virus dialer.trojan idd**.tmp.exe , aidez moi!
Forum Sécurité - Virus : virus dialer.trojan idd**.tmp.exe , aidez moi!
Bonjour,
j'ai une infection sur mon PC, et je n'arrive pas à m'en débarasser
J'ai XP pro, Norton,Spybot ...
En fait, Norton detecte idd**.tmp.exe et le supprime, mais il reviens tout le temps!!!!
Il y a aussi un truc bizard dans C:\Windows\temp, des fichiers win**.tmp.exe qui essaye d'acceder à internet (bloqué par norton)
Après avoir lu sur les forum, j'ai telecharger Hijackthis
rapport:
Logfile of HijackThis v1.99.1
Scan saved at 13:59:21, on 11/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0007)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\ircomm2k.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Wireless Console\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\vphc700.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\dossier telechargement\cureit.exe
C:\DOCUME~1\mignot\LOCALS~1\Temp\RarSFX0\_start.exe
C:\DOCUME~1\mignot\LOCALS~1\Temp\RarSFX0\cureit.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\TEMP\win63.tmp.exe
D:\dossier telechargement\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/i [...] earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Li [...] SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Wireless Console] C:\Program Files\ASUS\Wireless Console\wcourier.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [phc700] C:\WINDOWS\vphc700.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {317153FE-B7FB-419B-AC87-0B2EC97D7A04} (VB2S ActiveX Control) - http://www.subdo.com/activex/vb2s.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 8113620843
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Virtual IR COM Port, Service Program (IrCOMM2kSvc) - Jan Kiszka - C:\WINDOWS\system32\ircomm2k.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SC Test Branding Service 1 - SC Test Branding 1 - C:\Program Files\Fichiers communs\SC Test Branding 1 Shared\Service\SCTestService1.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
S'il vous plait aidez moi!!!
Bonjour,
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
- Double-clique VundoFix.exe afin de le lancer
- Clique sur le bouton Scan for Vundo
- Lorsque le scan est complété, clique sur le bouton Remove Vundo
- Une invite te demandera si tu veux supprimer les fichiers, clique YES
- Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
- Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
- Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
tout d'abord merci de m'aider
J'ai fait vundofix:
VundoFix V6.2.8
Checking Java version...
Java version is 1.5.0.3
Java version is 1.5.0.4
Java version is 1.5.0.6
Scan started at 17:25:18 11/11/2006
Listing files found while scanning....
C:\WINDOWS\system32\mljjj.dll
C:\WINDOWS\system32\jjjlm.ini
Beginning removal...
Attempting to delete C:\WINDOWS\system32\mljjj.dll
C:\WINDOWS\system32\mljjj.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjjlm.ini
C:\WINDOWS\system32\jjjlm.ini Has been deleted!
Performing Repairs to the registry.
Done!
Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 17:40:33, on 11/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0007)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Wireless Console\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\vphc700.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\ircomm2k.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\dossier telechargement\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/i [...] earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Li [...] SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7DCC5306-624A-4C45-8C2A-C12498D4D0FD} - C:\WINDOWS\system32\mljjj.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030} - C:\WINDOWS\system32\gebcaab.dll
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\tdkhmgpv.dll (file missing)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Wireless Console] C:\Program Files\ASUS\Wireless Console\wcourier.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [phc700] C:\WINDOWS\vphc700.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {317153FE-B7FB-419B-AC87-0B2EC97D7A04} (VB2S ActiveX Control) - http://www.subdo.com/activex/vb2s.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 8113620843
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O20 - Winlogon Notify: gebcaab - C:\WINDOWS\SYSTEM32\gebcaab.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbug32 - winbug32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Virtual IR COM Port, Service Program (IrCOMM2kSvc) - Jan Kiszka - C:\WINDOWS\system32\ircomm2k.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SC Test Branding Service 1 - SC Test Branding 1 - C:\Program Files\Fichiers communs\SC Test Branding 1 Shared\Service\SCTestService1.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
PS: j'avais aussi detecter un autre trojan dans systeme32, mais pas avec vundofix: gebcaab.dll
Mais impossible de le supprimer
Et Norton viens de me supprimer un fichier dans
local settings\temp (un .exe)
Voilà
A bientôt
Bonsoir,
1/ • Télécharge combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/combofix.exe
• Double clique combofix.exe et suis les invites.
• Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
2/ Renomme HijackThis en Scanner.exe (clic droit sur le fichier HijackThis et choisis renommer).
Ensuite, lance le (double clic sur Scanner.exe ensuite tu l’exécutes) appuie sur Do a system scan a save a logfile, le bloc note va alors s’ouvrir, tu copies et tu colles le rapport ici dans ta prochaine réponse.
