J'ai des bulles qui apparaissent sans arrêts (des sortes d'écrans qui sortent du coin en bas a droite)
Ca parle de spyware, security Alert etc....
J'espère que ce n'est pas trop grave :s
Mon rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:50:12, on 17/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://blackle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\gxidfasm.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr [...] NPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 4679209608
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00AAD69.dat
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 6844 bytes
Salut,
Tu es en effet infecté.
Infection Vundo :
Fais ces manips dans l’ordre :
1/ Télécharge VundoFix.exe (d’ Atribune) :
Double-clique VundoFix.exe .
Clique sur Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Ensuite clique sur YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu auras un message comme quoi l’ordinateur va s’éteindre, fais ok
Poste le rapport qui se trouve dans C:\vundofix.txt
2/ Télécharge Combofix (de sUBs) sur ton Bureau.
Désactive toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
Le rapport se trouve ici : C:\Combofix.txt
3/ Poste un nouveau rapport HiJackThis (en ayant renommé HiJackthis.exe en SCANNER.EXE)
Répondre à XmichouX
Voila les rapports :
(rien a changer -_- c'est pire meme )
VundoFix V6.6.2
Checking Java version...
Scan started at 15:28:51 17/11/2007
Listing files found while scanning....
C:\windows\system32\__c0018070.dat
C:\windows\system32\__c0019870.dat
C:\windows\system32\__c0035B2.dat
C:\windows\system32\__c0042D26.dat
C:\windows\system32\__c005F188.dat
C:\windows\system32\__c007C94.dat
C:\windows\system32\__c00801FD.dat
C:\windows\system32\__c0086C4.dat
C:\windows\system32\__c008E552.dat
C:\windows\system32\__c00A2900.dat
C:\windows\system32\__c00AAD69.dat
C:\windows\system32\__c00DBFF2.dat
C:\windows\system32\__c00DCA9.dat
C:\windows\system32\__c00FC3AF.dat
C:\windows\system32\amvxcyct.dll
C:\windows\system32\apkptkll.dll
C:\windows\system32\bccdd.bak1
C:\windows\system32\bccdd.ini
C:\windows\system32\bccdd.ini2
C:\windows\system32\bccdd.tmp
C:\windows\system32\brupwhni.dll
C:\windows\system32\bwgshtko.dll
C:\windows\system32\cdedfjij.dll
C:\windows\system32\ddccb.dll
C:\windows\system32\dkjkiyou.dll
C:\windows\system32\duwkuhwh.dll
C:\windows\system32\ftvjtvau.dll
C:\WINDOWS\system32\gxidfasm.dll
C:\windows\system32\gxidfasm.dllbox
C:\windows\system32\icoekmhy.dll
C:\windows\system32\jtmagyiw.dll
C:\windows\system32\jxcjjugt.dll
C:\windows\system32\lchmgugi.dll
C:\windows\system32\mitmuekp.dll
C:\windows\system32\mnihsgir.dll
C:\windows\system32\mqbrhgfv.dll
C:\windows\system32\mqylnaxs.dll
C:\windows\system32\nrfjnfmx.dll
C:\windows\system32\ohrdhngd.dll
C:\windows\system32\qbhhlviw.dll
C:\windows\system32\qgjdeqmt.dll
C:\windows\system32\qnmrsbsp.dll
C:\windows\system32\rdupjvus.dll
C:\windows\system32\rqkubaht.dll
C:\windows\system32\svnqdxxr.dll
C:\windows\system32\uvyeeosd.dll
C:\windows\system32\vbqnyifo.dll
C:\windows\system32\wvutqom.dll
C:\windows\system32\yyhybgsp.dll
Beginning removal...
Attempting to delete C:\windows\system32\__c0018070.dat
C:\windows\system32\__c0018070.dat Has been deleted!
Attempting to delete C:\windows\system32\__c0019870.dat
C:\windows\system32\__c0019870.dat Has been deleted!
Attempting to delete C:\windows\system32\__c0035B2.dat
C:\windows\system32\__c0035B2.dat Has been deleted!
Attempting to delete C:\windows\system32\__c0042D26.dat
C:\windows\system32\__c0042D26.dat Could not be deleted.
Attempting to delete C:\windows\system32\__c005F188.dat
C:\windows\system32\__c005F188.dat Has been deleted!
Attempting to delete C:\windows\system32\__c007C94.dat
C:\windows\system32\__c007C94.dat Has been deleted!
Attempting to delete C:\windows\system32\__c00801FD.dat
C:\windows\system32\__c00801FD.dat Has been deleted!
Attempting to delete C:\windows\system32\__c0086C4.dat
C:\windows\system32\__c0086C4.dat Has been deleted!
Attempting to delete C:\windows\system32\__c008E552.dat
C:\windows\system32\__c008E552.dat Has been deleted!
Attempting to delete C:\windows\system32\__c00A2900.dat
C:\windows\system32\__c00A2900.dat Has been deleted!
Attempting to delete C:\windows\system32\__c00AAD69.dat
C:\windows\system32\__c00AAD69.dat Could not be deleted.
Attempting to delete C:\windows\system32\__c00DBFF2.dat
C:\windows\system32\__c00DBFF2.dat Has been deleted!
Attempting to delete C:\windows\system32\__c00DCA9.dat
C:\windows\system32\__c00DCA9.dat Has been deleted!
Attempting to delete C:\windows\system32\__c00FC3AF.dat
C:\windows\system32\__c00FC3AF.dat Has been deleted!
Attempting to delete C:\windows\system32\amvxcyct.dll
C:\windows\system32\amvxcyct.dll Has been deleted!
Attempting to delete C:\windows\system32\apkptkll.dll
C:\windows\system32\apkptkll.dll Has been deleted!
Attempting to delete C:\windows\system32\bccdd.bak1
C:\windows\system32\bccdd.bak1 Has been deleted!
Attempting to delete C:\windows\system32\bccdd.ini
C:\windows\system32\bccdd.ini Has been deleted!
Attempting to delete C:\windows\system32\bccdd.ini2
C:\windows\system32\bccdd.ini2 Has been deleted!
Attempting to delete C:\windows\system32\bccdd.tmp
C:\windows\system32\bccdd.tmp Has been deleted!
Attempting to delete C:\windows\system32\brupwhni.dll
C:\windows\system32\brupwhni.dll Has been deleted!
Attempting to delete C:\windows\system32\bwgshtko.dll
C:\windows\system32\bwgshtko.dll Has been deleted!
Attempting to delete C:\windows\system32\cdedfjij.dll
C:\windows\system32\cdedfjij.dll Has been deleted!
Attempting to delete C:\windows\system32\ddccb.dll
C:\windows\system32\ddccb.dll Could not be deleted.
Attempting to delete C:\windows\system32\dkjkiyou.dll
C:\windows\system32\dkjkiyou.dll Has been deleted!
Attempting to delete C:\windows\system32\duwkuhwh.dll
C:\windows\system32\duwkuhwh.dll Has been deleted!
Attempting to delete C:\windows\system32\ftvjtvau.dll
C:\windows\system32\ftvjtvau.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\gxidfasm.dll
C:\WINDOWS\system32\gxidfasm.dll Could not be deleted.
Attempting to delete C:\windows\system32\gxidfasm.dllbox
C:\windows\system32\gxidfasm.dllbox Has been deleted!
Attempting to delete C:\windows\system32\icoekmhy.dll
C:\windows\system32\icoekmhy.dll Has been deleted!
Attempting to delete C:\windows\system32\jtmagyiw.dll
C:\windows\system32\jtmagyiw.dll Has been deleted!
Attempting to delete C:\windows\system32\jxcjjugt.dll
C:\windows\system32\jxcjjugt.dll Has been deleted!
Attempting to delete C:\windows\system32\lchmgugi.dll
C:\windows\system32\lchmgugi.dll Has been deleted!
Attempting to delete C:\windows\system32\mitmuekp.dll
C:\windows\system32\mitmuekp.dll Has been deleted!
Attempting to delete C:\windows\system32\mnihsgir.dll
C:\windows\system32\mnihsgir.dll Has been deleted!
Attempting to delete C:\windows\system32\mqbrhgfv.dll
C:\windows\system32\mqbrhgfv.dll Has been deleted!
