Internet tres lent et pc lent!
Dernière réponse : dans Sécurité
Donc voila depuis hier, mon pc est assez lent et internet aussi, donc j'ai fais une analyse ad-aware il seulement trouve des coockies. Ensuite j'ai fait une analyse registre ccleaner il a trouve quelque problemes corriger. Ensuite une analyse avast sur le dossier C:\Windows\ et la il a trouve une dizaine de virus! au moins donc j'ai fais mettre en quarantaine, maintenant que me conseillez vous pour supprimer ces virus ? Ou chercher encore voir si il y en a d'autres...
Autres pages sur : internet tres lent lent
Lassé par la pub ? Créez un compte
Bonjour,
Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18(=)12(=)06, on 17/02/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\dllcache\wingptd.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\D-Link\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\System32\BRMFRSMG.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dbsarticles.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 193.55.130.40 ads.gameforgeads.de
O1 - Hosts: 193.55.130.40 tracking.gameforge.de
O1 - Hosts: 193.55.130.40 pagead1.googlesyndication.com
O1 - Hosts: 193.55.130.40 pagead2.googlesyndication.com
O1 - Hosts: 193.55.130.40 pagead3.googlesyndication.com
O1 - Hosts: 193.55.130.40 analytics.gameforge.de
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunServices: [MicroSoft Visual SP2] igfsfdfsd32.exe
O4 - HKLM\..\RunServices: [MicroSoft Visual SP0] igfsfdfsd32ss.exe
O4 - HKLM\..\RunServices: [MicroSoft Visual SP01] igfsfdfsd3sda2ss.exe
O4 - HKLM\..\RunServices: [MicroSoft ssadssjdhasjadas3s1] kwjwjshshsx3.exe
O4 - HKLM\..\RunServices: [Windows Service Agent] agl2dd3.exe
O4 - HKLM\..\RunServices: [Windows Services Aganter] ksamanz.exe
O4 - HKUS\S-1-5-18\..\Run: [MicroSoft Visual SP2] igfsfdfsd32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MicroSoft Visual SP0] igfsfdfsd32ss.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MicroSoft Visual SP01] igfsfdfsd3sda2ss.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MicroSoft ssadssjdhasjadas3s1] kwjwjshshsx3.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Service Agent] agl2dd3.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Services Aganter] ksamanz.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [MicroSoft Visual SP2] igfsfdfsd32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MicroSoft Visual SP2] igfsfdfsd32.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [MicroSoft Visual SP2] igfsfdfsd32.exe (User 'Default user')
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files\Rapidown\RapidownGetAll.htm
O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\RapidownGet.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\D-Link\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\Rapidown.exe (file missing)
O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\Rapidown.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Asus Protocol Driver Control - Unknown owner - C:\WINDOWS\System32\dllcache\wingptd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\D-Link\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Microsoft Windows TCP Protocol - Unknown owner - C:\WINDOWS\System32\dllcache\wintcps.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
--
End of file - 9425 bytes
Scan saved at 18(=)12(=)06, on 17/02/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\dllcache\wingptd.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\D-Link\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\System32\BRMFRSMG.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dbsarticles.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 193.55.130.40 ads.gameforgeads.de
O1 - Hosts: 193.55.130.40 tracking.gameforge.de
O1 - Hosts: 193.55.130.40 pagead1.googlesyndication.com
O1 - Hosts: 193.55.130.40 pagead2.googlesyndication.com
O1 - Hosts: 193.55.130.40 pagead3.googlesyndication.com
O1 - Hosts: 193.55.130.40 analytics.gameforge.de
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunServices: [MicroSoft Visual SP2] igfsfdfsd32.exe
O4 - HKLM\..\RunServices: [MicroSoft Visual SP0] igfsfdfsd32ss.exe
O4 - HKLM\..\RunServices: [MicroSoft Visual SP01] igfsfdfsd3sda2ss.exe
O4 - HKLM\..\RunServices: [MicroSoft ssadssjdhasjadas3s1] kwjwjshshsx3.exe
O4 - HKLM\..\RunServices: [Windows Service Agent] agl2dd3.exe
O4 - HKLM\..\RunServices: [Windows Services Aganter] ksamanz.exe
O4 - HKUS\S-1-5-18\..\Run: [MicroSoft Visual SP2] igfsfdfsd32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MicroSoft Visual SP0] igfsfdfsd32ss.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MicroSoft Visual SP01] igfsfdfsd3sda2ss.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MicroSoft ssadssjdhasjadas3s1] kwjwjshshsx3.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Service Agent] agl2dd3.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Services Aganter] ksamanz.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [MicroSoft Visual SP2] igfsfdfsd32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MicroSoft Visual SP2] igfsfdfsd32.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [MicroSoft Visual SP2] igfsfdfsd32.exe (User 'Default user')
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files\Rapidown\RapidownGetAll.htm
O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\RapidownGet.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\D-Link\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\Rapidown.exe (file missing)
O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\Rapidown.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Asus Protocol Driver Control - Unknown owner - C:\WINDOWS\System32\dllcache\wingptd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\D-Link\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Microsoft Windows TCP Protocol - Unknown owner - C:\WINDOWS\System32\dllcache\wintcps.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
--
End of file - 9425 bytes
Re,
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]
Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double clique sur combofix.exe afin de le lancer.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]
Voici le rapport :
ComboFix 08-02-17.2 - Administrateur 2008-02-17 18(=)39(=)38.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.349 [GMT 1:00]
Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\.exe
C:\WINDOWS\system32\a.exe
C:\WINDOWS\system32\ag.exe
C:\WINDOWS\system32\djeee99.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_NPF
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-17 to 2008-02-17 ))))))))))))))))))))))))))))))))))))
.
