suppresssion de magic control(RESOLUT)

[Falkra]

L'examen est long, mais ça, c'est normal.

 

S'il y a deux rapports, poste les deux (onglet rapports/logs pour les retrouver)

[manu313]

Ce fut long mais finalement jai comme rapport

 

 

Malwarebytes' Anti-Malware 1.19

Version de la base de données: 914

Windows 5.1.2600 Service Pack 2

 

21:12:08 02/07/2008

mbam-log-7-2-2008 (21-12-08).txt

 

Type de recherche: Examen complet (C:\|)

Eléments examinés: 361330

Temps écoulé: 2 hour(s), 30 minute(s), 54 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 13

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 1

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 4

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\wallpaper.wallpapermanager (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\wallpaper.wallpapermanager.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{85e06077-c824-43d0-a8dc-5efb17bc348a} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{5937cd7f-1c0b-41e1-9075-60ebdf3c7d34} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Audio-Video Pack (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Security Tools (Trojan.Zlob) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\Program Files\Conduit\Community Alerts\Alert0.dll (Adware.Agent) -> Delete on reboot.

C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.

C:\Documents and Settings\Invité\Local Settings\Temp\CD1.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\explorer.opt (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

 

 

 

Ca m'a l'air bon, mais une fois l'ordi redemarrer j'ai un message d'alerte reccurent qui me dit que l'ordi est infesté et me propose un antivirus a telechargé, bref je crois que c'est encore de la pub

Donc je sais plus trop

Modifié le 2 juillet 2008 par manu313

[Falkra]

Si tu as déjà redémarré, poste un nouveau rapport HijackThis stp.

[manu313]

bonsoir

le rapport hijackthis me donne ca

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:41:25, on 02/07/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Funk Software\Odyssey Client\odClientService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\documents and settings\bernadette tabeko\local settings\application data\sumuise.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\PROGRA~1\FREEDO~1\fdm.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\WINDOWS\explorer.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Documents and Settings\Bernadette Tabeko\Bureau\QUIQUEMPOIS Stéphane\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL

R3 - URLSearchHook: fbmgamesetup Toolbar - {301c19bc-4368-46a4-8fbd-a0e9d0dcd4f7} - C:\Program Files\fbmgamesetup\tbfbm0.dll

O2 - BHO: fbmgamesetup Toolbar - {301c19bc-4368-46a4-8fbd-a0e9d0dcd4f7} - C:\Program Files\fbmgamesetup\tbfbm0.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\3.bin\ASKTBAR.DLL

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\3.bin\ASKTBAR.DLL

O3 - Toolbar: fbmgamesetup Toolbar - {301c19bc-4368-46a4-8fbd-a0e9d0dcd4f7} - C:\Program Files\fbmgamesetup\tbfbm0.dll

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI69DF~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL (file missing)

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://layout.eurosport.fr/j/p2p/rawflow/Rawflow.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1144691154953

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fichiers/har...ion_2_0_4_9.cab

O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} (FileOpenInstaller) - http://plugin.fileopen.com/current/FileOpen.CAB

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://7city.webex.com/client/T26L/webex/ieatgpc.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

O23 - Service: Odyssey Client (odClientService) - Funk Software, Inc. - C:\Program Files\Funk Software\Odyssey Client\odClientService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

 

--

End of file - 10646 bytes

 

 

juste, le message d'erreur dont je parlais viens de ce site

http://fp.pc-on-internet.com/sws/021/?al2=...time=312e323132

est ce un bon site?

[Falkra]

Ne va pas sur le site en question.

 

On va faire de gros nettoyages sur la machine, et virer les toolbars infectieuses.

N'installe pas de programmes dans l'intervalle (et évite les pages douteuses).

 

Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

• Assure toi que tous les programmes sont fermés avant de commencer.
  
• Double-clique combofix.exe afin de l'exécuter.
  
• Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
  
• Il est possible que ton parefeu te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
  
• Ne ferme pas la fenêtre qui vient de s'ouvrir, tu te retrouverais avec un bureau vide.
  
• Lorsque l'analyse sera terminée, un rapport apparaîtra.
  
• Copie-colle ce rapport dans ta prochaine réponse.
  Le rapport se trouve dans : C:\Combofix.txt (si jamais).
  
• Pour plus d'information et un tuto illustré, voici le seul tuto officiel et autorisé : http://www.bleepingcomputer.com/combofix/f...iliser-combofix
  

[manu313]

le rapport combo fix me donne ca

 

ComboFix 08-07-01.5 - Bernadette Tabeko 2008-07-03 0:55:07.1 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.387 [GMT 2:00]

Endroit: C:\Documents and Settings\Bernadette Tabeko\Bureau\QUIQUEMPOIS Stéphane\ComboFix.exe

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

/wow section non terminée

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\Documents and Settings\Bernadette Tabeko\Local Settings\Application Data\sumuise.dat

C:\Documents and Settings\Bernadette Tabeko\Local Settings\Application Data\sumuise.exe

c:\Documents and Settings\Bernadette Tabeko\Local Settings\Application Data\sumuise_nav.dat

c:\Documents and Settings\Bernadette Tabeko\Local Settings\Application Data\sumuise_navps.dat

C:\WINDOWS\system32\mdm.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_NPF

 

 

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-02 to 2008-07-02 ))))))))))))))))))))))))))))))))))))

.

