J'envoie des mails publicitaires a mes proches ! comment arreter ça !!

29 Décembre 2007 11:35:28

Bonjour,

Je vous ecris car je suis confronté a un gros probleme de spam je pense. Depuis quelque mois mes proches recoivent de ma part ( de ma propre adresse mail) des mails publicitaires a frequence de 2 a 3 par semaine ! Hors ce n'est pas moi qui les envoie je pense que c'est un virus ou un logiciel malveillant !!!

Pouvez ous me dire si vous avez deja rencontré ce rpobleme et ou comment s'en debarrasser une bonnefois pour toute svp !

Etant vos reponses car je suis a bout !

Merci

Autres pages sur : envoie mails publicitaires proches arreter

| Etre averti des réponses
| Alerter

Répondre à angel-theparasite

Angeldark

29 Décembre 2007 13:13:16

Bonjour,

Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

| Alerter

Répondre à Angeldark

angel-theparasite

29 Décembre 2007 19:22:22

Voici le rapport d'Hijackthis comme tu me l'as demandé:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:23:59, on 29/12/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Documents and Settings\Alex\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\System32\mllmk.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [e072610c] rundll32.exe "C:\WINDOWS\System32\waobglch.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger les tous avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{83AAB61E-ED3D-426F-AF5F-CD046D755757}: NameServer = 212.27.54.252,212.27.53.252
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

--
End of file - 5134 bytes

| Alerter

Répondre à angel-theparasite

Angeldark

30 Décembre 2007 19:12:16

Bonjour,

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

Double-clique VundoFix.exe afin de le lancer

Clique sur le bouton Scan for Vundo

Lorsque le scan est complété, clique sur le bouton Remove Vundo

Une invite te demandera si tu veux supprimer les fichiers, clique YES

Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers

Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK

Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

| Alerter

Répondre à Angeldark

angel-theparasite

30 Décembre 2007 21:22:14

Rapport de VUndo :

VundoFix V6.5.10

Checking Java version...

Scan started at 12:15:55 23/10/2007

Listing files found while scanning....

C:\windows\system32\hspaiwoj.dll
C:\windows\system32\jowiapsh.ini
C:\WINDOWS\System32\kqhuhfca.dll
C:\windows\system32\lnvcajsm.dll
C:\windows\system32\msjacvnl.ini
C:\WINDOWS\System32\usxgvjyw.dll

Beginning removal...

Attempting to delete C:\windows\system32\hspaiwoj.dll
C:\windows\system32\hspaiwoj.dll Has been deleted!

Attempting to delete C:\windows\system32\jowiapsh.ini
C:\windows\system32\jowiapsh.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\kqhuhfca.dll
C:\WINDOWS\System32\kqhuhfca.dll Has been deleted!

Attempting to delete C:\windows\system32\lnvcajsm.dll
C:\windows\system32\lnvcajsm.dll Has been deleted!

Attempting to delete C:\windows\system32\msjacvnl.ini
C:\windows\system32\msjacvnl.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\usxgvjyw.dll
C:\WINDOWS\System32\usxgvjyw.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.7.7

Checking Java version...

Scan started at 21:09:22 30/12/2007

Listing files found while scanning....

C:\WINDOWS\system32\gyxtwmcx.dll
C:\WINDOWS\system32\kmllm.ini
C:\WINDOWS\system32\kmllm.ini2
C:\WINDOWS\system32\mllmk.dll
C:\WINDOWS\system32\mllmk.exe
C:\WINDOWS\system32\waobglch.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\gyxtwmcx.dll
C:\WINDOWS\system32\gyxtwmcx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kmllm.ini
C:\WINDOWS\system32\kmllm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\kmllm.ini2
C:\WINDOWS\system32\kmllm.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\mllmk.dll
C:\WINDOWS\system32\mllmk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mllmk.exe
C:\WINDOWS\system32\mllmk.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\waobglch.dll
C:\WINDOWS\system32\waobglch.dll Has been deleted!

Performing Repairs to the registry.
Done!

Rapport de Hisjackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:23:09, on 30/12/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray .exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Alex\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\System32\mllmk.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {AB9D98F7-8F43-4661-BA94-5A8B8B4F4E57} - C:\WINDOWS\System32\mllmk.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: {32905043-5cb4-d58b-9d04-5ca6bcbfadcf} - {fcdafbcb-6ac5-40d9-b85d-4bc534050923} - C:\WINDOWS\System32\gyxtwmcx.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [e072610c] rundll32.exe "C:\WINDOWS\System32\waobglch.dll",b
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger les tous avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{83AAB61E-ED3D-426F-AF5F-CD046D755757}: NameServer = 212.27.54.252,212.27.53.252
O20 - Winlogon Notify: desmon - C:\WINDOWS\
O20 - Winlogon Notify: dx7til - dx7til.dll (file missing)
O20 - Winlogon Notify: efccbba - C:\WINDOWS\
O20 - Winlogon Notify: khfffgf - khfffgf.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

--
End of file - 6654 bytes

| Alerter

Répondre à angel-theparasite

Angeldark

31 Décembre 2007 11:04:56

Re,

[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]

Télécharge Combofix.exe ([#ff0000]sUBs[/#f]) sur ton Bureau.

Double clique combofix.exe.

Tape sur la touche 1 (Yes) pour démarrer le scan.

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

| Alerter

Répondre à Angeldark

angel-theparasite

31 Décembre 2007 11:34:46

Re

Voici le rapport demandé :

ComboFix 07-12-31.4 - Alex 2007-12-31 12:22:10.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.216 [GMT 1:00]
Running from: C:\Documents and Settings\Alex\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\WINDOWS\system32\arvatonf.ini
C:\WINDOWS\system32\assvguct.ini
C:\WINDOWS\system32\bfecjtdv.ini
C:\WINDOWS\system32\bfpiyfms.ini
C:\WINDOWS\system32\bnivicad.ini
C:\WINDOWS\system32\bodcmbss.ini
C:\WINDOWS\system32\boicsakf.ini
C:\WINDOWS\system32\cffaoehd.ini
C:\WINDOWS\system32\cibgxbir.ini
C:\WINDOWS\system32\cjmoeqhl.ini
C:\WINDOWS\system32\csllauee.ini
C:\WINDOWS\system32\ctccqytb.ini
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\ctgggkdm.ini
C:\WINDOWS\system32\cvafhevg.ini
C:\WINDOWS\system32\cykwmxup.ini
C:\WINDOWS\system32\dvfjxplv.ini
C:\WINDOWS\system32\egymautc.ini
C:\WINDOWS\system32\eiqkhmsd.ini
C:\WINDOWS\system32\fblfject.ini
C:\WINDOWS\system32\fgpsjpjt.ini
C:\WINDOWS\system32\frdmstws.ini
C:\WINDOWS\system32\gdfjjpie.ini
C:\WINDOWS\system32\gkkmyblf.ini
C:\WINDOWS\system32\glsbwixp.ini
C:\WINDOWS\system32\gxsjatln.ini
C:\WINDOWS\system32\gxtxlqct.ini
C:\WINDOWS\system32\hmuoglxk.ini
C:\WINDOWS\system32\holwwpfh.ini
C:\WINDOWS\system32\hpnkgeii.ini
C:\WINDOWS\system32\hrtsdepa.ini
C:\WINDOWS\system32\httefifv.ini
C:\WINDOWS\system32\hyxhixeo.ini
C:\WINDOWS\system32\ifquifvj.ini
C:\WINDOWS\system32\ijynexer.ini
C:\WINDOWS\system32\ilksiwlw.ini
C:\WINDOWS\system32\isgahkrf.ini
C:\WINDOWS\system32\jfsntedn.ini
C:\WINDOWS\system32\jjxmrapd.ini
C:\WINDOWS\system32\jkpwhjcd.ini
C:\WINDOWS\system32\jpguhype.ini
C:\WINDOWS\system32\kadlaxgs.ini
C:\WINDOWS\system32\kedpgsfx.ini
C:\WINDOWS\system32\kfgcceeu.ini
C:\WINDOWS\system32\kmllm.ini
C:\WINDOWS\system32\kmllm.ini2
C:\WINDOWS\system32\kwosiykf.ini
C:\WINDOWS\system32\kxxahidu.ini
C:\WINDOWS\system32\lbqwnjwn.ini
C:\WINDOWS\system32\lwhutpcq.ini
C:\WINDOWS\system32\lycyxbxh.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mkrxmmaa.ini
C:\WINDOWS\system32\mllmk.dll
C:\WINDOWS\system32\mllmk.exe
C:\WINDOWS\system32\nhcsunwk.ini
C:\WINDOWS\system32\obowwtsw.ini
C:\WINDOWS\system32\oolacjuq.ini
C:\WINDOWS\system32\pdnsbrkb.ini
C:\WINDOWS\system32\plrmpqqb.ini
C:\WINDOWS\system32\pofavgvh.ini
C:\WINDOWS\system32\pxkpygcp.ini
C:\WINDOWS\system32\qheedcbj.ini
C:\WINDOWS\system32\qmtkxqop.ini
C:\WINDOWS\system32\qssgblxa.ini
C:\WINDOWS\system32\reikyvco.ini
C:\WINDOWS\system32\rfnkjdhw.ini
C:\WINDOWS\system32\riqxhxqc.ini
C:\WINDOWS\system32\rpltkhiy.ini
C:\WINDOWS\system32\sdmoiuir.ini
C:\WINDOWS\system32\srkespuf.ini
C:\WINDOWS\system32\sttwymvf.ini
C:\WINDOWS\system32\tkkmnyun.ini
C:\WINDOWS\system32\tqhtfylm.ini
C:\WINDOWS\system32\tulycpsw.ini
C:\WINDOWS\system32\ujyokebe.ini
C:\WINDOWS\system32\uksdnaog.ini
C:\WINDOWS\system32\vjrjsanf.ini
C:\WINDOWS\system32\vxbhbmff.ini
C:\WINDOWS\system32\whgqkbvu.ini
C:\WINDOWS\system32\wnlsoucs.ini
C:\WINDOWS\system32\wqbgfufd.ini
C:\WINDOWS\system32\wriwtxml.ini
C:\WINDOWS\system32\wscdttjh.ini
C:\WINDOWS\system32\wyjvgxsu.ini
C:\WINDOWS\system32\xbyafxft.ini
C:\WINDOWS\system32\xjarwemw.ini
C:\WINDOWS\system32\xlaemnft.ini
C:\WINDOWS\system32\xnobvauk.ini
C:\WINDOWS\system32\xobepbvg.ini
C:\WINDOWS\system32\xqlhgkwe.ini
C:\WINDOWS\system32\yeevbcoi.ini
C:\WINDOWS\system32\ymcawsxd.ini
C:\WINDOWS\system32\yvcrvjnr.ini

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-28 to 2007-12-31 ))))))))))))))))))))))))))))))))))))
.

2007-12-31 12:20 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-30 17:52 . 2007-12-30 17:52 335,360 --a------ C:\WINDOWS\system32\RCX16.tmp
2007-12-30 16:47 . 2007-12-30 16:47 <REP> d-------- C:\Program Files\Trend Micro
2007-12-30 15:02 . 2007-12-30 17:57 54,584 --a------ C:\WINDOWS\system32\drivers\sbapifs.sys
2007-12-30 15:02 . 2007-12-30 15:02 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2007-12-30 15:01 . 2007-12-30 15:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2007-12-30 15:01 . 2007-12-30 15:01 <REP> d-------- C:\Documents and Settings\Alex\Application Data\Sunbelt Software
2007-12-30 11:52 . 2007-12-30 11:52 335,360 --a------ C:\WINDOWS\system32\RCX15.tmp
2007-12-29 16:38 . 2007-12-29 16:38 67 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2007-12-29 16:24 . 2007-12-29 16:24 335,360 --a------ C:\WINDOWS\system32\RCX14.tmp
2007-12-29 11:07 . 2007-12-29 11:07 335,360 --a------ C:\WINDOWS\system32\RCX10.tmp
2007-12-29 11:02 . 2007-12-29 11:02 335,360 --a------ C:\WINDOWS\system32\RCXD.tmp
2007-12-28 23:18 . 2007-12-28 23:18 <REP> d-------- C:\Program Files\Comptes et Budget Free V5.0
2007-12-28 23:18 . 2007-12-28 23:18 <REP> d-------- C:\Documents and Settings\Alex\Application Data\AlauxSoft
2007-12-27 19:38 . 2007-12-30 17:52 1,031,499 ---hs---- C:\WINDOWS\system32\hclgboaw.ini
2007-12-27 13:18 . 2007-12-30 15:00 <REP> d-------- C:\Program Files\Sunbelt Software
2007-12-26 18:08 . 2007-12-26 18:08 335,360 --a------ C:\WINDOWS\system32\RCX19.tmp
2007-12-26 17:39 . 2007-12-26 17:39 335,360 --a------ C:\WINDOWS\system32\RCX13.tmp
2007-12-26 11:53 . 2007-12-26 11:53 335,360 --a------ C:\WINDOWS\system32\RCX12.tmp
2007-12-25 19:31 . 2007-12-25 19:31 8,192 --ahs---- C:\WINDOWS\system32\Thumbs.db
2007-12-25 16:43 . 2006-03-16 11:19 54,960 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2007-12-25 16:43 . 2007-12-25 16:53 41,201 --a------ C:\WINDOWS\system32\vsconfig.xml
2007-12-24 11:31 . 2007-12-24 11:31 335,360 --a------ C:\WINDOWS\system32\RCX11.tmp
2007-12-23 23:37 . 2007-12-23 23:37 <REP> d-------- C:\Program Files\Freeplayer-Win32-20070531
2007-12-23 18:49 . 2007-12-23 18:49 335,360 --a------ C:\WINDOWS\system32\RCXB.tmp
2007-12-23 18:44 . 2007-12-23 18:44 335,360 --a------ C:\WINDOWS\system32\RCXA.tmp
2007-12-23 18:38 . 2007-12-23 18:38 335,360 --a------ C:\WINDOWS\system32\RCXF.tmp
2007-12-23 18:38 . 2007-12-23 18:38 0 --a------ C:\WINDOWS\system32\inflist.dat
2007-12-23 18:37 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-12-23 18:37 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-23 18:37 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-23 18:37 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-23 18:37 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-23 18:37 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-23 18:37 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-23 18:37 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-23 18:26 . 2007-12-23 18:26 335,360 --a------ C:\WINDOWS\system32\RCXE.tmp
2007-12-23 18:24 . 2007-12-23 18:24 <REP> d-------- C:\Documents and Settings\Alex\Application Data\Comodo
2007-12-23 18:20 . 2007-12-23 18:20 335,360 --a------ C:\WINDOWS\system32\RCXC.tmp
2007-12-23 18:18 . 2007-12-23 18:18 <REP> d-------- C:\Program Files\Trustix
2007-12-23 18:18 . 2006-05-03 12:09 73,728 --a------ C:\WINDOWS\system32\CavEmLSP.dll
2007-12-23 18:17 . 2007-12-23 18:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-12-23 18:16 . 2007-12-23 18:16 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-12-23 17:21 . 2007-12-23 17:21 335,360 --a------ C:\WINDOWS\system32\RCX8.tmp
2007-12-23 17:06 . 2007-12-23 17:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-12-23 17:01 . 2007-12-23 17:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-23 16:35 . 2007-12-23 16:35 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-23 11:56 . 2007-12-23 11:56 268 --ah----- C:\sqmdata08.sqm
2007-12-23 11:56 . 2007-12-23 11:56 244 --ah----- C:\sqmnoopt08.sqm
2007-12-22 11:19 . 2002-11-14 20:43 221,184 --a------ C:\WINDOWS\system32\srrstr.dll
2007-12-22 11:19 . 2002-11-14 20:43 221,184 --a--c--- C:\WINDOWS\system32\dllcache\srrstr.dll
2007-12-22 11:18 . 2007-12-22 11:18 <REP> d-------- C:\Program Files\MSXML 4.0
2007-12-20 23:51 . 2007-12-20 23:51 73 --a------ C:\WINDOWS\system32\i
2007-12-20 21:34 . 2007-12-20 21:34 30,945,280 --a------ C:\upload_moi.tar
2007-12-20 21:21 . 2007-12-20 21:21 1,635 --a------ C:\WINDOWS\system32\khyd.exe
2007-12-20 21:09 . 2007-12-23 17:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-20 20:58 . 2004-07-01 23:08 360,960 --a--c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2007-12-20 20:58 . 2004-07-01 23:08 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2007-12-20 20:58 . 2004-07-01 23:08 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-12-20 20:58 . 2004-07-01 23:08 17,408 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2007-12-20 20:58 . 2004-07-01 23:08 7,680 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2007-12-20 20:58 . 2004-07-01 23:08 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-12-20 20:58 . 2004-07-01 23:08 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2007-12-20 20:58 . 2004-07-01 23:08 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-12-20 20:53 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2007-12-20 20:53 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-12-20 20:53 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-12-20 20:53 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2007-12-20 13:19 . 2007-12-20 13:19 244 --ah----- C:\sqmnoopt07.sqm
2007-12-20 13:19 . 2007-12-20 13:19 232 --ah----- C:\sqmdata07.sqm
2007-12-20 13:12 . 2007-12-20 13:12 0 --a------ C:\WINDOWS\system32\bya.exe
2007-12-20 13:02 . 2007-12-20 13:02 244 --ah----- C:\sqmnoopt06.sqm
2007-12-20 13:02 . 2007-12-20 13:02 232 --ah----- C:\sqmdata06.sqm
2007-12-20 07:42 . 2007-12-30 11:22 13,312 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-20 07:17 . 2007-12-20 07:17 1,635 --a------ C:\WINDOWS\system32\sdbdmau.exe
2007-12-20 07:17 . 2007-12-20 07:17 1,635 --a------ C:\WINDOWS\system32\kifyptv.exe
2007-12-19 22:49 . 2007-12-19 22:49 1,635 --a------ C:\WINDOWS\system32\rybeul.exe
2007-12-19 22:24 . 2007-12-19 22:24 1,635 --a------ C:\WINDOWS\system32\vqmepih.exe
2007-12-19 22:24 . 2007-12-19 22:24 1,635 --a------ C:\WINDOWS\system32\hauoyq.exe
2007-12-19 21:34 . 2007-12-19 21:34 1,635 --a------ C:\WINDOWS\system32\wjmq.exe
2007-12-19 21:34 . 2007-12-19 21:34 1,635 --a------ C:\WINDOWS\system32\iixsvf.exe
2007-12-19 21:26 . 2007-12-19 21:26 1,635 --a------ C:\WINDOWS\system32\wrozlopw.exe
2007-12-19 21:26 . 2007-12-19 21:26 1,635 --a------ C:\WINDOWS\system32\bfgm.exe
2007-12-19 21:09 . 2007-12-19 21:09 1,635 --a------ C:\WINDOWS\system32\gkdinsmb.exe
2007-12-19 21:09 . 2007-12-19 21:09 1,635 --a------ C:\WINDOWS\system32\ajlkvmqc.exe
2007-12-19 20:52 . 2007-12-19 20:52 1,635 --a------ C:\WINDOWS\system32\texk.exe
2007-12-19 20:52 . 2007-12-19 20:52 1,635 --a------ C:\WINDOWS\system32\slfwqois.exe
2007-12-19 20:11 . 2007-12-19 20:11 118 --a------ C:\WINDOWS\system32\ysryk.bat
2007-12-19 20:10 . 2007-12-19 20:10 0 --ah----- C:\WINDOWS\system32\nnzl.exe
2007-12-19 19:00 . 2007-12-19 19:00 127 --a------ C:\WINDOWS\system32\kydky.bat
2007-12-19 19:00 . 2007-12-19 19:00 126 --a------ C:\WINDOWS\system32\thjo.bat
2007-12-19 19:00 . 2007-12-19 19:00 123 --a------ C:\WINDOWS\system32\ngknuci.bat
2007-12-19 18:56 . 2007-12-19 18:56 1,635 --a------ C:\WINDOWS\system32\ppbqo.exe
2007-12-19 18:43 . 2007-12-19 18:43 244 --ah----- C:\sqmnoopt05.sqm
2007-12-19 18:43 . 2007-12-19 18:43 232 --ah----- C:\sqmdata05.sqm
2007-12-19 18:39 . 2007-12-19 18:39 1,635 --a------ C:\WINDOWS\system32\hqlnopib.exe
2007-12-19 18:39 . 2007-12-19 18:39 1,635 --a------ C:\WINDOWS\system32\devdmwws.exe
2007-12-19 18:32 . 2007-12-19 18:32 244 --ah----- C:\sqmnoopt04.sqm
2007-12-19 18:32 . 2007-12-19 18:32 232 --ah----- C:\sqmdata04.sqm
2007-12-19 18:31 . 2007-12-19 18:31 1,635 --a------ C:\WINDOWS\system32\zsmvmr.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-31 11:28 --------- d-----w C:\Documents and Settings\Alex\Application Data\Free Download Manager
2007-12-31 11:19 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-12-30 16:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-30 13:50 --------- d-----w C:\Program Files\eMule
2007-12-29 22:57 --------- d-----w C:\Documents and Settings\Alex\Application Data\uTorrent
2007-12-26 17:08 147,968 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\MSConfig .exe
2007-12-23 17:16 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-12-22 10:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-20 19:03 --------- d-----w C:\Program Files\Navilog1
2007-12-19 11:37 134,656 ----a-w C:\WINDOWS\system32\sfc_os.dll
2007-12-17 19:16 --------- d-----w C:\Documents and Settings\Alex\Application Data\vlc
2007-12-15 23:25 12,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-12-15 19:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-30 17:39 --------- d-----w C:\Program Files\adslTV
2007-11-05 06:52 --------- d-----w C:\Program Files\Maïdo Production
2007-10-31 19:52 --------- d-----w C:\Program Files\Google
2007-10-31 17:28 39,424 ----a-w C:\WINDOWS\zipinst.exe
2007-10-20 09:31 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-10-10 18:44 18,312 ----a-w C:\Documents and Settings\Alex\Application Data\GDIPFONTCACHEV1.DAT
2007-07-31 17:31 65,273 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_07_31_13_38_26_small.dmp.zip
.

