Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

recherche un anti popup pratique balaise et gratuit!!!&#33

novice42

Par novice42
dans Analyses et éradication malwares

 Partager

Messages recommandés

novice42 Member

novice42

Posté(e)
  • Auteur
Posté(e)

bonjour voila le nouveau rapport...

merci bien encore

 

 

 

ComboFix 08-07-11.1 - Josselin 2008-07-13 14:19:30.2 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.423 [GMT 2:00]

Endroit: C:\Documents and Settings\Josselin\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\Josselin\Bureau\CFScript.txt

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

 

FILE ::

C:\WINDOWS\system32\cgwlcmbn.dll

C:\WINDOWS\system32\grhpsk.dll

C:\WINDOWS\system32\gtnipl.dll

C:\WINDOWS\system32\ngkaagwb.dll

C:\WINDOWS\system32\qxcqoyxw.dll

C:\WINDOWS\system32\rlfrmx.dll

C:\WINDOWS\system32\VundoFixSVC.exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\VundoFix Backups

C:\VundoFix Backups\fNoYbJjl.ini.bad

C:\VundoFix Backups\fNoYbJjl.ini2.bad

C:\VundoFix Backups\ljJbYoNf.dll.bad

C:\VundoFix Backups\lkUBKRqr.ini.bad

C:\VundoFix Backups\lkUBKRqr.ini2.bad

C:\VundoFix Backups\rqRKBUkl.dll.bad

C:\WINDOWS\system32\cgwlcmbn.dll

C:\WINDOWS\system32\grhpsk.dll

C:\WINDOWS\system32\gtnipl.dll

C:\WINDOWS\system32\ngkaagwb.dll

C:\WINDOWS\system32\qxcqoyxw.dll

C:\WINDOWS\system32\rlfrmx.dll

C:\WINDOWS\system32\VundoFixSVC.exe

 

.

((((((((((((((((((((((((((((( Fichiers créés 2008-06-13 to 2008-07-13 ))))))))))))))))))))))))))))))))))))

.

 

2008-07-10 15:39 . 2008-07-11 16:13 <REP> d-------- C:\Toolbar SD

2008-07-10 13:52 . 2008-07-10 14:02 <REP> d-------- C:\Program Files\Proxomitron Naoko v4.5

2008-07-09 13:02 . 2008-07-09 13:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-07-09 13:02 . 2008-07-09 13:02 1,409 --a------ C:\WINDOWS\QTFont.for

2008-07-02 16:04 . 2008-07-02 16:04 <REP> d-------- C:\Program Files\Avira

2008-07-02 16:04 . 2008-07-02 16:04 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira

2008-07-02 15:33 . 2008-07-02 15:33 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\CA

2008-07-02 15:33 . 2008-07-02 15:33 26,787 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys

2008-07-02 15:32 . 2008-07-02 15:32 <REP> d-------- C:\Program Files\CA

2008-07-01 20:25 . 2008-07-02 13:52 <REP> d-------- C:\Program Files\Ascentive

2008-07-01 20:25 . 2008-04-17 16:22 208,896 --a------ C:\WINDOWS\system32\ConTest.dll

2008-07-01 20:25 . 2007-10-17 10:19 20,480 --a------ C:\WINDOWS\system32\SysRestore.dll

2008-06-30 20:43 . 2008-06-30 20:46 <REP> d-------- C:\Program Files\Capturino 1.4

2008-06-30 00:16 . 2008-06-30 00:17 159,228,420 --a------ C:\Documents and Settings\Josselin\TRACE_BOOT+DRIVERS_1_1.BIN

2008-06-30 00:01 . 2002-12-29 01:14 81,920 --a------ C:\WINDOWS\system32\Startup.cpl

2008-06-29 14:56 . 2008-06-29 15:01 15,172,608 --a------ C:\audioOut.AC3

2008-06-29 14:48 . 2008-07-02 09:16 <REP> d-------- C:\Program Files\FlasKMPEG_594h

2008-06-28 18:34 . 2008-06-28 18:34 <REP> d-------- C:\Program Files\CCleaner

2008-06-28 13:39 . 2008-06-28 13:39 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion

2008-06-28 13:29 . 2008-06-28 13:29 <REP> d-------- C:\Program Files\Norton Internet Security