Attempting to delete C:\windows\system32\mqylnaxs.dll
C:\windows\system32\mqylnaxs.dll Has been deleted!
Attempting to delete C:\windows\system32\nrfjnfmx.dll
C:\windows\system32\nrfjnfmx.dll Has been deleted!
Attempting to delete C:\windows\system32\ohrdhngd.dll
C:\windows\system32\ohrdhngd.dll Has been deleted!
Attempting to delete C:\windows\system32\qbhhlviw.dll
C:\windows\system32\qbhhlviw.dll Has been deleted!
Attempting to delete C:\windows\system32\qgjdeqmt.dll
C:\windows\system32\qgjdeqmt.dll Has been deleted!
Attempting to delete C:\windows\system32\qnmrsbsp.dll
C:\windows\system32\qnmrsbsp.dll Has been deleted!
Attempting to delete C:\windows\system32\rdupjvus.dll
C:\windows\system32\rdupjvus.dll Has been deleted!
Attempting to delete C:\windows\system32\rqkubaht.dll
C:\windows\system32\rqkubaht.dll Has been deleted!
Attempting to delete C:\windows\system32\svnqdxxr.dll
C:\windows\system32\svnqdxxr.dll Has been deleted!
Attempting to delete C:\windows\system32\uvyeeosd.dll
C:\windows\system32\uvyeeosd.dll Has been deleted!
Attempting to delete C:\windows\system32\vbqnyifo.dll
C:\windows\system32\vbqnyifo.dll Has been deleted!
Attempting to delete C:\windows\system32\wvutqom.dll
C:\windows\system32\wvutqom.dll Has been deleted!
Attempting to delete C:\windows\system32\yyhybgsp.dll
C:\windows\system32\yyhybgsp.dll Has been deleted!
Performing Repairs to the registry.
Done!
ComboFix 07-11-08.1 - Maxoo 2007-11-17 16:15:21.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.556 [GMT 1:00]
Running from: C:\Documents and Settings\Maxoo\Bureau\ComboFix.exe
* Created a new restore point
.
Incapable d'obtenir les privilèges Système
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\Documents and Settings\Maxoo\Bureau\Live Safety Center.lnk
C:\Documents and Settings\Maxoo\Bureau\Online Security Guide.lnk
C:\Documents and Settings\Maxoo\Favoris\Online Security Guide.lnk
C:\WINDOWS\system32\__c0042D26.dat
C:\WINDOWS\system32\__c00AAD69.dat
C:\WINDOWS\system32\bccdd.bak1
C:\WINDOWS\system32\bccdd.ini
C:\WINDOWS\system32\ddccb.dll
C:\WINDOWS\system32\eokdqtfo.exe
C:\WINDOWS\system32\gxidfasm.dllbox
C:\WINDOWS\system32\mvdaanig.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-17 to 2007-11-17 ))))))))))))))))))))))))))))))))))))
.
2007-11-17 16:06 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-17 15:28 <REP> d-------- C:\VundoFix Backups
2007-11-17 14:49 <REP> d-------- C:\Program Files\Trend Micro
2007-11-17 14:35 <REP> d-------- C:\Program Files\CCleaner
2007-11-17 14:26 82,496 --a------ C:\WINDOWS\system32\ihglldbo.dll
2007-11-17 14:23 144,480 --------- C:\WINDOWS\system32\gxidfasm.dll
2007-11-17 14:23 144,480 --a------ C:\WINDOWS\system32\dkuopwgy.dll
2007-11-17 14:20 85,056 --------- C:\WINDOWS\system32\atqajvdt.dll
2007-11-17 12:20 85,056 --a------ C:\WINDOWS\system32\fexbghby.dll
2007-11-17 12:17 82,496 --a------ C:\WINDOWS\system32\cndnbdxu.dll
2007-11-17 12:14 144,480 --a------ C:\WINDOWS\system32\wnxgdvhj.dll
2007-11-17 12:11 71,232 --a------ C:\WINDOWS\system32\wmyybcsp.exe
2007-11-17 12:09 71,232 --a------ C:\WINDOWS\system32\hhhumdbe.exe
2007-11-17 11:50 71,232 --a------ C:\WINDOWS\system32\dipediqa.exe
2007-11-17 07:35 <REP> d-------- C:\WINDOWS\Performance
2007-11-17 07:34 <REP> d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2007-11-17 07:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2007-11-17 07:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2007-11-17 00:09 <REP> d-------- C:\Program Files\SlySoft
2007-11-15 12:48 <REP> d-------- C:\Program Files\Mozilla Thunderbird
2007-11-15 12:48 <REP> d-------- C:\Documents and Settings\Maxoo\Application Data\Thunderbird
2007-11-14 14:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-14 14:29 71,232 --a------ C:\WINDOWS\system32\hpvjcxuq.exe
2007-11-13 00:48 <REP> d-------- C:\COMPUTER
2007-11-12 21:59 <REP> d-------- C:\Program Files\Skype
2007-11-12 21:59 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2007-11-12 21:59 <REP> d-------- C:\Documents and Settings\Maxoo\Application Data\Skype
2007-11-12 21:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-11-11 15:15 <REP> d-------- C:\Program Files\iPod
2007-11-11 15:14 <REP> d-------- C:\Program Files\iTunes
2007-11-10 19:22 81,472 --a------ C:\WINDOWS\system32\owujxoru.dll
2007-11-10 19:16 71,232 --a------ C:\WINDOWS\system32\wtiqjgvo.exe
2007-11-09 22:37 77,888 --a------ C:\WINDOWS\system32\oubntnnl.dll
2007-11-09 20:29 77,888 --a------ C:\WINDOWS\system32\fdlnrkvr.dll
2007-11-09 14:24 77,888 --a------ C:\WINDOWS\system32\dtxrwpls.dll
2007-11-09 14:21 88,128 --a------ C:\WINDOWS\system32\kusqapeh.dll
2007-11-08 23:08 71,232 --a------ C:\WINDOWS\system32\agbnndww.exe
2007-11-08 18:25 86,080 --a------ C:\WINDOWS\system32\vdeeujbq.dll
2007-11-08 18:13 71,232 --a------ C:\WINDOWS\system32\oktojplv.exe
2007-11-07 16:46 86,080 --a------ C:\WINDOWS\system32\cbidoxxs.dll
2007-11-07 16:43 79,936 --a------ C:\WINDOWS\system32\gjrmubfu.dll
2007-11-07 16:37 71,232 --a------ C:\WINDOWS\system32\rrvyrijp.exe
2007-11-07 16:30 <REP> d-------- C:\Program Files\directx
2007-11-07 16:29 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2007-11-07 16:28 <REP> d-------- C:\Program Files\Labtec
2007-11-06 20:50 81,472 --a------ C:\WINDOWS\system32\fnrkjkmp.dll
2007-11-06 16:43 71,232 --a------ C:\WINDOWS\system32\luetcjwi.exe
2007-11-06 11:31 81,472 --a------ C:\WINDOWS\system32\ghfpbrnt.dll
2007-11-06 11:28 87,104 --a------ C:\WINDOWS\system32\tqmifhjr.dll
2007-11-05 23:29 85,568 --a------ C:\WINDOWS\system32\cojukuso.dll
2007-11-05 23:27 83,008 --a------ C:\WINDOWS\system32\jeceeukq.dll
2007-11-05 10:49 85,568 --a------ C:\WINDOWS\system32\lkpyimjf.dll
2007-11-05 10:46 83,008 --a------ C:\WINDOWS\system32\txivoriy.dll
2007-11-04 21:08 <REP> d-------- C:\Program Files\Apple Software Update
2007-11-01 17:02 <REP> d-------- C:\Documents and Settings\_Joel_Mondet_\Application Data\Macromedia
2007-11-01 16:55 <REP> d-------- C:\Documents and Settings\_Joel_Mondet_\Application Data\Mozilla
2007-10-27 16:02 <REP> d-------- C:\Documents and Settings\_Joel_Mondet_\Application Data\Windows Desktop Search
2007-10-20 14:19 6,058,496 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-20 14:19 2,455,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-10-20 14:19 459,264 --a------ C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-20 14:19 383,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-20 14:19 267,776 --a------ C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-20 14:19 63,488 --a------ C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-20 14:19 52,224 --a------ C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-20 14:19 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2007-10-20 14:19 13,824 --a------ C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-19 20:57 <REP> d-------- C:\Program Files\City of Heroes
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-17 15:43 24,364,064 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-17 15:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-17 15:32 1,165,600 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-17 15:31 330,464 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-17 15:31 111,368 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-17 15:30 --------- d-----w C:\Documents and Settings\Maxoo\Application Data\uTorrent
2007-11-17 10:40 --------- d-----w C:\Documents and Settings\Maxoo\Application Data\vlc
2007-11-17 10:40 --------- d-----w C:\Documents and Settings\Maxoo\Application Data\ma-config.com
2007-11-17 10:40 --------- d-----w C:\Documents and Settings\Maxoo\Application Data\LimeWire
2007-11-17 10:40 --------- d-----w C:\Documents and Settings\Maxoo\Application Data\IDM
2007-11-17 10:39 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-11-17 10:39 --------- d-----w C:\Program Files\uTorrent
2007-11-17 10:39 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-11-17 10:39 --------- d-----w C:\Program Files\ThiWeb Live 2