 

2008-07-02 16:37 . 2008-07-02 16:37 <REP> d----c--- C:\Program Files\Malwarebytes' Anti-Malware

2008-07-02 16:37 . 2008-07-02 16:37 <REP> d----c--- C:\Documents and Settings\Bernadette Tabeko\Application Data\Malwarebytes

2008-07-02 16:37 . 2008-07-02 16:37 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-07-02 16:37 . 2008-06-28 14:16 34,296 --a--c--- C:\WINDOWS\system32\drivers\mbamcatchme.sys

2008-07-02 16:37 . 2008-06-28 14:16 17,144 --a--c--- C:\WINDOWS\system32\drivers\mbam.sys

2008-07-02 15:18 . 2008-07-02 15:41 1,574 --a--c--- C:\WINDOWS\system32\tmp.reg

2008-07-02 15:17 . 2007-09-06 00:22 289,144 --a--c--- C:\WINDOWS\system32\VCCLSID.exe

2008-07-02 15:17 . 2006-04-27 17:49 288,417 --a--c--- C:\WINDOWS\system32\SrchSTS.exe

2008-07-02 15:17 . 2008-05-29 09:35 86,528 --a--c--- C:\WINDOWS\system32\VACFix.exe

2008-07-02 15:17 . 2008-05-18 21:40 82,944 --a--c--- C:\WINDOWS\system32\IEDFix.exe

2008-07-02 15:17 . 2008-07-02 13:33 82,432 --a--c--- C:\WINDOWS\system32\IEDFix.C.exe

2008-07-02 15:17 . 2008-05-23 18:21 81,920 --a--c--- C:\WINDOWS\system32\404Fix.exe

2008-07-02 15:17 . 2003-06-05 21:13 53,248 --a--c--- C:\WINDOWS\system32\Process.exe

2008-07-02 15:17 . 2004-07-31 18:50 51,200 --a--c--- C:\WINDOWS\system32\dumphive.exe

2008-07-02 15:17 . 2007-10-04 00:36 25,600 --a--c--- C:\WINDOWS\system32\WS2Fix.exe

2008-07-02 00:00 . 2008-07-02 02:40 <REP> d----c--- C:\Program Files\Navilog1

2008-06-29 03:31 . 2008-06-29 20:16 <REP> d----c--- C:\Program Files\RomStation

2008-06-28 23:19 . 2008-06-29 18:02 <REP> d----c--- C:\Games

2008-06-28 23:11 . 2008-06-28 23:13 <REP> d----c--- C:\Program Files\fbmgamesetup

2008-06-28 23:11 . 2008-06-28 23:11 <REP> d----c--- C:\Program Files\Conduit

2008-06-26 19:17 . 2008-06-26 19:17 <REP> d----c--- C:\Program Files\Fichiers communs\NSV

2008-06-26 16:32 . 2008-06-26 16:33 57 --a--c--- C:\WINDOWS\yesmessenger.ini

2008-06-19 14:01 . 2008-06-19 14:01 96,584 --a--c--- C:\Documents and Settings\Jules Ngankam\Application Data\GDIPFONTCACHEV1.DAT

2008-06-14 10:08 . 2008-06-14 10:08 54,156 --ah-c--- C:\WINDOWS\QTFont.qfn

2008-06-14 10:08 . 2008-06-14 10:08 1,409 --a--c--- C:\WINDOWS\QTFont.for

2008-06-11 08:27 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-11 08:27 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-08 10:12 . 2008-06-08 10:24 <REP> d--hsc--- C:\Documents and Settings\Bernadette Tabeko\Phone Browser

2008-06-08 01:11 . 2008-06-08 01:11 <REP> d----c--- C:\Documents and Settings\Bernadette Tabeko\Application Data\Nokia Multimedia Player

2008-06-08 00:40 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\drivers\usbser.sys

2008-06-08 00:40 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys

2008-06-08 00:40 . 2008-06-08 00:40 0 --ah-c--- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-06-08 00:40 . 2008-06-08 00:40 0 --ah-c--- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf

2008-06-08 00:36 . 2008-06-08 00:41 <REP> d----c--- C:\Documents and Settings\Bernadette Tabeko\Application Data\PC Suite

2008-06-08 00:36 . 2008-06-08 01:15 <REP> d----c--- C:\Documents and Settings\Bernadette Tabeko\Application Data\Nokia

2008-06-08 00:36 . 2008-06-08 00:41 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\PC Suite

2008-06-08 00:35 . 2008-06-08 00:35 <REP> d----c--- C:\Program Files\Fichiers communs\PCSuite

2008-06-08 00:35 . 2008-06-08 00:35 <REP> d----c--- C:\Program Files\Fichiers communs\Nokia

2008-06-08 00:35 . 2008-06-08 00:35 <REP> d----c--- C:\Program Files\DIFX

2008-06-08 00:35 . 2007-09-17 15:53 21,632 --a--c--- C:\WINDOWS\system32\drivers\pccsmcfd.sys

