 2007-05-08 13:03:04 1,275,392 ----a-w C:\WINDOWS\system32\msxml4.dll

- 2008-03-01 12:58:10 102,912 ------w C:\WINDOWS\system32\occache.dll

+ 2008-04-23 04:16:40 102,912 ------w C:\WINDOWS\system32\occache.dll

- 2008-06-21 09:38:08 42,434 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-06-22 09:53:07 42,434 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-06-21 09:38:08 60,214 ----a-w C:\WINDOWS\system32\perfc00C.dat

+ 2008-06-22 09:53:07 60,214 ----a-w C:\WINDOWS\system32\perfc00C.dat

- 2008-06-21 09:38:08 317,772 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-06-22 09:53:07 317,772 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2008-06-21 09:38:08 396,828 ----a-w C:\WINDOWS\system32\perfh00C.dat

+ 2008-06-22 09:53:07 396,828 ----a-w C:\WINDOWS\system32\perfh00C.dat

- 2008-03-01 12:58:10 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll

+ 2008-04-23 04:16:40 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll

- 2006-12-10 13:10:04 15,664 ------w C:\WINDOWS\system32\spmsg.dll

+ 2007-11-30 11:19:06 18,296 ------w C:\WINDOWS\system32\spmsg.dll

- 2008-03-01 12:58:10 105,984 ----a-w C:\WINDOWS\system32\url.dll

+ 2008-04-23 04:16:40 105,984 ----a-w C:\WINDOWS\system32\url.dll

- 2008-03-01 12:58:10 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll

+ 2008-04-23 04:16:40 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll

- 2008-03-01 12:58:11 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll

+ 2008-04-23 04:16:40 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll

+ 2008-06-22 10:07:17 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_688.dat

+ 2008-06-22 10:07:30 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_84.dat

+ 2007-05-08 13:06:44 1,275,392 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll

+ 2007-04-18 08:36:40 82,432 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les lments vides & les lments initiaux lgitimes ne sont pas lists

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45 1052672]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2005-09-15 21:11 68856]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.yv12"= yv12vfw.dll

"VIDC.NTN1"= ntcodec.ax

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\WINDOWS\\system32\\lxcrcoms.exe"=

"C:\\Program Files\\SopCast\\SopCast.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"C:\\Documents and Settings\\Administrateur\\Application Data\\SopCast\\adv\\SopAdver.exe"=

"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"C:\\Program Files\\TVAnts\\Tvants.exe"=

"C:\\Program Files\\UltraVNC\\vncviewer.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\Globe7\\Globe7Phone.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"12416:TCP"= 12416:TCP:NortonAV

"14204:TCP"= 14204:TCP:NortonAV

"12687:TCP"= 12687:TCP:NortonAV

"13645:TCP"= 13645:TCP:NortonAV

"17044:TCP"= 17044:TCP:NortonAV

"15188:TCP"= 15188:TCP:NortonAV

"13574:TCP"= 13574:TCP:NortonAV

"15754:TCP"= 15754:TCP:NortonAV

"16093:TCP"= 16093:TCP:NortonAV

"15589:TCP"= 15589:TCP:NortonAV

"18717:TCP"= 18717:TCP:NortonAV

"14350:TCP"= 14350:TCP:NortonAV

"16964:TCP"= 16964:TCP:NortonAV

 

R3 SPC220NC;Philips SPC220NC Webcam;C:\WINDOWS\system32\DRIVERS\SPC220NC.SYS [2007-01-09 17:59]

R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 14:00]

S3 NUVision;Hauppauge WinTV USB (PAL/SECAM);C:\WINDOWS\system32\DRIVERS\NUVision.sys [1999-09-07 19:14]

S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-11-18 14:36]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{196916fa-77cb-11dc-92e7-005056c00008}]

\Shell\AutoRun\command - J:\LaunchU3.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{487f0ba9-ec7d-11dc-93dc-005056c00008}]

\Shell\AutoRun\command - tmf3w3g0.com

\Shell\explore\Command - tmf3w3g0.com

\Shell\open\Command - tmf3w3g0.com

 

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-22 12:07:36

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cachs ...