2007-11-17 10:39 --------- d-----w C:\Program Files\Services en ligne
2007-11-17 10:38 --------- d-----w C:\Program Files\SAGEM Wi-Fi USB 802.11g
2007-11-17 10:38 --------- d-----w C:\Program Files\RocketDock
2007-11-17 10:38 --------- d-----w C:\Program Files\RKLauncher
2007-11-17 10:38 --------- d-----w C:\Program Files\QuickTime
2007-11-17 10:38 --------- d-----w C:\Program Files\podXP
2007-11-17 10:38 --------- d-----w C:\Program Files\ONES Trial (F)
2007-11-17 10:38 --------- d-----w C:\Program Files\MSBuild
2007-11-17 10:38 --------- d-----w C:\Program Files\Microsoft Works
2007-11-17 10:37 --------- d-s---w C:\Program Files\Fichiers communs\Teknum Systems
2007-11-17 10:37 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-11-17 10:37 --------- d-----w C:\Program Files\ma-config.com
2007-11-17 10:37 --------- d-----w C:\Program Files\LimeWire
2007-11-17 10:37 --------- d-----w C:\Program Files\LClock
2007-11-17 10:37 --------- d-----w C:\Program Files\FileZilla
2007-11-17 10:37 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-11-17 10:33 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-11-17 10:33 --------- d-----w C:\Program Files\eMule
2007-11-17 10:31 --------- d-----w C:\Program Files\Dofus
2007-11-17 10:31 --------- d-----w C:\Program Files\DAEMON Tools
2007-11-17 10:31 --------- d-----w C:\Program Files\CursorXP
2007-11-17 10:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-17 10:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-11-17 10:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2007-11-17 10:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-17 10:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-17 09:22 1,310,720 ---ha-w C:\Documents and Settings\_Joel_Mondet_\NTUSER.DAT
2007-10-28 08:09 --------- d-----w C:\Documents and Settings\Maxoo\Application Data\DMCache
2007-10-27 15:02 --------- d-s---w C:\Documents and Settings\_Joel_Mondet_\Application Data\Microsoft
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-19 12:44 --------- d-----w C:\Documents and Settings\Maxoo\Application Data\Screenshot Sender
2007-10-05 16:51 --------- d-----w C:\Program Files\MSXML 6.0
2007-10-04 18:32 --------- d-----w C:\Program Files\Microsoft Etudes
2007-10-04 18:28 --------- d-----w C:\Program Files\Learning Essentials
2007-10-03 19:12 --------- d-----w C:\Program Files\Internet Download Manager
2007-09-30 14:03 --------- d-----w C:\Documents and Settings\Maxoo\Application Data\Windows Desktop Search
2007-09-28 19:23 --------- d-----w C:\Program Files\Windows Live
2007-09-28 19:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-28 19:18 --------- d-----w C:\Program Files\NCSoft
2007-09-26 17:48 --------- d-----w C:\Program Files\Windows Desktop Search
2007-09-24 20:56 --------- d-----w C:\Documents and Settings\Maxoo\Application Data\Ahead
2007-09-24 20:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2007-09-24 20:54 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-09-24 20:51 --------- d-----w C:\Program Files\Nero
2007-09-24 20:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-08-31 23:18 97,391 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2007-08-22 12:57 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-08-22 12:57 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-08-22 12:57 1,498,624 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-08-22 12:57 1,056,768 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-08-22 12:57 1,023,488 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 13:29 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 09:59 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 09:59 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 09:59 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 09:59 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 09:59 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 09:59 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 09:59 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 09:59 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 09:59 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 09:59 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 09:59 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 09:59 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 09:59 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 09:59 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 09:59 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 09:59 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 10:22 63,488 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 10:22 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 07:34 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-07-06 23:09:00 19,627,329 --sha-r C:\WINDOWS\system32\ControlPack.exe
2007-03-31 22:14:06 729,088 --sha-r C:\WINDOWS\system32\Desk.exe
2005-10-28 19:22:47 732,160 --sha-r C:\WINDOWS\system32\gfc.exe
2005-10-28 18:53:45 997,774 --sha-r C:\WINDOWS\system32\gms.exe
2005-10-28 19:26:53 731,009 --sha-r C:\WINDOWS\system32\gmsv.exe
2006-02-16 11:49:22 890,987 --sha-r C:\WINDOWS\system32\gpack Auror.scr
2006-02-28 20:51:26 1,675,776 --sha-r C:\WINDOWS\system32\GPack Aurora.scr
2006-02-28 20:23:40 1,185,280 --sha-r C:\WINDOWS\system32\GPack Bubbles.scr
2005-04-27 13:39:00 95,744 --sha-r C:\WINDOWS\system32\GPack Cyclone.scr
2005-04-27 13:39:02 81,408 --sha-r C:\WINDOWS\system32\GPack FieldLines.scr
2005-04-27 13:39:02 77,824 --sha-r C:\WINDOWS\system32\GPack Flocks.scr
2005-04-27 13:39:02 1,724,416 --sha-r C:\WINDOWS\system32\GPack Lattice.scr
2006-03-03 06:12:34 529,408 --sha-r C:\WINDOWS\system32\GPack Mystify.scr
2005-04-27 13:39:02 57,344 --sha-r C:\WINDOWS\system32\GPack Plasma.scr
2006-02-28 20:51:32 529,408 --sha-r C:\WINDOWS\system32\GPack Ribbons.scr
2005-04-27 13:39:02 69,632 --sha-r C:\WINDOWS\system32\GPack SolarWinds.scr
2005-09-21 02:12:10 418,304 --sha-w C:\WINDOWS\system32\GPack.scr
2005-10-28 19:24:36 960,385 --sha-r C:\WINDOWS\system32\gpr.exe
2005-10-28 19:25:35 705,422 --sha-r C:\WINDOWS\system32\gsig.exe
2005-10-28 19:00:30 766,832 --sha-r C:\WINDOWS\system32\gslt.exe
2005-10-28 18:56:10 736,129 --sha-r C:\WINDOWS\system32\gsp.exe
2007-05-03 18:26:34 276,480 --sha-r C:\WINDOWS\system32\ThumbSizer.exe
2007-05-08 13:05:06 503,808 --sha-r C:\WINDOWS\system32\ViStart.exe
2006-05-28 07:37:10 36,864 --sha-r C:\WINDOWS\system32\VisualTaskTips.exe
2007-04-25 05:15:44 1,009,152 --sha-r C:\WINDOWS\system32\VisualToolTip.exe
2006-03-23 20:45:56 2,433,024 --sha-r C:\WINDOWS\system32\mui\0C0A\Cursors.exe
2005-09-15 13:30:00 2,359,296 --sha-r C:\WINDOWS\system32\mui\0C0A\run.exe
2007-03-29 02:35:48 228,525 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers0.exe
2007-03-29 02:37:36 172,537 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers1.exe
2007-03-29 02:41:05 152,909 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers10.exe
2007-03-29 02:41:29 210,310 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers11.exe
2007-03-29 02:41:46 204,410 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers12.exe
2007-03-29 02:42:08 220,781 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers13.exe
2007-03-29 02:42:25 409,400 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers14.exe
2007-03-29 02:42:53 485,825 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers15.exe
2007-03-29 02:43:08 126,803 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers16.exe
2007-03-29 02:43:25 90,275 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers17.exe
2007-03-29 02:43:41 96,042 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers18.exe
2007-03-29 11:48:25 232,604 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers19.exe
2007-03-29 02:37:05 167,807 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers2.exe
2007-06-20 16:10:57 189,049 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers20.exe