mignot - 06-11-11 18:49:39.45 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\mignot\Bureau"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\components
((((((((((((((((((((((((((((((( Files Created from 2006-10-11 to 2006-11-11 ))))))))))))))))))))))))))))))))))
2006-11-11 18:45 665,645 ---hs---- C:\WINDOWS\system32\tvvwa.ini2
2006-11-11 18:45 664,815 ---hs---- C:\WINDOWS\system32\tvvwa.bak2
2006-11-11 17:41 664,240 ---hs---- C:\WINDOWS\system32\tvvwa.bak1
2006-11-11 17:40 692,276 ---h----- C:\WINDOWS\system32\awvvt.dll
2006-11-11 16:04 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-11-11 16:04 5,178 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-11 16:04 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-11-11 16:04 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-11-11 16:04 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-11-09 22:15 40,973 --------- C:\WINDOWS\system32\gebcaab.dll
2006-10-28 22:29 7,168 --a------ C:\WINDOWS\system32\snprfdll.dll
2006-10-28 22:29 5,632 --a------ C:\WINDOWS\system32\adsiisex.dll
2006-10-28 22:29 43,520 --a------ C:\WINDOWS\system32\fcachdll.dll
2006-10-28 22:29 23,040 --a------ C:\WINDOWS\system32\regtrace.exe
2006-10-28 22:29 12,800 --a------ C:\WINDOWS\system32\smtpctrs.dll
2006-10-28 22:28 8,704 --a------ C:\WINDOWS\system32\infoctrs.dll
2006-10-28 22:28 7,168 --a------ C:\WINDOWS\system32\wamregps.dll
2006-10-28 22:28 6,144 --a------ C:\WINDOWS\system32\ftpsapi2.dll
2006-10-28 22:28 56,832 --a------ C:\WINDOWS\system32\convlog.exe
2006-10-28 22:28 5,632 --a------ C:\WINDOWS\system32\w3svapi.dll
2006-10-28 22:28 5,632 --a------ C:\WINDOWS\system32\iisrstap.dll
2006-10-28 22:28 4,608 --a------ C:\WINDOWS\system32\w3ctrs.dll
2006-10-28 22:28 3,584 --a------ C:\WINDOWS\system32\iismui.dll
2006-10-28 22:28 19,968 --a------ C:\WINDOWS\system32\inetsloc.dll
2006-10-28 22:28 14,848 --a------ C:\WINDOWS\system32\iisreset.exe
2006-10-28 22:28 10,240 --a------ C:\WINDOWS\system32\aspperf.dll
2006-10-28 22:08 9,728 --a------ C:\WINDOWS\system32\rwnh.dll
2006-10-28 22:08 8,192 --a------ C:\WINDOWS\system32\staxmem.dll
2006-10-28 22:08 68,608 --a------ C:\WINDOWS\system32\iisext.dll
2006-10-28 22:08 64,512 --a------ C:\WINDOWS\system32\iismap.dll
2006-10-28 22:08 43,520 --a------ C:\WINDOWS\system32\admwprox.dll
2006-10-28 22:08 290,816 --a------ C:\WINDOWS\system32\adsiis.dll
2006-10-28 22:08 14,336 --a------ C:\WINDOWS\system32\exstrace.dll
2006-10-28 22:08 133,632 --a------ C:\WINDOWS\system32\iisRtl.dll
2006-10-28 22:08 13,312 --a------ C:\WINDOWS\system32\infoadmn.dll
2006-10-28 22:08 10,752 --a------ C:\WINDOWS\system32\smtpapi.dll
2006-10-17 16:10 2,977,792 --------- C:\WINDOWS\UNRecode.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-11 18:47 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-11 18:45 -------- d-------- C:\Program Files\Fichiers communs
2006-11-11 15:30 -------- d-------- C:\Program Files\Fichiers communs\Symantec Shared
2006-11-11 14:31 -------- d-------- C:\Documents and Settings\mignot\Application Data\AdobeUM
2006-11-09 18:30 -------- d-------- C:\Documents and Settings\mignot\Application Data\Skype
2006-11-06 22:25 -------- d-------- C:\Program Files\RegCleaner
2006-11-05 18:14 -------- d-------- C:\Documents and Settings\mignot\Application Data\Google
2006-11-04 03:50 -------- d-------- C:\Program Files\eMule
2006-11-03 02:22 -------- d-------- C:\Program Files\Adobe
2006-11-03 02:22 -------- d-------- C:\Documents and Settings\mignot\Application Data\Adobe
2006-11-02 18:24 -------- d-------- C:\Program Files\MyPhoneExplorer
2006-11-02 17:35 -------- d-------- C:\Program Files\Prolific Publishing, Inc
2006-11-02 03:35 -------- d-------- C:\Program Files\SereneScreen
2006-11-01 10:19 -------- d-------- C:\Program Files\Fichiers communs\Adobe
2006-10-31 19:08 -------- d-------- C:\Program Files\GtkRadiant-1.4
2006-10-31 15:25 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-31 15:25 -------- d-------- C:\Program Files\Wolfenstein - Enemy Territory
2006-10-30 18:52 -------- d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2006-10-30 18:20 1027 --a------ C:\Documents and Settings\mignot\Application Data\AdobeDLM.log
2006-10-30 18:20 0 --a------ C:\Documents and Settings\mignot\Application Data\dm.ini
2006-10-29 21:52 -------- d---s---- C:\Documents and Settings\mignot\Application Data\Microsoft
2006-10-29 21:45 -------- d-------- C:\Program Files\Fichiers communs\Merge Modules
2006-10-29 21:40 -------- d-------- C:\Program Files\Fichiers communs\Microsoft Shared
2006-10-29 21:40 -------- d-------- C:\Program Files\Fichiers communs\Crystal Decisions
2006-10-29 21:37 -------- d-------- C:\Program Files\Microsoft Office
2006-10-29 21:25 -------- d-------- C:\Program Files\Microsoft Visual Studio .NET 2003
2006-10-29 21:16 -------- d-------- C:\Program Files\Internet Explorer
2006-10-29 20:44 -------- d-------- C:\Program Files\Microsoft.NET
2006-10-28 21:33 -------- d-------- C:\Program Files\HTML Help Workshop
2006-10-28 21:33 -------- d-------- C:\Program Files\Common Files
2006-10-28 13:16 -------- d-------- C:\Program Files\Presets
2006-10-28 13:16 -------- d-------- C:\Program Files\Plug-Ins
2006-10-28 13:16 -------- d-------- C:\Program Files\NVIDIA Corporation
2006-10-27 21:56 74752 --a------ C:\WINDOWS\ST6UNST.EXE
2006-10-27 21:56 253952 --------- C:\WINDOWS\Setup1.exe
2006-10-26 22:59 -------- d-------- C:\Documents and Settings\mignot\Application Data\Leadertech
2006-10-22 00:05 -------- d-------- C:\Program Files\Sony Ericsson
2006-10-18 19:10 -------- d-------- C:\Program Files\Google
2006-10-17 20:43 -------- d-------- C:\Program Files\SUDOKU
2006-10-17 16:28 -------- d-------- C:\Documents and Settings\mignot\Application Data\Nero