2008-06-28 13:11 . 2008-06-28 13:23 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avg8(2)

2008-06-28 12:59 . 2008-06-28 13:26 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion(2)

2008-06-27 10:26 . 2008-06-28 18:50 <REP> d-------- C:\Program Files\jv16 PowerTools

2008-06-27 10:20 . 2008-06-27 10:20 <REP> d-------- C:\Program Files\Auslogics

2008-06-27 10:20 . 2008-06-27 10:20 <REP> d-------- C:\Documents and Settings\Josselin\Application Data\Auslogics

2008-06-25 19:31 . 2008-06-25 19:31 88 --a------ C:\WINDOWS\Kit.ini

2008-06-23 11:40 . 2006-04-16 23:06 225,280 --a------ C:\WINDOWS\system32\OfficeMenu2003.ocx

2008-06-23 11:40 . 1998-07-13 01:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL

2008-06-23 11:40 . 1998-07-13 00:00 15,872 --a------ C:\WINDOWS\system32\WINSKFR.DLL

2008-06-20 20:15 . 2008-06-20 20:15 16 --a------ C:\WINDOWS\system32\coh.cache

2008-06-20 12:19 . 2004-10-06 12:08 606,208 --a------ C:\WINDOWS\system32\BtnPlus1.ocx

2008-06-20 12:19 . 2004-10-06 12:24 471,040 --a------ C:\WINDOWS\system32\FraPlus1.ocx

2008-06-20 12:19 . 1997-05-01 00:00 57,856 --a------ C:\WINDOWS\system32\DrvFacts.ocx

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-13 12:18 --------- d-----w C:\Program Files\WinClamAVShield

2008-07-13 12:18 --------- d-----w C:\Documents and Settings\Josselin\Application Data\Spyware Terminator

2008-07-12 12:45 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spyware Terminator

2008-07-12 12:15 --------- d-----w C:\Program Files\Spyware Terminator

2008-07-02 13:33 879,832 ----a-w C:\WINDOWS\system32\drivers\VetEFile.sys

2008-07-02 13:33 108,360 ----a-w C:\WINDOWS\system32\drivers\VetEBoot.sys

2008-07-02 13:32 69,632 ----a-w C:\WINDOWS\system32\VetRedir.dll

2008-07-02 13:32 21,031 ----a-w C:\WINDOWS\system32\drivers\Vet-Filt.sys

2008-07-02 13:32 15,735 ----a-w C:\WINDOWS\system32\drivers\VetFDDNT.sys

2008-07-02 13:32 15,478 ----a-w C:\WINDOWS\system32\drivers\Vet-Rec.sys

2008-07-02 13:32 110,592 ----a-w C:\WINDOWS\UnVet32.exe

2008-07-02 13:32 106,496 ----a-w C:\WINDOWS\AVShlExt.dll

2008-07-02 12:33 --------- d-----w C:\Program Files\AntivirusFirewall

2008-07-02 12:24 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-07-01 19:03 --------- d-----w C:\Program Files\eMule

2008-06-28 16:20 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared

2008-06-27 07:45 --------- d-----w C:\Program Files\Logitech

2008-06-27 07:37 --------- d-----w C:\Program Files\Fichiers communs\Pumatech Shared

2008-06-27 07:36 --------- d-----w C:\Program Files\Common Files

2008-06-27 07:35 --------- d-----w C:\Program Files\Fichiers communs\Research In Motion

2008-06-14 17:33 272,768 ----a-w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-08 13:16 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared

2008-06-07 20:36 --------- d-----w C:\Documents and Settings\Josselin\Application Data\Megaupload

2008-06-07 15:10 --------- d-----w C:\Program Files\Registry Easy

2008-06-01 16:58 344,636 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

2008-06-01 16:58 29,317,152 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2008-06-01 13:18 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy

2008-05-31 12:36 --------- d-----w C:\Program Files\QuickTime

2008-05-31 12:25 --------- d-----w C:\Program Files\ArcSoft

2008-05-30 19:30 --------- d-----w C:\Program Files\Lavasoft

2008-05-30 19:30 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft

2008-05-29 07:35 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe

2008-05-18 19:40 82,944 ----a-w C:\WINDOWS\system32\IEDFix.exe

2008-05-18 19:40 82,944 ----a-w C:\WINDOWS\system32\404Fix.exe

2008-05-17 14:02 --------- d-----w C:\Program Files\Anuman Interactive

2008-05-17 13:01 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP

2008-05-16 19:11 164 ----a-w C:\install.dat

2008-05-15 09:31 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE

2008-05-15 09:29 249,856 ------w C:\WINDOWS\Setup1.exe

2008-05-09 10:55 90,112 ----a-w C:\WINDOWS\system32\wshext.dll

2008-05-09 10:55 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll

2008-05-09 10:55 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll

2008-05-09 10:55 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll

2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe

2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe

2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll

2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-04-13 17:50 1,804 ----a-w C:\WINDOWS\system32\dcache.bin

2008-04-13 17:37 332,800 ----a-w C:\WINDOWS\system32\netsetup.exe

2008-04-13 17:33 98,816 ----a-w C:\WINDOWS\system32\psbase.dll

2008-04-13 17:32 764,416 ----a-w C:\WINDOWS\system32\winntbbu.dll

2008-04-13 17:32 76,288 ----a-w C:\WINDOWS\system32\uniime.dll

2008-04-13 17:32 61,471 ----a-w C:\WINDOWS\system32\odbcji32.dll

2008-04-13 17:32 5,632 ----a-w C:\WINDOWS\system32\wmi.dll

2008-04-13 17:08 2,191,104 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-04-13 17:07 2,067,968 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-04-13 17:06 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll

2008-04-13 17:04 93,184 ----a-w C:\WINDOWS\system32\msxml6r.dll

2008-04-13 17:03 81,920 ------w C:\WINDOWS\system32\msshavmsg.dll

2008-04-13 17:02 50,688 ----a-w C:\WINDOWS\system32\inetres.dll

2008-04-13 17:01 572,416 ----a-w C:\WINDOWS\system32\shdoclc.dll

2008-04-13 16:59 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll

2008-04-13 16:58 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys

2008-04-13 16:58 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll

2008-04-13 16:57 70,144 ----a-w C:\WINDOWS\system32\browselc.dll

2008-04-13 16:54 103,936 ----a-w C:\WINDOWS\system32\dpcdll.dll

2008-04-13 09:45 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys

2008-04-13 09:40 445,440 ----a-w C:\WINDOWS\system32\xpob2res.dll

2008-04-13 09:36 2,986,496 ----a-w C:\WINDOWS\system32\xpsp2res.dll

2008-04-13 09:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll

2008-04-13 09:35 197,632 ----a-w C:\WINDOWS\system32\xpsp1res.dll

2008-04-13 09:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll

2008-04-13 09:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll

2008-04-13 08:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll

2008-04-13 08:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll

2008-04-13 08:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll

2008-04-13 08:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll

2008-04-13 08:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll

2008-04-13 07:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll

2008-04-13 07:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll

2008-04-13 06:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll

2005-01-23 16:21 56 --sha-r C:\WINDOWS\system32\A18476FBCA.sys

2005-01-23 16:21 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

 

((((((((((((((((((((((((((((( snapshot@2008-07-12_14.40.30.20 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-07-12 12:27:27 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-07-13 09:31:11 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-05-07 09:07:23 135,168 -c----w C:\WINDOWS\system32\dllcache\cscript.exe

+ 2008-05-09 10:55:00 512,000 -c----w C:\WINDOWS\system32\dllcache\jscript.dll

+ 2008-05-09 10:55:00 180,224 -c----w C:\WINDOWS\system32\dllcache\scrobj.dll

+ 2008-05-09 10:55:00 172,032 -c----w C:\WINDOWS\system32\dllcache\scrrun.dll

+ 2008-05-09 10:55:00 430,080 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll

+ 2008-05-08 11:24:44 155,648 -c----w C:\WINDOWS\system32\dllcache\wscript.exe

+ 2008-05-09 10:55:00 90,112 -c----w C:\WINDOWS\system32\dllcache\wshext.dll

- 2008-04-13 17:33:28 512,000 ----a-w C:\WINDOWS\system32\jscript.dll

+ 2008-05-09 10:55:00 512,000 ----a-w C:\WINDOWS\system32\jscript.dll

- 2007-11-30 11:19:06 18,296 ------w C:\WINDOWS\system32\spmsg.dll

+ 2007-11-30 12:39:29 18,296 ------w C:\WINDOWS\system32\spmsg.dll

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:34 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-08 13:40 159744]