2008-06-08 00:34 . 2008-06-08 00:34 <REP> d----c--- C:\Program Files\PC Connectivity Solution

2008-06-08 00:34 . 2007-11-29 10:39 8,064 --a--c--- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys

2008-06-08 00:33 . 2008-06-08 00:35 <REP> d----c--- C:\Program Files\Nokia

2008-06-08 00:33 . 2007-11-29 10:33 1,419,232 --a--c--- C:\WINDOWS\system32\wdfcoinstaller01005.dll

2008-06-08 00:33 . 2007-11-29 10:39 95,744 --a--c--- C:\WINDOWS\system32\nmwcdcocls.dll

2008-06-08 00:33 . 2007-11-29 10:39 19,328 --a--c--- C:\WINDOWS\system32\drivers\ccdcmbo.sys

2008-06-08 00:33 . 2007-11-29 10:39 16,896 --a--c--- C:\WINDOWS\system32\drivers\ccdcmb.sys

2008-06-08 00:33 . 2007-11-29 10:39 8,064 --a--c--- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys

2008-06-08 00:31 . 2008-06-08 00:31 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Installations

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-02 23:09 --------- dc----w C:\Documents and Settings\Bernadette Tabeko\Application Data\Free Download Manager

2008-07-01 08:32 --------- dc----w C:\Documents and Settings\LocalService\Application Data\AVG7

2008-06-28 09:48 --------- dc----w C:\Program Files\eMule

2008-06-16 17:15 --------- dc----w C:\Documents and Settings\All Users\Application Data\avg7

2008-06-14 13:21 --------- dc----w C:\Program Files\vghd

2008-05-16 19:50 --------- dc----w C:\Program Files\Blaze Media pro 6

2008-05-08 12:28 202,752 -c--a-w C:\WINDOWS\system32\drivers\rmcast.sys

2007-04-21 11:31 278,528 -c--a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe

2006-11-18 19:25 607 ----a-w C:\Program Files\savetestgmat5v.dat

2006-03-30 21:46 666 -c--a-w C:\Documents and Settings\Bernadette Tabeko\Application Data\wklnhst.dat

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{301c19bc-4368-46a4-8fbd-a0e9d0dcd4f7}]

2008-06-24 23:17 1569304 --a--c--- C:\Program Files\fbmgamesetup\tbfbm0.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{301c19bc-4368-46a4-8fbd-a0e9d0dcd4f7}"= "C:\Program Files\fbmgamesetup\tbfbm0.dll" [2008-06-24 23:17 1569304]

 

[HKEY_CLASSES_ROOT\clsid\{301c19bc-4368-46a4-8fbd-a0e9d0dcd4f7}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{301C19BC-4368-46A4-8FBD-A0E9D0DCD4F7}"= "C:\Program Files\fbmgamesetup\tbfbm0.dll" [2008-06-24 23:17 1569304]

 

[HKEY_CLASSES_ROOT\clsid\{301c19bc-4368-46a4-8fbd-a0e9d0dcd4f7}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 10:00 15360]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-05 10:00 160768]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-30 02:53 98304]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 10:00 15360]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-25 08:38 219136]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]

2006-02-10 17:08 106496 C:\WINDOWS\system32\odyEvent.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=MsgPlusLoader.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Bernadette Tabeko^Menu Démarrer^Programmes^Démarrage^FileOpenAPI.exe.lnk]

path=C:\Documents and Settings\Bernadette Tabeko\Menu Démarrer\Programmes\Démarrage\FileOpenAPI.exe.lnk

backup=C:\WINDOWS\pss\FileOpenAPI.exe.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Bernadette Tabeko^Menu Démarrer^Programmes^Démarrage^wkcalrem.LNK]

path=C:\Documents and Settings\Bernadette Tabeko\Menu Démarrer\Programmes\Démarrage\WKCALREM.LNK

backup=C:\WINDOWS\pss\WKCALREM.LNKStartup

=

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClientGW]

[X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

--a------ 2005-09-27 22:05 344064 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

--a--c--- 2008-06-28 08:38 580096 C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]

--a--c--- 2008-02-12 10:06 262401 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a--c--- 2007-06-27 19:03 152872 C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]

--a------ 2004-06-09 15:37 40960 C:\WINDOWS\VM_STI.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

--a------ 2006-08-17 04:33 43008 C:\Program Files\BitTorrent\bittorrent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]

--a------ 2005-08-01 15:26 233534 C:\Program Files\HPQ\Default Settings\Cpqset.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]

-----c--- 2005-10-27 18:00 299008 C:\Program Files\Creative\Shared Files\CamTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2004-08-05 10:00 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]

--a------ 2005-10-11 17:17 409600 C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eSnips]

--a------ 2006-05-28 12:35 692224 C:\Program Files\eSnips\ClientGW.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]

--a------ 2006-08-21 00:24 2068527 C:\Program Files\Free Download Manager\fdm.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2005-05-12 00:12 49152 C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]

--a------ 2005-05-04 11:59 794624 C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2004-10-13 17:04 278528 C:\Program Files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LowRateVoip]

--a--c--- 2007-04-12 15:39 7198264 C:\Program Files\LowRateVoip\LowRateVoip.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]

--a------ 2004-10-14 14:54 253952 c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]