2006-10-17 15:05 -------- d-------- C:\Documents and Settings\mignot\Application Data\Ahead
2006-10-17 15:00 -------- d-------- C:\Program Files\Ahead
2006-10-16 21:43 -------- d-------- C:\Program Files\VirtualDubMOD
2006-10-15 01:42 -------- d-------- C:\Program Files\Kwyshell
2006-10-14 21:45 -------- d-------- C:\Program Files\MSXML 4.0
2006-10-14 13:57 -------- d-------- C:\Program Files\Disc2Phone
2006-10-14 13:54 -------- d-------- C:\Documents and Settings\mignot\Application Data\Teleca
2006-10-14 13:51 -------- d-------- C:\Program Files\Fichiers communs\Teleca Shared
2006-10-10 22:39 -------- d-------- C:\Program Files\AutoShutdown
2006-10-05 19:26 -------- d-------- C:\Program Files\Philips
2006-09-30 12:13 -------- d-------- C:\Program Files\Fichiers communs\DESIGNER
2006-09-30 12:12 -------- d-------- C:\Program Files\Microsoft Works
2006-09-30 11:31 -------- d-------- C:\Program Files\MSECache
2006-09-30 00:23 -------- d-------- C:\Program Files\Symantec
2006-09-24 21:09 -------- d-------- C:\Program Files\Ghostgum
2006-09-24 20:58 -------- d-------- C:\Program Files\gs
2006-09-23 12:32 -------- d-------- C:\Program Files\iTunes
2006-09-23 12:25 -------- d-------- C:\Program Files\QuickTime
2006-09-23 12:23 -------- d-------- C:\Program Files\iPod
2006-09-22 22:31 -------- d-------- C:\Program Files\Microsoft Bootvis
2006-09-22 21:00 -------- d-------- C:\Program Files\Yahoo!
2006-09-22 20:58 -------- d-------- C:\Program Files\Fichiers communs\Real
2006-09-22 20:57 -------- d-------- C:\Documents and Settings\mignot\Application Data\Real
2006-09-20 20:40 -------- d-------- C:\Program Files\ABC Amber PDF2Image Converter
2006-09-15 21:52 91904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-15 21:52 124016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-09-13 06:03 1084416 --------- C:\WINDOWS\system32\msxml3.dll
2006-09-12 16:51 1245184 --a------ C:\WINDOWS\system32\msxml4.dll
2006-08-28 09:23 5906432 --------- C:\WINDOWS\system32\ieframe.dll
2006-08-28 09:23 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-08-28 09:23 457728 --------- C:\WINDOWS\system32\msfeeds.dll
2006-08-28 09:23 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-08-28 09:23 225792 --a------ C:\WINDOWS\system32\webcheck.dll
2006-08-28 09:23 175616 --------- C:\WINDOWS\system32\ieui.dll
2006-08-28 09:23 152064 --a------ C:\WINDOWS\system32\msls31.dll
2006-08-28 09:09 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-08-28 09:09 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-08-28 09:08 40448 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-08-28 09:08 105472 --a------ C:\WINDOWS\system32\url.dll
2006-08-28 09:08 100352 --a------ C:\WINDOWS\system32\occache.dll
2006-08-28 09:07 16896 --a------ C:\WINDOWS\system32\corpol.dll
2006-08-28 09:05 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-08-28 09:05 378368 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-08-28 09:05 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-08-28 09:05 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-08-28 09:04 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-08-28 09:04 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-08-28 09:04 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-08-28 09:04 122880 --a------ C:\WINDOWS\system32\advpack.dll
2006-08-28 09:04 11776 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-08-28 09:02 61440 --------- C:\WINDOWS\system32\icardie.dll
2006-08-28 09:02 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-08-28 09:01 35328 --a------ C:\WINDOWS\system32\imgutil.dll
2006-08-28 09:01 262656 --------- C:\WINDOWS\system32\iertutil.dll
2006-08-28 08:59 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-08-28 08:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-08-28 08:25 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-08-28 08:22 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-08-25 16:51 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 13:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 12:59 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-11 22:10 36112 --a------ C:\WINDOWS\system32\FM20FRA.DLL
2006-08-11 19:52 33040 --a------ C:\WINDOWS\system32\FM20ENU.DLL
2006-08-11 19:52 1190664 --a------ C:\WINDOWS\system32\FM20.DLL
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"WOOKIT"="C:\\PROGRA~1\\WANADOO\\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM="
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"HControl"="C:\\WINDOWS\\ATK0100\\HControl.exe"
"SoundMan"="SOUNDMAN.EXE"
"ASUS Live Update"="C:\\Program Files\\ASUS\\ASUS Live Update\\ALU.exe"
"Wireless Console"="C:\\Program Files\\ASUS\\Wireless Console\\wcourier.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Power_Gear"="C:\\Program Files\\ASUS\\Power4 Gear\\BatteryLife.exe 1"
@=""
"IntelWireless"="C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe /tf Intel PROSet/Wireless"
"EOUApp"="C:\\Program Files\\Intel\\Wireless\\Bin\\EOUWiz.exe"
"ccApp"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\""
"URLLSTCK.exe"="C:\\Program Files\\Norton Internet Security Professional\\UrlLstCk.exe"
"Advanced Tools Check"="C:\\PROGRA~1\\NORTON~1\\NORTON~1\\AdvTools\\ADVCHK.EXE"
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"RemoteControl"="\"C:\\Program Files\\ASUSTek\\ASUSDVD\\PDVDServ.exe\""
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"phc700"="C:\\WINDOWS\\vphc700.exe"
"Sony Ericsson PC Suite"="\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Edition Découverte\\3.0\\Apps\\apdproxy.exe\""
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Documents and Settings\\mignot\\Bureau\\RBIKE.gif"
"SubscribedURL"="C:\\Documents and Settings\\mignot\\Bureau\\RBIKE.gif"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,00,00,00,00,00,00,00,00,78,05,00,00,1a,04,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:02,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,00,00,00,00,00,00,00,78,05,00,00,1a,04,\