 

Balayage cach autostart entries ...

 

Balayage des fichiers cachs ...

 

Scan termin avec succŠs

Les fichiers cachs: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avast!upnphost]

"ImagePath"="ð%|x\01\09 srv"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvcsrservice]

"ImagePath"="ð%|x\01\09 srv"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]

"ImagePath"="\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSNTlntSvr]

"ImagePath"="ð%|x\01\09 srv"

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Philips\Philips SPC220NC Webcam\TrayMin220.exe

C:\Program Files\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter\WLANUTL.exe

C:\WINDOWS\system32\lxcrcoms.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\VMware\VMware Workstation\vmware-authd.exe

C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe

C:\WINDOWS\system32\vmnat.exe

C:\WINDOWS\system32\searchindexer.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\system32\searchprotocolhost.exe

C:\WINDOWS\system32\searchfilterhost.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-06-22 12:13:56 - machine was rebooted

ComboFix-quarantined-files.txt 2008-06-22 10:13:52

ComboFix2.txt 2008-06-21 11:59:49

ComboFix3.txt 2008-06-21 09:16:15

 

Pre-Run: 4,178,751,488 octets libres

Post-Run: 4,174,786,560 octets libres

 

438 --- E O F --- 2008-06-21 20:36:19

Fouf Junior Member

Fouf

Posté(e)
Posté(e)

merci de ta réponse voici le rapport HijackThis

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:25:46, on 21/06/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Safe mode with network support

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: (no name) - {DAB7019C-F110-4E34-ADC3-B2A62ECE4A2C} - C:\WINDOWS\system32\pmnll.dll (file missing)

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: TrayMin220.lnk = ?

O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Absolute Poker\Absolute Poker.lnk

O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Absolute Poker\Absolute Poker.lnk

O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe

O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe

O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe

O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe

O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe

O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {B102CE69-5C2F-4363-9E6D-C61B61FD92DD} (OGGPlay.UserControl1) - http://familiafm.streamonfiber.com/player/...vex/oggplay.CAB

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O20 - Winlogon Notify: mljgfef - mljgfef.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: avast! Mail Scanner avast!upnphost (avast!upnphost) - Unknown owner - C:\WINDOWS\

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Aide et support helpsvcsrservice (helpsvcsrservice) - Unknown owner - C:\WINDOWS\

O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

O23 - Service: Service de numéro de série du lecteur multimédia portable WmdmPmSNTlntSvr (WmdmPmSNTlntSvr) - Unknown owner - C:\WINDOWS\

 

--

End of file - 8038 bytes

Fouf Junior Member

Fouf

Posté(e)
Posté(e)

désolé de répondre que maintenant voici le rapport hijackThis merci d'avance

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:28:53, on 23/06/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\SuperCopier2\SuperCopier2.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\Philips\Philips SPC220NC Webcam\TrayMin220.exe

C:\Program Files\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter\WLANUTL.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\system32\lxcrcoms.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\VMware\VMware Workstation\vmware-authd.exe

C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe

C:\WINDOWS\system32\vmnat.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16

O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: TrayMin220.lnk = ?

O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Absolute Poker\Absolute Poker.lnk

O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Absolute Poker\Absolute Poker.lnk

O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe

O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe

O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe

O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe

O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe

O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {B102CE69-5C2F-4363-9E6D-C61B61FD92DD} (OGGPlay.UserControl1) - http://familiafm.streamonfiber.com/player/...vex/oggplay.CAB

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: avast! Mail Scanner avast!upnphost (avast!upnphost) - Unknown owner - C:\WINDOWS\

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Aide et support helpsvcsrservice (helpsvcsrservice) - Unknown owner - C:\WINDOWS\

O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

O23 - Service: Service de numéro de série du lecteur multimédia portable WmdmPmSNTlntSvr (WmdmPmSNTlntSvr) - Unknown owner - C:\WINDOWS\

 

--

End of file - 8558 bytes

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...