--a------ 2006-05-03 23:57 190024 C:\Program Files\MessengerPlus! 3\MsgPlus.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a--c--- 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a--c--- 2007-03-01 15:57 153136 C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]

--a--c--- 2008-03-26 18:41 1232896 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]

--a--c--- 2008-04-16 12:53 1079808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2005-11-30 02:53 98304 C:\Program Files\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2004-07-15 02:07 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]

--a--c--- 2006-11-04 04:28 4468736 C:\Program Files\Shareaza\Shareaza.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

--a------ 2006-05-19 18:11 18577448 C:\Program Files\Skype\Phone\Skype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter]

--a------ 2006-09-08 20:20 2482176 C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a--c--- 2006-10-12 03:10 49263 C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

--a--c--- 2005-06-19 22:50 729178 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2006-04-10 19:57 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wallpaper]

--a--c--- 2006-01-15 15:57 200704 C:\Program Files\Wallpaper\Wallpaper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]

--a--c--- 2005-10-26 17:37 327680 C:\Program Files\WinFast\WFDTV\WFWIZ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]

--a--c--- 2005-10-17 17:17 69632 C:\Program Files\WinFast\WFDTV\DTVSchdl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

--a--c--- 2006-11-30 22:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\eMule\\emule.exe"=

"C:\\StubInstaller.exe"=

"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

"C:\\Program Files\\ABC\\abc.exe"=

"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"C:\\Program Files\\uTorrent\\utorrent.exe"=

"C:\\Program Files\\mIRC\\mirc.exe"=

"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"C:\\Program Files\\Shareaza\\Shareaza.exe"=

"C:\\Program Files\\Maple 9.5\\bin.win\\mserver.exe"=

"C:\\Program Files\\Maple 9.5\\jre\\bin\\java.exe"=

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"C:\\Program Files\\Azureus\\Azureus.exe"=

"C:\\Program Files\\ImageJ\\jre\\bin\\javaw.exe"=

"C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=

"C:\\Program Files\\LowRateVoip\\LowRateVoip.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Documents and Settings\\Bernadette Tabeko\\Bureau\\papiers\\Internet TV (PPLive, ppStream, Tvants, PCast, SopCast)\\SopCast\\SopCast.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

 

R0 tffsport;M-Systems DiskOnChip 2000;C:\WINDOWS\system32\DRIVERS\tffsport.sys [2004-08-03 23:00]

R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 11:06]

S3 ctlsb16;Pilote Creative SB16/AWE32/AWE64 (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys [2001-08-17 20:19]

S3 MODRC;WinFast DTV Dongle Infrared receiver driver;C:\WINDOWS\system32\DRIVERS\wfdbmodr.sys [2005-09-20 18:03]

S3 wfdbbda;WinFast DTV Dongle BDA Driver;C:\WINDOWS\system32\Drivers\wfdbbda.sys [2005-09-20 18:03]

S3 WFDBLOAD;WinFast DTV Dongle Firmware Loader;C:\WINDOWS\system32\DRIVERS\wfdbload.sys [2005-10-27 06:34]

S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS [2005-01-06 16:55]

 

.

- - - - ORPHANS REMOVED - - - -

 

WebBrowser-{479FD0CF-5BE9-4C63-8CDA-B6D371C67BD5} - (no file)

WebBrowser-{5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)

MSConfigStartUp-dxlock - C:\Program Files\Fox Magic\ScreenVirtuoso 1.61\dxlock.exe

MSConfigStartUp-Install5G - D:\Install.exe

MSConfigStartUp-Nero PhotoShow Media Manager - C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe

MSConfigStartUp-RavAV - C:\WINDOWS\AdobeR.exe

MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

MSConfigStartUp-Uniblue RegistryBooster 2 - C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-03 01:13:03

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\Funk Software\Odyssey Client\odClientService.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Hp\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\notepad.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-07-03 1:35:34 - machine was rebooted

ComboFix-quarantined-files.txt 2008-07-02 23:34:24

 

Pre-Run: 6,149,980,160 octets libres

Post-Run: 8,713,502,720 octets libres

 

276 --- E O F --- 2008-07-02 01:19:29

 

 

 

 

la machine ayant redemarré, j'ai refais un nouveau rapport hijackthis, je sais pas si c'est utile

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:39:49, on 03/07/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Funk Software\Odyssey Client\odClientService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Bernadette Tabeko\Bureau\QUIQUEMPOIS Stéphane\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL

R3 - URLSearchHook: fbmgamesetup Toolbar - {301c19bc-4368-46a4-8fbd-a0e9d0dcd4f7} - C:\Program Files\fbmgamesetup\tbfbm0.dll

O2 - BHO: fbmgamesetup Toolbar - {301c19bc-4368-46a4-8fbd-a0e9d0dcd4f7} - C:\Program Files\fbmgamesetup\tbfbm0.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: fbmgamesetup Toolbar - {301c19bc-4368-46a4-8fbd-a0e9d0dcd4f7} - C:\Program Files\fbmgamesetup\tbfbm0.dll

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI69DF~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL (file missing)

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://layout.eurosport.fr/j/p2p/rawflow/Rawflow.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1144691154953