2007-06-20 16:10:28 174,231 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers21.exe
2007-06-20 16:11:32 156,033 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers22.exe
2007-06-20 16:14:40 200,503 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers23.exe
2007-06-20 16:23:26 222,615 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers24.exe
2007-06-20 16:23:58 178,552 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers25.exe
2007-06-20 16:26:18 312,710 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers26.exe
2007-06-20 16:26:42 297,352 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers27.exe
2007-06-20 16:27:17 268,346 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers28.exe
2007-06-20 16:27:49 231,000 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers29.exe
2007-03-29 02:37:58 236,423 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers3.exe
2007-06-20 16:28:10 272,014 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers30.exe
2007-06-20 16:33:10 211,922 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers31.exe
2007-06-20 16:28:46 205,414 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers32.exe
2007-06-20 16:34:56 195,560 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers33.exe
2007-06-20 16:35:31 257,213 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers34.exe
2007-06-20 16:35:45 240,530 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers35.exe
2007-06-20 16:35:59 345,679 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers36.exe
2007-06-20 16:39:16 233,424 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers37.exe
2007-06-20 16:39:37 186,406 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers38.exe
2007-06-20 16:39:52 179,637 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers39.exe
2007-03-29 02:38:23 184,489 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers4.exe
2007-03-29 02:38:47 280,148 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers5.exe
2007-03-29 02:39:05 153,250 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers6.exe
2007-03-29 02:39:31 117,405 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers7.exe
2007-03-29 02:40:18 188,106 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers8.exe
2007-03-29 02:40:43 164,351 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers9.exe
2007-03-30 02:06:30 116,869 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\BLUE\BLUE.exe
2007-03-30 02:07:16 117,435 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\RED\RED.exe
2007-07-01 19:01:46 11,179,752 --sha-w C:\WINDOWS\system32\oobe\html\iconnect\Root.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-17 14:23 144480 --------- C:\WINDOWS\system32\gxidfasm.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c113905f-b207-43b2-af7f-b7e373648742}]
2007-11-17 14:26 82496 --a------ C:\WINDOWS\system32\ihglldbo.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\gxidfasm.dll [2007-11-17 14:23 144480]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\gxidfasm.dll [2007-11-17 14:23 144480]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 11:51]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 10:45]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 20:21]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-08-16 15:19]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" [2007-01-17 13:47]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="logonuiX.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gxidfasm]
gxidfasm.dll 2007-11-17 14:23 144480 C:\WINDOWS\system32\gxidfasm.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\WINDOWS\\GShellpack\\WindowBlinds\\wbsrv.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddccb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk
backup=C:\WINDOWS\pss\Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
C:\Program Files\RocketDock\RocketDock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-17 14:05:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-16 16:52:42 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 16:43:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-17 16:48:00 - machine was rebooted
.
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:04:14, on 17/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\SCANNER.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://blackle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\gxidfasm.dll
O2 - BHO: {24784637-3e7b-f7fa-2b34-702bf509311c} - {c113905f-b207-43b2-af7f-b7e373648742} - C:\WINDOWS\system32\ihglldbo.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\gxidfasm.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr [...] NPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 4679209608
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: gxidfasm - C:\WINDOWS\SYSTEM32\gxidfasm.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 7437 bytes
Beau ménage de fait.
Copie le texte se situant dans le cadre ci-dessous :
File::
|
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
Répondre à XmichouX
ComboFix 07-11-08.1 - Maxoo 2007-11-17 17:45:30.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.518 [GMT 1:00]
Running from: C:\Documents and Settings\Maxoo\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Maxoo\Bureau\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\system32\ddccb.dll
C:\WINDOWS\SYSTEM32\gxidfasm.dll
C:\WINDOWS\system32\ihglldbo.dll
.
Incapable d'obtenir les privilèges Système
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\Documents and Settings\Maxoo\Bureau\Live Safety Center.lnk
C:\Documents and Settings\Maxoo\Bureau\Online Security Guide.lnk
C:\Documents and Settings\Maxoo\Favoris\Online Security Guide.lnk
C:\WINDOWS\SYSTEM32\gxidfasm.dll
C:\WINDOWS\system32\gxidfasm.dllbox
C:\WINDOWS\system32\ihglldbo.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-17 to 2007-11-17 ))))))))))))))))))))))))))))))))))))
.
2007-11-17 16:06 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-17 15:28 <REP> d-------- C:\VundoFix Backups
2007-11-17 14:49 <REP> d-------- C:\Program Files\Trend Micro
2007-11-17 14:35 <REP> d-------- C:\Program Files\CCleaner
2007-11-17 14:23 144,480 --a------ C:\WINDOWS\system32\dkuopwgy.dll
2007-11-17 14:20 85,056 --------- C:\WINDOWS\system32\atqajvdt.dll
2007-11-17 12:20 85,056 --a------ C:\WINDOWS\system32\fexbghby.dll
2007-11-17 12:17 82,496 --a------ C:\WINDOWS\system32\cndnbdxu.dll
2007-11-17 12:14 144,480 --a------ C:\WINDOWS\system32\wnxgdvhj.dll
2007-11-17 12:11 71,232 --a------ C:\WINDOWS\system32\wmyybcsp.exe
2007-11-17 12:09 71,232 --a------ C:\WINDOWS\system32\hhhumdbe.exe
2007-11-17 11:50 71,232 --a------ C:\WINDOWS\system32\dipediqa.exe
2007-11-17 07:35 <REP> d-------- C:\WINDOWS\Performance
2007-11-17 07:34 <REP> d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2007-11-17 07:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2007-11-17 07:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2007-11-17 00:09 <REP> d-------- C:\Program Files\SlySoft
2007-11-15 12:48 <REP> d-------- C:\Program Files\Mozilla Thunderbird
2007-11-15 12:48 <REP> d-------- C:\Documents and Settings\Maxoo\Application Data\Thunderbird
2007-11-14 14:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-14 14:29 71,232 --a------ C:\WINDOWS\system32\hpvjcxuq.exe
2007-11-13 00:48 <REP> d-------- C:\COMPUTER
2007-11-12 21:59 <REP> d-------- C:\Program Files\Skype
2007-11-12 21:59 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2007-11-12 21:59 <REP> d-------- C:\Documents and Settings\Maxoo\Application Data\Skype
2007-11-12 21:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-11-11 15:15 <REP> d-------- C:\Program Files\iPod
2007-11-11 15:14 <REP> d-------- C:\Program Files\iTunes
2007-11-10 19:22 81,472 --a------ C:\WINDOWS\system32\owujxoru.dll
2007-11-10 19:16 71,232 --a------ C:\WINDOWS\system32\wtiqjgvo.exe
2007-11-09 22:37 77,888 --a------ C:\WINDOWS\system32\oubntnnl.dll
2007-11-09 20:29 77,888 --a------ C:\WINDOWS\system32\fdlnrkvr.dll