"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2003-05-22 20:56 483328]

"CaAvTray"="C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe" [2008-07-02 15:32 225280]

"CAVRID"="C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" [2008-07-02 15:32 180224]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMBalloonTip"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

"msacm.ac3filter"= ac3filter.acm

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Bluetooth Manager.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Bluetooth Manager.lnk

backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^BTTray.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\BTTray.lnk

backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Desktop Manager.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Desktop Manager.lnk

backup=C:\WINDOWS\pss\Desktop Manager.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^hp psc 1000 series.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\hp psc 1000 series.lnk

backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^hpoddt01.exe.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\hpoddt01.exe.lnk

backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk

backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^ZDWLan Utility.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\ZDWLan Utility.lnk

backup=C:\WINDOWS\pss\ZDWLan Utility.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Josselin^Menu Démarrer^Programmes^Démarrage^MS Office - Démarrage accéléré.lnk]

path=C:\Documents and Settings\Josselin\Menu Démarrer\Programmes\Démarrage\MS Office - Démarrage accéléré.lnk

backup=C:\WINDOWS\pss\MS Office - Démarrage accéléré.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Josselin^Menu Démarrer^Programmes^Démarrage^MS Office - Recherche accélérée.lnk]

path=C:\Documents and Settings\Josselin\Menu Démarrer\Programmes\Démarrage\MS Office - Recherche accélérée.lnk

backup=C:\WINDOWS\pss\MS Office - Recherche accélérée.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Kh'þ9Óœ÷3rÅWC:

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Kh'þ9Óœ÷3rÅWC:\Program Files

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Kh'þ9Óœ÷3rÅWC:\Program Files\ISTsvc

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]

--a------ 2005-01-20 20:47 79448 C:\PROGRA~1\FICHIE~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]

--a------ 2004-07-30 09:33 286720 C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2005-02-17 00:11 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]

--a------ 2006-06-28 13:31 190024 C:\Program Files\MessengerPlus! 3\MsgPlus.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-01-19 13:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

--a------ 2005-01-14 15:15 26112 C:\Program Files\Real\RealPlayer\realplay.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

--a------ 2006-03-30 17:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

--a------ 2008-04-13 19:34 110592 C:\WINDOWS\system32\bthprops.cpl

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

-ra------ 2004-04-08 05:22 323584 C:\WINDOWS\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Apple Mobile Device"=2 (0x2)

"AOLService"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\WINDOWS\\system32\\svchost.exe"=

"C:\\Program Files\\Fichiers communs\\AOL\\System Information\\sinf.exe"=

"C:\\Program Files\\Fichiers communs\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=

"C:\\WINDOWS\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\eMule\\emule.exe"=

"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\WINDOWS\\system32\\mshta.exe"=

"C:\\WINDOWS\\system32\\dpnsvr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

 

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-05-12 21:18]

R2 Maxtor Sync Service;Maxtor Service;C:\Program Files\Maxtor\Sync\SyncServices.exe [2007-09-28 13:24]

R3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2004-08-06 08:50]

S1 lusbaudio;Logitech USB Microphone;C:\WINDOWS\system32\drivers\lvsound2.sys [2002-06-10 15:20]

S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 19:44]

S3 mamotou;mamotou;C:\WINDOWS\system32\DRIVERS\mamotou.sys [2005-11-07 17:50]

S3 QCEmerald;Logitech QuickCam Web(PID_0850);C:\WINDOWS\system32\DRIVERS\LVCE.sys [2002-06-10 15:20]

S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-08-17 16:43]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94453b54-e72d-11d9-aac9-00904b9d9d47}]

\Shell\AutoRun\command - E:\setupSNK.exe

 

*Newly Created Service* - CATCHME

.

Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

"2008-07-03 09:21:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-07-02 17:20:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"

- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

"2008-04-23 17:20:01 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"

- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

.

- - - - ORPHANS REMOVED - - - -

 

MSConfigStartUp-istsvc - (no file)

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-13 14:23:04

Windows 5.1.2600 Service Pack 3 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

 

**************************************************************************

.