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fichiers/har...ion_2_0_4_9.cab

O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} (FileOpenInstaller) - http://plugin.fileopen.com/current/FileOpen.CAB

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://7city.webex.com/client/T26L/webex/ieatgpc.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

O23 - Service: Odyssey Client (odClientService) - Funk Software, Inc. - C:\Program Files\Funk Software\Odyssey Client\odClientService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

 

--

End of file - 10453 bytes

Modifié le 2 juillet 2008 par manu313

[Falkra]

• Ouvre le bloc notes. Copie colle ceci dedans :
  

 

File::

C:\WINDOWS\system32\tmp.reg

 

Folder::

C:\Program Files\AskTBar

 

Registry::

[-HKEY_CLASSES_ROOT\clsid\{301c19bc-4368-46a4-8fbd-a0e9d0dcd4f7}]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter]

 

Dirlook::

C:\Program Files\vghd

C:\Program Files\Enigma Software Group\SpyHunter\

 

• Sauvegarde cela comme fichier texte nommé CFScript, sur le bureau.
   
  
• Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
  

• Une fenêtre bleue va apparaître: au message qui apparaît (Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  
• Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
  
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  
• Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
  

[manu313]

voila le rapport

 

 

ComboFix 08-07-01.5 - Bernadette Tabeko 2008-07-03 12:40:58.2 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.464 [GMT 2:00]

Endroit: C:\Documents and Settings\Bernadette Tabeko\Bureau\QUIQUEMPOIS Stéphane\ComboFix.exe

Command switches used :: C:\Documents and Settings\Bernadette Tabeko\Bureau\QUIQUEMPOIS Stéphane\CFScript.txt

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

 

FILE ::

C:\WINDOWS\system32\tmp.reg

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Program Files\AskTBar

C:\Program Files\AskTBar\bar\2.bin\A5POPSWT.DLL

C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL

C:\Program Files\AskTBar\bar\3.bin\A5POPSWT.DLL

C:\Program Files\AskTBar\bar\3.bin\ASKTBAR.DLL

C:\Program Files\AskTBar\bar\Cache\00171A10

C:\Program Files\AskTBar\bar\Cache\00174EEB

C:\Program Files\AskTBar\bar\Cache\027EB8B2.bin

C:\Program Files\AskTBar\bar\Cache\027EC9C9.bin

C:\Program Files\AskTBar\bar\Cache\027ED775.bin

C:\Program Files\AskTBar\bar\Cache\files.ini

C:\Program Files\AskTBar\bar\History\search2

C:\Program Files\AskTBar\bar\Settings\prevcfg2.htm

C:\Program Files\AskTBar\PopSwatr\History\allowed

C:\Program Files\AskTBar\PopSwatr\History\notallow

C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL

C:\WINDOWS\system32\tmp.reg

 

.

((((((((((((((((((((((((((((( Fichiers créés 2008-06-03 to 2008-07-03 ))))))))))))))))))))))))))))))))))))

.

 

2008-07-03 01:35 . 2008-07-03 01:35 <REP> d----c--- C:\Documents and Settings\InvitÚ

2008-07-02 16:37 . 2008-07-02 16:37 <REP> d----c--- C:\Program Files\Malwarebytes' Anti-Malware

2008-07-02 16:37 . 2008-07-02 16:37 <REP> d----c--- C:\Documents and Settings\Bernadette Tabeko\Application Data\Malwarebytes

2008-07-02 16:37 . 2008-07-02 16:37 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-07-02 16:37 . 2008-06-28 14:16 34,296 --a--c--- C:\WINDOWS\system32\drivers\mbamcatchme.sys

2008-07-02 16:37 . 2008-06-28 14:16 17,144 --a--c--- C:\WINDOWS\system32\drivers\mbam.sys

2008-07-02 15:17 . 2007-09-06 00:22 289,144 --a--c--- C:\WINDOWS\system32\VCCLSID.exe

2008-07-02 15:17 . 2006-04-27 17:49 288,417 --a--c--- C:\WINDOWS\system32\SrchSTS.exe

2008-07-02 15:17 . 2008-05-29 09:35 86,528 --a--c--- C:\WINDOWS\system32\VACFix.exe

2008-07-02 15:17 . 2008-05-18 21:40 82,944 --a--c--- C:\WINDOWS\system32\IEDFix.exe

2008-07-02 15:17 . 2008-07-02 13:33 82,432 --a--c--- C:\WINDOWS\system32\IEDFix.C.exe

2008-07-02 15:17 . 2008-05-23 18:21 81,920 --a--c--- C:\WINDOWS\system32\404Fix.exe

2008-07-02 15:17 . 2003-06-05 21:13 53,248 --a--c--- C:\WINDOWS\system32\Process.exe

2008-07-02 15:17 . 2004-07-31 18:50 51,200 --a--c--- C:\WINDOWS\system32\dumphive.exe

2008-07-02 15:17 . 2007-10-04 00:36 25,600 --a--c--- C:\WINDOWS\system32\WS2Fix.exe