2007-11-09 14:24 77,888 --a------ C:\WINDOWS\system32\dtxrwpls.dll
2007-11-09 14:21 88,128 --a------ C:\WINDOWS\system32\kusqapeh.dll
2007-11-08 23:08 71,232 --a------ C:\WINDOWS\system32\agbnndww.exe
2007-11-08 18:25 86,080 --a------ C:\WINDOWS\system32\vdeeujbq.dll
2007-11-08 18:13 71,232 --a------ C:\WINDOWS\system32\oktojplv.exe
2007-11-07 16:46 86,080 --a------ C:\WINDOWS\system32\cbidoxxs.dll
2007-11-07 16:43 79,936 --a------ C:\WINDOWS\system32\gjrmubfu.dll
2007-11-07 16:37 71,232 --a------ C:\WINDOWS\system32\rrvyrijp.exe
2007-11-07 16:30 <REP> d-------- C:\Program Files\directx
2007-11-07 16:29 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2007-11-07 16:28 <REP> d-------- C:\Program Files\Labtec
2007-11-06 20:50 81,472 --a------ C:\WINDOWS\system32\fnrkjkmp.dll
2007-11-06 16:43 71,232 --a------ C:\WINDOWS\system32\luetcjwi.exe
2007-11-06 11:31 81,472 --a------ C:\WINDOWS\system32\ghfpbrnt.dll
2007-11-06 11:28 87,104 --a------ C:\WINDOWS\system32\tqmifhjr.dll
2007-11-05 23:29 85,568 --a------ C:\WINDOWS\system32\cojukuso.dll
2007-11-05 23:27 83,008 --a------ C:\WINDOWS\system32\jeceeukq.dll
2007-11-05 10:49 85,568 --a------ C:\WINDOWS\system32\lkpyimjf.dll
2007-11-05 10:46 83,008 --a------ C:\WINDOWS\system32\txivoriy.dll
2007-11-04 21:08 <REP> d-------- C:\Program Files\Apple Software Update
2007-11-01 17:02 <REP> d-------- C:\Documents and Settings\_Joel_Mondet_\Application Data\Macromedia
2007-11-01 16:55 <REP> d-------- C:\Documents and Settings\_Joel_Mondet_\Application Data\Mozilla
2007-10-27 16:02 <REP> d-------- C:\Documents and Settings\_Joel_Mondet_\Application Data\Windows Desktop Search
2007-10-20 14:19 6,058,496 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-20 14:19 2,455,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-10-20 14:19 459,264 --a------ C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-20 14:19 383,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-20 14:19 267,776 --a------ C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-20 14:19 63,488 --a------ C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-20 14:19 52,224 --a------ C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-20 14:19 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2007-10-20 14:19 13,824 --a------ C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-19 20:57 <REP> d-------- C:\Program Files\City of Heroes
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-17 17:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-17 17:01 1,169,440 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-17 16:57 24,408,864 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-17 16:56 331,088 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-17 16:56 111,704 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-17 15:49 --------- d-----w C:\Documents and Settings\Maxoo\Application Data\uTorrent
2007-11-17 10:40 --------- d-----w C:\Documents and Settings\Maxoo\Application Data\vlc
2007-11-17 10:40 --------- d-----w C:\Documents and Settings\Maxoo\Application Data\ma-config.com
2007-11-17 10:40 --------- d-----w C:\Documents and Settings\Maxoo\Application Data\LimeWire
2007-11-17 10:40 --------- d-----w C:\Documents and Settings\Maxoo\Application Data\IDM
2007-11-17 10:39 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-11-17 10:39 --------- d-----w C:\Program Files\uTorrent
2007-11-17 10:39 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-11-17 10:39 --------- d-----w C:\Program Files\ThiWeb Live 2
2007-11-17 10:39 --------- d-----w C:\Program Files\Services en ligne
2007-11-17 10:38 --------- d-----w C:\Program Files\SAGEM Wi-Fi USB 802.11g
2007-11-17 10:38 --------- d-----w C:\Program Files\RocketDock
2007-11-17 10:38 --------- d-----w C:\Program Files\RKLauncher
2007-11-17 10:38 --------- d-----w C:\Program Files\QuickTime
2007-11-17 10:38 --------- d-----w C:\Program Files\podXP
2007-11-17 10:38 --------- d-----w C:\Program Files\ONES Trial (F)
2007-11-17 10:38 --------- d-----w C:\Program Files\MSBuild
2007-11-17 10:38 --------- d-----w C:\Program Files\Microsoft Works
2007-11-17 10:37 --------- d-s---w C:\Program Files\Fichiers communs\Teknum Systems
2007-11-17 10:37 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-11-17 10:37 --------- d-----w C:\Program Files\ma-config.com
2007-11-17 10:37 --------- d-----w C:\Program Files\LimeWire
2007-11-17 10:37 --------- d-----w C:\Program Files\LClock
2007-11-17 10:37 --------- d-----w C:\Program Files\FileZilla
2007-11-17 10:37 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-11-17 10:33 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-11-17 10:33 --------- d-----w C:\Program Files\eMule
2007-11-17 10:31 --------- d-----w C:\Program Files\Dofus
2007-11-17 10:31 --------- d-----w C:\Program Files\DAEMON Tools
2007-11-17 10:31 --------- d-----w C:\Program Files\CursorXP
2007-11-17 10:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-17 10:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-11-17 10:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2007-11-17 10:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-17 10:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-17 09:22 1,310,720 ---ha-w C:\Documents and Settings\_Joel_Mondet_\NTUSER.DAT
2007-10-28 08:09 --------- d-----w C:\Documents and Settings\Maxoo\Application Data\DMCache
2007-10-27 15:02 --------- d-s---w C:\Documents and Settings\_Joel_Mondet_\Application Data\Microsoft
2007-10-19 12:44 --------- d-----w C:\Documents and Settings\Maxoo\Application Data\Screenshot Sender
2007-10-05 16:51 --------- d-----w C:\Program Files\MSXML 6.0
2007-10-04 18:32 --------- d-----w C:\Program Files\Microsoft Etudes
2007-10-04 18:28 --------- d-----w C:\Program Files\Learning Essentials
2007-10-03 19:12 --------- d-----w C:\Program Files\Internet Download Manager
2007-09-30 14:03 --------- d-----w C:\Documents and Settings\Maxoo\Application Data\Windows Desktop Search
2007-09-28 19:23 --------- d-----w C:\Program Files\Windows Live
2007-09-28 19:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-28 19:18 --------- d-----w C:\Program Files\NCSoft
2007-09-26 17:48 --------- d-----w C:\Program Files\Windows Desktop Search
2007-09-24 20:56 --------- d-----w C:\Documents and Settings\Maxoo\Application Data\Ahead
2007-09-24 20:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2007-09-24 20:54 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-09-24 20:51 --------- d-----w C:\Program Files\Nero
2007-09-24 20:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-08-31 23:18 97,391 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2007-07-06 23:09:00 19,627,329 --sha-r C:\WINDOWS\system32\ControlPack.exe
2007-03-31 22:14:06 729,088 --sha-r C:\WINDOWS\system32\Desk.exe
2005-10-28 19:22:47 732,160 --sha-r C:\WINDOWS\system32\gfc.exe
2005-10-28 18:53:45 997,774 --sha-r C:\WINDOWS\system32\gms.exe
2005-10-28 19:26:53 731,009 --sha-r C:\WINDOWS\system32\gmsv.exe
2006-02-16 11:49:22 890,987 --sha-r C:\WINDOWS\system32\gpack Auror.scr
2006-02-28 20:51:26 1,675,776 --sha-r C:\WINDOWS\system32\GPack Aurora.scr
2006-02-28 20:23:40 1,185,280 --sha-r C:\WINDOWS\system32\GPack Bubbles.scr
2005-04-27 13:39:00 95,744 --sha-r C:\WINDOWS\system32\GPack Cyclone.scr
2005-04-27 13:39:02 81,408 --sha-r C:\WINDOWS\system32\GPack FieldLines.scr
2005-04-27 13:39:02 77,824 --sha-r C:\WINDOWS\system32\GPack Flocks.scr
2005-04-27 13:39:02 1,724,416 --sha-r C:\WINDOWS\system32\GPack Lattice.scr
2006-03-03 06:12:34 529,408 --sha-r C:\WINDOWS\system32\GPack Mystify.scr
2005-04-27 13:39:02 57,344 --sha-r C:\WINDOWS\system32\GPack Plasma.scr
2006-02-28 20:51:32 529,408 --sha-r C:\WINDOWS\system32\GPack Ribbons.scr
2005-04-27 13:39:02 69,632 --sha-r C:\WINDOWS\system32\GPack SolarWinds.scr
2005-09-21 02:12:10 418,304 --sha-w C:\WINDOWS\system32\GPack.scr
2005-10-28 19:24:36 960,385 --sha-r C:\WINDOWS\system32\gpr.exe
2005-10-28 19:25:35 705,422 --sha-r C:\WINDOWS\system32\gsig.exe