----a-w            79,224 2007-12-31 09:05:51  C:\Program Files\Alwil Software\Avast4\ashDisp .exe

----a-w            45,056 2007-12-22 16:04:25  C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon .exe

----a-w            68,856 2007-12-22 16:04:38  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe

----a-w         6,731,312 2007-12-22 11:00:41  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas        .exe

----a-w         6,731,312 2007-12-22 19:26:14  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe

----a-w           579,072 2007-12-22 16:06:09  C:\Program Files\Grisoft\AVG7\avgcc .exe

----a-w           146,432 2007-12-22 11:30:16  C:\Program Files\Grisoft\AVG7\avgw .exe

----a-w           267,048 2007-12-22 16:04:27  C:\Program Files\iTunes\iTunesHelper .exe

----a-w         1,077,277 2007-12-20 18:43:49  C:\Program Files\Messenger\msmsgs .exe

----a-w           698,864 2007-12-30 21:22:24  C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray .exe

----a-w           147,968 2007-12-26 17:08:11  C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\MSConfig .exe

----a-w            13,312 2007-12-30 10:22:40  C:\WINDOWS\system32\ctfmon .exe

((((((((((((((((((((((((((((( snapshot@2007-12-20_20.08.55.60 )))))))))))))))))))))))))))))))))))))))))
.
+ 2003-07-05 11:14:12 1,120,256 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB823980\ole32.dll
+ 2003-07-05 11:14:14 504,320 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB823980\rpcrt4.dll
+ 2003-07-05 11:14:14 202,752 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB823980\rpcss.dll
+ 2003-05-09 20:03:50 7,680 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB823980\spmsg.dll
+ 2003-05-11 15:26:36 90,112 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB823980\spuninst.exe
+ 2003-05-11 15:26:36 18,944 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB823980\update\spcustom.dll
+ 2003-05-09 20:03:50 420,864 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB823980\update\update.exe
+ 2004-03-06 02:17:16 225,280 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB828741\catsrv.dll
+ 2004-03-06 02:17:16 594,944 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB828741\catsrvut.dll
+ 2004-03-06 02:17:16 110,080 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB828741\clbcatex.dll
+ 2004-03-06 02:17:16 499,712 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB828741\clbcatq.dll
+ 2004-03-06 02:17:16 64,512 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB828741\colbact.dll
+ 2004-03-06 02:17:16 187,904 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB828741\comadmin.dll
+ 2004-02-17 18:49:58 8,192 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB828741\comrepl.exe
+ 2004-03-06 02:17:16 1,194,496 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB828741\comsvcs.dll
+ 2004-03-06 02:17:16 499,200 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB828741\comuid.dll
+ 2004-03-06 02:17:16 226,816 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB828741\es.dll
+ 2004-02-17 18:50:10 6,656 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB828741\migregdb.exe
+ 2004-03-06 02:17:16 367,616 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB828741\msdtcprx.dll
+ 2004-03-06 02:17:16 977,920 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB828741\msdtctm.dll
+ 2004-03-06 02:17:16 150,528 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB828741\msdtcuiu.dll
+ 2004-03-06 02:17:16 64,512 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB828741\mtxclu.dll
+ 2004-03-06 02:17:16 82,432 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB828741\mtxoci.dll
+ 2004-03-06 02:17:17 1,183,744 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB828741\ole32.dll
+ 2004-03-06 02:17:16 535,552 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB828741\rpcrt4.dll
+ 2004-03-06 02:17:16 263,680 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB828741\rpcss.dll
+ 2004-01-09 22:46:53 7,680 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB828741\spmsg.dll
+ 2004-01-10 05:11:16 141,824 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB828741\spuninst.exe
+ 2004-03-06 02:17:16 97,280 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB828741\txflog.dll
+ 2004-01-10 05:11:14 22,016 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB828741\update\spcustom.dll
+ 2004-01-09 22:46:53 580,096 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB828741\update\update.exe
+ 2004-03-30 01:49:43 364,544 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB835732\callcont.dll
+ 2004-03-30 01:49:42 40,960 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB835732\evtgprov.dll
+ 2004-03-30 01:49:43 257,536 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB835732\gdi32.dll
+ 2004-03-30 01:49:42 593,408 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB835732\h323msp.dll
+ 2004-03-30 01:34:15 741,376 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB835732\helpctr.exe
+ 2004-03-30 01:49:42 441,344 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB835732\ipnathlp.dll
+ 2004-03-30 01:49:43 674,304 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB835732\lsasrv.dll
+ 2004-03-30 01:49:43 36,864 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB835732\mf3216.dll
+ 2004-03-30 01:49:43 51,712 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB835732\msasn1.dll
+ 2004-03-30 01:49:43 980,992 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB835732\msgina.dll
+ 2004-03-30 01:49:43 253,952 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB835732\mst120.dll
+ 2004-03-30 01:49:42 306,176 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB835732\netapi32.dll
+ 2004-03-30 01:49:42 73,728 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB835732\nmcom.dll
+ 2004-03-30 01:49:42 552,448 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB835732\rtcdll.dll
+ 2004-03-30 01:49:43 136,704 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB835732\schannel.dll
+ 2004-01-09 22:46:53 7,680 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB835732\spmsg.dll
+ 2004-01-10 05:11:16 141,824 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB835732\spuninst.exe
+ 2004-01-10 05:11:14 22,016 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB835732\update\spcustom.dll
+ 2004-01-09 22:46:53 580,096 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB835732\update\update.exe
+ 2004-03-10 18:01:07 608,256 -c--a-w C:\WINDOWS\$xpsp1hfm$\KB835732\xpsp2res.dll
+ 2002-09-06 14:54:04 5,632 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q329048\spmsg.dll
+ 2002-09-21 11:44:08 47,104 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q329048\spuninst.exe
+ 2002-09-21 11:44:08 10,752 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q329048\update\spcustom.dll
+ 2002-09-21 11:44:10 282,624 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q329048\update\update.exe
+ 2002-09-25 14:19:10 319,488 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q329048\zipfldr.dll
+ 2002-11-14 09:01:18 5,632 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q329170\spmsg.dll
+ 2002-12-17 12:32:18 88,064 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q329170\spuninst.exe
+ 2002-12-20 11:36:00 322,048 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q329170\srv.sys
+ 2002-12-17 12:32:16 18,432 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q329170\update\spcustom.dll
+ 2002-11-14 09:01:18 418,816 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q329170\update\update.exe
+ 2002-09-30 09:58:30 126,464 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q329390\shmedia.dll
+ 2002-09-06 14:54:04 5,632 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q329390\spmsg.dll
+ 2002-09-21 11:44:08 47,104 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q329390\spuninst.exe
+ 2002-09-21 11:44:08 10,752 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q329390\update\spcustom.dll
+ 2002-09-21 11:44:10 282,624 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q329390\update\update.exe
+ 2003-07-15 00:41:14 7,680 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q329441\spmsg.dll
+ 2003-08-02 04:14:59 101,888 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q329441\spuninst.exe
+ 2002-11-18 22:14:00 229,376 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q329441\srrstr.dll
+ 2003-08-02 04:14:58 22,016 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q329441\update\spcustom.dll
+ 2003-07-15 00:41:14 441,856 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q329441\update\update.exe
+ 2002-10-01 16:52:30 46,208 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q329834\raspptp.sys
+ 2002-09-06 14:54:04 5,632 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q329834\spmsg.dll
+ 2002-09-21 11:44:08 47,104 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q329834\spuninst.exe
+ 2002-09-21 11:44:08 10,752 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q329834\update\spcustom.dll
+ 2002-09-21 11:44:10 282,624 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q329834\update\update.exe
+ 2002-11-18 10:27:40 392,576 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q810577\mrxsmb.sys
+ 2002-11-14 09:01:18 5,632 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q810577\spmsg.dll
+ 2002-11-14 09:04:56 88,064 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q810577\spuninst.exe
+ 2002-11-14 09:04:54 18,432 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q810577\update\spcustom.dll
+ 2002-11-14 09:01:18 418,816 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q810577\update\update.exe
+ 2002-12-03 17:50:10 68,608 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q810833\locator.exe
+ 2002-11-14 09:01:18 5,632 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q810833\spmsg.dll
+ 2002-11-14 09:04:56 88,064 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q810833\spuninst.exe
+ 2002-11-14 09:04:54 18,432 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q810833\update\spcustom.dll
+ 2002-11-14 09:01:18 418,816 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q810833\update\update.exe
+ 2002-12-17 16:43:00 10,752 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q811630\hh.exe
+ 2003-01-10 13:44:32 37,888 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q811630\hhsetup.dll
+ 2003-01-10 13:44:34 143,872 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q811630\itircl.dll
+ 2003-01-10 13:44:34 122,368 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q811630\itss.dll
+ 2002-11-14 09:01:18 5,632 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q811630\spmsg.dll
+ 2002-12-17 12:32:18 88,064 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q811630\spuninst.exe
+ 2002-12-17 12:32:16 18,432 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q811630\update\spcustom.dll
+ 2002-11-14 09:01:18 418,816 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q811630\update\update.exe
+ 2003-05-01 15:57:24 679,424 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q815021\ntdll.dll
+ 2003-03-21 15:55:08 7,680 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q815021\spmsg.dll
+ 2003-03-21 15:56:54 90,112 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q815021\spuninst.exe
+ 2003-03-21 15:56:54 18,944 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q815021\update\spcustom.dll
+ 2003-03-21 15:55:08 420,864 -c--a-w C:\WINDOWS\$xpsp1hfm$\Q815021\update\update.exe
+ 2002-11-18 10:17:00 391,936 ------w C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
- 2007-03-13 09:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2001-08-28 12:00:00 26,647 ----a-w C:\WINDOWS\hh.exe
+ 2002-09-21 19:13:26 10,752 ----a-w C:\WINDOWS\hh.exe
+ 2007-12-30 14:01:00 19,230 ----a-r C:\WINDOWS\Installer\{B0EB7BCE-1779-46D7-A27C-41D1457F7958}\ARPPRODUCTICON.exe
+ 2007-12-29 10:06:06 18,718 ----a-r C:\WINDOWS\Installer\{BFD080F6-3BF0-40E1-9507-9CA969C35870}\ARPPRODUCTICON.exe
+ 2007-12-29 10:06:07 18,718 ----a-r C:\WINDOWS\Installer\{BFD080F6-3BF0-40E1-9507-9CA969C35870}\NewShortcut1_E659E0EE10E649B7869660F38D0EB174.exe
+ 2007-12-29 10:06:07 18,718 ----a-r C:\WINDOWS\Installer\{BFD080F6-3BF0-40E1-9507-9CA969C35870}\NewShortcut2_8315396A5EA1419DBEC4978284BDF556.exe
- 2001-08-28 12:00:00 692,224 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\HelpCtr.exe
+ 2004-02-05 22:14:57 727,040 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe
+ 2004-07-01 22:08:13 360,960 ------w C:\WINDOWS\system32\bits\qmgr.dll
- 2001-08-28 12:00:00 49,152 ----a-w C:\WINDOWS\system32\browser.dll
+ 2004-03-30 01:26:49 48,640 ----a-w C:\WINDOWS\system32\browser.dll
+ 2006-12-28 15:13:52 516,832 ----a-w C:\WINDOWS\system32\capicom.dll
- 2001-08-28 12:00:00 215,040 ----a-w C:\WINDOWS\system32\catsrv.dll
+ 2004-03-06 02:07:30 225,280 ----a-w C:\WINDOWS\system32\catsrv.dll
- 2001-08-28 12:00:00 583,168 ----a-w C:\WINDOWS\system32\catsrvut.dll
+ 2004-03-06 02:07:31 596,480 ----a-w C:\WINDOWS\system32\catsrvut.dll
- 2005-05-26 02:16:24 75,544 ----a-w C:\WINDOWS\system32\cdm.dll
+ 2007-07-30 18:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
- 2001-08-28 12:00:00 100,864 ----a-w C:\WINDOWS\system32\clbcatex.dll
+ 2004-03-06 02:07:32 110,080 ----a-w C:\WINDOWS\system32\clbcatex.dll
- 2001-08-28 12:00:00 468,480 ----a-w C:\WINDOWS\system32\clbcatq.dll
+ 2004-03-05 17:07:34 499,712 ----a-w C:\WINDOWS\system32\clbcatq.dll
+ 1998-07-12 23:00:00 89,600 ----a-w C:\WINDOWS\system32\CMCTLFR.DLL
+ 2003-04-23 13:03:00 159,744 ----a-w C:\WINDOWS\system32\cNewMenu6.dll
- 2001-08-28 12:00:00 56,832 ----a-w C:\WINDOWS\system32\colbact.dll
+ 2004-03-06 02:07:34 64,512 ----a-w C:\WINDOWS\system32\colbact.dll
- 2001-08-28 12:00:00 186,880 ----a-w C:\WINDOWS\system32\Com\comadmin.dll
+ 2004-03-06 02:07:35 187,904 ----a-w C:\WINDOWS\system32\Com\comadmin.dll
- 2001-08-28 12:00:00 8,192 ----a-w C:\WINDOWS\system32\Com\comrepl.exe
+ 2004-02-17 18:49:58 8,192 ----a-w C:\WINDOWS\system32\Com\comrepl.exe
- 2001-08-28 12:00:00 1,139,200 ----a-w C:\WINDOWS\system32\comsvcs.dll
+ 2004-03-06 02:07:36 1,177,088 ----a-w C:\WINDOWS\system32\comsvcs.dll
- 2001-08-28 12:00:00 495,616 ----a-w C:\WINDOWS\system32\comuid.dll
+ 2004-03-06 02:07:37 499,200 ----a-w C:\WINDOWS\system32\comuid.dll
+ 2007-12-22 10:18:55 32,768 ----a-r C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Installer\{3E908702-AF35-4611-9518-955DA24B7E07}\icon.exe
- 2007-12-20 11:45:51 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-12-25 14:43:05 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-12-20 11:45:51 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2007-12-25 14:43:05 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2007-12-20 11:45:51 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-25 14:43:05 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-12-20 19:04:50 270,336 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2007-12-31 11:21:51 270,336 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
- 2001-08-28 12:00:00 561,664 ----a-w C:\WINDOWS\system32\crypt32.dll
+ 2002-09-23 14:10:48 551,424 ----a-w C:\WINDOWS\system32\crypt32.dll
- 2007-12-20 19:08:23 350,208 ----a-w C:\WINDOWS\system32\ctfmon.exe
+ 2001-08-28 12:00:00 13,312 ----a-w C:\WINDOWS\system32\ctfmon.exe
- 2001-08-28 12:00:00 49,152 -c--a-w C:\WINDOWS\system32\dllcache\browser.dll
+ 2004-03-30 01:26:49 48,640 -c--a-w C:\WINDOWS\system32\dllcache\browser.dll
- 2001-08-28 12:00:00 360,448 -c--a-w C:\WINDOWS\system32\dllcache\callcont.dll
+ 2004-03-30 01:26:50 364,544 -c--a-w C:\WINDOWS\system32\dllcache\callcont.dll
- 2001-08-28 12:00:00 215,040 -c--a-w C:\WINDOWS\system32\dllcache\catsrv.dll
+ 2004-03-06 02:07:30 225,280 -c--a-w C:\WINDOWS\system32\dllcache\catsrv.dll
- 2001-08-28 12:00:00 583,168 -c--a-w C:\WINDOWS\system32\dllcache\catsrvut.dll
+ 2004-03-06 02:07:31 596,480 -c--a-w C:\WINDOWS\system32\dllcache\catsrvut.dll
- 2005-05-26 02:16:24 75,544 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2007-07-30 18:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
- 2001-08-28 12:00:00 100,864 -c--a-w C:\WINDOWS\system32\dllcache\clbcatex.dll
+ 2004-03-06 02:07:32 110,080 -c--a-w C:\WINDOWS\system32\dllcache\clbcatex.dll
- 2001-08-28 12:00:00 468,480 -c--a-w C:\WINDOWS\system32\dllcache\clbcatq.dll
+ 2004-03-05 17:07:34 499,712 -c--a-w C:\WINDOWS\system32\dllcache\clbcatq.dll
- 2001-08-28 12:00:00 56,832 -c--a-w C:\WINDOWS\system32\dllcache\colbact.dll
+ 2004-03-06 02:07:34 64,512 -c--a-w C:\WINDOWS\system32\dllcache\colbact.dll
- 2001-08-28 12:00:00 186,880 -c--a-w C:\WINDOWS\system32\dllcache\comadmin.dll
+ 2004-03-06 02:07:35 187,904 -c--a-w C:\WINDOWS\system32\dllcache\comadmin.dll
- 2001-08-28 12:00:00 8,192 -c--a-w C:\WINDOWS\system32\dllcache\comrepl.exe
+ 2004-02-17 18:49:58 8,192 -c--a-w C:\WINDOWS\system32\dllcache\comrepl.exe
- 2001-08-28 12:00:00 1,139,200 -c--a-w C:\WINDOWS\system32\dllcache\comsvcs.dll
+ 2004-03-06 02:07:36 1,177,088 -c--a-w C:\WINDOWS\system32\dllcache\comsvcs.dll
- 2001-08-28 12:00:00 495,616 -c--a-w C:\WINDOWS\system32\dllcache\comuid.dll
+ 2004-03-06 02:07:37 499,200 -c--a-w C:\WINDOWS\system32\dllcache\comuid.dll
- 2001-08-28 12:00:00 561,664 -c--a-w C:\WINDOWS\system32\dllcache\crypt32.dll
+ 2002-09-23 14:10:48 551,424 -c--a-w C:\WINDOWS\system32\dllcache\crypt32.dll
- 2001-08-28 12:00:00 224,768 -c--a-w C:\WINDOWS\system32\dllcache\es.dll
+ 2004-03-06 02:07:38 226,816 -c--a-w C:\WINDOWS\system32\dllcache\es.dll
- 2001-08-28 12:00:00 34,304 -c--a-w C:\WINDOWS\system32\dllcache\evtgprov.dll
+ 2004-03-30 01:26:51 40,960 -c--a-w C:\WINDOWS\system32\dllcache\evtgprov.dll
- 2001-08-28 12:00:00 250,880 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
+ 2004-03-30 01:26:51 241,664 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
- 2001-08-28 12:00:00 592,896 -c--a-w C:\WINDOWS\system32\dllcache\h323msp.dll
+ 2004-03-30 01:26:53 593,408 -c--a-w C:\WINDOWS\system32\dllcache\h323msp.dll
- 2001-08-28 12:00:00 692,224 -c--a-w C:\WINDOWS\system32\dllcache\helpctr.exe
+ 2004-02-05 22:14:57 727,040 -c--a-w C:\WINDOWS\system32\dllcache\helpctr.exe
- 2001-08-28 12:00:00 26,647 -c--a-w C:\WINDOWS\system32\dllcache\hh.exe
+ 2002-09-21 19:13:26 10,752 -c--a-w C:\WINDOWS\system32\dllcache\hh.exe
- 2001-08-28 12:00:00 67,612 -c--a-w C:\WINDOWS\system32\dllcache\hhsetup.dll
+ 2003-01-13 09:28:28 37,888 -c--a-w C:\WINDOWS\system32\dllcache\hhsetup.dll
- 2001-08-28 12:00:00 455,168 -c--a-w C:\WINDOWS\system32\dllcache\ipnathlp.dll
+ 2004-03-30 01:26:55 456,192 -c--a-w C:\WINDOWS\system32\dllcache\ipnathlp.dll
- 2001-08-28 12:00:00 155,552 -c--a-w C:\WINDOWS\system32\dllcache\itircl.dll
+ 2003-01-13 09:28:28 143,872 -c--a-w C:\WINDOWS\system32\dllcache\itircl.dll
- 2001-08-28 12:00:00 138,048 -c--a-w C:\WINDOWS\system32\dllcache\itss.dll
+ 2003-01-13 09:28:30 122,368 -c--a-w C:\WINDOWS\system32\dllcache\itss.dll
- 2001-08-28 12:00:00 593,948 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2003-01-13 13:57:58 589,881 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2001-08-28 12:00:00 68,096 -c--a-w C:\WINDOWS\system32\dllcache\locator.exe
+ 2002-12-03 17:55:20 68,608 -c--a-w C:\WINDOWS\system32\dllcache\locator.exe
- 2001-08-28 12:00:00 676,352 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2004-03-29 16:26:58 654,848 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
- 2001-08-28 12:00:00 35,328 -c--a-w C:\WINDOWS\system32\dllcache\mf3216.dll
+ 2004-03-30 01:26:56 36,864 -c--a-w C:\WINDOWS\system32\dllcache\mf3216.dll
- 2001-08-28 12:00:00 6,656 -c--a-w C:\WINDOWS\system32\dllcache\migregdb.exe
+ 2004-02-17 18:50:10 6,656 -c--a-w C:\WINDOWS\system32\dllcache\migregdb.exe
- 2001-08-28 12:00:00 407,680 -c--a-w C:\WINDOWS\system32\dllcache\mrxsmb.sys
+ 2002-11-18 10:17:00 391,936 -c--a-w C:\WINDOWS\system32\dllcache\mrxsmb.sys
- 2001-08-28 12:00:00 51,200 -c--a-w C:\WINDOWS\system32\dllcache\msasn1.dll
+ 2004-03-30 01:26:57 51,712 -c--a-w C:\WINDOWS\system32\dllcache\msasn1.dll
- 2001-08-28 12:00:00 360,960 -c--a-w C:\WINDOWS\system32\dllcache\msdtcprx.dll
+ 2004-03-06 02:07:40 365,568 -c--a-w C:\WINDOWS\system32\dllcache\msdtcprx.dll
- 2001-08-28 12:00:00 869,376 -c--a-w C:\WINDOWS\system32\dllcache\msdtctm.dll
+ 2004-03-06 02:07:41 977,920 -c--a-w C:\WINDOWS\system32\dllcache\msdtctm.dll
- 2001-08-28 12:00:00 151,040 -c--a-w C:\WINDOWS\system32\dllcache\msdtcuiu.dll
+ 2004-03-06 02:07:42 150,528 -c--a-w C:\WINDOWS\system32\dllcache\msdtcuiu.dll
- 2001-08-28 12:00:00 977,408 -c--a-w C:\WINDOWS\system32\dllcache\msgina.dll
+ 2004-03-30 01:26:59 978,944 -c--a-w C:\WINDOWS\system32\dllcache\msgina.dll
- 2001-08-28 12:00:00 249,856 -c--a-w C:\WINDOWS\system32\dllcache\mst120.dll
+ 2004-03-30 01:26:59 253,952 -c--a-w C:\WINDOWS\system32\dllcache\mst120.dll
- 2001-08-28 12:00:00 61,440 -c--a-w C:\WINDOWS\system32\dllcache\mtxclu.dll
+ 2004-03-06 02:07:43 64,512 -c--a-w C:\WINDOWS\system32\dllcache\mtxclu.dll
- 2001-08-28 12:00:00 83,968 -c--a-w C:\WINDOWS\system32\dllcache\mtxoci.dll
+ 2004-03-06 02:07:43 82,432 -c--a-w C:\WINDOWS\system32\dllcache\mtxoci.dll
- 2001-08-28 12:00:00 309,760 -c--a-w C:\WINDOWS\system32\dllcache\netapi32.dll
+ 2004-03-30 01:26:49 301,568 -c--a-w C:\WINDOWS\system32\dllcache\netapi32.dll
- 2001-08-28 12:00:00 69,632 -c--a-w C:\WINDOWS\system32\dllcache\nmcom.dll
+ 2004-03-30 01:27:00 73,728 -c--a-w C:\WINDOWS\system32\dllcache\nmcom.dll
- 2001-08-28 12:00:00 699,392 -c--a-w C:\WINDOWS\system32\dllcache\ntdll.dll
+ 2003-05-02 10:04:40 676,352 -c--a-w C:\WINDOWS\system32\dllcache\ntdll.dll
- 2001-08-28 12:00:00 1,141,248 -c--a-w C:\WINDOWS\system32\dllcache\ole32.dll
+ 2004-03-06 02:07:45 1,105,408 -c--a-w C:\WINDOWS\system32\dllcache\ole32.dll
- 2001-08-28 12:00:00 46,464 -c--a-w C:\WINDOWS\system32\dllcache\raspptp.sys
+ 2002-10-01 17:43:52 46,208 -c--a-w C:\WINDOWS\system32\dllcache\raspptp.sys
- 2001-08-28 12:00:00 463,872 -c--a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
+ 2004-03-06 02:07:46 442,880 -c--a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
- 2001-08-28 12:00:00 259,072 -c--a-w C:\WINDOWS\system32\dllcache\rpcss.dll
+ 2004-03-06 02:07:47 214,528 -c--a-w C:\WINDOWS\system32\dllcache\rpcss.dll
- 2001-08-28 12:00:00 554,496 -c--a-w C:\WINDOWS\system32\dllcache\rtcdll.dll
+ 2004-03-30 01:27:01 554,496 -c--a-w C:\WINDOWS\system32\dllcache\rtcdll.dll
- 2001-08-28 12:00:00 133,632 -c--a-w C:\WINDOWS\system32\dllcache\schannel.dll
+ 2004-03-30 01:27:02 136,704 -c--a-w C:\WINDOWS\system32\dllcache\schannel.dll
- 2001-08-28 12:00:00 127,488 -c--a-w C:\WINDOWS\system32\dllcache\shmedia.dll
+ 2002-09-19 10:28:54 127,488 -c--a-w C:\WINDOWS\system32\dllcache\shmedia.dll
- 2001-08-28 12:00:00 330,368 -c--a-w C:\WINDOWS\system32\dllcache\srv.sys
+ 2002-10-31 13:45:16 322,304 -c--a-w C:\WINDOWS\system32\dllcache\srv.sys
- 2001-08-28 12:00:00 90,624 -c--a-w C:\WINDOWS\system32\dllcache\txflog.dll
+ 2004-03-06 02:07:48 97,280 -c--a-w C:\WINDOWS\system32\dllcache\txflog.dll
- 2005-05-26 02:16:30 125,720 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
+ 2007-07-30 18:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
- 2005-05-26 02:16:30 1,343,768 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
+ 2007-07-30 18:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
- 2001-08-28 12:00:00 320,512 -c--a-w C:\WINDOWS\system32\dllcache\zipfldr.dll
+ 2002-09-25 11:23:16 319,488 -c--a-w C:\WINDOWS\system32\dllcache\zipfldr.dll
+ 2007-04-26 09:21:30 302,000 ----a-w C:\WINDOWS\system32\drivers\fwdrv.sys
+ 2007-04-26 09:21:34 72,624 ----a-w C:\WINDOWS\system32\drivers\khips.sys
- 2001-08-28 12:00:00 407,680 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
+ 2002-11-18 10:17:00 391,936 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
- 2001-08-28 12:00:00 46,464 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
+ 2002-10-01 17:43:52 46,208 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
+ 2006-10-30 09:30:30 10,032 ----a-w C:\WINDOWS\system32\drivers\SBTEDrv.sys
- 2001-08-28 12:00:00 330,368 ----a-w C:\WINDOWS\system32\drivers\srv.sys
+ 2002-10-31 13:45:16 322,304 ----a-w C:\WINDOWS\system32\drivers\srv.sys
- 2001-08-28 12:00:00 224,768 ----a-w C:\WINDOWS\system32\es.dll
+ 2004-03-06 02:07:38 226,816 ----a-w C:\WINDOWS\system32\es.dll
- 2001-08-28 12:00:00 250,880 ----a-w C:\WINDOWS\system32\gdi32.dll
+ 2004-03-30 01:26:51 241,664 ----a-w C:\WINDOWS\system32\gdi32.dll
- 2001-08-28 12:00:00 592,896 ----a-w C:\WINDOWS\system32\h323msp.dll
+ 2004-03-30 01:26:53 593,408 ----a-w C:\WINDOWS\system32\h323msp.dll
- 2001-08-28 12:00:00 67,612 ----a-w C:\WINDOWS\system32\hhsetup.dll
+ 2003-01-13 09:28:28 37,888 ----a-w C:\WINDOWS\system32\hhsetup.dll
- 2001-08-28 12:00:00 455,168 ----a-w C:\WINDOWS\system32\ipnathlp.dll
+ 2004-03-30 01:26:55 456,192 ----a-w C:\WINDOWS\system32\ipnathlp.dll
- 2001-08-28 12:00:00 155,552 ----a-w C:\WINDOWS\system32\itircl.dll
+ 2003-01-13 09:28:28 143,872 ----a-w C:\WINDOWS\system32\itircl.dll
- 2001-08-28 12:00:00 138,048 ----a-w C:\WINDOWS\system32\itss.dll
+ 2003-01-13 09:28:30 122,368 ----a-w C:\WINDOWS\system32\itss.dll
- 2001-08-28 12:00:00 593,948 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2003-01-13 13:57:58 589,881 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2005-05-16 18:34:48 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2006-03-20 12:17:24 65,536 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2006-03-20 12:17:20 798,720 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2001-08-28 12:00:00 68,096 ----a-w C:\WINDOWS\system32\locator.exe
+ 2002-12-03 17:55:20 68,608 ----a-w C:\WINDOWS\system32\locator.exe
- 2001-08-28 12:00:00 676,352 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2004-03-29 16:26:58 654,848 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2005-11-02 09:39:14 131,072 ----a-w C:\WINDOWS\system32\MD5.dll
- 2001-08-28 12:00:00 35,328 ----a-w C:\WINDOWS\system32\mf3216.dll
+ 2004-03-30 01:26:56 36,864 ----a-w C:\WINDOWS\system32\mf3216.dll
+ 2007-12-02 14:00:06 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
- 2001-08-28 12:00:00 51,200 ----a-w C:\WINDOWS\system32\msasn1.dll
+ 2004-03-30 01:26:57 51,712 ----a-w C:\WINDOWS\system32\msasn1.dll
- 2001-08-28 12:00:00 360,960 ----a-w C:\WINDOWS\system32\msdtcprx.dll
+ 2004-03-06 02:07:40 365,568 ----a-w C:\WINDOWS\system32\msdtcprx.dll
- 2001-08-28 12:00:00 869,376 ----a-w C:\WINDOWS\system32\msdtctm.dll
+ 2004-03-06 02:07:41 977,920 ----a-w C:\WINDOWS\system32\msdtctm.dll
- 2001-08-28 12:00:00 151,040 ----a-w C:\WINDOWS\system32\msdtcuiu.dll
+ 2004-03-06 02:07:42 150,528 ----a-w C:\WINDOWS\system32\msdtcuiu.dll
- 2001-08-28 12:00:00 977,408 ----a-w C:\WINDOWS\system32\msgina.dll
+ 2004-03-30 01:26:59 978,944 ----a-w C:\WINDOWS\system32\msgina.dll
- 2001-08-28 12:00:00 61,440 ----a-w C:\WINDOWS\system32\mtxclu.dll
+ 2004-03-06 02:07:43 64,512 ----a-w C:\WINDOWS\system32\mtxclu.dll
- 2001-08-28 12:00:00 83,968 ----a-w C:\WINDOWS\system32\mtxoci.dll
+ 2004-03-06 02:07:43 82,432 ----a-w C:\WINDOWS\system32\mtxoci.dll
- 2001-08-28 12:00:00 309,760 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2004-03-30 01:26:49 301,568 ----a-w C:\WINDOWS\system32\netapi32.dll
- 2001-08-28 12:00:00 699,392 ----a-w C:\WINDOWS\system32\ntdll.dll
+ 2003-05-02 10:04:40 676,352 ----a-w C:\WINDOWS\system32\ntdll.dll
- 2001-08-28 12:00:00 1,141,248 ----a-w C:\WINDOWS\system32\ole32.dll
+ 2004-03-06 02:07:45 1,105,408 ----a-w C:\WINDOWS\system32\ole32.dll
+ 2005-11-02 09:39:16 24,924 ----a-w C:\WINDOWS\system32\openports.dll
- 2001-08-28 12:00:00 180,736 ----a-w C:\WINDOWS\system32\qmgr.dll
+ 2004-07-01 22:08:13 360,960 ----a-w C:\WINDOWS\system32\qmgr.dll
+ 2003-02-21 06:16:08 49,152 ----a-w C:\WINDOWS\system32\REGTLIB.EXE
- 2001-08-28 12:00:00 463,872 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2004-03-06 02:07:46 442,880 ----a-w C:\WINDOWS\system32\rpcrt4.dll
- 2001-08-28 12:00:00 259,072 ----a-w C:\WINDOWS\system32\rpcss.dll
+ 2004-03-06 02:07:47 214,528 ----a-w C:\WINDOWS\system32\rpcss.dll
- 2001-08-28 12:00:00 554,496 ----a-w C:\WINDOWS\system32\rtcdll.dll
+ 2004-03-30 01:27:01 554,496 ----a-w C:\WINDOWS\system32\rtcdll.dll
+ 2007-08-27 09:26:10 27,120 ----a-w C:\WINDOWS\system32\SBBD.exe
- 2001-08-28 12:00:00 133,632 ----a-w C:\WINDOWS\system32\schannel.dll
+ 2004-03-30 01:27:02 136,704 ----a-w C:\WINDOWS\system32\schannel.dll
+ 2005-11-02 09:39:16 40,960 ----a-w C:\WINDOWS\system32\SDelete.dll
- 2001-08-28 12:00:00 127,488 ----a-w C:\WINDOWS\system32\shmedia.dll
+ 2002-09-19 10:28:54 127,488 ----a-w C:\WINDOWS\system32\shmedia.dll
+ 2007-07-30 18:18:40 33,624 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
+ 2007-07-30 18:19:12 43,352 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.0.6000.381\wups2.dll
- 2004-04-27 02:40:52 11,264 ----a-w C:\WINDOWS\system32\SpOrder.dll
+ 2005-04-03 12:08:46 8,464 ----a-w C:\WINDOWS\system32\sporder.dll
+ 2003-01-26 12:41:00 40,960 ----a-w C:\WINDOWS\system32\SSubTmr6.dll
- 2007-12-13 20:26:50 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2000-08-31 07:00:00 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
- 2001-08-28 12:00:00 90,624 ----a-w C:\WINDOWS\system32\txflog.dll
+ 2004-03-06 02:07:48 97,280 ----a-w C:\WINDOWS\system32\txflog.dll
+ 2006-03-16 10:33:00 372,824 ----a-w C:\WINDOWS\system32\vsdatant.sys
+ 2006-03-16 10:33:08 141,080 ----a-w C:\WINDOWS\system32\vsinit.dll
+ 2006-03-16 10:33:16 104,216 ----a-w C:\WINDOWS\system32\vsmonapi.dll
+ 2006-03-16 10:33:20 227,096 ----a-w C:\WINDOWS\system32\vspubapi.dll
+ 2006-03-16 10:33:24 71,448 ----a-w C:\WINDOWS\system32\vsregexp.dll
+ 2006-03-16 10:33:36 382,744 ----a-w C:\WINDOWS\system32\vsutil.dll
- 2001-08-28 12:00:00 34,304 ----a-w C:\WINDOWS\system32\wbem\CmdEvTgProv.dll
+ 2004-03-30 01:26:51 40,960 ----a-w C:\WINDOWS\system32\wbem\cmdevtgprov.dll
+ 2001-09-07 10:41:56 290,816 ----a-w C:\WINDOWS\system32\WINHTTP5.DLL
- 2005-05-26 02:16:30 467,224 ----a-w C:\WINDOWS\system32\wuapi.dll
+ 2007-07-30 18:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
- 2005-05-26 02:16:30 125,720 ----a-w C:\WINDOWS\system32\wuauclt.exe
+ 2007-07-30 18:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
- 2005-05-26 02:16:30 1,343,768 ----a-w C:\WINDOWS\system32\wuaueng.dll
+ 2007-07-30 18:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
- 2005-05-26 02:16:32 128,792 ----a-w C:\WINDOWS\system32\wucltui.dll
+ 2007-07-30 18:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
- 2005-05-26 02:16:30 41,240 ----a-w C:\WINDOWS\system32\wups.dll
+ 2007-07-30 18:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll
- 2005-05-26 02:16:30 18,200 ----a-w C:\WINDOWS\system32\wups2.dll
+ 2007-07-30 18:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
- 2005-05-26 02:19:32 173,536 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2007-07-30 18:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
- 2006-11-16 14:51:08 426,664 ----a-w C:\WINDOWS\system32\XceedZip.dll
+ 2006-06-22 13:40:28 493,400 ----a-w C:\WINDOWS\system32\XceedZip.dll
+ 2004-06-30 16:00:00 185,344 ------w C:\WINDOWS\system32\xpob2res.dll
+ 2004-01-10 05:11:10 26,112 ----a-w C:\WINDOWS\system32\xpsp1hfm.exe
- 2001-08-28 12:00:00 320,512 ----a-w C:\WINDOWS\system32\zipfldr.dll
+ 2002-09-25 11:23:16 319,488 ----a-w C:\WINDOWS\system32\zipfldr.dll
+ 2006-03-16 10:34:04 79,640 ----a-w C:\WINDOWS\system32\zlcomm.dll
+ 2006-03-16 10:34:08 71,448 ----a-w C:\WINDOWS\system32\zlcommdb.dll
- 2007-05-05 16:45:39 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
+ 2007-12-25 15:43:25 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
+ 2007-12-31 11:29:47 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4c0.dat
+ 2007-12-22 10:18:52 1,229,312 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.0.2.0_x-ww_702998db\msxml4.dll
+ 2007-12-22 10:18:52 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.0.2.0_x-ww_e6d36d6b\msxml4r.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fcdafbcb-6ac5-40d9-b85d-4bc534050923}]
C:\WINDOWS\System32\gyxtwmcx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-28 13:00 13312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [ ]
"e072610c"="C:\WINDOWS\System32\waobglch.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 13:00 13312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 19:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\desmon]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dx7til]
dx7til.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efccbba]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfffgf]
khfffgf.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBCSTray]
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe

R0 SBHR;SBHR;C:\WINDOWS\System32\drivers\sbhr.sys [2007-12-30 15:02]
R0 viasraid;viasraid;C:\WINDOWS\System32\DRIVERS\viasraid.sys [2003-06-12 17:31]
R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\System32\drivers\khips.sys [2007-04-26 10:21]
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\System32\DRIVERS\nvcap.sys [2003-09-08 13:52]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\System32\DRIVERS\NVxbar.sys [2003-09-08 13:52]
R2 SBAPIFS;CounterSpy Filter Driver;C:\WINDOWS\System32\Drivers\Sbapifs.sys [2007-12-30 17:57]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2001-08-28 13:00]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-25 14:43:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-31 11:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2007-12-28 16:29:03 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-31 12:30:43
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-31 12:33:22 - machine was rebooted
C:\qoobox\ComboFix-quarantined-files.txt 2007-12-31 11:33:15
C:\qoobox\ComboFix2.txt 2007-12-20 19:10:33
.
2007-12-22 10:27:53 --- E O F ---

| Alerter

Répondre à angel-theparasite

Angeldark

31 Décembre 2007 11:45:34

AVG Antispyware fonctionne encore ?

| Alerter

Répondre à Angeldark

Angeldark

31 Décembre 2007 13:32:21

Supprime ta version de Combofix pour utiliser celle-ci :
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix...

Télécharge RenV ([#ff0000]sUBs[/#f]) sur ton Bureau.

Double clique RenV.exe, patiente pendant la durée du scan.

Un rapport Log.txt apparaîtra, sauvegarde-le sur ton Bureau.

Poste le contenu de ce rapport dans ta prochaine réponse.

| Alerter

Répondre à Angeldark

angel-theparasite

31 Décembre 2007 14:47:12

Non avg ne fonctionne plus. Enfin normallement...

| Alerter

Répondre à angel-theparasite

angel-theparasite

31 Décembre 2007 14:49:04

Voici le rapport de RenV.exe :

Ran on 31/12/2007 - 15:47:48,67

 
----a-w            79,224 2007-12-31 09:05:51  C:\Program Files\Alwil Software\Avast4\ashDisp .exe

----a-w            45,056 2007-12-22 16:04:25  C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon .exe

----a-w            68,856 2007-12-22 16:04:38  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe

----a-w         6,731,312 2007-12-22 11:00:41  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas        .exe

----a-w         6,731,312 2007-12-22 19:26:14  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe

----a-w           579,072 2007-12-22 16:06:09  C:\Program Files\Grisoft\AVG7\avgcc .exe

----a-w           146,432 2007-12-22 11:30:16  C:\Program Files\Grisoft\AVG7\avgw .exe

----a-w           267,048 2007-12-22 16:04:27  C:\Program Files\iTunes\iTunesHelper .exe

----a-w         1,077,277 2007-12-20 18:43:49  C:\Program Files\Messenger\msmsgs .exe

----a-w           698,864 2007-12-30 21:22:24  C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray .exe

----a-w           147,968 2007-12-26 17:08:11  C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\MSConfig .exe

----a-w            13,312 2007-12-30 10:22:40  C:\WINDOWS\system32\ctfmon .exe

 
 Entries:               12  (12)

 Directories:            0  Files:            12

 Bytes:         16,585,733  Blocks:       32,398

| Alerter

Répondre à angel-theparasite

angel-theparasite

31 Décembre 2007 14:59:43

Et voici un autre rapport de conbofix avec la version nouvelle que tu m'as donné :

ComboFix 07-12-31.4 - Alex 2007-12-31 15:50:02.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.271 [GMT 1:00]
Running from: C:\Documents and Settings\Alex\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-11-28 to 2007-12-31 ))))))))))))))))))))))))))))))))))))
.