2008-07-02 00:00 . 2008-07-02 02:40 <REP> d----c--- C:\Program Files\Navilog1

2008-06-29 03:31 . 2008-06-29 20:16 <REP> d----c--- C:\Program Files\RomStation

2008-06-28 23:19 . 2008-06-29 18:02 <REP> d----c--- C:\Games

2008-06-28 23:11 . 2008-06-28 23:13 <REP> d----c--- C:\Program Files\fbmgamesetup

2008-06-28 23:11 . 2008-06-28 23:11 <REP> d----c--- C:\Program Files\Conduit

2008-06-26 19:17 . 2008-06-26 19:17 <REP> d----c--- C:\Program Files\Fichiers communs\NSV

2008-06-26 16:32 . 2008-06-26 16:33 57 --a--c--- C:\WINDOWS\yesmessenger.ini

2008-06-19 14:01 . 2008-06-19 14:01 96,584 --a--c--- C:\Documents and Settings\Jules Ngankam\Application Data\GDIPFONTCACHEV1.DAT

2008-06-14 10:08 . 2008-06-14 10:08 54,156 --ah-c--- C:\WINDOWS\QTFont.qfn

2008-06-14 10:08 . 2008-06-14 10:08 1,409 --a--c--- C:\WINDOWS\QTFont.for

2008-06-11 08:27 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-11 08:27 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-08 19:07 . 2008-06-08 19:07 <REP> d----c--- C:\Documents and Settings\Invité\Application Data\PC Suite

2008-06-08 10:12 . 2008-06-08 10:24 <REP> d--hsc--- C:\Documents and Settings\Bernadette Tabeko\Phone Browser

2008-06-08 01:11 . 2008-06-08 01:11 <REP> d----c--- C:\Documents and Settings\Bernadette Tabeko\Application Data\Nokia Multimedia Player

2008-06-08 00:40 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\drivers\usbser.sys

2008-06-08 00:40 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys

2008-06-08 00:40 . 2008-06-08 00:40 0 --ah-c--- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-06-08 00:40 . 2008-06-08 00:40 0 --ah-c--- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf

2008-06-08 00:36 . 2008-06-08 00:41 <REP> d----c--- C:\Documents and Settings\Bernadette Tabeko\Application Data\PC Suite

2008-06-08 00:36 . 2008-06-08 01:15 <REP> d----c--- C:\Documents and Settings\Bernadette Tabeko\Application Data\Nokia

2008-06-08 00:36 . 2008-06-08 00:41 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\PC Suite

2008-06-08 00:35 . 2008-06-08 00:35 <REP> d----c--- C:\Program Files\Fichiers communs\PCSuite

2008-06-08 00:35 . 2008-06-08 00:35 <REP> d----c--- C:\Program Files\Fichiers communs\Nokia

2008-06-08 00:35 . 2008-06-08 00:35 <REP> d----c--- C:\Program Files\DIFX

2008-06-08 00:35 . 2007-09-17 15:53 21,632 --a--c--- C:\WINDOWS\system32\drivers\pccsmcfd.sys

2008-06-08 00:34 . 2008-06-08 00:34 <REP> d----c--- C:\Program Files\PC Connectivity Solution

2008-06-08 00:34 . 2007-11-29 10:39 8,064 --a--c--- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys

2008-06-08 00:33 . 2008-06-08 00:35 <REP> d----c--- C:\Program Files\Nokia

2008-06-08 00:33 . 2007-11-29 10:33 1,419,232 --a--c--- C:\WINDOWS\system32\wdfcoinstaller01005.dll

2008-06-08 00:33 . 2007-11-29 10:39 95,744 --a--c--- C:\WINDOWS\system32\nmwcdcocls.dll

2008-06-08 00:33 . 2007-11-29 10:39 19,328 --a--c--- C:\WINDOWS\system32\drivers\ccdcmbo.sys

2008-06-08 00:33 . 2007-11-29 10:39 16,896 --a--c--- C:\WINDOWS\system32\drivers\ccdcmb.sys

2008-06-08 00:33 . 2007-11-29 10:39 8,064 --a--c--- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys

2008-06-08 00:31 . 2008-06-08 00:31 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Installations

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-02 23:09 --------- dc----w C:\Documents and Settings\Bernadette Tabeko\Application Data\Free Download Manager

2008-07-01 08:32 --------- dc----w C:\Documents and Settings\LocalService\Application Data\AVG7

2008-06-28 09:48 --------- dc----w C:\Program Files\eMule

2008-06-16 17:15 --------- dc----w C:\Documents and Settings\All Users\Application Data\avg7

2008-06-14 22:54 --------- dc----w C:\Documents and Settings\Invité\Application Data\OpenOffice.org2

2008-06-14 13:21 --------- dc----w C:\Program Files\vghd

2008-05-16 19:50 --------- dc----w C:\Program Files\Blaze Media pro 6

2008-05-08 12:28 202,752 -c--a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-05-07 05:15 1,293,824 -c--a-w C:\WINDOWS\system32\quartz.dll

2008-04-21 07:02 663,552 -c--a-w C:\WINDOWS\system32\wininet.dll

2007-04-21 11:31 278,528 -c--a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe

2006-11-18 19:25 607 ----a-w C:\Program Files\savetestgmat5v.dat

2006-03-30 21:46 666 -c--a-w C:\Documents and Settings\Bernadette Tabeko\Application Data\wklnhst.dat

.