2005-10-28 19:00:30 766,832 --sha-r C:\WINDOWS\system32\gslt.exe
2005-10-28 18:56:10 736,129 --sha-r C:\WINDOWS\system32\gsp.exe
2007-05-03 18:26:34 276,480 --sha-r C:\WINDOWS\system32\ThumbSizer.exe
2007-05-08 13:05:06 503,808 --sha-r C:\WINDOWS\system32\ViStart.exe
2006-05-28 07:37:10 36,864 --sha-r C:\WINDOWS\system32\VisualTaskTips.exe
2007-04-25 05:15:44 1,009,152 --sha-r C:\WINDOWS\system32\VisualToolTip.exe
2006-03-23 20:45:56 2,433,024 --sha-r C:\WINDOWS\system32\mui\0C0A\Cursors.exe
2005-09-15 13:30:00 2,359,296 --sha-r C:\WINDOWS\system32\mui\0C0A\run.exe
2007-03-29 02:35:48 228,525 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers0.exe
2007-03-29 02:37:36 172,537 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers1.exe
2007-03-29 02:41:05 152,909 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers10.exe
2007-03-29 02:41:29 210,310 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers11.exe
2007-03-29 02:41:46 204,410 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers12.exe
2007-03-29 02:42:08 220,781 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers13.exe
2007-03-29 02:42:25 409,400 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers14.exe
2007-03-29 02:42:53 485,825 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers15.exe
2007-03-29 02:43:08 126,803 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers16.exe
2007-03-29 02:43:25 90,275 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers17.exe
2007-03-29 02:43:41 96,042 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers18.exe
2007-03-29 11:48:25 232,604 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers19.exe
2007-03-29 02:37:05 167,807 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers2.exe
2007-06-20 16:10:57 189,049 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers20.exe
2007-06-20 16:10:28 174,231 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers21.exe
2007-06-20 16:11:32 156,033 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers22.exe
2007-06-20 16:14:40 200,503 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers23.exe
2007-06-20 16:23:26 222,615 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers24.exe
2007-06-20 16:23:58 178,552 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers25.exe
2007-06-20 16:26:18 312,710 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers26.exe
2007-06-20 16:26:42 297,352 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers27.exe
2007-06-20 16:27:17 268,346 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers28.exe
2007-06-20 16:27:49 231,000 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers29.exe
2007-03-29 02:37:58 236,423 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers3.exe
2007-06-20 16:28:10 272,014 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers30.exe
2007-06-20 16:33:10 211,922 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers31.exe
2007-06-20 16:28:46 205,414 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers32.exe
2007-06-20 16:34:56 195,560 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers33.exe
2007-06-20 16:35:31 257,213 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers34.exe
2007-06-20 16:35:45 240,530 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers35.exe
2007-06-20 16:35:59 345,679 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers36.exe
2007-06-20 16:39:16 233,424 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers37.exe
2007-06-20 16:39:37 186,406 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers38.exe
2007-06-20 16:39:52 179,637 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers39.exe
2007-03-29 02:38:23 184,489 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers4.exe
2007-03-29 02:38:47 280,148 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers5.exe
2007-03-29 02:39:05 153,250 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers6.exe
2007-03-29 02:39:31 117,405 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers7.exe
2007-03-29 02:40:18 188,106 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers8.exe
2007-03-29 02:40:43 164,351 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers9.exe
2007-03-30 02:06:30 116,869 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\BLUE\BLUE.exe
2007-03-30 02:07:16 117,435 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\RED\RED.exe
2007-07-01 19:01:46 11,179,752 --sha-w C:\WINDOWS\system32\oobe\html\iconnect\Root.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 11:51]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 10:45]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 20:21]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-08-16 15:19]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" [2007-01-17 13:47]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\WINDOWS\\GShellpack\\WindowBlinds\\wbsrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk
backup=C:\WINDOWS\pss\Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
C:\Program Files\RocketDock\RocketDock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys
R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS
R3 STAC97NA;SigmaTel 3D Environmental Audio;C:\WINDOWS\system32\drivers\stac97na.sys
R3 STAC97NH;STAC97NH;C:\WINDOWS\system32\drivers\stac97nh.sys
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
R3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 V90drv;v90drv;C:\WINDOWS\system32\DRIVERS\v90drv.sys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-17 14:05:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-16 16:52:42 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 18:01:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-11-17 18:04:56 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-17 16:48
.
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:13:48, on 17/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ThiWeb Live 2\thiweblive.exe
C:\Program Files\Trend Micro\HijackThis\SCANNER.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://blackle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr [...] NPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 4679209608
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 6819 bytes
Je viens de me rendre compte que mon anti-virus ne marchais plus. Que la version d'essaie était fini quoi...
Vous pouvez me proposer un anti-virus par trés gourmand en mémire vive et efficace ? :s
bonjours,
Tout depend combien de memoire vive tu possede
Le meuilleur que pas mal vont te proposer est Avira AntiVir
Raison : J'etais infester pendant pas mal de temps et je lancais tout les jours avast mais sans resultats covainquant, toujours aucun virus trouver
Puis angeldark ma conseiller antivir, il a trouver un bon paquet de virus
resultat : prend Avira AntiVir
bien evidement, cela est mon choix
Répondre à master-univers
Ouh là je sais pas ce qui m'a pris, j'ai oublié plein de fichiers ^^ !
Tu prendras antivir mais après.
Copie le texte se situant dans le cadre ci-dessous :
File::
|
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
Répondre à XmichouX
ComboFix 07-11-08.1 - Maxoo 2007-11-17 16:15:21.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.556 [GMT 1:00]
Running from: C:\Documents and Settings\Maxoo\Bureau\ComboFix.exe
* Created a new restore point
.
Incapable d'obtenir les privilèges Système
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\Documents and Settings\Maxoo\Bureau\Live Safety Center.lnk
C:\Documents and Settings\Maxoo\Bureau\Online Security Guide.lnk
C:\Documents and Settings\Maxoo\Favoris\Online Security Guide.lnk
C:\WINDOWS\system32\__c0042D26.dat
C:\WINDOWS\system32\__c00AAD69.dat
C:\WINDOWS\system32\bccdd.bak1
C:\WINDOWS\system32\bccdd.ini
C:\WINDOWS\system32\ddccb.dll
C:\WINDOWS\system32\eokdqtfo.exe
C:\WINDOWS\system32\gxidfasm.dllbox
C:\WINDOWS\system32\mvdaanig.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-17 to 2007-11-17 ))))))))))))))))))))))))))))))))))))
.