Temps d'accomplissement: 2008-07-13 14:26:59

ComboFix-quarantined-files.txt 2008-07-13 12:25:55

ComboFix2.txt 2008-07-12 12:41:54

 

Pre-Run: 8,544,161,792 octets libres

Post-Run: 8,587,902,976 octets libres

 

305 --- E O F --- 2008-07-12 12:51:23

Lien vers le commentaire
Partager sur d’autres sites

novice42 Member

novice42

Posté(e)
  • Auteur
Posté(e)

voila

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:33:27, on 13/07/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe

C:\Program Files\Maxtor\Sync\SyncServices.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

C:\WINDOWS\System32\dmadmin.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe

O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/...trolLite_EN.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1168171833640

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://orange.securitoo.com/ols/fscax.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - Unknown owner - C:\WINDOWS\System32\FTRTSVC.exe (file missing)

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

 

--

End of file - 8175 bytes

 

 

 

encore mille merci

Lien vers le commentaire
Partager sur d’autres sites
  • 2 semaines après...
novice42 Member

novice42

Posté(e)
  • Auteur
Posté(e)

bonjour et désolé du retard mais les vacances...

toujours des popups voila les rapports

 

ComboFix 08-07-22.4 - Josselin 2008-07-23 14:09:13.3 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.439 [GMT 2:00]

Endroit: C:\Documents and Settings\Josselin\Bureau\ComboFix.exe

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

((((((((((((((((((((((((((((( Fichiers créés 2008-06-23 to 2008-07-23 ))))))))))))))))))))))))))))))))))))

.

 

2008-07-22 15:30 . 2008-07-22 15:50 <REP> d-------- C:\WINDOWS\CAVTemp

2008-07-17 19:02 . 2008-07-17 19:02 <REP> d-------- C:\WINDOWS\Internet Logs

2008-07-17 19:02 . 2008-07-17 19:02 <REP> d-------- C:\Program Files\Zone Labs

2008-07-13 18:41 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys

2008-07-13 18:40 . 2008-07-13 18:40 <REP> d-------- C:\Program Files\Panda Security

2008-07-12 14:51 . 2008-07-12 14:51 1,374 --a------ C:\WINDOWS\imsins.BAK

2008-07-10 15:39 . 2008-07-11 16:13 <REP> d-------- C:\Toolbar SD

2008-07-10 13:52 . 2008-07-10 14:02 <REP> d-------- C:\Program Files\Proxomitron Naoko v4.5

2008-07-09 13:02 . 2008-07-09 13:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-07-09 13:02 . 2008-07-09 13:02 1,409 --a------ C:\WINDOWS\QTFont.for

2008-07-02 16:04 . 2008-07-02 16:04 <REP> d-------- C:\Program Files\Avira

2008-07-02 16:04 . 2008-07-02 16:04 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira

2008-07-02 15:33 . 2008-07-02 15:33 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\CA

2008-07-02 15:33 . 2008-07-02 15:33 26,787 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys

2008-07-02 15:32 . 2008-07-02 15:32 <REP> d-------- C:\Program Files\CA

2008-07-01 20:25 . 2008-07-02 13:52 <REP> d-------- C:\Program Files\Ascentive

2008-07-01 20:25 . 2008-04-17 16:22 208,896 --a------ C:\WINDOWS\system32\ConTest.dll

2008-07-01 20:25 . 2007-10-17 10:19 20,480 --a------ C:\WINDOWS\system32\SysRestore.dll

2008-06-30 20:43 . 2008-06-30 20:46 <REP> d-------- C:\Program Files\Capturino 1.4

2008-06-30 00:16 . 2008-06-30 00:17 159,228,420 --a------ C:\Documents and Settings\Josselin\TRACE_BOOT+DRIVERS_1_1.BIN

2008-06-30 00:01 . 2002-12-29 01:14 81,920 --a------ C:\WINDOWS\system32\Startup.cpl

2008-06-29 14:56 . 2008-06-29 15:01 15,172,608 --a--c--- C:\audioOut.AC3

2008-06-29 14:48 . 2008-07-02 09:16 <REP> d-------- C:\Program Files\FlasKMPEG_594h

2008-06-28 18:34 . 2008-06-28 18:34 <REP> d-------- C:\Program Files\CCleaner

2008-06-28 13:39 . 2008-06-28 13:39 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion

2008-06-28 13:29 . 2008-06-28 13:29 <REP> d-------- C:\Program Files\Norton Internet Security

2008-06-28 13:11 . 2008-06-28 13:23 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avg8(2)

2008-06-28 12:59 . 2008-06-28 13:26 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion(2)

2008-06-27 10:26 . 2008-06-28 18:50 <REP> d-------- C:\Program Files\jv16 PowerTools

2008-06-27 10:20 . 2008-06-27 10:20 <REP> d-------- C:\Program Files\Auslogics

2008-06-27 10:20 . 2008-06-27 10:20 <REP> d-------- C:\Documents and Settings\Josselin\Application Data\Auslogics

2008-06-25 19:31 . 2008-06-25 19:31 88 --a------ C:\WINDOWS\Kit.ini

2008-06-23 11:40 . 2006-04-16 23:06 225,280 --a------ C:\WINDOWS\system32\OfficeMenu2003.ocx

2008-06-23 11:40 . 1998-07-13 01:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL

2008-06-23 11:40 . 1998-07-13 00:00 15,872 --a------ C:\WINDOWS\system32\WINSKFR.DLL

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-13 16:41 --------- d-----w C:\Documents and Settings\Josselin\Application Data\Spyware Terminator

2008-07-13 12:18 --------- d-----w C:\Program Files\WinClamAVShield

2008-07-12 12:45 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spyware Terminator

2008-07-12 12:15 --------- d-----w C:\Program Files\Spyware Terminator

2008-07-02 13:33 879,832 ----a-w C:\WINDOWS\system32\drivers\VetEFile.sys

2008-07-02 13:33 108,360 ----a-w C:\WINDOWS\system32\drivers\VetEBoot.sys

2008-07-02 13:32 69,632 ----a-w C:\WINDOWS\system32\VetRedir.dll

2008-07-02 13:32 21,031 ----a-w C:\WINDOWS\system32\drivers\Vet-Filt.sys

2008-07-02 13:32 15,735 ----a-w C:\WINDOWS\system32\drivers\VetFDDNT.sys

2008-07-02 13:32 15,478 ----a-w C:\WINDOWS\system32\drivers\Vet-Rec.sys

2008-07-02 13:32 110,592 ----a-w C:\WINDOWS\UnVet32.exe

2008-07-02 13:32 106,496 ----a-w C:\WINDOWS\AVShlExt.dll

2008-07-02 12:33 --------- d-----w C:\Program Files\AntivirusFirewall

2008-07-02 12:24 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-07-01 19:03 --------- d-----w C:\Program Files\eMule

2008-06-28 16:20 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared

2008-06-27 07:45 --------- d-----w C:\Program Files\Logitech

2008-06-27 07:37 --------- d-----w C:\Program Files\Fichiers communs\Pumatech Shared

2008-06-27 07:36 --------- d-----w C:\Program Files\Common Files

2008-06-27 07:35 --------- d-----w C:\Program Files\Fichiers communs\Research In Motion

2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-14 17:33 272,768 ----a-w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-08 13:16 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared

2008-06-07 20:36 --------- d-----w C:\Documents and Settings\Josselin\Application Data\Megaupload

2008-06-07 15:10 --------- d-----w C:\Program Files\Registry Easy

2008-06-01 16:58 344,636 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

2008-06-01 16:58 29,317,152 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2008-06-01 13:18 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy

2008-05-31 12:36 --------- d-----w C:\Program Files\QuickTime

2008-05-31 12:25 --------- d-----w C:\Program Files\ArcSoft

2008-05-30 19:30 --------- d-----w C:\Program Files\Lavasoft

2008-05-30 19:30 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft

2008-05-29 07:35 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe

2008-05-16 19:11 164 -c--a-w C:\install.dat

2008-05-15 09:31 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE

2008-05-15 09:29 249,856 ------w C:\WINDOWS\Setup1.exe

2008-05-09 10:55 90,112 ----a-w C:\WINDOWS\system32\wshext.dll

2008-05-09 10:55 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll

2008-05-09 10:55 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll

2008-05-09 10:55 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll

2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe

2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe

2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll

2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2005-01-23 16:21 56 --sha-r C:\WINDOWS\system32\A18476FBCA.sys

2005-01-23 16:21 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

 