 

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

---- Directory of C:\Program Files\Enigma Software Group\SpyHunter\ ----

 

2006-09-26 20:53 69328 --a------ C:\Program Files\Enigma Software Group\SpyHunter\\support.log

2006-09-26 20:17 6379 --a------ C:\Program Files\Enigma Software Group\SpyHunter\\INSTALL.LOG

2006-09-26 20:17 492 --a------ C:\Program Files\Enigma Software Group\SpyHunter\\install.sss

2006-09-22 19:36 240144 --a------ C:\Program Files\Enigma Software Group\SpyHunter\\def.dat

2006-09-08 20:20 2482176 --a------ C:\Program Files\Enigma Software Group\SpyHunter\\SpyHunter.exe

2006-06-06 17:55 324769 --a------ C:\Program Files\Enigma Software Group\SpyHunter\\SpyHunter.chm

2005-04-19 12:07 57344 --a------ C:\Program Files\Enigma Software Group\SpyHunter\\Esgiutl1.dll

2005-04-08 21:58 64 --a------ C:\Program Files\Enigma Software Group\SpyHunter\\purl.dat

2005-04-08 16:58 49152 --a------ C:\Program Files\Enigma Software Group\SpyHunter\\esgi_md5h.dll

2005-01-20 18:52 0 --a------ C:\Program Files\Enigma Software Group\SpyHunter\\ExtendedScript.dat

2005-01-07 19:54 0 --a------ C:\Program Files\Enigma Software Group\SpyHunter\\exclusions.dat

2005-01-06 13:36 446464 --a------ C:\Program Files\Enigma Software Group\SpyHunter\\EnigmaUpdater.dll

2004-06-21 11:28 100 --a------ C:\Program Files\Enigma Software Group\SpyHunter\\settings.ini

2004-01-02 18:03 45056 --a------ C:\Program Files\Enigma Software Group\SpyHunter\\LSPFix.dll

2003-08-30 16:50 199168 --a------ C:\Program Files\Enigma Software Group\SpyHunter\\Uninstall.exe

 

---- Directory of C:\Program Files\vghd ----

 

2008-05-02 15:36 598016 --a--c--- C:\Program Files\vghd\dxmodules.dll

2008-05-02 15:36 344064 --a--c--- C:\Program Files\vghd\msvcr70.dll

 

 

((((((((((((((((((((((((((((( snapshot@2008-07-03_ 1.33.52.75 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-07-02 23:11:43 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-07-03 07:01:07 2,048 --s-a-w C:\WINDOWS\bootstat.dat

- 2008-07-02 12:14:52 353,768 -c--a-w C:\WINDOWS\system32\FNTCACHE.DAT

+ 2008-07-03 07:01:03 353,768 -c--a-w C:\WINDOWS\system32\FNTCACHE.DAT

- 2008-07-02 12:17:58 96,584 -c--a-w C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT

+ 2008-07-03 07:03:17 96,584 -c--a-w C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 10:00 15360]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-05 10:00 160768]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-30 02:53 98304]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 10:00 15360]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-25 08:38 219136]

 

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-05-12 01:49:24 73728]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]

2006-02-10 17:08 106496 C:\WINDOWS\system32\odyEvent.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=MsgPlusLoader.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Bernadette Tabeko^Menu Démarrer^Programmes^Démarrage^FileOpenAPI.exe.lnk]

path=C:\Documents and Settings\Bernadette Tabeko\Menu Démarrer\Programmes\Démarrage\FileOpenAPI.exe.lnk

backup=C:\WINDOWS\pss\FileOpenAPI.exe.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Bernadette Tabeko^Menu Démarrer^Programmes^Démarrage^wkcalrem.LNK]

path=C:\Documents and Settings\Bernadette Tabeko\Menu Démarrer\Programmes\Démarrage\WKCALREM.LNK

backup=C:\WINDOWS\pss\WKCALREM.LNKStartup

=

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClientGW]

[X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

--a------ 2005-09-27 22:05 344064 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

--a--c--- 2008-06-28 08:38 580096 C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]

--a--c--- 2008-02-12 10:06 262401 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a--c--- 2007-06-27 19:03 152872 C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]

--a------ 2004-06-09 15:37 40960 C:\WINDOWS\VM_STI.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

--a------ 2006-08-17 04:33 43008 C:\Program Files\BitTorrent\bittorrent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]

--a------ 2005-08-01 15:26 233534 C:\Program Files\HPQ\Default Settings\Cpqset.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]

-----c--- 2005-10-27 18:00 299008 C:\Program Files\Creative\Shared Files\CamTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2004-08-05 10:00 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]

--a------ 2005-10-11 17:17 409600 C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eSnips]

--a------ 2006-05-28 12:35 692224 C:\Program Files\eSnips\ClientGW.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]

--a------ 2006-08-21 00:24 2068527 C:\Program Files\Free Download Manager\fdm.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2005-05-12 00:12 49152 C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]

--a------ 2005-05-04 11:59 794624 C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2004-10-13 17:04 278528 C:\Program Files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LowRateVoip]