2007-12-31 12:20 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-30 17:52 . 2007-12-30 17:52 335,360 --a------ C:\WINDOWS\system32\RCX16.tmp
2007-12-30 16:47 . 2007-12-30 16:47 <REP> d-------- C:\Program Files\Trend Micro
2007-12-30 15:02 . 2007-12-30 17:57 54,584 --a------ C:\WINDOWS\system32\drivers\sbapifs.sys
2007-12-30 15:02 . 2007-12-30 15:02 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2007-12-30 15:01 . 2007-12-30 15:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2007-12-30 15:01 . 2007-12-30 15:01 <REP> d-------- C:\Documents and Settings\Alex\Application Data\Sunbelt Software
2007-12-30 11:52 . 2007-12-30 11:52 335,360 --a------ C:\WINDOWS\system32\RCX15.tmp
2007-12-29 16:38 . 2007-12-29 16:38 67 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2007-12-29 16:24 . 2007-12-29 16:24 335,360 --a------ C:\WINDOWS\system32\RCX14.tmp
2007-12-29 11:07 . 2007-12-29 11:07 335,360 --a------ C:\WINDOWS\system32\RCX10.tmp
2007-12-29 11:02 . 2007-12-29 11:02 335,360 --a------ C:\WINDOWS\system32\RCXD.tmp
2007-12-28 23:18 . 2007-12-28 23:18 <REP> d-------- C:\Program Files\Comptes et Budget Free V5.0
2007-12-28 23:18 . 2007-12-28 23:18 <REP> d-------- C:\Documents and Settings\Alex\Application Data\AlauxSoft
2007-12-27 19:38 . 2007-12-30 17:52 1,031,499 ---hs---- C:\WINDOWS\system32\hclgboaw.ini
2007-12-27 13:18 . 2007-12-30 15:00 <REP> d-------- C:\Program Files\Sunbelt Software
2007-12-26 18:08 . 2007-12-26 18:08 335,360 --a------ C:\WINDOWS\system32\RCX19.tmp
2007-12-26 17:39 . 2007-12-26 17:39 335,360 --a------ C:\WINDOWS\system32\RCX13.tmp
2007-12-26 11:53 . 2007-12-26 11:53 335,360 --a------ C:\WINDOWS\system32\RCX12.tmp
2007-12-25 19:31 . 2007-12-25 19:31 8,192 --ahs---- C:\WINDOWS\system32\Thumbs.db
2007-12-25 16:43 . 2006-03-16 11:19 54,960 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2007-12-25 16:43 . 2007-12-25 16:53 41,201 --a------ C:\WINDOWS\system32\vsconfig.xml
2007-12-24 11:31 . 2007-12-24 11:31 335,360 --a------ C:\WINDOWS\system32\RCX11.tmp
2007-12-23 23:37 . 2007-12-23 23:37 <REP> d-------- C:\Program Files\Freeplayer-Win32-20070531
2007-12-23 18:49 . 2007-12-23 18:49 335,360 --a------ C:\WINDOWS\system32\RCXB.tmp
2007-12-23 18:44 . 2007-12-23 18:44 335,360 --a------ C:\WINDOWS\system32\RCXA.tmp
2007-12-23 18:38 . 2007-12-23 18:38 335,360 --a------ C:\WINDOWS\system32\RCXF.tmp
2007-12-23 18:38 . 2007-12-23 18:38 0 --a------ C:\WINDOWS\system32\inflist.dat
2007-12-23 18:37 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-12-23 18:37 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-23 18:37 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-23 18:37 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-23 18:37 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-23 18:37 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-23 18:37 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-23 18:37 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-23 18:26 . 2007-12-23 18:26 335,360 --a------ C:\WINDOWS\system32\RCXE.tmp
2007-12-23 18:24 . 2007-12-23 18:24 <REP> d-------- C:\Documents and Settings\Alex\Application Data\Comodo
2007-12-23 18:20 . 2007-12-23 18:20 335,360 --a------ C:\WINDOWS\system32\RCXC.tmp
2007-12-23 18:18 . 2007-12-23 18:18 <REP> d-------- C:\Program Files\Trustix
2007-12-23 18:18 . 2006-05-03 12:09 73,728 --a------ C:\WINDOWS\system32\CavEmLSP.dll
2007-12-23 18:17 . 2007-12-23 18:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-12-23 18:16 . 2007-12-23 18:16 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-12-23 17:21 . 2007-12-23 17:21 335,360 --a------ C:\WINDOWS\system32\RCX8.tmp
2007-12-23 17:06 . 2007-12-23 17:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-12-23 17:01 . 2007-12-23 17:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-23 16:35 . 2007-12-23 16:35 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-23 11:56 . 2007-12-23 11:56 268 --ah----- C:\sqmdata08.sqm
2007-12-23 11:56 . 2007-12-23 11:56 244 --ah----- C:\sqmnoopt08.sqm
2007-12-22 11:19 . 2002-11-14 20:43 221,184 --a------ C:\WINDOWS\system32\srrstr.dll
2007-12-22 11:19 . 2002-11-14 20:43 221,184 --a--c--- C:\WINDOWS\system32\dllcache\srrstr.dll
2007-12-22 11:18 . 2007-12-22 11:18 <REP> d-------- C:\Program Files\MSXML 4.0
2007-12-20 23:51 . 2007-12-20 23:51 73 --a------ C:\WINDOWS\system32\i
2007-12-20 21:34 . 2007-12-20 21:34 30,945,280 --a------ C:\upload_moi.tar
2007-12-20 21:21 . 2007-12-20 21:21 1,635 --a------ C:\WINDOWS\system32\khyd.exe
2007-12-20 21:09 . 2007-12-23 17:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-20 20:58 . 2004-07-01 23:08 360,960 --a--c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2007-12-20 20:58 . 2004-07-01 23:08 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2007-12-20 20:58 . 2004-07-01 23:08 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-12-20 20:58 . 2004-07-01 23:08 17,408 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2007-12-20 20:58 . 2004-07-01 23:08 7,680 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2007-12-20 20:58 . 2004-07-01 23:08 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-12-20 20:58 . 2004-07-01 23:08 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2007-12-20 20:58 . 2004-07-01 23:08 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-12-20 20:53 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2007-12-20 20:53 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-12-20 20:53 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-12-20 20:53 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2007-12-20 13:19 . 2007-12-20 13:19 244 --ah----- C:\sqmnoopt07.sqm
2007-12-20 13:19 . 2007-12-20 13:19 232 --ah----- C:\sqmdata07.sqm
2007-12-20 13:12 . 2007-12-20 13:12 0 --a------ C:\WINDOWS\system32\bya.exe
2007-12-20 13:02 . 2007-12-20 13:02 244 --ah----- C:\sqmnoopt06.sqm
2007-12-20 13:02 . 2007-12-20 13:02 232 --ah----- C:\sqmdata06.sqm
2007-12-20 07:42 . 2007-12-30 11:22 13,312 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-20 07:17 . 2007-12-20 07:17 1,635 --a------ C:\WINDOWS\system32\sdbdmau.exe
2007-12-20 07:17 . 2007-12-20 07:17 1,635 --a------ C:\WINDOWS\system32\kifyptv.exe
2007-12-19 22:49 . 2007-12-19 22:49 1,635 --a------ C:\WINDOWS\system32\rybeul.exe
2007-12-19 22:24 . 2007-12-19 22:24 1,635 --a------ C:\WINDOWS\system32\vqmepih.exe
2007-12-19 22:24 . 2007-12-19 22:24 1,635 --a------ C:\WINDOWS\system32\hauoyq.exe
2007-12-19 21:34 . 2007-12-19 21:34 1,635 --a------ C:\WINDOWS\system32\wjmq.exe
2007-12-19 21:34 . 2007-12-19 21:34 1,635 --a------ C:\WINDOWS\system32\iixsvf.exe
2007-12-19 21:26 . 2007-12-19 21:26 1,635 --a------ C:\WINDOWS\system32\wrozlopw.exe
2007-12-19 21:26 . 2007-12-19 21:26 1,635 --a------ C:\WINDOWS\system32\bfgm.exe
2007-12-19 21:09 . 2007-12-19 21:09 1,635 --a------ C:\WINDOWS\system32\gkdinsmb.exe
2007-12-19 21:09 . 2007-12-19 21:09 1,635 --a------ C:\WINDOWS\system32\ajlkvmqc.exe
2007-12-19 20:52 . 2007-12-19 20:52 1,635 --a------ C:\WINDOWS\system32\texk.exe
2007-12-19 20:52 . 2007-12-19 20:52 1,635 --a------ C:\WINDOWS\system32\slfwqois.exe
2007-12-19 20:11 . 2007-12-19 20:11 118 --a------ C:\WINDOWS\system32\ysryk.bat
2007-12-19 20:10 . 2007-12-19 20:10 0 --ah----- C:\WINDOWS\system32\nnzl.exe
2007-12-19 19:00 . 2007-12-19 19:00 127 --a------ C:\WINDOWS\system32\kydky.bat
2007-12-19 19:00 . 2007-12-19 19:00 126 --a------ C:\WINDOWS\system32\thjo.bat
2007-12-19 19:00 . 2007-12-19 19:00 123 --a------ C:\WINDOWS\system32\ngknuci.bat
2007-12-19 18:56 . 2007-12-19 18:56 1,635 --a------ C:\WINDOWS\system32\ppbqo.exe
2007-12-19 18:43 . 2007-12-19 18:43 244 --ah----- C:\sqmnoopt05.sqm
2007-12-19 18:43 . 2007-12-19 18:43 232 --ah----- C:\sqmdata05.sqm
2007-12-19 18:39 . 2007-12-19 18:39 1,635 --a------ C:\WINDOWS\system32\hqlnopib.exe
2007-12-19 18:39 . 2007-12-19 18:39 1,635 --a------ C:\WINDOWS\system32\devdmwws.exe
2007-12-19 18:32 . 2007-12-19 18:32 244 --ah----- C:\sqmnoopt04.sqm
2007-12-19 18:32 . 2007-12-19 18:32 232 --ah----- C:\sqmdata04.sqm
2007-12-19 18:31 . 2007-12-19 18:31 1,635 --a------ C:\WINDOWS\system32\zsmvmr.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-31 14:52 --------- d-----w C:\Documents and Settings\Alex\Application Data\Free Download Manager
2007-12-31 11:19 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-12-30 16:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-30 13:50 --------- d-----w C:\Program Files\eMule
2007-12-29 22:57 --------- d-----w C:\Documents and Settings\Alex\Application Data\uTorrent
2007-12-26 17:08 147,968 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\MSConfig .exe
2007-12-23 17:16 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-12-22 10:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-20 19:03 --------- d-----w C:\Program Files\Navilog1
2007-12-19 11:37 134,656 ----a-w C:\WINDOWS\system32\sfc_os.dll
2007-12-17 19:16 --------- d-----w C:\Documents and Settings\Alex\Application Data\vlc
2007-12-15 23:25 12,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-12-15 19:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-30 17:39 --------- d-----w C:\Program Files\adslTV
2007-10-31 19:52 --------- d-----w C:\Program Files\Google
2007-10-31 17:28 39,424 ----a-w C:\WINDOWS\zipinst.exe
2007-10-20 09:31 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-10-10 18:44 18,312 ----a-w C:\Documents and Settings\Alex\Application Data\GDIPFONTCACHEV1.DAT
2007-07-31 17:31 65,273 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_07_31_13_38_26_small.dmp.zip
.

----a-w            79,224 2007-12-31 09:05:51  C:\Program Files\Alwil Software\Avast4\ashDisp .exe

----a-w            45,056 2007-12-22 16:04:25  C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon .exe

----a-w            68,856 2007-12-22 16:04:38  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe

----a-w         6,731,312 2007-12-22 11:00:41  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas        .exe

----a-w         6,731,312 2007-12-22 19:26:14  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe

----a-w           579,072 2007-12-22 16:06:09  C:\Program Files\Grisoft\AVG7\avgcc .exe

----a-w           146,432 2007-12-22 11:30:16  C:\Program Files\Grisoft\AVG7\avgw .exe

----a-w           267,048 2007-12-22 16:04:27  C:\Program Files\iTunes\iTunesHelper .exe

----a-w         1,077,277 2007-12-20 18:43:49  C:\Program Files\Messenger\msmsgs .exe

----a-w           698,864 2007-12-30 21:22:24  C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray .exe

----a-w           147,968 2007-12-26 17:08:11  C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\MSConfig .exe

----a-w            13,312 2007-12-30 10:22:40  C:\WINDOWS\system32\ctfmon .exe

((((((((((((((((((((((((((((( snapshot_2007-12-31_12.32.25.65 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-31 14:40:44 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4cc.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fcdafbcb-6ac5-40d9-b85d-4bc534050923}]
C:\WINDOWS\System32\gyxtwmcx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-28 13:00 13312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [ ]
"e072610c"="C:\WINDOWS\System32\waobglch.dll" [ ]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2001-08-28 13:00 147968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 13:00 13312]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 19:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\desmon]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dx7til]
dx7til.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efccbba]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfffgf]
khfffgf.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBCSTray]
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe

R0 SBHR;SBHR;C:\WINDOWS\System32\drivers\sbhr.sys [2007-12-30 15:02]
R0 viasraid;viasraid;C:\WINDOWS\System32\DRIVERS\viasraid.sys [2003-06-12 17:31]
R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\System32\drivers\khips.sys [2007-04-26 10:21]
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\System32\DRIVERS\nvcap.sys [2003-09-08 13:52]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\System32\DRIVERS\NVxbar.sys [2003-09-08 13:52]
R2 SBAPIFS;CounterSpy Filter Driver;C:\WINDOWS\System32\Drivers\Sbapifs.sys [2007-12-30 17:57]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2001-08-28 13:00]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-25 14:43:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-31 11:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2007-12-28 16:29:03 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-31 15:53:38
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-31 15:55:13
C:\qoobox\ComboFix-quarantined-files.txt 2007-12-31 14:55:06
C:\qoobox\ComboFix2.txt 2007-12-31 11:33:23
C:\qoobox\ComboFix3.txt 2007-12-20 19:10:33
.
2007-12-22 10:27:53 --- E O F ---

| Alerter

Répondre à angel-theparasite

Angeldark

31 Décembre 2007 15:43:40

Re,

[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

File::
C:\WINDOWS\system32\RCX15.tmp
C:\WINDOWS\system32\RCX14.tmp
C:\WINDOWS\system32\RCX10.tmp
C:\WINDOWS\system32\RCXD.tmp
C:\WINDOWS\system32\hclgboaw.ini
C:\WINDOWS\system32\RCX19.tmp
C:\WINDOWS\system32\RCX13.tmp
C:\WINDOWS\system32\RCX12.tmp
C:\WINDOWS\system32\RCX11.tmp
C:\WINDOWS\system32\RCXB.tmp
C:\WINDOWS\system32\RCXA.tmp
C:\WINDOWS\system32\RCXF.tmp
C:\WINDOWS\system32\RCXC.tmp
C:\WINDOWS\system32\RCX8.tmp
C:\upload_moi.tar
C:\WINDOWS\system32\khyd.exe
C:\WINDOWS\system32\bya.exe
C:\WINDOWS\system32\sdbdmau.exe
C:\WINDOWS\system32\kifyptv.exe
C:\WINDOWS\system32\rybeul.exe
C:\WINDOWS\system32\vqmepih.exe
C:\WINDOWS\system32\hauoyq.exe
C:\WINDOWS\system32\wjmq.exe
C:\WINDOWS\system32\iixsvf.exe
C:\WINDOWS\system32\wrozlopw.exe
C:\WINDOWS\system32\bfgm.exe
C:\WINDOWS\system32\gkdinsmb.exe
C:\WINDOWS\system32\ajlkvmqc.exe
C:\WINDOWS\system32\texk.exe
C:\WINDOWS\system32\slfwqois.exe
C:\WINDOWS\system32\ysryk.bat
C:\WINDOWS\system32\nnzl.exe
C:\WINDOWS\system32\kydky.bat
C:\WINDOWS\system32\thjo.bat
C:\WINDOWS\system32\ngknuci.bat
C:\WINDOWS\system32\ppbqo.exe
C:\WINDOWS\system32\hqlnopib.exe
C:\WINDOWS\system32\devdmwws.exe
C:\WINDOWS\system32\zsmvmr.exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fcdafbcb-6ac5-40d9-b85d-4bc534050923}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"e072610c"=-

Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]

&

Glisse maintenant le fichier Log.txt dans RenV.exe comme ci-dessous :

Cela va relancer RenV, poste le contenu du nouveau rapport Log.txt.

| Alerter

Répondre à Angeldark

angel-theparasite

1 Janvier 2008 12:35:31

Bonjour a toi et BONNE ANNEE !!!

Voici le rapport de combofix :

ComboFix 07-12-31.4 - Alex 2008-01-01 13:21:52.6 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.252 [GMT 1:00]
Running from: C:\Documents and Settings\Alex\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Alex\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\upload_moi.tar
C:\WINDOWS\system32\ajlkvmqc.exe
C:\WINDOWS\system32\bfgm.exe
C:\WINDOWS\system32\bya.exe
C:\WINDOWS\system32\devdmwws.exe
C:\WINDOWS\system32\gkdinsmb.exe
C:\WINDOWS\system32\hauoyq.exe
C:\WINDOWS\system32\hclgboaw.ini
C:\WINDOWS\system32\hqlnopib.exe
C:\WINDOWS\system32\iixsvf.exe
C:\WINDOWS\system32\khyd.exe
C:\WINDOWS\system32\kifyptv.exe
C:\WINDOWS\system32\kydky.bat
C:\WINDOWS\system32\ngknuci.bat
C:\WINDOWS\system32\nnzl.exe
C:\WINDOWS\system32\ppbqo.exe
C:\WINDOWS\system32\RCX10.tmp
C:\WINDOWS\system32\RCX11.tmp
C:\WINDOWS\system32\RCX12.tmp
C:\WINDOWS\system32\RCX13.tmp
C:\WINDOWS\system32\RCX14.tmp
C:\WINDOWS\system32\RCX15.tmp
C:\WINDOWS\system32\RCX19.tmp
C:\WINDOWS\system32\RCX8.tmp
C:\WINDOWS\system32\RCXA.tmp
C:\WINDOWS\system32\RCXB.tmp
C:\WINDOWS\system32\RCXC.tmp
C:\WINDOWS\system32\RCXD.tmp
C:\WINDOWS\system32\RCXF.tmp
C:\WINDOWS\system32\rybeul.exe
C:\WINDOWS\system32\sdbdmau.exe
C:\WINDOWS\system32\slfwqois.exe
C:\WINDOWS\system32\texk.exe
C:\WINDOWS\system32\thjo.bat
C:\WINDOWS\system32\vqmepih.exe
C:\WINDOWS\system32\wjmq.exe
C:\WINDOWS\system32\wrozlopw.exe
C:\WINDOWS\system32\ysryk.bat
C:\WINDOWS\system32\zsmvmr.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-12-01 to 2008-01-01 ))))))))))))))))))))))))))))))))))))
.

2007-12-31 12:20 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-30 17:52 . 2007-12-30 17:52 335,360 --a------ C:\WINDOWS\system32\RCX16.tmp
2007-12-30 16:47 . 2007-12-30 16:47 <REP> d-------- C:\Program Files\Trend Micro
2007-12-30 15:02 . 2007-12-30 17:57 54,584 --a------ C:\WINDOWS\system32\drivers\sbapifs.sys
2007-12-30 15:02 . 2007-12-30 15:02 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2007-12-30 15:01 . 2007-12-30 15:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2007-12-30 15:01 . 2007-12-30 15:01 <REP> d-------- C:\Documents and Settings\Alex\Application Data\Sunbelt Software
2007-12-29 16:38 . 2007-12-29 16:38 67 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2007-12-28 23:18 . 2007-12-28 23:18 <REP> d-------- C:\Program Files\Comptes et Budget Free V5.0
2007-12-28 23:18 . 2007-12-28 23:18 <REP> d-------- C:\Documents and Settings\Alex\Application Data\AlauxSoft
2007-12-27 13:18 . 2007-12-30 15:00 <REP> d-------- C:\Program Files\Sunbelt Software
2007-12-25 19:31 . 2007-12-25 19:31 8,192 --ahs---- C:\WINDOWS\system32\Thumbs.db
2007-12-25 16:43 . 2006-03-16 11:19 54,960 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2007-12-25 16:43 . 2007-12-25 16:53 41,201 --a------ C:\WINDOWS\system32\vsconfig.xml
2007-12-23 23:37 . 2007-12-23 23:37 <REP> d-------- C:\Program Files\Freeplayer-Win32-20070531
2007-12-23 18:38 . 2007-12-23 18:38 0 --a------ C:\WINDOWS\system32\inflist.dat
2007-12-23 18:37 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-12-23 18:37 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-23 18:37 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-23 18:37 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-23 18:37 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-23 18:37 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-23 18:37 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-23 18:37 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-23 18:26 . 2007-12-23 18:26 335,360 --a------ C:\WINDOWS\system32\RCXE.tmp
2007-12-23 18:24 . 2007-12-23 18:24 <REP> d-------- C:\Documents and Settings\Alex\Application Data\Comodo
2007-12-23 18:18 . 2007-12-23 18:18 <REP> d-------- C:\Program Files\Trustix
2007-12-23 18:18 . 2006-05-03 12:09 73,728 --a------ C:\WINDOWS\system32\CavEmLSP.dll
2007-12-23 18:17 . 2007-12-23 18:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-12-23 18:16 . 2007-12-23 18:16 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-12-23 17:06 . 2007-12-23 17:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-12-23 17:01 . 2007-12-23 17:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-23 16:35 . 2007-12-23 16:35 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-23 11:56 . 2007-12-23 11:56 268 --ah----- C:\sqmdata08.sqm
2007-12-23 11:56 . 2007-12-23 11:56 244 --ah----- C:\sqmnoopt08.sqm
2007-12-22 11:19 . 2002-11-14 20:43 221,184 --a------ C:\WINDOWS\system32\srrstr.dll
2007-12-22 11:19 . 2002-11-14 20:43 221,184 --a--c--- C:\WINDOWS\system32\dllcache\srrstr.dll
2007-12-22 11:18 . 2007-12-22 11:18 <REP> d-------- C:\Program Files\MSXML 4.0
2007-12-20 23:51 . 2007-12-20 23:51 73 --a------ C:\WINDOWS\system32\i
2007-12-20 21:09 . 2007-12-23 17:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-20 20:58 . 2004-07-01 23:08 360,960 --a--c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2007-12-20 20:58 . 2004-07-01 23:08 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2007-12-20 20:58 . 2004-07-01 23:08 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-12-20 20:58 . 2004-07-01 23:08 17,408 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2007-12-20 20:58 . 2004-07-01 23:08 7,680 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2007-12-20 20:58 . 2004-07-01 23:08 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-12-20 20:58 . 2004-07-01 23:08 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2007-12-20 20:58 . 2004-07-01 23:08 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-12-20 20:53 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2007-12-20 20:53 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-12-20 20:53 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-12-20 20:53 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2007-12-20 13:19 . 2007-12-20 13:19 244 --ah----- C:\sqmnoopt07.sqm
2007-12-20 13:19 . 2007-12-20 13:19 232 --ah----- C:\sqmdata07.sqm
2007-12-20 13:02 . 2007-12-20 13:02 244 --ah----- C:\sqmnoopt06.sqm
2007-12-20 13:02 . 2007-12-20 13:02 232 --ah----- C:\sqmdata06.sqm
2007-12-20 07:42 . 2007-12-30 11:22 13,312 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-19 18:43 . 2007-12-19 18:43 244 --ah----- C:\sqmnoopt05.sqm
2007-12-19 18:43 . 2007-12-19 18:43 232 --ah----- C:\sqmdata05.sqm
2007-12-19 18:32 . 2007-12-19 18:32 244 --ah----- C:\sqmnoopt04.sqm
2007-12-19 18:32 . 2007-12-19 18:32 232 --ah----- C:\sqmdata04.sqm
2007-12-19 18:31 . 2007-12-19 18:31 1,635 --a------ C:\WINDOWS\system32\qcfknick.exe
2007-12-19 18:30 . 2007-12-19 18:30 1,635 --a------ C:\WINDOWS\system32\nhrdqdgi.exe
2007-12-19 18:30 . 2007-12-19 18:30 129 --a------ C:\WINDOWS\system32\khtqtcn.bat
2007-12-19 18:24 . 2007-12-19 18:24 244 --ah----- C:\sqmnoopt03.sqm
2007-12-19 18:24 . 2007-12-19 18:24 232 --ah----- C:\sqmdata03.sqm
2007-12-19 18:23 . 2007-12-19 18:23 1,635 --a------ C:\WINDOWS\system32\pzwvfj.exe
2007-12-19 18:19 . 2007-12-19 18:19 1,635 --a------ C:\WINDOWS\system32\kwjuy.exe
2007-12-19 18:11 . 2007-12-19 18:11 244 --ah----- C:\sqmnoopt02.sqm
2007-12-19 18:11 . 2007-12-19 18:11 232 --ah----- C:\sqmdata02.sqm
2007-12-18 17:37 . 2007-12-19 18:50 <REP> d-------- C:\Program Files\Freeplayer(2)
2007-12-16 19:50 . 2007-12-16 19:50 <REP> d-------- C:\Program Files\Maxis
2007-12-15 17:36 . 2007-12-26 18:32 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-15 17:36 . 2007-12-15 17:36 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-13 19:52 . 2007-12-16 15:58 764 --a------ C:\WINDOWS\eReg.dat
2007-12-10 21:21 . 2007-12-10 21:21 <REP> d-------- C:\Program Files\Elaborate Bytes
2007-12-09 22:31 . 2003-05-30 09:00 1,962,496 --a------ C:\WINDOWS\system32\quartz.dll
2007-12-09 14:32 . 2007-12-09 14:32 <REP> d-------- C:\Documents and Settings\Alex\Application Data\Snapfish
2007-12-08 17:59 . 2007-12-08 17:59 <REP> d-------- C:\Program Files\iPod
2007-12-08 17:59 . 2007-12-15 17:37 <REP> d-------- C:\Documents and Settings\Alex\Application Data\Apple Computer
2007-12-08 17:58 . 2007-12-31 12:27 <REP> d-------- C:\Program Files\iTunes
2007-12-08 17:57 . 2007-12-31 12:27 <REP> d-------- C:\Program Files\QuickTime
2007-12-08 17:57 . 2007-12-08 17:57 <REP> d-------- C:\Program Files\Apple Software Update
2007-12-08 17:57 . 2007-12-08 17:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-08 17:57 . 2007-12-08 17:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-06 22:10 . 2007-12-20 07:31 <REP> d-------- C:\Program Files\Spyware Doctor
2007-12-06 22:10 . 2007-12-06 22:10 <REP> d-------- C:\Documents and Settings\Alex\Application Data\PC Tools
2007-12-06 22:10 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-06 22:10 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-06 22:10 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-06 22:10 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-05 07:33 . 2007-12-05 07:33 37,473 --a------ C:\WINDOWS\system32\muzika.xm
2007-12-02 20:34 . 2007-12-02 20:34 <REP> d-------- C:\Program Files\DivX