((((((((((((((((((((((((((((( snapshot@2008-07-12_14.40.30.20 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-06-30 08:39:58 128,256 ----a-w C:\WINDOWS\Downloaded Program Files\as2stubie.dll

+ 2008-06-20 11:40:08 138,496 -c----w C:\WINDOWS\system32\dllcache\afd.sys

+ 2008-05-07 09:07:23 135,168 -c----w C:\WINDOWS\system32\dllcache\cscript.exe

+ 2008-06-20 17:47:22 147,968 -c----w C:\WINDOWS\system32\dllcache\dnsapi.dll

+ 2008-05-09 10:55:00 512,000 -c----w C:\WINDOWS\system32\dllcache\jscript.dll

+ 2008-06-20 17:47:22 247,808 -c----w C:\WINDOWS\system32\dllcache\mswsock.dll

+ 2008-05-09 10:55:00 180,224 -c----w C:\WINDOWS\system32\dllcache\scrobj.dll

+ 2008-05-09 10:55:00 172,032 -c----w C:\WINDOWS\system32\dllcache\scrrun.dll

+ 2008-06-20 11:51:12 361,600 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys

+ 2008-06-20 11:08:27 225,856 -c----w C:\WINDOWS\system32\dllcache\tcpip6.sys

+ 2008-05-09 10:55:00 430,080 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll

+ 2008-05-08 11:24:44 155,648 -c----w C:\WINDOWS\system32\dllcache\wscript.exe

+ 2008-05-09 10:55:00 90,112 -c----w C:\WINDOWS\system32\dllcache\wshext.dll

- 2008-04-13 17:33:24 147,968 ----a-w C:\WINDOWS\system32\dnsapi.dll

+ 2008-06-20 17:47:22 147,968 ----a-w C:\WINDOWS\system32\dnsapi.dll

- 2008-03-04 11:28:53 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys

+ 2008-07-18 13:10:01 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys

- 2008-04-13 17:33:28 512,000 ----a-w C:\WINDOWS\system32\jscript.dll

+ 2008-05-09 10:55:00 512,000 ----a-w C:\WINDOWS\system32\jscript.dll

- 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe

+ 2008-06-25 07:15:48 17,972,344 ----a-w C:\WINDOWS\system32\MRT.exe

- 2007-11-30 11:19:06 18,296 ------w C:\WINDOWS\system32\spmsg.dll

+ 2007-11-30 12:39:29 18,296 ------w C:\WINDOWS\system32\spmsg.dll

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:34 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-08 13:40 159744]

"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2003-05-22 20:56 483328]

"CaAvTray"="C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe" [2008-07-02 15:32 225280]

"CAVRID"="C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" [2008-07-02 15:32 180224]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 15:09 266497]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMBalloonTip"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

"msacm.ac3filter"= ac3filter.acm

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Bluetooth Manager.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Bluetooth Manager.lnk

backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^BTTray.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\BTTray.lnk

backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Desktop Manager.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Desktop Manager.lnk

backup=C:\WINDOWS\pss\Desktop Manager.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^hp psc 1000 series.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\hp psc 1000 series.lnk

backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^hpoddt01.exe.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\hpoddt01.exe.lnk

backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk

backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^ZDWLan Utility.lnk]

path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\ZDWLan Utility.lnk

backup=C:\WINDOWS\pss\ZDWLan Utility.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Josselin^Menu Démarrer^Programmes^Démarrage^MS Office - Démarrage accéléré.lnk]

path=C:\Documents and Settings\Josselin\Menu Démarrer\Programmes\Démarrage\MS Office - Démarrage accéléré.lnk

backup=C:\WINDOWS\pss\MS Office - Démarrage accéléré.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Josselin^Menu Démarrer^Programmes^Démarrage^MS Office - Recherche accélérée.lnk]

path=C:\Documents and Settings\Josselin\Menu Démarrer\Programmes\Démarrage\MS Office - Recherche accélérée.lnk

backup=C:\WINDOWS\pss\MS Office - Recherche accélérée.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Kh'þ9Óœ÷3rÅWC:

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Kh'þ9Óœ÷3rÅWC:\Program Files

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á³# Kh'þ9Óœ÷3rÅWC:\Program Files\ISTsvc

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]