2007-11-17 16:06 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-17 15:28 <REP> d-------- C:\VundoFix Backups
2007-11-17 14:49 <REP> d-------- C:\Program Files\Trend Micro
2007-11-17 14:35 <REP> d-------- C:\Program Files\CCleaner
2007-11-17 14:26 82,496 --a------ C:\WINDOWS\system32\ihglldbo.dll
2007-11-17 14:23 144,480 --------- C:\WINDOWS\system32\gxidfasm.dll
2007-11-17 14:23 144,480 --a------ C:\WINDOWS\system32\dkuopwgy.dll
2007-11-17 14:20 85,056 --------- C:\WINDOWS\system32\atqajvdt.dll
2007-11-17 12:20 85,056 --a------ C:\WINDOWS\system32\fexbghby.dll
2007-11-17 12:17 82,496 --a------ C:\WINDOWS\system32\cndnbdxu.dll
2007-11-17 12:14 144,480 --a------ C:\WINDOWS\system32\wnxgdvhj.dll
2007-11-17 12:11 71,232 --a------ C:\WINDOWS\system32\wmyybcsp.exe
2007-11-17 12:09 71,232 --a------ C:\WINDOWS\system32\hhhumdbe.exe
2007-11-17 11:50 71,232 --a------ C:\WINDOWS\system32\dipediqa.exe
2007-11-17 07:35 <REP> d-------- C:\WINDOWS\Performance
2007-11-17 07:34 <REP> d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2007-11-17 07:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2007-11-17 07:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2007-11-17 00:09 <REP> d-------- C:\Program Files\SlySoft
2007-11-15 12:48 <REP> d-------- C:\Program Files\Mozilla Thunderbird
2007-11-15 12:48 <REP> d-------- C:\Documents and Settings\Maxoo\Application Data\Thunderbird
2007-11-14 14:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-14 14:29 71,232 --a------ C:\WINDOWS\system32\hpvjcxuq.exe
2007-11-13 00:48 <REP> d-------- C:\COMPUTER
2007-11-12 21:59 <REP> d-------- C:\Program Files\Skype
2007-11-12 21:59 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2007-11-12 21:59 <REP> d-------- C:\Documents and Settings\Maxoo\Application Data\Skype
2007-11-12 21:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-11-11 15:15 <REP> d-------- C:\Program Files\iPod
2007-11-11 15:14 <REP> d-------- C:\Program Files\iTunes
2007-11-10 19:22 81,472 --a------ C:\WINDOWS\system32\owujxoru.dll
2007-11-10 19:16 71,232 --a------ C:\WINDOWS\system32\wtiqjgvo.exe
2007-11-09 22:37 77,888 --a------ C:\WINDOWS\system32\oubntnnl.dll
2007-11-09 20:29 77,888 --a------ C:\WINDOWS\system32\fdlnrkvr.dll
2007-11-09 14:24 77,888 --a------ C:\WINDOWS\system32\dtxrwpls.dll
2007-11-09 14:21 88,128 --a------ C:\WINDOWS\system32\kusqapeh.dll
2007-11-08 23:08 71,232 --a------ C:\WINDOWS\system32\agbnndww.exe
2007-11-08 18:25 86,080 --a------ C:\WINDOWS\system32\vdeeujbq.dll
2007-11-08 18:13 71,232 --a------ C:\WINDOWS\system32\oktojplv.exe
2007-11-07 16:46 86,080 --a------ C:\WINDOWS\system32\cbidoxxs.dll
2007-11-07 16:43 79,936 --a------ C:\WINDOWS\system32\gjrmubfu.dll
2007-11-07 16:37 71,232 --a------ C:\WINDOWS\system32\rrvyrijp.exe
2007-11-07 16:30 <REP> d-------- C:\Program Files\directx
2007-11-07 16:29 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2007-11-07 16:28 <REP> d-------- C:\Program Files\Labtec
2007-11-06 20:50 81,472 --a------ C:\WINDOWS\system32\fnrkjkmp.dll
2007-11-06 16:43 71,232 --a------ C:\WINDOWS\system32\luetcjwi.exe
2007-11-06 11:31 81,472 --a------ C:\WINDOWS\system32\ghfpbrnt.dll
2007-11-06 11:28 87,104 --a------ C:\WINDOWS\system32\tqmifhjr.dll
2007-11-05 23:29 85,568 --a------ C:\WINDOWS\system32\cojukuso.dll
2007-11-05 23:27 83,008 --a------ C:\WINDOWS\system32\jeceeukq.dll
2007-11-05 10:49 85,568 --a------ C:\WINDOWS\system32\lkpyimjf.dll
2007-11-05 10:46 83,008 --a------ C:\WINDOWS\system32\txivoriy.dll
2007-11-04 21:08 <REP> d-------- C:\Program Files\Apple Software Update
2007-11-01 17:02 <REP> d-------- C:\Documents and Settings\_Joel_Mondet_\Application Data\Macromedia
2007-11-01 16:55 <REP> d-------- C:\Documents and Settings\_Joel_Mondet_\Application Data\Mozilla
2007-10-27 16:02 <REP> d-------- C:\Documents and Settings\_Joel_Mondet_\Application Data\Windows Desktop Search
2007-10-20 14:19 6,058,496 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-20 14:19 2,455,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-10-20 14:19 459,264 --a------ C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-20 14:19 383,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-20 14:19 267,776 --a------ C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-20 14:19 63,488 --a------ C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-20 14:19 52,224 --a------ C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-20 14:19 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2007-10-20 14:19 13,824 --a------ C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-19 20:57 <REP> d-------- C:\Program Files\City of Heroes
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-17 15:43 24,364,064 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-17 15:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-17 15:32 1,165,600 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-17 15:31 330,464 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-17 15:31 111,368 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-17 15:30 --------- d-----w C:\Documents and Settings\Maxoo\Application Data\uTorrent
2007-11-17 10:40 --------- d-----w C:\Documents and Settings\Maxoo\Application Data\vlc
2007-11-17 10:40 --------- d-----w C:\Documents and Settings\Maxoo\Application Data\ma-config.com
2007-11-17 10:40 --------- d-----w C:\Documents and Settings\Maxoo\Application Data\LimeWire
2007-11-17 10:40 --------- d-----w C:\Documents and Settings\Maxoo\Application Data\IDM
2007-11-17 10:39 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-11-17 10:39 --------- d-----w C:\Program Files\uTorrent
2007-11-17 10:39 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-11-17 10:39 --------- d-----w C:\Program Files\ThiWeb Live 2
2007-11-17 10:39 --------- d-----w C:\Program Files\Services en ligne
2007-11-17 10:38 --------- d-----w C:\Program Files\SAGEM Wi-Fi USB 802.11g
2007-11-17 10:38 --------- d-----w C:\Program Files\RocketDock
2007-11-17 10:38 --------- d-----w C:\Program Files\RKLauncher
2007-11-17 10:38 --------- d-----w C:\Program Files\QuickTime
2007-11-17 10:38 --------- d-----w C:\Program Files\podXP
2007-11-17 10:38 --------- d-----w C:\Program Files\ONES Trial (F)
2007-11-17 10:38 --------- d-----w C:\Program Files\MSBuild
2007-11-17 10:38 --------- d-----w C:\Program Files\Microsoft Works
2007-11-17 10:37 --------- d-s---w C:\Program Files\Fichiers communs\Teknum Systems
2007-11-17 10:37 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-11-17 10:37 --------- d-----w C:\Program Files\ma-config.com
2007-11-17 10:37 --------- d-----w C:\Program Files\LimeWire
2007-11-17 10:37 --------- d-----w C:\Program Files\LClock
2007-11-17 10:37 --------- d-----w C:\Program Files\FileZilla
2007-11-17 10:37 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-11-17 10:33 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-11-17 10:33 --------- d-----w C:\Program Files\eMule
2007-11-17 10:31 --------- d-----w C:\Program Files\Dofus
2007-11-17 10:31 --------- d-----w C:\Program Files\DAEMON Tools
2007-11-17 10:31 --------- d-----w C:\Program Files\CursorXP
2007-11-17 10:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-17 10:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-11-17 10:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2007-11-17 10:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-17 10:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-17 09:22 1,310,720 ---ha-w C:\Documents and Settings\_Joel_Mondet_\NTUSER.DAT
2007-10-28 08:09 --------- d-----w C:\Documents and Settings\Maxoo\Application Data\DMCache
2007-10-27 15:02 --------- d-s---w C:\Documents and Settings\_Joel_Mondet_\Application Data\Microsoft
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-19 12:44 --------- d-----w C:\Documents and Settings\Maxoo\Application Data\Screenshot Sender
2007-10-05 16:51 --------- d-----w C:\Program Files\MSXML 6.0
2007-10-04 18:32 --------- d-----w C:\Program Files\Microsoft Etudes
2007-10-04 18:28 --------- d-----w C:\Program Files\Learning Essentials
2007-10-03 19:12 --------- d-----w C:\Program Files\Internet Download Manager
2007-09-30 14:03 --------- d-----w C:\Documents and Settings\Maxoo\Application Data\Windows Desktop Search
2007-09-28 19:23 --------- d-----w C:\Program Files\Windows Live
2007-09-28 19:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-28 19:18 --------- d-----w C:\Program Files\NCSoft
2007-09-26 17:48 --------- d-----w C:\Program Files\Windows Desktop Search
2007-09-24 20:56 --------- d-----w C:\Documents and Settings\Maxoo\Application Data\Ahead
2007-09-24 20:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2007-09-24 20:54 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-09-24 20:51 --------- d-----w C:\Program Files\Nero