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-31 17:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-31 14:56 --------- d-----w C:\Documents and Settings\Alex\Application Data\Free Download Manager
2007-12-31 11:19 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-12-30 16:20 --------- d-----w C:\Program Files\ViOrb
2007-12-30 13:50 --------- d-----w C:\Program Files\eMule
2007-12-29 22:57 --------- d-----w C:\Documents and Settings\Alex\Application Data\uTorrent
2007-12-26 17:08 147,968 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\MSConfig .exe
2007-12-23 17:16 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-12-22 10:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-20 19:03 --------- d-----w C:\Program Files\Navilog1
2007-12-19 11:37 134,656 ----a-w C:\WINDOWS\system32\sfc_os.dll
2007-12-17 19:16 --------- d-----w C:\Documents and Settings\Alex\Application Data\vlc
2007-12-15 23:25 12,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-12-15 19:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-30 17:39 --------- d-----w C:\Program Files\adslTV
2007-11-16 12:20 --------- d-----w C:\Program Files\SopCast
2007-11-10 12:54 15,872 ------w C:\WINDOWS\system32\winskfr.dll
2007-11-05 06:52 --------- d-----w C:\Program Files\Maïdo Production
2007-11-05 06:52 --------- d-----w C:\Program Files\Common~1
2007-11-04 10:07 --------- d-----w C:\Documents and Settings\Alex\Application Data\MechCAD
2007-10-31 17:28 39,424 ----a-w C:\WINDOWS\zipinst.exe
2007-10-20 09:31 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-10-10 18:44 18,312 ----a-w C:\Documents and Settings\Alex\Application Data\GDIPFONTCACHEV1.DAT
2007-07-31 17:31 65,273 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_07_31_13_38_26_small.dmp.zip
.

----a-w            79,224 2007-12-31 09:05:51  C:\Program Files\Alwil Software\Avast4\ashDisp .exe

----a-w            45,056 2007-12-22 16:04:25  C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon .exe

----a-w            68,856 2007-12-22 16:04:38  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe

----a-w         6,731,312 2007-12-22 11:00:41  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas        .exe

----a-w         6,731,312 2007-12-22 19:26:14  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe

----a-w           579,072 2007-12-22 16:06:09  C:\Program Files\Grisoft\AVG7\avgcc .exe

----a-w           146,432 2007-12-22 11:30:16  C:\Program Files\Grisoft\AVG7\avgw .exe

----a-w           267,048 2007-12-22 16:04:27  C:\Program Files\iTunes\iTunesHelper .exe

----a-w         1,077,277 2007-12-20 18:43:49  C:\Program Files\Messenger\msmsgs .exe

----a-w           698,864 2007-12-30 21:22:24  C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray .exe

----a-w           147,968 2007-12-26 17:08:11  C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\MSConfig .exe

----a-w            13,312 2007-12-30 10:22:40  C:\WINDOWS\system32\ctfmon .exe

((((((((((((((((((((((((((((( snapshot_2007-12-31_12.32.25.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-31 11:21:51 270,336 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2008-01-01 12:08:30 270,336 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2008-01-01 12:16:57 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4b8.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-28 13:00 13312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 13:00 13312]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 19:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\desmon]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dx7til]
dx7til.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efccbba]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfffgf]
khfffgf.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBCSTray]
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe

R0 SBHR;SBHR;C:\WINDOWS\System32\drivers\sbhr.sys [2007-12-30 15:02]
R0 viasraid;viasraid;C:\WINDOWS\System32\DRIVERS\viasraid.sys [2003-06-12 17:31]
R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\System32\drivers\khips.sys [2007-04-26 10:21]
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\System32\DRIVERS\nvcap.sys [2003-09-08 13:52]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\System32\DRIVERS\NVxbar.sys [2003-09-08 13:52]
R2 SBAPIFS;CounterSpy Filter Driver;C:\WINDOWS\System32\Drivers\Sbapifs.sys [2007-12-30 17:57]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2001-08-28 13:00]
S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-25 14:43:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-31 15:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2007-12-28 16:29:03 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-01 13:25:27
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-01 13:26:53
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-01 12:26:47
C:\qoobox\ComboFix2.txt 2007-12-31 11:33:23
C:\qoobox\ComboFix3.txt 2007-12-20 19:10:33
.
2008-01-01 11:34:47 --- E O F ---

| Alerter

Répondre à angel-theparasite

angel-theparasite

1 Janvier 2008 12:36:26

Ci joit le rapport Hisjackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:28:31, on 01/01/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger les tous avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{83AAB61E-ED3D-426F-AF5F-CD046D755757}: NameServer = 212.27.54.252,212.27.53.252
O20 - Winlogon Notify: desmon - C:\WINDOWS\
O20 - Winlogon Notify: dx7til - dx7til.dll (file missing)
O20 - Winlogon Notify: efccbba - C:\WINDOWS\
O20 - Winlogon Notify: khfffgf - khfffgf.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

--
End of file - 5885 bytes

| Alerter

Répondre à angel-theparasite

angel-theparasite

1 Janvier 2008 12:37:56

En revanche j'ai rencontré un souci lors de l'application de renv.exe !
J'ai gliséé le fichier log.txt comme tu l'avais dit
le programme renv.exe s'est lancé et au cours du processus il me dit qu'il manque une extenseion d'application .dll et que je devais le trouvé avec l'onglet OUVRIR AVEC
mais je sais pas du tout ce que c'est !

| Alerter

Répondre à angel-theparasite

Angeldark

1 Janvier 2008 13:14:21

Quelle .dll ?

| Alerter

Répondre à Angeldark

angel-theparasite

1 Janvier 2008 13:33:46

et je sais pas justement !

| Alerter

Répondre à angel-theparasite

Angeldark

1 Janvier 2008 13:48:07

Refais un scan Combofix pour voir.
Je faire une recherche de mon côté.

| Alerter

Répondre à Angeldark

angel-theparasite

1 Janvier 2008 14:07:09

Voici le rapport de combofix come tu me l'as demandé :

ComboFix 07-12-31.4 - Alex 2008-01-01 14:57:23.7 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.307 [GMT 1:00]
Running from: C:\Documents and Settings\Alex\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-12-01 to 2008-01-01 ))))))))))))))))))))))))))))))))))))
.

2008-01-01 14:57 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 14:25 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-01 13:29 . 2008-01-01 13:32 98,816 --a------ C:\sed.exe
2008-01-01 13:29 . 2008-01-01 13:33 48,677 --a------ C:\temp00.cmd
2008-01-01 13:29 . 2008-01-01 13:32 27,136 --a------ C:\nircmd.exe
2008-01-01 13:29 . 2008-01-01 13:33 16,779 --a------ C:\temp00
2007-12-30 16:47 . 2007-12-30 16:47 <REP> d-------- C:\Program Files\Trend Micro
2007-12-30 15:02 . 2007-12-30 17:57 54,584 --a------ C:\WINDOWS\system32\drivers\sbapifs.sys
2007-12-30 15:02 . 2007-12-30 15:02 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2007-12-30 15:01 . 2007-12-30 15:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2007-12-30 15:01 . 2007-12-30 15:01 <REP> d-------- C:\Documents and Settings\Alex\Application Data\Sunbelt Software
2007-12-29 16:38 . 2007-12-29 16:38 67 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2007-12-28 23:18 . 2007-12-28 23:18 <REP> d-------- C:\Program Files\Comptes et Budget Free V5.0
2007-12-28 23:18 . 2007-12-28 23:18 <REP> d-------- C:\Documents and Settings\Alex\Application Data\AlauxSoft
2007-12-27 13:18 . 2007-12-30 15:00 <REP> d-------- C:\Program Files\Sunbelt Software
2007-12-25 19:31 . 2007-12-25 19:31 8,192 --ahs---- C:\WINDOWS\system32\Thumbs.db
2007-12-25 16:43 . 2006-03-16 11:19 54,960 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2007-12-25 16:43 . 2007-12-25 16:53 41,201 --a------ C:\WINDOWS\system32\vsconfig.xml
2007-12-23 23:37 . 2007-12-23 23:37 <REP> d-------- C:\Program Files\Freeplayer-Win32-20070531
2007-12-23 18:38 . 2007-12-23 18:38 0 --a------ C:\WINDOWS\system32\inflist.dat
2007-12-23 18:37 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-23 18:37 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-23 18:37 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-23 18:37 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-23 18:37 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-23 18:37 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-23 18:37 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-23 18:24 . 2007-12-23 18:24 <REP> d-------- C:\Documents and Settings\Alex\Application Data\Comodo
2007-12-23 18:18 . 2007-12-23 18:18 <REP> d-------- C:\Program Files\Trustix
2007-12-23 18:18 . 2006-05-03 12:09 73,728 --a------ C:\WINDOWS\system32\CavEmLSP.dll
2007-12-23 18:17 . 2007-12-23 18:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-12-23 18:16 . 2007-12-23 18:16 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-12-23 17:06 . 2007-12-23 17:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-12-23 17:01 . 2007-12-23 17:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-23 16:35 . 2007-12-23 16:35 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-23 11:56 . 2007-12-23 11:56 268 --ah----- C:\sqmdata08.sqm
2007-12-23 11:56 . 2007-12-23 11:56 244 --ah----- C:\sqmnoopt08.sqm
2007-12-22 11:19 . 2002-11-14 20:43 221,184 --a------ C:\WINDOWS\system32\srrstr.dll
2007-12-22 11:19 . 2002-11-14 20:43 221,184 --a--c--- C:\WINDOWS\system32\dllcache\srrstr.dll
2007-12-22 11:18 . 2007-12-22 11:18 <REP> d-------- C:\Program Files\MSXML 4.0
2007-12-20 23:51 . 2007-12-20 23:51 73 --a------ C:\WINDOWS\system32\i
2007-12-20 21:09 . 2007-12-23 17:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-20 20:58 . 2004-07-01 23:08 360,960 --a--c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2007-12-20 20:58 . 2004-07-01 23:08 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2007-12-20 20:58 . 2004-07-01 23:08 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-12-20 20:58 . 2004-07-01 23:08 17,408 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2007-12-20 20:58 . 2004-07-01 23:08 7,680 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2007-12-20 20:58 . 2004-07-01 23:08 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-12-20 20:58 . 2004-07-01 23:08 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2007-12-20 20:58 . 2004-07-01 23:08 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-12-20 20:53 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2007-12-20 20:53 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-12-20 20:53 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-12-20 20:53 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2007-12-20 13:19 . 2007-12-20 13:19 244 --ah----- C:\sqmnoopt07.sqm
2007-12-20 13:19 . 2007-12-20 13:19 232 --ah----- C:\sqmdata07.sqm
2007-12-20 13:02 . 2007-12-20 13:02 244 --ah----- C:\sqmnoopt06.sqm
2007-12-20 13:02 . 2007-12-20 13:02 232 --ah----- C:\sqmdata06.sqm
2007-12-20 07:42 . 2007-12-30 11:22 13,312 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-19 18:43 . 2007-12-19 18:43 244 --ah----- C:\sqmnoopt05.sqm
2007-12-19 18:43 . 2007-12-19 18:43 232 --ah----- C:\sqmdata05.sqm
2007-12-19 18:32 . 2007-12-19 18:32 244 --ah----- C:\sqmnoopt04.sqm
2007-12-19 18:32 . 2007-12-19 18:32 232 --ah----- C:\sqmdata04.sqm
2007-12-19 18:31 . 2007-12-19 18:31 1,635 --a------ C:\WINDOWS\system32\qcfknick.exe
2007-12-19 18:30 . 2007-12-19 18:30 1,635 --a------ C:\WINDOWS\system32\nhrdqdgi.exe
2007-12-19 18:30 . 2007-12-19 18:30 129 --a------ C:\WINDOWS\system32\khtqtcn.bat
2007-12-19 18:24 . 2007-12-19 18:24 244 --ah----- C:\sqmnoopt03.sqm
2007-12-19 18:24 . 2007-12-19 18:24 232 --ah----- C:\sqmdata03.sqm
2007-12-19 18:23 . 2007-12-19 18:23 1,635 --a------ C:\WINDOWS\system32\pzwvfj.exe
2007-12-19 18:19 . 2007-12-19 18:19 1,635 --a------ C:\WINDOWS\system32\kwjuy.exe
2007-12-19 18:11 . 2007-12-19 18:11 244 --ah----- C:\sqmnoopt02.sqm
2007-12-19 18:11 . 2007-12-19 18:11 232 --ah----- C:\sqmdata02.sqm
2007-12-18 17:37 . 2007-12-19 18:50 <REP> d-------- C:\Program Files\Freeplayer(2)
2007-12-16 19:50 . 2007-12-16 19:50 <REP> d-------- C:\Program Files\Maxis
2007-12-15 17:36 . 2007-12-26 18:32 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-15 17:36 . 2007-12-15 17:36 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-13 19:52 . 2007-12-16 15:58 764 --a------ C:\WINDOWS\eReg.dat
2007-12-10 21:21 . 2007-12-10 21:21 <REP> d-------- C:\Program Files\Elaborate Bytes
2007-12-09 22:31 . 2003-05-30 09:00 1,962,496 --a------ C:\WINDOWS\system32\quartz.dll
2007-12-09 14:32 . 2007-12-09 14:32 <REP> d-------- C:\Documents and Settings\Alex\Application Data\Snapfish
2007-12-08 17:59 . 2007-12-08 17:59 <REP> d-------- C:\Program Files\iPod
2007-12-08 17:59 . 2007-12-15 17:37 <REP> d-------- C:\Documents and Settings\Alex\Application Data\Apple Computer
2007-12-08 17:58 . 2007-12-31 12:27 <REP> d-------- C:\Program Files\iTunes
2007-12-08 17:57 . 2007-12-31 12:27 <REP> d-------- C:\Program Files\QuickTime
2007-12-08 17:57 . 2007-12-08 17:57 <REP> d-------- C:\Program Files\Apple Software Update
2007-12-08 17:57 . 2007-12-08 17:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-08 17:57 . 2007-12-08 17:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-06 22:10 . 2007-12-20 07:31 <REP> d-------- C:\Program Files\Spyware Doctor
2007-12-06 22:10 . 2007-12-06 22:10 <REP> d-------- C:\Documents and Settings\Alex\Application Data\PC Tools
2007-12-06 22:10 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-06 22:10 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-06 22:10 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-06 22:10 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-05 07:33 . 2007-12-05 07:33 37,473 --a------ C:\WINDOWS\system32\muzika.xm
2007-12-02 20:34 . 2007-12-02 20:34 <REP> d-------- C:\Program Files\DivX

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-01 13:57 --------- d-----w C:\Documents and Settings\Alex\Application Data\Free Download Manager
2008-01-01 13:45 --------- d-----w C:\Program Files\eMule
2008-01-01 13:10 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-12-31 17:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-30 16:20 --------- d-----w C:\Program Files\ViOrb
2007-12-29 22:57 --------- d-----w C:\Documents and Settings\Alex\Application Data\uTorrent
2007-12-26 17:08 147,968 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\MSConfig .exe
2007-12-23 17:16 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-12-22 10:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-20 19:03 --------- d-----w C:\Program Files\Navilog1
2007-12-19 11:37 134,656 ----a-w C:\WINDOWS\system32\sfc_os.dll
2007-12-17 19:16 --------- d-----w C:\Documents and Settings\Alex\Application Data\vlc
2007-12-15 23:25 12,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-12-15 19:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-30 17:39 --------- d-----w C:\Program Files\adslTV
2007-11-16 12:20 --------- d-----w C:\Program Files\SopCast
2007-11-10 12:54 15,872 ------w C:\WINDOWS\system32\winskfr.dll
2007-11-05 06:52 --------- d-----w C:\Program Files\Maïdo Production
2007-11-05 06:52 --------- d-----w C:\Program Files\Common~1
2007-11-04 10:07 --------- d-----w C:\Documents and Settings\Alex\Application Data\MechCAD
2007-10-31 17:28 39,424 ----a-w C:\WINDOWS\zipinst.exe
2007-10-20 09:31 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-10-10 18:44 18,312 ----a-w C:\Documents and Settings\Alex\Application Data\GDIPFONTCACHEV1.DAT
2007-07-31 17:31 65,273 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_07_31_13_38_26_small.dmp.zip
.

----a-w            79,224 2007-12-31 09:05:51  C:\Program Files\Alwil Software\Avast4\ashDisp .exe

----a-w            45,056 2007-12-22 16:04:25  C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon .exe

----a-w            68,856 2007-12-22 16:04:38  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe

----a-w         6,731,312 2007-12-22 11:00:41  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas        .exe

----a-w         6,731,312 2007-12-22 19:26:14  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe

----a-w           579,072 2007-12-22 16:06:09  C:\Program Files\Grisoft\AVG7\avgcc .exe

----a-w           146,432 2007-12-22 11:30:16  C:\Program Files\Grisoft\AVG7\avgw .exe

----a-w           267,048 2007-12-22 16:04:27  C:\Program Files\iTunes\iTunesHelper .exe

----a-w         1,077,277 2007-12-20 18:43:49  C:\Program Files\Messenger\msmsgs .exe

----a-w           698,864 2007-12-30 21:22:24  C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray .exe

----a-w           147,968 2007-12-26 17:08:11  C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\MSConfig .exe

----a-w            13,312 2007-12-30 10:22:40  C:\WINDOWS\system32\ctfmon .exe

((((((((((((((((((((((((((((( snapshot_2007-12-31_12.32.25.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-31 11:21:51 270,336 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2008-01-01 12:08:30 270,336 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2008-01-01 13:25:28 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4b8.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-28 13:00 13312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 13:00 13312]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 19:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\desmon]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dx7til]
dx7til.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efccbba]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfffgf]
khfffgf.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBCSTray]
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe

R0 SBHR;SBHR;C:\WINDOWS\System32\drivers\sbhr.sys [2007-12-30 15:02]
R0 viasraid;viasraid;C:\WINDOWS\System32\DRIVERS\viasraid.sys [2003-06-12 17:31]
R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\System32\drivers\khips.sys [2007-04-26 10:21]
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\System32\DRIVERS\nvcap.sys [2003-09-08 13:52]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\System32\DRIVERS\NVxbar.sys [2003-09-08 13:52]
R2 SBAPIFS;CounterSpy Filter Driver;C:\WINDOWS\System32\Drivers\Sbapifs.sys [2007-12-30 17:57]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2001-08-28 13:00]
S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-25 14:43:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-31 15:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2007-12-28 16:29:03 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-01 15:01:21
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-01 15:02:49
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-01 14:02:43
C:\qoobox\ComboFix2.txt 2008-01-01 12:26:55
C:\qoobox\ComboFix3.txt 2007-12-31 11:33:23
C:\qoobox\ComboFix4.txt 2007-12-20 19:10:33
.
2008-01-01 11:34:47 --- E O F ---

| Alerter

Répondre à angel-theparasite

Angeldark

1 Janvier 2008 14:15:22

Analyse le fichier suivant sur VirusTotal puis poste le rapport :
C:\nircmd.exe

| Alerter

Répondre à Angeldark

angel-theparasite

1 Janvier 2008 14:51:40

Voici le lien du rapport concernant ce fichier :

http://www.virustotal.com/fr/analisis/5399597d7da699457...

| Alerter

Répondre à angel-theparasite

Angeldark

1 Janvier 2008 15:27:33

Ok, on va supprimer.