00,00,02,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,00,00,00,00,00,00,00,00,78,05,00,00,1a,04,\
00,00,01,00,00,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\Documents and Settings\\mignot\\Mes documents\\msn\\pack_smileys_2\\36_15_12.gif"
"SubscribedURL"="C:\\Documents and Settings\\mignot\\Mes documents\\msn\\pack_smileys_2\\36_15_12.gif"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ea,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:34,00,00,c0,00,00,00,00,ec,e0,07,00,bf,6f,da,77,19,00,\
00,00,e8,dd,07,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="C:\\Documents and Settings\\mignot\\Mes documents\\Mes images\\IUT GMP.jpg"
"SubscribedURL"="C:\\Documents and Settings\\mignot\\Mes documents\\Mes images\\IUT GMP.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,a0,00,00,00,3b,00,00,00,78,00,00,00,6c,00,00,00,ec,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,3b,00,00,00,78,00,00,00,6c,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:cc,d1,07,00,3c,d2,07,00,08,d3,07,00,00,00,00,00,18,00,\
00,00,03,00,00,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
"Source"="C:\\Documents and Settings\\mignot\\Mes documents\\msn\\emoticones\\animés\\n\\soleilhot.gif"
"SubscribedURL"="C:\\Documents and Settings\\mignot\\Mes documents\\msn\\emoticones\\animés\\n\\soleilhot.gif"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,a0,00,00,00,cf,00,00,00,78,00,00,00,6c,00,00,00,ee,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,cf,00,00,00,78,00,00,00,6c,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\4]
"Source"="C:\\Documents and Settings\\mignot\\Mes documents\\msn\\emoticones\\animés\\n\\dance.gif"
"SubscribedURL"="C:\\Documents and Settings\\mignot\\Mes documents\\msn\\emoticones\\animés\\n\\dance.gif"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,cc,01,00,00,4f,00,00,00,78,00,00,00,6c,00,00,00,f0,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,01,00,00,4f,00,00,00,78,00,00,00,6c,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,1e,05,00,00,a0,00,00,00,4c,00,00,00,41,00,\
00,00,01,00,00,40
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\5]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,18,01,00,00,01,00,00,00,60,04,00,00,fb,03,00,00,f2,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,18,01,00,00,01,00,00,00,60,04,00,00,fb,03,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,18,01,00,00,00,00,00,00,60,04,00,00,fc,03,\
00,00,01,00,00,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\6]
"Source"="C:\\Documents and Settings\\mignot\\Mes documents\\coulours_1024\\coulours.htm"
"SubscribedURL"="C:\\Documents and Settings\\mignot\\Mes documents\\coulours_1024\\coulours.htm"
"FriendlyName"=""
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,2c,01,00,00,4f,00,00,00,78,00,00,00,6c,00,00,00,f4,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,06,04,00,00,ad,01,00,00,36,01,00,00,36,01,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,0b,03,00,00,81,01,00,00,21,01,00,00,24,02,\
00,00,01,00,00,40
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"Symantec NetDriver Warning"="C:\\PROGRA~1\\SYMNET~1\\SNDWarn.exe"
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"Symantec NetDriver Warning"="C:\\PROGRA~1\\SYMNET~1\\SNDWarn.exe"
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:95,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=dword:00000001
"AllowUnhashedWebView"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvvt
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbug32
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Analyser mon ordinateur.job
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\S‚lection2.job
Completion time: 06-11-11 18:51:55.50
C:\ComboFix.txt ... 06-11-11 18:51
Logfile of HijackThis v1.99.1
Scan saved at 18:54:13, on 11/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0007)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\ircomm2k.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Wireless Console\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\vphc700.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Messenger\msmsgs.exe
D:\dossier telechargement\hijackthis\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/i [...] earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Li [...] SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7DCC5306-624A-4C45-8C2A-C12498D4D0FD} - C:\WINDOWS\system32\mljjj.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E518F25E-0FCF-44DF-9BED-BFFCF873882F} - C:\WINDOWS\system32\awvvt.dll
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\tdkhmgpv.dll (file missing)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Wireless Console] C:\Program Files\ASUS\Wireless Console\wcourier.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [phc700] C:\WINDOWS\vphc700.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {317153FE-B7FB-419B-AC87-0B2EC97D7A04} (VB2S ActiveX Control) - http://www.subdo.com/activex/vb2s.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 8113620843
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O20 - Winlogon Notify: awvvt - C:\WINDOWS\system32\awvvt.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbug32 - winbug32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Virtual IR COM Port, Service Program (IrCOMM2kSvc) - Jan Kiszka - C:\WINDOWS\system32\ircomm2k.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SC Test Branding Service 1 - SC Test Branding 1 - C:\Program Files\Fichiers communs\SC Test Branding 1 Shared\Service\SCTestService1.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Merci de ton aide!