2007-09-24 20:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-08-31 23:18 97,391 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2007-08-22 12:57 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-08-22 12:57 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-08-22 12:57 1,498,624 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-08-22 12:57 1,056,768 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-08-22 12:57 1,023,488 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 13:29 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 09:59 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 09:59 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 09:59 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 09:59 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 09:59 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 09:59 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 09:59 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 09:59 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 09:59 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 09:59 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 09:59 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 09:59 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 09:59 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 09:59 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 09:59 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 09:59 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 10:22 63,488 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 10:22 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 07:34 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-07-06 23:09:00 19,627,329 --sha-r C:\WINDOWS\system32\ControlPack.exe
2007-03-31 22:14:06 729,088 --sha-r C:\WINDOWS\system32\Desk.exe
2005-10-28 19:22:47 732,160 --sha-r C:\WINDOWS\system32\gfc.exe
2005-10-28 18:53:45 997,774 --sha-r C:\WINDOWS\system32\gms.exe
2005-10-28 19:26:53 731,009 --sha-r C:\WINDOWS\system32\gmsv.exe
2006-02-16 11:49:22 890,987 --sha-r C:\WINDOWS\system32\gpack Auror.scr
2006-02-28 20:51:26 1,675,776 --sha-r C:\WINDOWS\system32\GPack Aurora.scr
2006-02-28 20:23:40 1,185,280 --sha-r C:\WINDOWS\system32\GPack Bubbles.scr
2005-04-27 13:39:00 95,744 --sha-r C:\WINDOWS\system32\GPack Cyclone.scr
2005-04-27 13:39:02 81,408 --sha-r C:\WINDOWS\system32\GPack FieldLines.scr
2005-04-27 13:39:02 77,824 --sha-r C:\WINDOWS\system32\GPack Flocks.scr
2005-04-27 13:39:02 1,724,416 --sha-r C:\WINDOWS\system32\GPack Lattice.scr
2006-03-03 06:12:34 529,408 --sha-r C:\WINDOWS\system32\GPack Mystify.scr
2005-04-27 13:39:02 57,344 --sha-r C:\WINDOWS\system32\GPack Plasma.scr
2006-02-28 20:51:32 529,408 --sha-r C:\WINDOWS\system32\GPack Ribbons.scr
2005-04-27 13:39:02 69,632 --sha-r C:\WINDOWS\system32\GPack SolarWinds.scr
2005-09-21 02:12:10 418,304 --sha-w C:\WINDOWS\system32\GPack.scr
2005-10-28 19:24:36 960,385 --sha-r C:\WINDOWS\system32\gpr.exe
2005-10-28 19:25:35 705,422 --sha-r C:\WINDOWS\system32\gsig.exe
2005-10-28 19:00:30 766,832 --sha-r C:\WINDOWS\system32\gslt.exe
2005-10-28 18:56:10 736,129 --sha-r C:\WINDOWS\system32\gsp.exe
2007-05-03 18:26:34 276,480 --sha-r C:\WINDOWS\system32\ThumbSizer.exe
2007-05-08 13:05:06 503,808 --sha-r C:\WINDOWS\system32\ViStart.exe
2006-05-28 07:37:10 36,864 --sha-r C:\WINDOWS\system32\VisualTaskTips.exe
2007-04-25 05:15:44 1,009,152 --sha-r C:\WINDOWS\system32\VisualToolTip.exe
2006-03-23 20:45:56 2,433,024 --sha-r C:\WINDOWS\system32\mui\0C0A\Cursors.exe
2005-09-15 13:30:00 2,359,296 --sha-r C:\WINDOWS\system32\mui\0C0A\run.exe
2007-03-29 02:35:48 228,525 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers0.exe
2007-03-29 02:37:36 172,537 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers1.exe
2007-03-29 02:41:05 152,909 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers10.exe
2007-03-29 02:41:29 210,310 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers11.exe
2007-03-29 02:41:46 204,410 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers12.exe
2007-03-29 02:42:08 220,781 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers13.exe
2007-03-29 02:42:25 409,400 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers14.exe
2007-03-29 02:42:53 485,825 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers15.exe
2007-03-29 02:43:08 126,803 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers16.exe
2007-03-29 02:43:25 90,275 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers17.exe
2007-03-29 02:43:41 96,042 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers18.exe
2007-03-29 11:48:25 232,604 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers19.exe
2007-03-29 02:37:05 167,807 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers2.exe
2007-06-20 16:10:57 189,049 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers20.exe
2007-06-20 16:10:28 174,231 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers21.exe
2007-06-20 16:11:32 156,033 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers22.exe
2007-06-20 16:14:40 200,503 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers23.exe
2007-06-20 16:23:26 222,615 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers24.exe
2007-06-20 16:23:58 178,552 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers25.exe
2007-06-20 16:26:18 312,710 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers26.exe
2007-06-20 16:26:42 297,352 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers27.exe
2007-06-20 16:27:17 268,346 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers28.exe
2007-06-20 16:27:49 231,000 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers29.exe
2007-03-29 02:37:58 236,423 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers3.exe
2007-06-20 16:28:10 272,014 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers30.exe
2007-06-20 16:33:10 211,922 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers31.exe
2007-06-20 16:28:46 205,414 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers32.exe
2007-06-20 16:34:56 195,560 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers33.exe
2007-06-20 16:35:31 257,213 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers34.exe
2007-06-20 16:35:45 240,530 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers35.exe
2007-06-20 16:35:59 345,679 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers36.exe
2007-06-20 16:39:16 233,424 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers37.exe
2007-06-20 16:39:37 186,406 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers38.exe
2007-06-20 16:39:52 179,637 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers39.exe
2007-03-29 02:38:23 184,489 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers4.exe
2007-03-29 02:38:47 280,148 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers5.exe
2007-03-29 02:39:05 153,250 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers6.exe
2007-03-29 02:39:31 117,405 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers7.exe
2007-03-29 02:40:18 188,106 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers8.exe
2007-03-29 02:40:43 164,351 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\Wallpapers9.exe
2007-03-30 02:06:30 116,869 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\BLUE\BLUE.exe
2007-03-30 02:07:16 117,435 --sha-r C:\WINDOWS\system32\mui\0C0A\AutoPlay\Docs\RED\RED.exe
2007-07-01 19:01:46 11,179,752 --sha-w C:\WINDOWS\system32\oobe\html\iconnect\Root.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-17 14:23 144480 --------- C:\WINDOWS\system32\gxidfasm.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c113905f-b207-43b2-af7f-b7e373648742}]
2007-11-17 14:26 82496 --a------ C:\WINDOWS\system32\ihglldbo.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\gxidfasm.dll [2007-11-17 14:23 144480]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\gxidfasm.dll [2007-11-17 14:23 144480]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 11:51]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 10:45]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 20:21]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-08-16 15:19]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" [2007-01-17 13:47]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="logonuiX.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gxidfasm]
gxidfasm.dll 2007-11-17 14:23 144480 C:\WINDOWS\system32\gxidfasm.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\WINDOWS\\GShellpack\\WindowBlinds\\wbsrv.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddccb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk
backup=C:\WINDOWS\pss\Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
C:\Program Files\RocketDock\RocketDock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-17 14:05:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-16 16:52:42 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 16:43:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-17 16:48:00 - machine was rebooted
.
--- E O F ---
et
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:11, on 2007-11-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\SCANNER.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://blackle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr [...] NPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 4679209608
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 6957 bytes
Tu n'as pas correctement fais le script avec combofix apparemment.
Refais-le/
Répondre à XmichouX
Oui j'ai essayé de le refaire ca n'a toujours pas marché, je comprends pas trop.
Bref, les bulles sont partis Merci beaucoup !
J'ai installé Antivir !
Tout va bien 
Bon on essaie une dernière fois avec Combofix..
Copie le texte se situant dans le cadre ci-dessous :
File::
|
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
Répondre à XmichouX
Il y a 2218 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