[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

File::
C:\nircmd.exe
C:\WINDOWS\system32\qcfknick.exe
C:\WINDOWS\system32\nhrdqdgi.exe
C:\WINDOWS\system32\pzwvfj.exe
C:\WINDOWS\system32\kwjuy.exe

Folder::
C:\WINDOWS\system32\i

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dx7til] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efccbba]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfffgf]

Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]

| Alerter

Répondre à Angeldark

angel-theparasite

2 Janvier 2008 06:45:53

Bonjour

Voici le rapport de combofix :

ComboFix 07-12-31.4 - Alex 2008-01-02 7:35:50.8 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.299 [GMT 1:00]
Running from: C:\Documents and Settings\Alex\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Alex\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\nircmd.exe
C:\WINDOWS\system32\kwjuy.exe
C:\WINDOWS\system32\nhrdqdgi.exe
C:\WINDOWS\system32\pzwvfj.exe
C:\WINDOWS\system32\qcfknick.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\nircmd.exe
C:\WINDOWS\system32\i\
C:\WINDOWS\system32\kwjuy.exe
C:\WINDOWS\system32\nhrdqdgi.exe
C:\WINDOWS\system32\pzwvfj.exe
C:\WINDOWS\system32\qcfknick.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-02 to 2008-01-02 ))))))))))))))))))))))))))))))))))))
.

2008-01-02 07:24 . 2008-01-02 07:24 <REP> d-------- C:\WINDOWS\LastGood
2008-01-01 15:23 . 2008-01-01 15:23 <REP> d-------- C:\Program Files\Roxio
2008-01-01 15:23 . 2008-01-01 15:23 <REP> d-------- C:\Program Files\Fichiers communs\Roxio Shared
2008-01-01 15:23 . 2008-01-01 15:23 <REP> d-------- C:\Program Files\Fichiers communs\Adaptec Shared
2008-01-01 15:23 . 2008-01-01 15:23 62,288 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-01-01 15:23 . 2008-01-01 15:23 57,344 --a------ C:\WINDOWS\uneng.exe
2008-01-01 15:23 . 2008-01-01 15:23 49,152 --a------ C:\WINDOWS\system32\cdrtc.dll
2008-01-01 15:23 . 2008-01-01 15:23 45,056 --a------ C:\WINDOWS\system32\cdral.dll
2008-01-01 15:23 . 2008-01-01 15:23 23,436 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-01-01 14:57 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 14:25 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-01 13:29 . 2008-01-01 13:32 98,816 --a------ C:\sed.exe
2008-01-01 13:29 . 2008-01-01 13:33 48,677 --a------ C:\temp00.cmd
2008-01-01 13:29 . 2008-01-01 13:33 16,779 --a------ C:\temp00
2007-12-30 16:47 . 2007-12-30 16:47 <REP> d-------- C:\Program Files\Trend Micro
2007-12-30 15:02 . 2007-12-30 17:57 54,584 --a------ C:\WINDOWS\system32\drivers\sbapifs.sys
2007-12-30 15:02 . 2007-12-30 15:02 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2007-12-30 15:01 . 2007-12-30 15:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2007-12-30 15:01 . 2007-12-30 15:01 <REP> d-------- C:\Documents and Settings\Alex\Application Data\Sunbelt Software
2007-12-29 16:38 . 2007-12-29 16:38 67 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2007-12-28 23:18 . 2007-12-28 23:18 <REP> d-------- C:\Program Files\Comptes et Budget Free V5.0
2007-12-28 23:18 . 2007-12-28 23:18 <REP> d-------- C:\Documents and Settings\Alex\Application Data\AlauxSoft
2007-12-27 13:18 . 2007-12-30 15:00 <REP> d-------- C:\Program Files\Sunbelt Software
2007-12-25 19:31 . 2007-12-25 19:31 8,192 --ahs---- C:\WINDOWS\system32\Thumbs.db
2007-12-25 16:43 . 2006-03-16 11:19 54,960 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2007-12-25 16:43 . 2007-12-25 16:53 41,201 --a------ C:\WINDOWS\system32\vsconfig.xml
2007-12-23 23:37 . 2007-12-23 23:37 <REP> d-------- C:\Program Files\Freeplayer-Win32-20070531
2007-12-23 18:38 . 2007-12-23 18:38 0 --a------ C:\WINDOWS\system32\inflist.dat
2007-12-23 18:37 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-23 18:37 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-23 18:37 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-23 18:37 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-23 18:37 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-23 18:37 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-23 18:37 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-23 18:24 . 2007-12-23 18:24 <REP> d-------- C:\Documents and Settings\Alex\Application Data\Comodo
2007-12-23 18:18 . 2007-12-23 18:18 <REP> d-------- C:\Program Files\Trustix
2007-12-23 18:18 . 2006-05-03 12:09 73,728 --a------ C:\WINDOWS\system32\CavEmLSP.dll
2007-12-23 18:17 . 2007-12-23 18:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-12-23 18:16 . 2007-12-23 18:16 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-12-23 17:06 . 2007-12-23 17:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-12-23 17:01 . 2007-12-23 17:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-23 16:35 . 2007-12-23 16:35 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-23 11:56 . 2007-12-23 11:56 268 --ah----- C:\sqmdata08.sqm
2007-12-23 11:56 . 2007-12-23 11:56 244 --ah----- C:\sqmnoopt08.sqm
2007-12-22 11:19 . 2002-11-14 20:43 221,184 --a------ C:\WINDOWS\system32\srrstr.dll
2007-12-22 11:19 . 2002-11-14 20:43 221,184 --a--c--- C:\WINDOWS\system32\dllcache\srrstr.dll
2007-12-22 11:18 . 2007-12-22 11:18 <REP> d-------- C:\Program Files\MSXML 4.0
2007-12-20 23:51 . 2007-12-20 23:51 73 --a------ C:\WINDOWS\system32\i
2007-12-20 21:09 . 2007-12-23 17:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-20 20:58 . 2004-07-01 23:08 360,960 --a--c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2007-12-20 20:58 . 2004-07-01 23:08 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2007-12-20 20:58 . 2004-07-01 23:08 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-12-20 20:58 . 2004-07-01 23:08 17,408 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2007-12-20 20:58 . 2004-07-01 23:08 7,680 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2007-12-20 20:58 . 2004-07-01 23:08 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-12-20 20:58 . 2004-07-01 23:08 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2007-12-20 20:58 . 2004-07-01 23:08 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-12-20 20:53 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2007-12-20 20:53 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-12-20 20:53 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-12-20 20:53 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2007-12-20 13:19 . 2007-12-20 13:19 244 --ah----- C:\sqmnoopt07.sqm
2007-12-20 13:19 . 2007-12-20 13:19 232 --ah----- C:\sqmdata07.sqm
2007-12-20 13:02 . 2007-12-20 13:02 244 --ah----- C:\sqmnoopt06.sqm
2007-12-20 13:02 . 2007-12-20 13:02 232 --ah----- C:\sqmdata06.sqm
2007-12-20 07:42 . 2007-12-30 11:22 13,312 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-19 18:43 . 2007-12-19 18:43 244 --ah----- C:\sqmnoopt05.sqm
2007-12-19 18:43 . 2007-12-19 18:43 232 --ah----- C:\sqmdata05.sqm
2007-12-19 18:32 . 2007-12-19 18:32 244 --ah----- C:\sqmnoopt04.sqm
2007-12-19 18:32 . 2007-12-19 18:32 232 --ah----- C:\sqmdata04.sqm
2007-12-19 18:30 . 2007-12-19 18:30 129 --a------ C:\WINDOWS\system32\khtqtcn.bat
2007-12-19 18:24 . 2007-12-19 18:24 244 --ah----- C:\sqmnoopt03.sqm
2007-12-19 18:24 . 2007-12-19 18:24 232 --ah----- C:\sqmdata03.sqm
2007-12-19 18:11 . 2007-12-19 18:11 244 --ah----- C:\sqmnoopt02.sqm
2007-12-19 18:11 . 2007-12-19 18:11 232 --ah----- C:\sqmdata02.sqm
2007-12-18 17:37 . 2007-12-19 18:50 <REP> d-------- C:\Program Files\Freeplayer(2)
2007-12-16 19:50 . 2007-12-16 19:50 <REP> d-------- C:\Program Files\Maxis
2007-12-15 17:36 . 2007-12-26 18:32 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-15 17:36 . 2007-12-15 17:36 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-13 19:52 . 2007-12-16 15:58 764 --a------ C:\WINDOWS\eReg.dat
2007-12-10 21:21 . 2007-12-10 21:21 <REP> d-------- C:\Program Files\Elaborate Bytes
2007-12-09 22:31 . 2003-05-30 09:00 1,962,496 --a------ C:\WINDOWS\system32\quartz.dll
2007-12-09 14:32 . 2007-12-09 14:32 <REP> d-------- C:\Documents and Settings\Alex\Application Data\Snapfish
2007-12-08 17:59 . 2007-12-08 17:59 <REP> d-------- C:\Program Files\iPod
2007-12-08 17:59 . 2007-12-15 17:37 <REP> d-------- C:\Documents and Settings\Alex\Application Data\Apple Computer
2007-12-08 17:58 . 2007-12-31 12:27 <REP> d-------- C:\Program Files\iTunes
2007-12-08 17:57 . 2007-12-31 12:27 <REP> d-------- C:\Program Files\QuickTime
2007-12-08 17:57 . 2007-12-08 17:57 <REP> d-------- C:\Program Files\Apple Software Update
2007-12-08 17:57 . 2007-12-08 17:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-08 17:57 . 2007-12-08 17:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-06 22:10 . 2007-12-20 07:31 <REP> d-------- C:\Program Files\Spyware Doctor
2007-12-06 22:10 . 2007-12-06 22:10 <REP> d-------- C:\Documents and Settings\Alex\Application Data\PC Tools
2007-12-06 22:10 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-06 22:10 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-06 22:10 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-06 22:10 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-05 07:33 . 2007-12-05 07:33 37,473 --a------ C:\WINDOWS\system32\muzika.xm
2007-12-02 20:34 . 2007-12-02 20:34 <REP> d-------- C:\Program Files\DivX

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-02 06:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-02 06:24 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-01-01 15:17 --------- d-----w C:\Documents and Settings\Alex\Application Data\uTorrent
2008-01-01 14:46 --------- d-----w C:\Documents and Settings\Alex\Application Data\Free Download Manager
2008-01-01 14:16 --------- d-----w C:\Program Files\eMule
2007-12-30 16:20 --------- d-----w C:\Program Files\ViOrb
2007-12-26 17:08 147,968 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\MSConfig .exe
2007-12-23 17:16 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-12-22 10:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-20 19:03 --------- d-----w C:\Program Files\Navilog1
2007-12-19 11:37 134,656 ----a-w C:\WINDOWS\system32\sfc_os.dll
2007-12-17 19:16 --------- d-----w C:\Documents and Settings\Alex\Application Data\vlc
2007-12-15 23:25 12,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-12-15 19:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-30 17:39 --------- d-----w C:\Program Files\adslTV
2007-11-16 12:20 --------- d-----w C:\Program Files\SopCast
2007-11-10 12:54 15,872 ------w C:\WINDOWS\system32\winskfr.dll
2007-11-05 06:52 --------- d-----w C:\Program Files\Maïdo Production
2007-11-05 06:52 --------- d-----w C:\Program Files\Common~1
2007-11-04 10:07 --------- d-----w C:\Documents and Settings\Alex\Application Data\MechCAD
2007-10-31 17:28 39,424 ----a-w C:\WINDOWS\zipinst.exe
2007-10-20 09:31 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-10-10 18:44 18,312 ----a-w C:\Documents and Settings\Alex\Application Data\GDIPFONTCACHEV1.DAT
2007-07-31 17:31 65,273 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_07_31_13_38_26_small.dmp.zip
.

----a-w            79,224 2007-12-31 09:05:51  C:\Program Files\Alwil Software\Avast4\ashDisp .exe

----a-w            45,056 2007-12-22 16:04:25  C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon .exe

----a-w            68,856 2007-12-22 16:04:38  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe

----a-w         6,731,312 2007-12-22 11:00:41  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas        .exe

----a-w         6,731,312 2007-12-22 19:26:14  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe

----a-w           579,072 2007-12-22 16:06:09  C:\Program Files\Grisoft\AVG7\avgcc .exe

----a-w           146,432 2007-12-22 11:30:16  C:\Program Files\Grisoft\AVG7\avgw .exe

----a-w           267,048 2007-12-22 16:04:27  C:\Program Files\iTunes\iTunesHelper .exe

----a-w         1,077,277 2007-12-20 18:43:49  C:\Program Files\Messenger\msmsgs .exe

----a-w           698,864 2007-12-30 21:22:24  C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray .exe

----a-w           147,968 2007-12-26 17:08:11  C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\MSConfig .exe

----a-w            13,312 2007-12-30 10:22:40  C:\WINDOWS\system32\ctfmon .exe

((((((((((((((((((((((((((((( snapshot_2007-12-31_12.32.25.65 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-01 14:24:13 397,354 ----a-r C:\WINDOWS\Installer\{607CE53B-0999-4F3B-8FF1-DB1AA47548A8}\MGIShowServer.exe
+ 2008-01-01 14:24:13 3,638 ----a-r C:\WINDOWS\Installer\{607CE53B-0999-4F3B-8FF1-DB1AA47548A8}\PS_SE.exe
+ 2003-01-13 13:57:58 589,881 ----a-w C:\WINDOWS\LastGood\System32\dllcache\jscript.dll
+ 2003-01-13 13:57:58 589,881 ----a-w C:\WINDOWS\LastGood\System32\jscript.dll
- 2007-12-25 14:43:05 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-01-01 14:43:03 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-12-25 14:43:05 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-01-01 14:43:03 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2007-12-25 14:43:05 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-01 14:43:03 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-12-31 11:21:51 270,336 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2008-01-02 06:35:26 270,336 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
- 2007-09-28 17:48:12 116,560 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-01-02 06:22:18 130,888 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2000-04-26 12:34:56 39,424 ----a-w C:\WINDOWS\system32\JETCOMP.exe
+ 2000-04-26 12:34:44 344,064 ----a-w C:\WINDOWS\system32\msexch35.dll
+ 2000-04-26 12:34:46 252,688 ----a-w C:\WINDOWS\system32\msexcl35.dll
+ 2000-04-26 12:34:48 1,050,896 ----a-w C:\WINDOWS\system32\msjet35.dll
+ 2000-04-26 12:35:02 139,264 ----a-w C:\WINDOWS\system32\msjint35.dll
+ 2000-04-26 12:34:48 1,238,288 ----a-w C:\WINDOWS\system32\msjt4jlt.dll
+ 2000-04-26 12:34:56 24,848 ----a-w C:\WINDOWS\system32\msjter35.dll
+ 2000-04-26 12:34:50 168,720 ----a-w C:\WINDOWS\system32\msltus35.dll
+ 2000-04-26 12:34:50 250,128 ----a-w C:\WINDOWS\system32\mspdox35.dll
+ 2000-04-26 12:34:50 262,144 ----a-w C:\WINDOWS\system32\msrd2x35.dll
+ 2000-04-26 12:34:56 415,504 ----a-w C:\WINDOWS\system32\msrepl35.dll
+ 2000-04-26 12:34:58 44,304 ----a-w C:\WINDOWS\system32\msrpfs35.dll
+ 2000-04-26 12:34:52 166,672 ----a-w C:\WINDOWS\system32\mstext35.dll
+ 2000-04-26 12:34:52 294,912 ----a-w C:\WINDOWS\system32\msxbse35.dll
+ 2000-11-07 16:36:14 1,044,480 ----a-w C:\WINDOWS\system32\ROBOEX32.DLL
+ 2000-04-26 12:34:58 368,912 ----a-w C:\WINDOWS\system32\VBAR332.DLL
+ 2008-01-02 06:22:31 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_518.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-28 13:00 13312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 13:00 13312]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 19:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\desmon]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dx7til]
dx7til.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efccbba]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBCSTray]
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe

R0 SBHR;SBHR;C:\WINDOWS\System32\drivers\sbhr.sys [2007-12-30 15:02]
R0 viasraid;viasraid;C:\WINDOWS\System32\DRIVERS\viasraid.sys [2003-06-12 17:31]
R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\System32\drivers\khips.sys [2007-04-26 10:21]
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\System32\DRIVERS\nvcap.sys [2003-09-08 13:52]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\System32\DRIVERS\NVxbar.sys [2003-09-08 13:52]
R2 SBAPIFS;CounterSpy Filter Driver;C:\WINDOWS\System32\Drivers\Sbapifs.sys [2007-12-30 17:57]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2001-08-28 13:00]
S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-01 14:43:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-01 15:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2007-12-28 16:29:03 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-02 07:39:29
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-02 7:40:55
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-02 06:40:49
C:\qoobox\ComboFix2.txt 2008-01-01 14:02:50
C:\qoobox\ComboFix3.txt 2008-01-01 12:26:55
C:\qoobox\ComboFix4.txt 2007-12-31 11:33:23
C:\qoobox\ComboFix5.txt 2007-12-20 19:10:33
.
2008-01-02 06:24:10 --- E O F ---

| Alerter

Répondre à angel-theparasite

angel-theparasite

2 Janvier 2008 06:46:36

Et voici celui de hisjackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:45:58, on 02/01/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger les tous avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{83AAB61E-ED3D-426F-AF5F-CD046D755757}: NameServer = 212.27.54.252,212.27.53.252
O20 - Winlogon Notify: desmon - C:\WINDOWS\
O20 - Winlogon Notify: dx7til - dx7til.dll (file missing)
O20 - Winlogon Notify: efccbba - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

--
End of file - 6157 bytes

| Alerter

Répondre à angel-theparasite

Angeldark

2 Janvier 2008 15:30:22

1. ----a-w 79,224 2007-12-31 09:05:51 C:\Program Files\Alwil Software\Avast4\ashDisp .exe
2. ----a-w 45,056 2007-12-22 16:04:25 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon .exe
3. ----a-w 68,856 2007-12-22 16:04:38 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
4. ----a-w 6,731,312 2007-12-22 11:00:41 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
5. ----a-w 6,731,312 2007-12-22 19:26:14 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
6. ----a-w 579,072 2007-12-22 16:06:09 C:\Program Files\Grisoft\AVG7\avgcc .exe
7. ----a-w 146,432 2007-12-22 11:30:16 C:\Program Files\Grisoft\AVG7\avgw .exe
8. ----a-w 267,048 2007-12-22 16:04:27 C:\Program Files\iTunes\iTunesHelper .exe
9. ----a-w 1,077,277 2007-12-20 18:43:49 C:\Program Files\Messenger\msmsgs .exe
10. ----a-w 698,864 2007-12-30 21:22:24 C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray .exe

Tu supprimes les espaces séparant le fichier de son extension, ex :
C:\Program Files\Alwil Software\Avast4\ashDisp .exe
-> C:\Program Files\Alwil Software\Avast4\ashDisp.exe

ATTENTION si le fichier sans espace est déjà présent, il faut le supprimer avant de renommer celui avec un espace !

| Alerter

Répondre à Angeldark

angel-theparasite

2 Janvier 2008 17:09:31

Ou ça je supprimes ?
Je ne comprends pas

| Alerter

Répondre à angel-theparasite

angel-theparasite

2 Janvier 2008 17:16:37

Rapport combofix

ComboFix 07-12-31.4 - Alex 2008-01-02 7:35:50.8 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.299 [GMT 1:00]
Running from: C:\Documents and Settings\Alex\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Alex\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\nircmd.exe
C:\WINDOWS\system32\kwjuy.exe
C:\WINDOWS\system32\nhrdqdgi.exe
C:\WINDOWS\system32\pzwvfj.exe
C:\WINDOWS\system32\qcfknick.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\nircmd.exe
C:\WINDOWS\system32\i\
C:\WINDOWS\system32\kwjuy.exe
C:\WINDOWS\system32\nhrdqdgi.exe
C:\WINDOWS\system32\pzwvfj.exe
C:\WINDOWS\system32\qcfknick.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-02 to 2008-01-02 ))))))))))))))))))))))))))))))))))))
.