Que dois je faire à présent?
j'ai refait vundofix:
VundoFix V6.2.8
Checking Java version...
Java version is 1.5.0.3
Java version is 1.5.0.4
Java version is 1.5.0.6
Scan started at 17:25:18 11/11/2006
Listing files found while scanning....
C:\WINDOWS\system32\mljjj.dll
C:\WINDOWS\system32\jjjlm.ini
Beginning removal...
Attempting to delete C:\WINDOWS\system32\mljjj.dll
C:\WINDOWS\system32\mljjj.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjjlm.ini
C:\WINDOWS\system32\jjjlm.ini Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.2.8
Checking Java version...
Java version is 1.5.0.3
Java version is 1.5.0.4
Java version is 1.5.0.6
Scan started at 19:04:56 11/11/2006
Listing files found while scanning....
C:\WINDOWS\system32\awvvt.dll
C:\WINDOWS\system32\tvvwa.ini2
Beginning removal...
Attempting to delete C:\WINDOWS\system32\awvvt.dll
C:\WINDOWS\system32\awvvt.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tvvwa.ini2
C:\WINDOWS\system32\tvvwa.ini2 Has been deleted!
Performing Repairs to the registry.
Done!
A mon avis gebcaab.dll fait réaparaitre ces fichiers (.dll et .ini sous un autre nom!
Enfin je dis ca mais je n'y connait rien! lol
Ya peut être des lignes à fixer dans hijackthis??
A bientôt
alors, des subjections???
quelq'un peut-il me dire se qu'il faudrait faire???
Merci
Re,
Reposte un rapport Hijackthis stp.
Bonsoir, voila le rapport:
Logfile of HijackThis v1.99.1
Scan saved at 19:23:41, on 13/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0007)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\ircomm2k.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Wireless Console\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\vphc700.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
D:\dossier telechargement\hijackthis\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/i [...] earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Li [...] SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7DCC5306-624A-4C45-8C2A-C12498D4D0FD} - C:\WINDOWS\system32\mljjj.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E518F25E-0FCF-44DF-9BED-BFFCF873882F} - C:\WINDOWS\system32\awvvt.dll (file missing)
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\tdkhmgpv.dll (file missing)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Wireless Console] C:\Program Files\ASUS\Wireless Console\wcourier.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [phc700] C:\WINDOWS\vphc700.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {317153FE-B7FB-419B-AC87-0B2EC97D7A04} (VB2S ActiveX Control) - http://www.subdo.com/activex/vb2s.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 8113620843
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbug32 - winbug32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Virtual IR COM Port, Service Program (IrCOMM2kSvc) - Jan Kiszka - C:\WINDOWS\system32\ircomm2k.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SC Test Branding Service 1 - SC Test Branding 1 - C:\Program Files\Fichiers communs\SC Test Branding 1 Shared\Service\SCTestService1.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
- Lance Hijackthis ->Do a system scan only
->Coche les lignes ci-dessous :
O2 - BHO: (no name) - {7DCC5306-624A-4C45-8C2A-C12498D4D0FD} - C:\WINDOWS\system32\mljjj.dll (file missing)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\tdkhmgpv.dll (file missing)
O20 - Winlogon Notify: winbug32 - winbug32.dll (file missing)
Clique sur Fix checked (en bas à gauche)
Refais un scan Combofix.