--a--c--- 2007-04-12 15:39 7198264 C:\Program Files\LowRateVoip\LowRateVoip.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]

--a------ 2004-10-14 14:54 253952 c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]

--a------ 2006-05-03 23:57 190024 C:\Program Files\MessengerPlus! 3\MsgPlus.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a--c--- 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a--c--- 2007-03-01 15:57 153136 C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]

--a--c--- 2008-03-26 18:41 1232896 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]

--a--c--- 2008-04-16 12:53 1079808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2005-11-30 02:53 98304 C:\Program Files\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2004-07-15 02:07 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]

--a--c--- 2006-11-04 04:28 4468736 C:\Program Files\Shareaza\Shareaza.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

--a------ 2006-05-19 18:11 18577448 C:\Program Files\Skype\Phone\Skype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a--c--- 2006-10-12 03:10 49263 C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

--a--c--- 2005-06-19 22:50 729178 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2006-04-10 19:57 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wallpaper]

--a--c--- 2006-01-15 15:57 200704 C:\Program Files\Wallpaper\Wallpaper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]

--a--c--- 2005-10-26 17:37 327680 C:\Program Files\WinFast\WFDTV\WFWIZ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]

--a--c--- 2005-10-17 17:17 69632 C:\Program Files\WinFast\WFDTV\DTVSchdl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

--a--c--- 2006-11-30 22:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\eMule\\emule.exe"=

"C:\\StubInstaller.exe"=

"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

"C:\\Program Files\\ABC\\abc.exe"=

"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"C:\\Program Files\\uTorrent\\utorrent.exe"=

"C:\\Program Files\\mIRC\\mirc.exe"=

"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"C:\\Program Files\\Shareaza\\Shareaza.exe"=

"C:\\Program Files\\Maple 9.5\\bin.win\\mserver.exe"=

"C:\\Program Files\\Maple 9.5\\jre\\bin\\java.exe"=

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"C:\\Program Files\\Azureus\\Azureus.exe"=

"C:\\Program Files\\ImageJ\\jre\\bin\\javaw.exe"=

"C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=

"C:\\Program Files\\LowRateVoip\\LowRateVoip.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Documents and Settings\\Bernadette Tabeko\\Bureau\\papiers\\Internet TV (PPLive, ppStream, Tvants, PCast, SopCast)\\SopCast\\SopCast.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

 

R0 tffsport;M-Systems DiskOnChip 2000;C:\WINDOWS\system32\DRIVERS\tffsport.sys [2004-08-03 23:00]

R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 11:06]

S3 ctlsb16;Pilote Creative SB16/AWE32/AWE64 (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys [2001-08-17 20:19]

S3 MODRC;WinFast DTV Dongle Infrared receiver driver;C:\WINDOWS\system32\DRIVERS\wfdbmodr.sys [2005-09-20 18:03]

S3 wfdbbda;WinFast DTV Dongle BDA Driver;C:\WINDOWS\system32\Drivers\wfdbbda.sys [2005-09-20 18:03]

S3 WFDBLOAD;WinFast DTV Dongle Firmware Loader;C:\WINDOWS\system32\DRIVERS\wfdbload.sys [2005-10-27 06:34]

S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS [2005-01-06 16:55]

 

*Newly Created Service* - CATCHME

.

- - - - ORPHANS REMOVED - - - -

 

BHO-{301c19bc-4368-46a4-8fbd-a0e9d0dcd4f7} - (no file)

Toolbar-{301c19bc-4368-46a4-8fbd-a0e9d0dcd4f7} - (no file)

WebBrowser-{301C19BC-4368-46A4-8FBD-A0E9D0DCD4F7} - (no file)

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-03 12:52:36

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

Scan terminé avec succès

Les fichiers cachés: 0

 

**************************************************************************

.

Temps d'accomplissement: 2008-07-03 12:55:37

ComboFix-quarantined-files.txt 2008-07-03 10:54:40

ComboFix2.txt 2008-07-02 23:35:37

 

Pre-Run: 10,694,033,408 octets libres

Post-Run: 11,691,425,792 octets libres

 

289 --- E O F --- 2008-07-03 00:33:53

[Falkra]

Bien.

 

Poste un nouveau rapport HijackThis stp.

[manu313]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:32:27, on 03/07/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Funk Software\Odyssey Client\odClientService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe

C:\WINDOWS\system32\WISPTIS.EXE

C:\Program Files\FIFA 07\Crack\fifa07.exe

C:\Documents and Settings\Bernadette Tabeko\Bureau\QUIQUEMPOIS Stéphane\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL (file missing)

R3 - URLSearchHook: (no name) - {301c19bc-4368-46a4-8fbd-a0e9d0dcd4f7} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI69DF~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL (file missing)

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://layout.eurosport.fr/j/p2p/rawflow/Rawflow.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1144691154953

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fichiers/har...ion_2_0_4_9.cab

O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} (FileOpenInstaller) - http://plugin.fileopen.com/current/FileOpen.CAB

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://7city.webex.com/client/T26L/webex/ieatgpc.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

O23 - Service: Odyssey Client (odClientService) - Funk Software, Inc. - C:\Program Files\Funk Software\Odyssey Client\odClientService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

 

--

End of file - 9984 bytes