2008-01-02 07:24 . 2008-01-02 07:24 <REP> d-------- C:\WINDOWS\LastGood
2008-01-01 15:23 . 2008-01-01 15:23 <REP> d-------- C:\Program Files\Roxio
2008-01-01 15:23 . 2008-01-01 15:23 <REP> d-------- C:\Program Files\Fichiers communs\Roxio Shared
2008-01-01 15:23 . 2008-01-01 15:23 <REP> d-------- C:\Program Files\Fichiers communs\Adaptec Shared
2008-01-01 15:23 . 2008-01-01 15:23 62,288 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-01-01 15:23 . 2008-01-01 15:23 57,344 --a------ C:\WINDOWS\uneng.exe
2008-01-01 15:23 . 2008-01-01 15:23 49,152 --a------ C:\WINDOWS\system32\cdrtc.dll
2008-01-01 15:23 . 2008-01-01 15:23 45,056 --a------ C:\WINDOWS\system32\cdral.dll
2008-01-01 15:23 . 2008-01-01 15:23 23,436 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-01-01 14:57 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 14:25 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-01 13:29 . 2008-01-01 13:32 98,816 --a------ C:\sed.exe
2008-01-01 13:29 . 2008-01-01 13:33 48,677 --a------ C:\temp00.cmd
2008-01-01 13:29 . 2008-01-01 13:33 16,779 --a------ C:\temp00
2007-12-30 16:47 . 2007-12-30 16:47 <REP> d-------- C:\Program Files\Trend Micro
2007-12-30 15:02 . 2007-12-30 17:57 54,584 --a------ C:\WINDOWS\system32\drivers\sbapifs.sys
2007-12-30 15:02 . 2007-12-30 15:02 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2007-12-30 15:01 . 2007-12-30 15:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2007-12-30 15:01 . 2007-12-30 15:01 <REP> d-------- C:\Documents and Settings\Alex\Application Data\Sunbelt Software
2007-12-29 16:38 . 2007-12-29 16:38 67 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2007-12-28 23:18 . 2007-12-28 23:18 <REP> d-------- C:\Program Files\Comptes et Budget Free V5.0
2007-12-28 23:18 . 2007-12-28 23:18 <REP> d-------- C:\Documents and Settings\Alex\Application Data\AlauxSoft
2007-12-27 13:18 . 2007-12-30 15:00 <REP> d-------- C:\Program Files\Sunbelt Software
2007-12-25 19:31 . 2007-12-25 19:31 8,192 --ahs---- C:\WINDOWS\system32\Thumbs.db
2007-12-25 16:43 . 2006-03-16 11:19 54,960 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2007-12-25 16:43 . 2007-12-25 16:53 41,201 --a------ C:\WINDOWS\system32\vsconfig.xml
2007-12-23 23:37 . 2007-12-23 23:37 <REP> d-------- C:\Program Files\Freeplayer-Win32-20070531
2007-12-23 18:38 . 2007-12-23 18:38 0 --a------ C:\WINDOWS\system32\inflist.dat
2007-12-23 18:37 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-23 18:37 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-23 18:37 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-23 18:37 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-23 18:37 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-23 18:37 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-23 18:37 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-23 18:24 . 2007-12-23 18:24 <REP> d-------- C:\Documents and Settings\Alex\Application Data\Comodo
2007-12-23 18:18 . 2007-12-23 18:18 <REP> d-------- C:\Program Files\Trustix
2007-12-23 18:18 . 2006-05-03 12:09 73,728 --a------ C:\WINDOWS\system32\CavEmLSP.dll
2007-12-23 18:17 . 2007-12-23 18:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-12-23 18:16 . 2007-12-23 18:16 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-12-23 17:06 . 2007-12-23 17:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-12-23 17:01 . 2007-12-23 17:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-23 16:35 . 2007-12-23 16:35 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-23 11:56 . 2007-12-23 11:56 268 --ah----- C:\sqmdata08.sqm
2007-12-23 11:56 . 2007-12-23 11:56 244 --ah----- C:\sqmnoopt08.sqm
2007-12-22 11:19 . 2002-11-14 20:43 221,184 --a------ C:\WINDOWS\system32\srrstr.dll
2007-12-22 11:19 . 2002-11-14 20:43 221,184 --a--c--- C:\WINDOWS\system32\dllcache\srrstr.dll
2007-12-22 11:18 . 2007-12-22 11:18 <REP> d-------- C:\Program Files\MSXML 4.0
2007-12-20 23:51 . 2007-12-20 23:51 73 --a------ C:\WINDOWS\system32\i
2007-12-20 21:09 . 2007-12-23 17:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-20 20:58 . 2004-07-01 23:08 360,960 --a--c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2007-12-20 20:58 . 2004-07-01 23:08 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2007-12-20 20:58 . 2004-07-01 23:08 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-12-20 20:58 . 2004-07-01 23:08 17,408 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2007-12-20 20:58 . 2004-07-01 23:08 7,680 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2007-12-20 20:58 . 2004-07-01 23:08 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-12-20 20:58 . 2004-07-01 23:08 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2007-12-20 20:58 . 2004-07-01 23:08 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-12-20 20:53 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2007-12-20 20:53 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-12-20 20:53 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-12-20 20:53 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2007-12-20 13:19 . 2007-12-20 13:19 244 --ah----- C:\sqmnoopt07.sqm
2007-12-20 13:19 . 2007-12-20 13:19 232 --ah----- C:\sqmdata07.sqm
2007-12-20 13:02 . 2007-12-20 13:02 244 --ah----- C:\sqmnoopt06.sqm
2007-12-20 13:02 . 2007-12-20 13:02 232 --ah----- C:\sqmdata06.sqm
2007-12-20 07:42 . 2007-12-30 11:22 13,312 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-19 18:43 . 2007-12-19 18:43 244 --ah----- C:\sqmnoopt05.sqm
2007-12-19 18:43 . 2007-12-19 18:43 232 --ah----- C:\sqmdata05.sqm
2007-12-19 18:32 . 2007-12-19 18:32 244 --ah----- C:\sqmnoopt04.sqm
2007-12-19 18:32 . 2007-12-19 18:32 232 --ah----- C:\sqmdata04.sqm
2007-12-19 18:30 . 2007-12-19 18:30 129 --a------ C:\WINDOWS\system32\khtqtcn.bat
2007-12-19 18:24 . 2007-12-19 18:24 244 --ah----- C:\sqmnoopt03.sqm
2007-12-19 18:24 . 2007-12-19 18:24 232 --ah----- C:\sqmdata03.sqm
2007-12-19 18:11 . 2007-12-19 18:11 244 --ah----- C:\sqmnoopt02.sqm
2007-12-19 18:11 . 2007-12-19 18:11 232 --ah----- C:\sqmdata02.sqm
2007-12-18 17:37 . 2007-12-19 18:50 <REP> d-------- C:\Program Files\Freeplayer(2)
2007-12-16 19:50 . 2007-12-16 19:50 <REP> d-------- C:\Program Files\Maxis
2007-12-15 17:36 . 2007-12-26 18:32 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-15 17:36 . 2007-12-15 17:36 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-13 19:52 . 2007-12-16 15:58 764 --a------ C:\WINDOWS\eReg.dat
2007-12-10 21:21 . 2007-12-10 21:21 <REP> d-------- C:\Program Files\Elaborate Bytes
2007-12-09 22:31 . 2003-05-30 09:00 1,962,496 --a------ C:\WINDOWS\system32\quartz.dll
2007-12-09 14:32 . 2007-12-09 14:32 <REP> d-------- C:\Documents and Settings\Alex\Application Data\Snapfish
2007-12-08 17:59 . 2007-12-08 17:59 <REP> d-------- C:\Program Files\iPod
2007-12-08 17:59 . 2007-12-15 17:37 <REP> d-------- C:\Documents and Settings\Alex\Application Data\Apple Computer
2007-12-08 17:58 . 2007-12-31 12:27 <REP> d-------- C:\Program Files\iTunes
2007-12-08 17:57 . 2007-12-31 12:27 <REP> d-------- C:\Program Files\QuickTime
2007-12-08 17:57 . 2007-12-08 17:57 <REP> d-------- C:\Program Files\Apple Software Update
2007-12-08 17:57 . 2007-12-08 17:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-08 17:57 . 2007-12-08 17:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-06 22:10 . 2007-12-20 07:31 <REP> d-------- C:\Program Files\Spyware Doctor
2007-12-06 22:10 . 2007-12-06 22:10 <REP> d-------- C:\Documents and Settings\Alex\Application Data\PC Tools
2007-12-06 22:10 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-06 22:10 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-06 22:10 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-06 22:10 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-05 07:33 . 2007-12-05 07:33 37,473 --a------ C:\WINDOWS\system32\muzika.xm
2007-12-02 20:34 . 2007-12-02 20:34 <REP> d-------- C:\Program Files\DivX

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-02 06:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-02 06:24 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-01-01 15:17 --------- d-----w C:\Documents and Settings\Alex\Application Data\uTorrent
2008-01-01 14:46 --------- d-----w C:\Documents and Settings\Alex\Application Data\Free Download Manager
2008-01-01 14:16 --------- d-----w C:\Program Files\eMule
2007-12-30 16:20 --------- d-----w C:\Program Files\ViOrb
2007-12-26 17:08 147,968 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\MSConfig.exe
2007-12-23 17:16 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-12-22 10:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-20 19:03 --------- d-----w C:\Program Files\Navilog1
2007-12-19 11:37 134,656 ----a-w C:\WINDOWS\system32\sfc_os.dll
2007-12-17 19:16 --------- d-----w C:\Documents and Settings\Alex\Application Data\vlc
2007-12-15 23:25 12,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-12-15 19:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-30 17:39 --------- d-----w C:\Program Files\adslTV
2007-11-16 12:20 --------- d-----w C:\Program Files\SopCast
2007-11-10 12:54 15,872 ------w C:\WINDOWS\system32\winskfr.dll
2007-11-05 06:52 --------- d-----w C:\Program Files\Maïdo Production
2007-11-05 06:52 --------- d-----w C:\Program Files\Common~1
2007-11-04 10:07 --------- d-----w C:\Documents and Settings\Alex\Application Data\MechCAD
2007-10-31 17:28 39,424 ----a-w C:\WINDOWS\zipinst.exe
2007-10-20 09:31 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-10-10 18:44 18,312 ----a-w C:\Documents and Settings\Alex\Application Data\GDIPFONTCACHEV1.DAT
2007-07-31 17:31 65,273 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_07_31_13_38_26_small.dmp.zip
.

----a-w            79,224 2007-12-31 09:05:51  C:\Program Files\Alwil Software\Avast4\ashDisp.exe

----a-w            45,056 2007-12-22 16:04:25  C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

----a-w            68,856 2007-12-22 16:04:38  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

----a-w         6,731,312 2007-12-22 11:00:41  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

----a-w         6,731,312 2007-12-22 19:26:14  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

----a-w           579,072 2007-12-22 16:06:09  C:\Program Files\Grisoft\AVG7\avgcc.exe

----a-w           146,432 2007-12-22 11:30:16  C:\Program Files\Grisoft\AVG7\avgw.exe

----a-w           267,048 2007-12-22 16:04:27  C:\Program Files\iTunes\iTunesHelper.exe

----a-w         1,077,277 2007-12-20 18:43:49  C:\Program Files\Messenger\msmsgs.exe

----a-w           698,864 2007-12-30 21:22:24  C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe

----a-w           147,968 2007-12-26 17:08:11  C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\MSConfig.exe

----a-w            13,312 2007-12-30 10:22:40  C:\WINDOWS\system32\ctfmon.exe

((((((((((((((((((((((((((((( snapshot_2007-12-31_12.32.25.65 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-01 14:24:13 397,354 ----a-r C:\WINDOWS\Installer\{607CE53B-0999-4F3B-8FF1-DB1AA47548A8}\MGIShowServer.exe
+ 2008-01-01 14:24:13 3,638 ----a-r C:\WINDOWS\Installer\{607CE53B-0999-4F3B-8FF1-DB1AA47548A8}\PS_SE.exe
+ 2003-01-13 13:57:58 589,881 ----a-w C:\WINDOWS\LastGood\System32\dllcache\jscript.dll
+ 2003-01-13 13:57:58 589,881 ----a-w C:\WINDOWS\LastGood\System32\jscript.dll
- 2007-12-25 14:43:05 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-01-01 14:43:03 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-12-25 14:43:05 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-01-01 14:43:03 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2007-12-25 14:43:05 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-01 14:43:03 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-12-31 11:21:51 270,336 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2008-01-02 06:35:26 270,336 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
- 2007-09-28 17:48:12 116,560 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-01-02 06:22:18 130,888 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2000-04-26 12:34:56 39,424 ----a-w C:\WINDOWS\system32\JETCOMP.exe
+ 2000-04-26 12:34:44 344,064 ----a-w C:\WINDOWS\system32\msexch35.dll
+ 2000-04-26 12:34:46 252,688 ----a-w C:\WINDOWS\system32\msexcl35.dll
+ 2000-04-26 12:34:48 1,050,896 ----a-w C:\WINDOWS\system32\msjet35.dll
+ 2000-04-26 12:35:02 139,264 ----a-w C:\WINDOWS\system32\msjint35.dll
+ 2000-04-26 12:34:48 1,238,288 ----a-w C:\WINDOWS\system32\msjt4jlt.dll
+ 2000-04-26 12:34:56 24,848 ----a-w C:\WINDOWS\system32\msjter35.dll
+ 2000-04-26 12:34:50 168,720 ----a-w C:\WINDOWS\system32\msltus35.dll
+ 2000-04-26 12:34:50 250,128 ----a-w C:\WINDOWS\system32\mspdox35.dll
+ 2000-04-26 12:34:50 262,144 ----a-w C:\WINDOWS\system32\msrd2x35.dll
+ 2000-04-26 12:34:56 415,504 ----a-w C:\WINDOWS\system32\msrepl35.dll
+ 2000-04-26 12:34:58 44,304 ----a-w C:\WINDOWS\system32\msrpfs35.dll
+ 2000-04-26 12:34:52 166,672 ----a-w C:\WINDOWS\system32\mstext35.dll
+ 2000-04-26 12:34:52 294,912 ----a-w C:\WINDOWS\system32\msxbse35.dll
+ 2000-11-07 16:36:14 1,044,480 ----a-w C:\WINDOWS\system32\ROBOEX32.DLL
+ 2000-04-26 12:34:58 368,912 ----a-w C:\WINDOWS\system32\VBAR332.DLL
+ 2008-01-02 06:22:31 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_518.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-28 13:00 13312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 13:00 13312]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 19:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\desmon]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dx7til]
dx7til.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efccbba]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBCSTray]
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe

R0 SBHR;SBHR;C:\WINDOWS\System32\drivers\sbhr.sys [2007-12-30 15:02]
R0 viasraid;viasraid;C:\WINDOWS\System32\DRIVERS\viasraid.sys [2003-06-12 17:31]
R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\System32\drivers\khips.sys [2007-04-26 10:21]
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\System32\DRIVERS\nvcap.sys [2003-09-08 13:52]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\System32\DRIVERS\NVxbar.sys [2003-09-08 13:52]
R2 SBAPIFS;CounterSpy Filter Driver;C:\WINDOWS\System32\Drivers\Sbapifs.sys [2007-12-30 17:57]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2001-08-28 13:00]
S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-01 14:43:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-01 15:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2007-12-28 16:29:03 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-02 07:39:29
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-02 7:40:55
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-02 06:40:49
C:\qoobox\ComboFix2.txt 2008-01-01 14:02:50
C:\qoobox\ComboFix3.txt 2008-01-01 12:26:55
C:\qoobox\ComboFix4.txt 2007-12-31 11:33:23
C:\qoobox\ComboFix5.txt 2007-12-20 19:10:33
.
2008-01-02 06:24:10 --- E O F ---

| Alerter

Répondre à angel-theparasite

Angeldark

2 Janvier 2008 17:31:45

On va recommencer :

Si le fichier suivant suivant existe, supprime-le :
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
Renomme ensuite :
C:\Program Files\Alwil Software\Avast4\ashDisp .exe (avec l'espace)
en C:\Program Files\Alwil Software\Avast4\ashDisp.exe

Tu as compris ?

| Alerter

Répondre à Angeldark

angel-theparasite

3 Janvier 2008 06:39:45

Ok j'ai compris et j'ai modifié tous les fichiers que tu m'avais demandé lors de ton post du 02/01/08 a 16h30

| Alerter

Répondre à angel-theparasite

Angeldark

3 Janvier 2008 13:38:34

Tu peux refaire un scan Combofix ?

| Alerter

Répondre à Angeldark

angel-theparasite

4 Janvier 2008 06:22:43

Voici le rapport du scan combofix :

ComboFix 07-12-31.4 - Alex 2008-01-04 7:06:58.10 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.295 [GMT 1:00]
Running from: C:\Documents and Settings\Alex\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-12-04 to 2008-01-04 ))))))))))))))))))))))))))))))))))))
.

2008-01-01 15:23 . 2008-01-01 15:23 <REP> d-------- C:\Program Files\Roxio
2008-01-01 15:23 . 2008-01-01 15:23 <REP> d-------- C:\Program Files\Fichiers communs\Roxio Shared
2008-01-01 15:23 . 2008-01-01 15:23 <REP> d-------- C:\Program Files\Fichiers communs\Adaptec Shared
2008-01-01 15:23 . 2008-01-01 15:23 62,288 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-01-01 15:23 . 2008-01-01 15:23 57,344 --a------ C:\WINDOWS\uneng.exe
2008-01-01 15:23 . 2008-01-01 15:23 49,152 --a------ C:\WINDOWS\system32\cdrtc.dll
2008-01-01 15:23 . 2008-01-01 15:23 45,056 --a------ C:\WINDOWS\system32\cdral.dll
2008-01-01 15:23 . 2008-01-01 15:23 23,436 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-01-01 14:57 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 14:25 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-01 13:29 . 2008-01-01 13:32 98,816 --a------ C:\sed.exe
2008-01-01 13:29 . 2008-01-01 13:33 48,677 --a------ C:\temp00.cmd
2008-01-01 13:29 . 2008-01-01 13:33 16,779 --a------ C:\temp00
2007-12-30 16:47 . 2007-12-30 16:47 <REP> d-------- C:\Program Files\Trend Micro
2007-12-30 15:02 . 2007-12-30 17:57 54,584 --a------ C:\WINDOWS\system32\drivers\sbapifs.sys
2007-12-30 15:02 . 2007-12-30 15:02 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2007-12-30 15:01 . 2007-12-30 15:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2007-12-30 15:01 . 2007-12-30 15:01 <REP> d-------- C:\Documents and Settings\Alex\Application Data\Sunbelt Software
2007-12-29 16:38 . 2007-12-29 16:38 67 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2007-12-28 23:18 . 2007-12-28 23:18 <REP> d-------- C:\Program Files\Comptes et Budget Free V5.0
2007-12-28 23:18 . 2007-12-28 23:18 <REP> d-------- C:\Documents and Settings\Alex\Application Data\AlauxSoft
2007-12-27 13:18 . 2007-12-30 15:00 <REP> d-------- C:\Program Files\Sunbelt Software
2007-12-25 19:31 . 2007-12-25 19:31 8,192 --ahs---- C:\WINDOWS\system32\Thumbs.db
2007-12-25 16:43 . 2006-03-16 11:19 54,960 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2007-12-25 16:43 . 2007-12-25 16:53 41,201 --a------ C:\WINDOWS\system32\vsconfig.xml
2007-12-23 23:37 . 2007-12-23 23:37 <REP> d-------- C:\Program Files\Freeplayer-Win32-20070531
2007-12-23 18:38 . 2007-12-23 18:38 0 --a------ C:\WINDOWS\system32\inflist.dat
2007-12-23 18:37 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-23 18:37 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-23 18:37 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-23 18:37 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-23 18:37 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-23 18:37 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-23 18:37 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-23 18:24 . 2007-12-23 18:24 <REP> d-------- C:\Documents and Settings\Alex\Application Data\Comodo
2007-12-23 18:18 . 2007-12-23 18:18 <REP> d-------- C:\Program Files\Trustix
2007-12-23 18:18 . 2006-05-03 12:09 73,728 --a------ C:\WINDOWS\system32\CavEmLSP.dll
2007-12-23 18:17 . 2007-12-23 18:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-12-23 18:16 . 2007-12-23 18:16 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-12-23 17:06 . 2007-12-23 17:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-12-23 17:01 . 2007-12-23 17:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-23 16:35 . 2007-12-23 16:35 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-23 11:56 . 2007-12-23 11:56 268 --ah----- C:\sqmdata08.sqm
2007-12-23 11:56 . 2007-12-23 11:56 244 --ah----- C:\sqmnoopt08.sqm
2007-12-22 11:19 . 2002-11-14 20:43 221,184 --a------ C:\WINDOWS\system32\srrstr.dll
2007-12-22 11:19 . 2002-11-14 20:43 221,184 --a--c--- C:\WINDOWS\system32\dllcache\srrstr.dll
2007-12-22 11:18 . 2007-12-22 11:18 <REP> d-------- C:\Program Files\MSXML 4.0
2007-12-20 23:51 . 2007-12-20 23:51 73 --a------ C:\WINDOWS\system32\i
2007-12-20 21:09 . 2007-12-23 17:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-20 20:58 . 2004-07-01 23:08 360,960 --a--c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2007-12-20 20:58 . 2004-07-01 23:08 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2007-12-20 20:58 . 2004-07-01 23:08 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-12-20 20:58 . 2004-07-01 23:08 17,408 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2007-12-20 20:58 . 2004-07-01 23:08 7,680 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2007-12-20 20:58 . 2004-07-01 23:08 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-12-20 20:58 . 2004-07-01 23:08 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2007-12-20 20:58 . 2004-07-01 23:08 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-12-20 20:53 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2007-12-20 20:53 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-12-20 20:53 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-12-20 20:53 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2007-12-20 13:19 . 2007-12-20 13:19 244 --ah----- C:\sqmnoopt07.sqm
2007-12-20 13:19 . 2007-12-20 13:19 232 --ah----- C:\sqmdata07.sqm
2007-12-20 13:02 . 2007-12-20 13:02 244 --ah----- C:\sqmnoopt06.sqm
2007-12-20 13:02 . 2007-12-20 13:02 232 --ah----- C:\sqmdata06.sqm
2007-12-20 07:42 . 2007-12-30 11:22 13,312 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-19 18:43 . 2007-12-19 18:43 244 --ah----- C:\sqmnoopt05.sqm
2007-12-19 18:43 . 2007-12-19 18:43 232 --ah----- C:\sqmdata05.sqm
2007-12-19 18:32 . 2007-12-19 18:32 244 --ah----- C:\sqmnoopt04.sqm
2007-12-19 18:32 . 2007-12-19 18:32 232 --ah----- C:\sqmdata04.sqm
2007-12-19 18:30 . 2007-12-19 18:30 129 --a------ C:\WINDOWS\system32\khtqtcn.bat
2007-12-19 18:24 . 2007-12-19 18:24 244 --ah----- C:\sqmnoopt03.sqm
2007-12-19 18:24 . 2007-12-19 18:24 232 --ah----- C:\sqmdata03.sqm
2007-12-19 18:11 . 2007-12-19 18:11 244 --ah----- C:\sqmnoopt02.sqm
2007-12-19 18:11 . 2007-12-19 18:11 232 --ah----- C:\sqmdata02.sqm
2007-12-18 17:37 . 2007-12-19 18:50 <REP> d-------- C:\Program Files\Freeplayer(2)
2007-12-16 19:50 . 2007-12-16 19:50 <REP> d-------- C:\Program Files\Maxis
2007-12-15 17:36 . 2007-12-26 18:32 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-15 17:36 . 2007-12-15 17:36 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-13 19:52 . 2007-12-16 15:58 764 --a------ C:\WINDOWS\eReg.dat
2007-12-10 21:21 . 2007-12-10 21:21 <REP> d-------- C:\Program Files\Elaborate Bytes
2007-12-09 22:31 . 2003-05-30 09:00 1,962,496 --a------ C:\WINDOWS\system32\quartz.dll
2007-12-09 14:32 . 2007-12-09 14:32 <REP> d-------- C:\Documents and Settings\Alex\Application Data\Snapfish
2007-12-08 17:59 . 2007-12-08 17:59 <REP> d-------- C:\Program Files\iPod
2007-12-08 17:59 . 2007-12-15 17:37 <REP> d-------- C:\Documents and Settings\Alex\Application Data\Apple Computer
2007-12-08 17:58 . 2008-01-03 07:37 <REP> d-------- C:\Program Files\iTunes
2007-12-08 17:57 . 2007-12-31 12:27 <REP> d-------- C:\Program Files\QuickTime
2007-12-08 17:57 . 2007-12-08 17:57 <REP> d-------- C:\Program Files\Apple Software Update
2007-12-08 17:57 . 2007-12-08 17:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-08 17:57 . 2007-12-08 17:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-06 22:10 . 2007-12-20 07:31 <REP> d-------- C:\Program Files\Spyware Doctor
2007-12-06 22:10 . 2007-12-06 22:10 <REP> d-------- C:\Documents and Settings\Alex\Application Data\PC Tools
2007-12-06 22:10 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-06 22:10 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-06 22:10 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-06 22:10 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-05 07:33 . 2007-12-05 07:33 37,473 --a------ C:\WINDOWS\system32\muzika.xm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-03 18:26 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-01-03 09:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-02 14:14 --------- d-----w C:\Documents and Settings\Alex\Application Data\Free Download Manager
2008-01-02 09:58 --------- d-----w C:\Program Files\MSN Messenger
2008-01-02 09:58 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-01 15:17 --------- d-----w C:\Documents and Settings\Alex\Application Data\uTorrent
2008-01-01 14:16 --------- d-----w C:\Program Files\eMule
2007-12-30 16:20 --------- d-----w C:\Program Files\ViOrb
2007-12-26 17:08 147,968 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\MSConfig .exe
2007-12-23 17:16 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-12-22 10:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-20 19:03 --------- d-----w C:\Program Files\Navilog1
2007-12-19 11:37 134,656 ----a-w C:\WINDOWS\system32\sfc_os.dll
2007-12-17 19:16 --------- d-----w C:\Documents and Settings\Alex\Application Data\vlc
2007-12-15 23:25 12,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-12-15 19:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-02 19:34 --------- d-----w C:\Program Files\DivX
2007-11-30 17:39 --------- d-----w C:\Program Files\adslTV
2007-11-16 12:20 --------- d-----w C:\Program Files\SopCast
2007-11-10 12:54 15,872 ------w C:\WINDOWS\system32\winskfr.dll
2007-11-05 06:52 --------- d-----w C:\Program Files\Maïdo Production
2007-11-05 06:52 --------- d-----w C:\Program Files\Common~1
2007-11-04 10:07 --------- d-----w C:\Documents and Settings\Alex\Application Data\MechCAD
2007-10-31 17:28 39,424 ----a-w C:\WINDOWS\zipinst.exe
2007-10-20 09:31 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-10-10 18:44 18,312 ----a-w C:\Documents and Settings\Alex\Application Data\GDIPFONTCACHEV1.DAT
2007-07-31 17:31 65,273 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_07_31_13_38_26_small.dmp.zip
.