j'ai fait le scan Combofix:
mignot - 06-11-13 20:23:53.03 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\mignot\Bureau"
((((((((((((((((((((((((((((((( Files Created from 2006-10-13 to 2006-11-13 ))))))))))))))))))))))))))))))))))
2006-11-11 16:04 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-11-11 16:04 5,178 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-11 16:04 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-11-11 16:04 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-11-11 16:04 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-11-09 22:15 40,973 --------- C:\WINDOWS\system32\gebcaab.dll
2006-10-28 22:29 7,168 --a------ C:\WINDOWS\system32\snprfdll.dll
2006-10-28 22:29 5,632 --a------ C:\WINDOWS\system32\adsiisex.dll
2006-10-28 22:29 43,520 --a------ C:\WINDOWS\system32\fcachdll.dll
2006-10-28 22:29 23,040 --a------ C:\WINDOWS\system32\regtrace.exe
2006-10-28 22:29 12,800 --a------ C:\WINDOWS\system32\smtpctrs.dll
2006-10-28 22:28 8,704 --a------ C:\WINDOWS\system32\infoctrs.dll
2006-10-28 22:28 7,168 --a------ C:\WINDOWS\system32\wamregps.dll
2006-10-28 22:28 6,144 --a------ C:\WINDOWS\system32\ftpsapi2.dll
2006-10-28 22:28 56,832 --a------ C:\WINDOWS\system32\convlog.exe
2006-10-28 22:28 5,632 --a------ C:\WINDOWS\system32\w3svapi.dll
2006-10-28 22:28 5,632 --a------ C:\WINDOWS\system32\iisrstap.dll
2006-10-28 22:28 4,608 --a------ C:\WINDOWS\system32\w3ctrs.dll
2006-10-28 22:28 3,584 --a------ C:\WINDOWS\system32\iismui.dll
2006-10-28 22:28 19,968 --a------ C:\WINDOWS\system32\inetsloc.dll
2006-10-28 22:28 14,848 --a------ C:\WINDOWS\system32\iisreset.exe
2006-10-28 22:28 10,240 --a------ C:\WINDOWS\system32\aspperf.dll
2006-10-28 22:08 9,728 --a------ C:\WINDOWS\system32\rwnh.dll
2006-10-28 22:08 8,192 --a------ C:\WINDOWS\system32\staxmem.dll
2006-10-28 22:08 68,608 --a------ C:\WINDOWS\system32\iisext.dll
2006-10-28 22:08 64,512 --a------ C:\WINDOWS\system32\iismap.dll
2006-10-28 22:08 43,520 --a------ C:\WINDOWS\system32\admwprox.dll
2006-10-28 22:08 290,816 --a------ C:\WINDOWS\system32\adsiis.dll
2006-10-28 22:08 14,336 --a------ C:\WINDOWS\system32\exstrace.dll
2006-10-28 22:08 133,632 --a------ C:\WINDOWS\system32\iisRtl.dll
2006-10-28 22:08 13,312 --a------ C:\WINDOWS\system32\infoadmn.dll
2006-10-28 22:08 10,752 --a------ C:\WINDOWS\system32\smtpapi.dll
2006-10-17 16:10 2,977,792 --------- C:\WINDOWS\UNRecode.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-13 20:23 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-13 20:08 -------- d-------- C:\Program Files\Fichiers communs
2006-11-13 19:22 -------- d-------- C:\Program Files\Fichiers communs\Symantec Shared
2006-11-11 14:31 -------- d-------- C:\Documents and Settings\mignot\Application Data\AdobeUM
2006-11-09 18:30 -------- d-------- C:\Documents and Settings\mignot\Application Data\Skype
2006-11-06 22:25 -------- d-------- C:\Program Files\RegCleaner
2006-11-05 18:14 -------- d-------- C:\Documents and Settings\mignot\Application Data\Google
2006-11-04 03:50 -------- d-------- C:\Program Files\eMule
2006-11-03 02:22 -------- d-------- C:\Program Files\Adobe
2006-11-03 02:22 -------- d-------- C:\Documents and Settings\mignot\Application Data\Adobe
2006-11-02 18:24 -------- d-------- C:\Program Files\MyPhoneExplorer
2006-11-02 17:35 -------- d-------- C:\Program Files\Prolific Publishing, Inc
2006-11-02 03:35 -------- d-------- C:\Program Files\SereneScreen
2006-11-01 10:19 -------- d-------- C:\Program Files\Fichiers communs\Adobe
2006-10-31 19:08 -------- d-------- C:\Program Files\GtkRadiant-1.4
2006-10-31 15:25 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-31 15:25 -------- d-------- C:\Program Files\Wolfenstein - Enemy Territory
2006-10-30 18:52 -------- d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2006-10-30 18:20 1027 --a------ C:\Documents and Settings\mignot\Application Data\AdobeDLM.log
2006-10-30 18:20 0 --a------ C:\Documents and Settings\mignot\Application Data\dm.ini
2006-10-29 21:52 -------- d---s---- C:\Documents and Settings\mignot\Application Data\Microsoft
2006-10-29 21:45 -------- d-------- C:\Program Files\Fichiers communs\Merge Modules
2006-10-29 21:40 -------- d-------- C:\Program Files\Fichiers communs\Microsoft Shared
2006-10-29 21:40 -------- d-------- C:\Program Files\Fichiers communs\Crystal Decisions
2006-10-29 21:37 -------- d-------- C:\Program Files\Microsoft Office
2006-10-29 21:25 -------- d-------- C:\Program Files\Microsoft Visual Studio .NET 2003
2006-10-29 21:16 -------- d-------- C:\Program Files\Internet Explorer
2006-10-29 20:44 -------- d-------- C:\Program Files\Microsoft.NET
2006-10-28 21:33 -------- d-------- C:\Program Files\HTML Help Workshop
2006-10-28 21:33 -------- d-------- C:\Program Files\Common Files
2006-10-28 13:16 -------- d-------- C:\Program Files\Presets
2006-10-28 13:16 -------- d-------- C:\Program Files\Plug-Ins
2006-10-28 13:16 -------- d-------- C:\Program Files\NVIDIA Corporation
2006-10-27 21:56 74752 --a------ C:\WINDOWS\ST6UNST.EXE
2006-10-27 21:56 253952 --------- C:\WINDOWS\Setup1.exe
2006-10-26 22:59 -------- d-------- C:\Documents and Settings\mignot\Application Data\Leadertech
2006-10-22 00:05 -------- d-------- C:\Program Files\Sony Ericsson