--a------ 2005-01-20 20:47 79448 C:\PROGRA~1\FICHIE~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]

--a------ 2004-07-30 09:33 286720 C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2005-02-17 00:11 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]

--a------ 2006-06-28 13:31 190024 C:\Program Files\MessengerPlus! 3\MsgPlus.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-01-19 13:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

--a------ 2005-01-14 15:15 26112 C:\Program Files\Real\RealPlayer\realplay.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

--a------ 2006-03-30 17:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

--a------ 2008-04-13 19:34 110592 C:\WINDOWS\system32\bthprops.cpl

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

-ra------ 2004-04-08 05:22 323584 C:\WINDOWS\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Apple Mobile Device"=2 (0x2)

"AOLService"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\WINDOWS\\system32\\svchost.exe"=

"C:\\Program Files\\Fichiers communs\\AOL\\System Information\\sinf.exe"=

"C:\\Program Files\\Fichiers communs\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=

"C:\\WINDOWS\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\eMule\\emule.exe"=

"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\WINDOWS\\system32\\mshta.exe"=

"C:\\WINDOWS\\system32\\dpnsvr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

 

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-05-12 21:18]

R2 Maxtor Sync Service;Maxtor Service;C:\Program Files\Maxtor\Sync\SyncServices.exe [2007-09-28 13:24]

R3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2004-08-06 08:50]

S1 lusbaudio;Logitech USB Microphone;C:\WINDOWS\system32\drivers\lvsound2.sys [2002-06-10 15:20]

S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 19:44]

S3 mamotou;mamotou;C:\WINDOWS\system32\DRIVERS\mamotou.sys [2005-11-07 17:50]

S3 QCEmerald;Logitech QuickCam Web(PID_0850);C:\WINDOWS\system32\DRIVERS\LVCE.sys [2002-06-10 15:20]

S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-08-17 16:43]

.

Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

"2008-07-03 09:21:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-07-22 17:20:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"

- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

"2008-04-23 17:20:01 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"

- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

.

- - - - ORPHANS REMOVED - - - -

 

MSConfigStartUp-istsvc - (no file)

 

 

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

R0 -: HKCU-Main,Start Page = hxxp://www.orange.fr/

O8 -: &eBay Search - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html

O8 -: Crawler Search - tbr:iemenu

O8 -: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm

 

O16 -: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} - hxxp://minitelweb.minitel.com/imin_data/ocx/MDM.cab

C:\WINDOWS\Downloaded Program Files\MDM.inf

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-23 14:12:55

Windows 5.1.2600 Service Pack 3 NTFS

 

Balayage processus cachés ...

 

C:\WINDOWS\explorer.exe [716] 0x8320FBB0

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

 

**************************************************************************

.

Temps d'accomplissement: 2008-07-23 14:16:20

ComboFix-quarantined-files.txt 2008-07-23 12:15:16

ComboFix2.txt 2008-07-13 12:27:00

ComboFix3.txt 2008-07-12 12:41:54

 

Pre-Run: 7,988,891,648 octets libres

Post-Run: 8,126,406,656 octets libres

 

267 --- E O F --- 2008-07-14 17:55:00

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:17:54, on 23/07/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe

C:\Program Files\Maxtor\Sync\SyncServices.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\System32\dmadmin.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

C:\WINDOWS\explorer.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe

O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/...trolLite_EN.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1168171833640

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://orange.securitoo.com/ols/fscax.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - Unknown owner - C:\WINDOWS\System32\FTRTSVC.exe (file missing)

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

 

--

End of file - 8107 bytes

 

 

 

encore merci de votre aide...

Lien vers le commentaire
Partager sur d’autres sites
chrifleur Full Patch Member

chrifleur

Posté(e)
Posté(e)

Fais un Scan en ligne avec

http://webScanner.kaspersky.fr/

 

NOTE: le Scan est à faire avec Internet Explorer

Dans la nouvelle fenêtre qui s'affiche clique sur J'accepte

 

On va te demander de télécharger des contrôles ActiveX, accepte.

Laisse le faire les mises à jour puis quand il aura fini, clique sur Suivant

 

Dans le menu Choisissez la cible de l'analyse, sélectionne Poste de travail.

Le Scan va commencer.

 

Reviens avec le rapport de Scan obtenu

Lien vers le commentaire
Partager sur d’autres sites

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...