----a-w           147,968 2007-12-26 17:08:11  C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\MSConfig .exe

----a-w            13,312 2007-12-30 10:22:40  C:\WINDOWS\system32\ctfmon .exe

((((((((((((((((((((((((((((( snapshot_2008-01-02_ 7.40.03,57 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-02 06:35:26 270,336 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2008-01-04 06:06:40 270,336 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
- 2008-01-02 06:22:31 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_518.dat
+ 2008-01-04 06:04:14 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_518.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-28 13:00 13312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-31 10:05 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 13:00 13312]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 19:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\desmon]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dx7til]
dx7til.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efccbba]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBCSTray]
2007-12-30 22:22 698864 --a------ C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe

R0 SBHR;SBHR;C:\WINDOWS\System32\drivers\sbhr.sys [2007-12-30 15:02]
R0 viasraid;viasraid;C:\WINDOWS\System32\DRIVERS\viasraid.sys [2003-06-12 17:31]
R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\System32\drivers\khips.sys [2007-04-26 10:21]
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\System32\DRIVERS\nvcap.sys [2003-09-08 13:52]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\System32\DRIVERS\NVxbar.sys [2003-09-08 13:52]
R2 SBAPIFS;CounterSpy Filter Driver;C:\WINDOWS\System32\Drivers\Sbapifs.sys [2007-12-30 17:57]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2001-08-28 13:00]
S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-01 14:43:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-03 19:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2007-12-28 16:29:03 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 07:10:27
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-04 7:11:53
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-04 06:11:47
C:\qoobox\ComboFix2.txt 2008-01-01 14:02:50
C:\qoobox\ComboFix3.txt 2008-01-01 12:26:55
C:\qoobox\ComboFix4.txt 2007-12-31 11:33:23
C:\qoobox\ComboFix5.txt 2007-12-20 19:10:33
.
2008-01-03 06:11:13 --- E O F ---

| Alerter

Répondre à angel-theparasite

Angeldark

4 Janvier 2008 12:01:30

Supprime ta version de Combofix, retélécharge-la puis lance le scan.

| Alerter

Répondre à Angeldark

angel-theparasite

4 Janvier 2008 16:28:20

Bonjour et merci une fois de plus de t'occuper de mon procbleme voici un nouveau rapport j'ai telecharger combo a partir de ton promier post

ComboFix 08-01-04.1 - Alex 2008-01-04 13:15:32.11 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.283 [GMT 1:00]
Running from: C:\Documents and Settings\Alex\Bureau\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((( Fichiers créés 2007-12-04 to 2008-01-04 ))))))))))))))))))))))))))))))))))))
.

2008-01-01 15:23 . 2008-01-01 15:23 <REP> d-------- C:\Program Files\Roxio
2008-01-01 15:23 . 2008-01-01 15:23 <REP> d-------- C:\Program Files\Fichiers communs\Roxio Shared
2008-01-01 15:23 . 2008-01-01 15:23 <REP> d-------- C:\Program Files\Fichiers communs\Adaptec Shared
2008-01-01 15:23 . 2008-01-01 15:23 62,288 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-01-01 15:23 . 2008-01-01 15:23 57,344 --a------ C:\WINDOWS\uneng.exe
2008-01-01 15:23 . 2008-01-01 15:23 49,152 --a------ C:\WINDOWS\system32\cdrtc.dll
2008-01-01 15:23 . 2008-01-01 15:23 45,056 --a------ C:\WINDOWS\system32\cdral.dll
2008-01-01 15:23 . 2008-01-01 15:23 23,436 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-01-01 14:57 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 14:25 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-01 13:29 . 2008-01-01 13:32 98,816 --a------ C:\sed.exe
2008-01-01 13:29 . 2008-01-01 13:33 48,677 --a------ C:\temp00.cmd
2008-01-01 13:29 . 2008-01-01 13:33 16,779 --a------ C:\temp00
2007-12-30 16:47 . 2007-12-30 16:47 <REP> d-------- C:\Program Files\Trend Micro
2007-12-30 15:02 . 2007-12-30 17:57 54,584 --a------ C:\WINDOWS\system32\drivers\sbapifs.sys
2007-12-30 15:02 . 2007-12-30 15:02 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2007-12-30 15:01 . 2007-12-30 15:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2007-12-30 15:01 . 2007-12-30 15:01 <REP> d-------- C:\Documents and Settings\Alex\Application Data\Sunbelt Software
2007-12-29 16:38 . 2007-12-29 16:38 67 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2007-12-28 23:18 . 2007-12-28 23:18 <REP> d-------- C:\Program Files\Comptes et Budget Free V5.0
2007-12-28 23:18 . 2007-12-28 23:18 <REP> d-------- C:\Documents and Settings\Alex\Application Data\AlauxSoft
2007-12-27 13:18 . 2007-12-30 15:00 <REP> d-------- C:\Program Files\Sunbelt Software
2007-12-25 19:31 . 2007-12-25 19:31 8,192 --ahs---- C:\WINDOWS\system32\Thumbs.db
2007-12-25 16:43 . 2006-03-16 11:19 54,960 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2007-12-25 16:43 . 2007-12-25 16:53 41,201 --a------ C:\WINDOWS\system32\vsconfig.xml
2007-12-23 23:37 . 2007-12-23 23:37 <REP> d-------- C:\Program Files\Freeplayer-Win32-20070531
2007-12-23 18:38 . 2007-12-23 18:38 0 --a------ C:\WINDOWS\system32\inflist.dat
2007-12-23 18:37 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-23 18:37 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-23 18:37 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-23 18:37 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-23 18:37 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-23 18:37 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-23 18:37 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-23 18:24 . 2007-12-23 18:24 <REP> d-------- C:\Documents and Settings\Alex\Application Data\Comodo
2007-12-23 18:18 . 2007-12-23 18:18 <REP> d-------- C:\Program Files\Trustix
2007-12-23 18:18 . 2006-05-03 12:09 73,728 --a------ C:\WINDOWS\system32\CavEmLSP.dll
2007-12-23 18:17 . 2007-12-23 18:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-12-23 18:16 . 2007-12-23 18:16 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-12-23 17:06 . 2007-12-23 17:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-12-23 17:01 . 2007-12-23 17:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-23 16:35 . 2007-12-23 16:35 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-23 11:56 . 2007-12-23 11:56 268 --ah----- C:\sqmdata08.sqm
2007-12-23 11:56 . 2007-12-23 11:56 244 --ah----- C:\sqmnoopt08.sqm
2007-12-22 11:19 . 2002-11-14 20:43 221,184 --a------ C:\WINDOWS\system32\srrstr.dll
2007-12-22 11:19 . 2002-11-14 20:43 221,184 --a--c--- C:\WINDOWS\system32\dllcache\srrstr.dll
2007-12-22 11:18 . 2007-12-22 11:18 <REP> d-------- C:\Program Files\MSXML 4.0
2007-12-20 23:51 . 2007-12-20 23:51 73 --a------ C:\WINDOWS\system32\i
2007-12-20 21:09 . 2007-12-23 17:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-20 20:58 . 2004-07-01 23:08 360,960 --a--c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2007-12-20 20:58 . 2004-07-01 23:08 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2007-12-20 20:58 . 2004-07-01 23:08 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-12-20 20:58 . 2004-07-01 23:08 17,408 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2007-12-20 20:58 . 2004-07-01 23:08 7,680 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2007-12-20 20:58 . 2004-07-01 23:08 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-12-20 20:58 . 2004-07-01 23:08 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2007-12-20 20:58 . 2004-07-01 23:08 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-12-20 20:53 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2007-12-20 20:53 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-12-20 20:53 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-12-20 20:53 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2007-12-20 13:19 . 2007-12-20 13:19 244 --ah----- C:\sqmnoopt07.sqm
2007-12-20 13:19 . 2007-12-20 13:19 232 --ah----- C:\sqmdata07.sqm
2007-12-20 13:02 . 2007-12-20 13:02 244 --ah----- C:\sqmnoopt06.sqm
2007-12-20 13:02 . 2007-12-20 13:02 232 --ah----- C:\sqmdata06.sqm
2007-12-20 07:42 . 2007-12-30 11:22 13,312 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-19 18:43 . 2007-12-19 18:43 244 --ah----- C:\sqmnoopt05.sqm
2007-12-19 18:43 . 2007-12-19 18:43 232 --ah----- C:\sqmdata05.sqm
2007-12-19 18:32 . 2007-12-19 18:32 244 --ah----- C:\sqmnoopt04.sqm
2007-12-19 18:32 . 2007-12-19 18:32 232 --ah----- C:\sqmdata04.sqm
2007-12-19 18:30 . 2007-12-19 18:30 129 --a------ C:\WINDOWS\system32\khtqtcn.bat
2007-12-19 18:24 . 2007-12-19 18:24 244 --ah----- C:\sqmnoopt03.sqm
2007-12-19 18:24 . 2007-12-19 18:24 232 --ah----- C:\sqmdata03.sqm
2007-12-19 18:11 . 2007-12-19 18:11 244 --ah----- C:\sqmnoopt02.sqm
2007-12-19 18:11 . 2007-12-19 18:11 232 --ah----- C:\sqmdata02.sqm
2007-12-18 17:37 . 2007-12-19 18:50 <REP> d-------- C:\Program Files\Freeplayer(2)
2007-12-16 19:50 . 2007-12-16 19:50 <REP> d-------- C:\Program Files\Maxis
2007-12-15 17:36 . 2007-12-26 18:32 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-15 17:36 . 2007-12-15 17:36 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-13 19:52 . 2007-12-16 15:58 764 --a------ C:\WINDOWS\eReg.dat
2007-12-10 21:21 . 2007-12-10 21:21 <REP> d-------- C:\Program Files\Elaborate Bytes
2007-12-09 22:31 . 2003-05-30 09:00 1,962,496 --a------ C:\WINDOWS\system32\quartz.dll
2007-12-09 14:32 . 2007-12-09 14:32 <REP> d-------- C:\Documents and Settings\Alex\Application Data\Snapfish
2007-12-08 17:59 . 2007-12-08 17:59 <REP> d-------- C:\Program Files\iPod
2007-12-08 17:59 . 2007-12-15 17:37 <REP> d-------- C:\Documents and Settings\Alex\Application Data\Apple Computer
2007-12-08 17:58 . 2008-01-03 07:37 <REP> d-------- C:\Program Files\iTunes
2007-12-08 17:57 . 2007-12-31 12:27 <REP> d-------- C:\Program Files\QuickTime
2007-12-08 17:57 . 2007-12-08 17:57 <REP> d-------- C:\Program Files\Apple Software Update
2007-12-08 17:57 . 2007-12-08 17:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-08 17:57 . 2007-12-08 17:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-06 22:10 . 2007-12-20 07:31 <REP> d-------- C:\Program Files\Spyware Doctor
2007-12-06 22:10 . 2007-12-06 22:10 <REP> d-------- C:\Documents and Settings\Alex\Application Data\PC Tools
2007-12-06 22:10 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-06 22:10 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-06 22:10 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-06 22:10 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-05 07:33 . 2007-12-05 07:33 37,473 --a------ C:\WINDOWS\system32\muzika.xm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 12:13 --------- d-----w C:\Documents and Settings\Alex\Application Data\Free Download Manager
2008-01-04 12:07 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-01-04 10:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-04 06:53 --------- d-----w C:\Documents and Settings\Alex\Application Data\uTorrent
2008-01-04 06:41 --------- d-----w C:\Program Files\adslTV
2008-01-02 09:58 --------- d-----w C:\Program Files\MSN Messenger
2008-01-02 09:58 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-01 14:16 --------- d-----w C:\Program Files\eMule
2007-12-30 16:20 --------- d-----w C:\Program Files\ViOrb
2007-12-26 17:08 147,968 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\MSConfig .exe
2007-12-23 17:16 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-12-22 10:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-20 19:03 --------- d-----w C:\Program Files\Navilog1
2007-12-19 11:37 134,656 ----a-w C:\WINDOWS\system32\sfc_os.dll
2007-12-17 19:16 --------- d-----w C:\Documents and Settings\Alex\Application Data\vlc
2007-12-15 23:25 12,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-12-15 19:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-02 19:34 --------- d-----w C:\Program Files\DivX
2007-11-16 12:20 --------- d-----w C:\Program Files\SopCast
2007-11-10 12:54 15,872 ------w C:\WINDOWS\system32\winskfr.dll
2007-11-05 06:52 --------- d-----w C:\Program Files\Maïdo Production
2007-11-05 06:52 --------- d-----w C:\Program Files\Common~1
2007-11-04 10:07 --------- d-----w C:\Documents and Settings\Alex\Application Data\MechCAD
2007-10-31 17:28 39,424 ----a-w C:\WINDOWS\zipinst.exe
2007-10-20 09:31 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-10-10 18:44 18,312 ----a-w C:\Documents and Settings\Alex\Application Data\GDIPFONTCACHEV1.DAT
2007-07-31 17:31 65,273 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_07_31_13_38_26_small.dmp.zip
.

Code :

<pre>
----a-w 147,968 2007-12-26 17:08:11 C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\MSConfig .exe
----a-w 13,312 2007-12-30 10:22:40 C:\WINDOWS\system32\ctfmon .exe
</pre>

((((((((((((((((((((((((((((( snapshot_2008-01-02_ 7.40.03,57 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-02 06:35:26 270,336 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2008-01-04 12:15:14 270,336 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
- 2008-01-02 06:22:31 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_518.dat
+ 2008-01-04 08:04:54 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_518.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-28 13:00 13312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-31 10:05 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 13:00 13312]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 19:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\desmon]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dx7til]
dx7til.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efccbba]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBCSTray]
2007-12-30 22:22 698864 --a------ C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe

R0 SBHR;SBHR;C:\WINDOWS\System32\drivers\sbhr.sys [2007-12-30 15:02]
R0 viasraid;viasraid;C:\WINDOWS\System32\DRIVERS\viasraid.sys [2003-06-12 17:31]
R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\System32\drivers\khips.sys [2007-04-26 10:21]
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\System32\DRIVERS\nvcap.sys [2003-09-08 13:52]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\System32\DRIVERS\NVxbar.sys [2003-09-08 13:52]
R2 SBAPIFS;CounterSpy Filter Driver;C:\WINDOWS\System32\Drivers\Sbapifs.sys [2007-12-30 17:57]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2001-08-28 13:00]
S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-01 14:43:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-04 11:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2007-12-28 16:29:03 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 13:19:01
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-04 13:20:27
ComboFix-quarantined-files.txt 2008-01-04 12:20:21
ComboFix2.txt 2008-01-01 14:02:50
ComboFix3.txt 2008-01-01 12:26:55
ComboFix4.txt 2007-12-31 11:33:23
ComboFix5.txt 2007-12-20 19:10:33

| Alerter

Répondre à angel-theparasite

Angeldark

4 Janvier 2008 16:30:32

C'est mieux ?

| Alerter

Répondre à Angeldark

xav66

4 Janvier 2008 17:37:24

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:45:04, on 04/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ulqcu.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
E:\Shareaza\Shareaza.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [jj] C:\WINDOWS\system32\jj.exe
O4 - HKLM\..\Run: [ulqcu] C:\WINDOWS\system32\ulqcu.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WiFi Station.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Environnement d'exécution Java 1.3.1_18) - http://javadl-esd.sun.com/update/1.3.1/jinstall-13-win3...
O17 - HKLM\System\CCS\Services\Tcpip\..\{D90EF664-C1D3-4EEE-B806-933290AF0E32}: NameServer = 212.30.96.108,212.30.124.146
O20 - Winlogon Notify: drwlse - drwlse.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Print Spooler Service (k5uluyaeuuoo) - Unknown owner - C:\WINDOWS\system32\ulqcu.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9008 bytes

| Alerter

Répondre à xav66

Angeldark

4 Janvier 2008 17:38:18

Crée ton propre sujet.

| Alerter

Répondre à Angeldark

angel-theparasite

4 Janvier 2008 17:50:05

Comment ca ? je comprend pas

| Alerter

Répondre à angel-theparasite

Angeldark

4 Janvier 2008 17:54:13

Je parle à xav66.

| Alerter

Répondre à Angeldark

angel-theparasite

4 Janvier 2008 18:35:55

Ah ok

Tiens moi auc ourant concernant mon post si je dois faire d'autres manips stp

| Alerter

Répondre à angel-theparasite

Angeldark

4 Janvier 2008 20:15:14

Citation :

C'est mieux ?

...

| Alerter

Répondre à Angeldark

angel-theparasite

9 Janvier 2008 06:06:30

Bonjour a vous tous et a toi angel dark

je vous ecris car malheureusement quelques jours sont passés et je pensais m'etre debarrasé des mails publicitaires et bein non !

Pouvez vous m'aider svp

| Alerter

Répondre à angel-theparasite

Angeldark

9 Janvier 2008 12:20:34

Reposte un rapport Hijackthis...

| Alerter

Répondre à Angeldark

angel-theparasite

10 Janvier 2008 05:40:59

Nouveau rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:40:33, on 10/01/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger les tous avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{83AAB61E-ED3D-426F-AF5F-CD046D755757}: NameServer = 212.27.54.252,212.27.53.252
O20 - Winlogon Notify: desmon - C:\WINDOWS\
O20 - Winlogon Notify: dx7til - dx7til.dll (file missing)
O20 - Winlogon Notify: efccbba - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

--
End of file - 6124 bytes

| Alerter

Répondre à angel-theparasite

Angeldark

10 Janvier 2008 15:27:21

Re,

Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir

Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic

| Alerter

Répondre à Angeldark

Tom's guide dans le monde