2006-10-18 19:10 -------- d-------- C:\Program Files\Google
2006-10-17 20:43 -------- d-------- C:\Program Files\SUDOKU
2006-10-17 16:28 -------- d-------- C:\Documents and Settings\mignot\Application Data\Nero
2006-10-17 15:05 -------- d-------- C:\Documents and Settings\mignot\Application Data\Ahead
2006-10-17 15:00 -------- d-------- C:\Program Files\Ahead
2006-10-16 21:43 -------- d-------- C:\Program Files\VirtualDubMOD
2006-10-15 01:42 -------- d-------- C:\Program Files\Kwyshell
2006-10-14 21:45 -------- d-------- C:\Program Files\MSXML 4.0
2006-10-14 13:57 -------- d-------- C:\Program Files\Disc2Phone
2006-10-14 13:54 -------- d-------- C:\Documents and Settings\mignot\Application Data\Teleca
2006-10-14 13:51 -------- d-------- C:\Program Files\Fichiers communs\Teleca Shared
2006-10-10 22:39 -------- d-------- C:\Program Files\AutoShutdown
2006-10-05 19:26 -------- d-------- C:\Program Files\Philips
2006-09-30 12:13 -------- d-------- C:\Program Files\Fichiers communs\DESIGNER
2006-09-30 12:12 -------- d-------- C:\Program Files\Microsoft Works
2006-09-30 11:31 -------- d-------- C:\Program Files\MSECache
2006-09-30 00:23 -------- d-------- C:\Program Files\Symantec
2006-09-24 21:09 -------- d-------- C:\Program Files\Ghostgum
2006-09-24 20:58 -------- d-------- C:\Program Files\gs
2006-09-23 12:32 -------- d-------- C:\Program Files\iTunes
2006-09-23 12:25 -------- d-------- C:\Program Files\QuickTime
2006-09-23 12:23 -------- d-------- C:\Program Files\iPod
2006-09-22 22:31 -------- d-------- C:\Program Files\Microsoft Bootvis
2006-09-22 21:00 -------- d-------- C:\Program Files\Yahoo!
2006-09-22 20:58 -------- d-------- C:\Program Files\Fichiers communs\Real
2006-09-22 20:57 -------- d-------- C:\Documents and Settings\mignot\Application Data\Real
2006-09-20 20:40 -------- d-------- C:\Program Files\ABC Amber PDF2Image Converter
2006-09-15 21:52 91904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-15 21:52 124016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-09-13 06:03 1084416 --------- C:\WINDOWS\system32\msxml3.dll
2006-09-12 16:51 1245184 --a------ C:\WINDOWS\system32\msxml4.dll
2006-08-28 09:23 5906432 --------- C:\WINDOWS\system32\ieframe.dll
2006-08-28 09:23 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-08-28 09:23 457728 --------- C:\WINDOWS\system32\msfeeds.dll
2006-08-28 09:23 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-08-28 09:23 225792 --a------ C:\WINDOWS\system32\webcheck.dll
2006-08-28 09:23 175616 --------- C:\WINDOWS\system32\ieui.dll
2006-08-28 09:23 152064 --a------ C:\WINDOWS\system32\msls31.dll
2006-08-28 09:09 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-08-28 09:09 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-08-28 09:08 40448 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-08-28 09:08 105472 --a------ C:\WINDOWS\system32\url.dll
2006-08-28 09:08 100352 --a------ C:\WINDOWS\system32\occache.dll
2006-08-28 09:07 16896 --a------ C:\WINDOWS\system32\corpol.dll
2006-08-28 09:05 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-08-28 09:05 378368 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-08-28 09:05 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-08-28 09:05 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-08-28 09:04 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-08-28 09:04 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-08-28 09:04 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-08-28 09:04 122880 --a------ C:\WINDOWS\system32\advpack.dll
2006-08-28 09:04 11776 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-08-28 09:02 61440 --------- C:\WINDOWS\system32\icardie.dll
2006-08-28 09:02 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-08-28 09:01 35328 --a------ C:\WINDOWS\system32\imgutil.dll
2006-08-28 09:01 262656 --------- C:\WINDOWS\system32\iertutil.dll
2006-08-28 08:59 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-08-28 08:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-08-28 08:25 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-08-28 08:22 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-08-25 16:51 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 13:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 12:59 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"WOOKIT"="C:\\PROGRA~1\\WANADOO\\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM="
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"HControl"="C:\\WINDOWS\\ATK0100\\HControl.exe"
"SoundMan"="SOUNDMAN.EXE"
"ASUS Live Update"="C:\\Program Files\\ASUS\\ASUS Live Update\\ALU.exe"
"Wireless Console"="C:\\Program Files\\ASUS\\Wireless Console\\wcourier.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Power_Gear"="C:\\Program Files\\ASUS\\Power4 Gear\\BatteryLife.exe 1"
@=""
"IntelWireless"="C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe /tf Intel PROSet/Wireless"
"EOUApp"="C:\\Program Files\\Intel\\Wireless\\Bin\\EOUWiz.exe"
"ccApp"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\""
"URLLSTCK.exe"="C:\\Program Files\\Norton Internet Security Professional\\UrlLstCk.exe"
"Advanced Tools Check"="C:\\PROGRA~1\\NORTON~1\\NORTON~1\\AdvTools\\ADVCHK.EXE"
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"RemoteControl"="\"C:\\Program Files\\ASUSTek\\ASUSDVD\\PDVDServ.exe\""
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"phc700"="C:\\WINDOWS\\vphc700.exe"
"Sony Ericsson PC Suite"="\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Edition Découverte\\3.0\\Apps\\apdproxy.exe\""
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Documents and Settings\\mignot\\Bureau\\RBIKE.gif"
"SubscribedURL"="C:\\Documents and Settings\\mignot\\Bureau\\RBIKE.gif"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,00,00,00,00,00,00,00,00,78,05,00,00,1a,04,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:02,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,00,00,00,00,00,00,00,78,05,00,00,1a,04,\
00,00,02,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,00,00,00,00,00,00,00,00,78,05,00,00,1a,04,\
00,00,01,00,00,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\Documents and Settings\\mignot\\Mes documents\\msn\\pack_smileys_2\\36_15_12.gif"
"SubscribedURL"="C:\\Documents and Settings\\mignot\\Mes documents\\msn\\pack_smileys_2\\36_15_12.gif"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ea,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:34,00,00,c0,00,00,00,00,ec,e0,07,00,bf,6f,da,77,19,00,\
00,00,e8,dd,07,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="C:\\Documents and Settings\\mignot\\Mes documents\\Mes images\\IUT GMP.jpg"
"SubscribedURL"="C:\\Documents and Settings\\mignot\\Mes documents\\Mes images\\IUT GMP.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,a0,00,00,00,3b,00,00,00,78,00,00,00,6c,00,00,00,ec,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,3b,00,00,00,78,00,00,00,6c,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:cc,d1,07,00,3c,d2,07,00,08,d3,07,00,00,00,00,00,18,00,\
00,00,03,00,00,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
"Source"="C:\\Documents and Settings\\mignot\\Mes documents\\msn\\emoticones\\animés\\n\\soleilhot.gif"
"SubscribedURL"="C:\\Documents and Settings\\mignot\\Mes documents\\msn\\emoticones\\animés\\n\\soleilhot.gif"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,a0,00,00,00,cf,00,00,00,78,00,00,00,6c,00,00,00,ee,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,cf,00,00,00,78,00,00,00,6c,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\4]
"Source"="C:\\Documents and Settings\\mignot\\Mes documents\\msn\\emoticones\\animés\\n\\dance.gif"
"SubscribedURL"="C:\\Documents and Settings\\mignot\\Mes documents\\msn\\emoticones\\animés\\n\\dance.gif"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,cc,01,00,00,4f,00,00,00,78,00,00,00,6c,00,00,00,f0,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,01,00,00,4f,00,00,00,78,00,00,00,6c,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,1e,05,00,00,a0,00,00,00,4c,00,00,00,41,00,\
00,00,01,00,00,40
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\5]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,18,01,00,00,01,00,00,00,60,04,00,00,fb,03,00,00,f2,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,18,01,00,00,01,00,00,00,60,04,00,00,fb,03,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,18,01,00,00,00,00,00,00,60,04,00,00,fc,03,\
00,00,01,00,00,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\6]
"Source"="C:\\Documents and Settings\\mignot\\Mes documents\\coulours_1024\\coulours.htm"
"SubscribedURL"="C:\\Documents and Settings\\mignot\\Mes documents\\coulours_1024\\coulours.htm"
"FriendlyName"=""
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,2c,01,00,00,4f,00,00,00,78,00,00,00,6c,00,00,00,f4,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,06,04,00,00,ad,01,00,00,36,01,00,00,36,01,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,0b,03,00,00,81,01,00,00,21,01,00,00,24,02,\
00,00,01,00,00,40
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"Symantec NetDriver Warning"="C:\\PROGRA~1\\SYMNET~1\\SNDWarn.exe"
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"Symantec NetDriver Warning"="C:\\PROGRA~1\\SYMNET~1\\SNDWarn.exe"
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:95,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=dword:00000001
"AllowUnhashedWebView"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Analyser mon ordinateur.job
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\S‚lection2.job
Completion time: 06-11-13 20:26:15.98
C:\ComboFix.txt ... 06-11-13 20:26
C:\ComboFix2.txt ... 06-11-11 18:51
Re,
Télécharge puis installe AVG Anti-Spyware (AVG AS)
Une fois AVG AS lancé, clique sur "Mise à jour"
Ferme le programme.
AIDE : Tuto de Malekal
Redémarre en mode sans échec
Relance AVG AS puis choisis l'onglet "Analyse"
Puis l'onglet "Paramètres"
Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
/!\ Si un fichier est infecté en fin d'analyse /!\
Clique sur "Appliquer toutes les actions "
Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau.
Redémarre normalement
Copie/Colle le rapport ici.
salut à tous
moi, ce qui m'inquiète dans son rapport hijackthis, c'est cette ligne : O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
winpcap est bien un renifleur, non???
Il y a 2410 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