2008-02-17 17:36 . 2008-02-17 17:36 <REP> d-------- C:\Documents and Settings\Administrateur\DoctorWeb
2008-02-17 14:59 . 2008-02-17 14:59 487,424 --a------ C:\WINDOWS\system32\ksamanz.exe
2008-02-17 14:56 . 2008-02-17 14:56 466,944 --a------ C:\WINDOWS\system32\kwjwjshshsx3.exe
2008-02-17 14:51 . 2008-02-17 16:58 109,762 --a------ C:\WINDOWS\system32\dfsdfds.exe
2008-02-17 14:50 . 2008-02-17 16:14 10,065 --a------ C:\WINDOWS\system32\murdEr.sys
2008-02-17 14:50 . 2007-11-30 00:56 3,157 --a------ C:\WINDOWS\system32\mirc.ini
2008-02-17 14:50 . 2007-08-23 10:15 1,144 --a------ C:\WINDOWS\system32\nassor
2008-02-17 14:50 . 2006-10-08 23:05 1,144 --a------ C:\WINDOWS\system32\murd3r
2008-02-17 14:50 . 2007-09-14 05:14 127 --a------ C:\WINDOWS\system32\remote.ini
2008-02-17 14:49 . 2008-02-17 16:58 109,762 --a------ C:\WINDOWS\system32\dfdfds.exe
2008-02-17 14:27 . 2008-02-17 14:27 557,056 --a------ C:\WINDOWS\system32\igfsfdfsd3sda2ss.exe
2008-02-17 14:23 . 2008-02-17 14:23 561,152 --a------ C:\WINDOWS\system32\igfsfdfsd32ss.exe
2008-02-16 15:08 . 2008-02-16 15:08 557,056 --a------ C:\WINDOWS\system32\igfsfdfsd32.exe
2008-02-15 02:18 . 2008-02-15 02:19 218,624 --a------ C:\WINDOWS\system32\wedoms.exe
2008-02-14 02:18 . 2001-08-23 16:58 36,224 --a------ C:\WINDOWS\system32\drivers\isapnp.sys
2008-02-14 02:18 . 2001-08-23 16:58 36,224 --a--c--- C:\WINDOWS\system32\dllcache\isapnp.sys
2008-02-14 02:17 . 2008-02-14 02:17 <REP> d-------- C:\Program Files\VIA
2008-02-14 02:17 . 2003-07-02 04:42 27,904 --a------ C:\WINDOWS\system32\drivers\VIAAGP1.SYS
2008-02-14 02:17 . 2007-09-21 17:49 9,216 --a------ C:\WINDOWS\system32\drivers\videX32.sys
2008-02-14 01:57 . 2005-11-17 15:46 337,320 --------- C:\WINDOWS\system32\difxapi.dll
2008-02-14 01:57 . 2006-10-27 16:26 69,632 --a------ C:\WINDOWS\system32\vuins32.dll
2008-02-14 01:57 . 2007-09-21 19:24 43,520 --a------ C:\WINDOWS\system32\drivers\fetnd5bv.sys
2008-02-14 01:57 . 2003-11-11 18:41 41,984 --a------ C:\WINDOWS\system32\drivers\fetnd5b.sys
2008-02-14 00:27 . 2008-02-14 00:27 <REP> d-------- C:\Program Files\C-Media 3D Audio
2008-02-13 00:06 . 2007-06-27 14:42 207,488 -ra------ C:\WINDOWS\system32\drivers\vinyl97.sys
2008-02-12 17:39 . 2001-08-17 21:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-02-12 17:38 . 2001-08-23 17:47 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-02-12 17:37 . 2001-08-23 17:18 899,914 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-02-12 17:36 . 2001-08-17 21:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-02-12 17:35 . 2001-08-23 17:47 372,824 --a--c--- C:\WINDOWS\system32\dllcache\iconf32.dll
2008-02-12 17:34 . 2001-08-23 17:46 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-02-12 17:33 . 2001-08-17 20:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-02-12 17:32 . 2001-08-23 17:04 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-02-12 17:31 . 2001-08-17 21:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-02-12 14:07 . 2002-08-29 02:01 56,832 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2008-02-12 14:07 . 2002-08-29 02:01 56,832 --a--c--- C:\WINDOWS\system32\dllcache\sysaudio.sys
2008-02-12 13:44 . 2008-02-12 13:44 <REP> d-------- C:\Program Files\Lavalys
2008-02-12 03:29 . 2002-08-29 01:32 135,552 --a------ C:\WINDOWS\system32\drivers\usbport.sys
2008-02-12 03:29 . 2002-08-29 01:32 135,552 --a--c--- C:\WINDOWS\system32\dllcache\usbport.sys
2008-02-12 03:29 . 2001-08-23 17:47 70,144 --a------ C:\WINDOWS\system32\usbui.dll
2008-02-12 03:29 . 2001-08-23 17:47 70,144 --a--c--- C:\WINDOWS\system32\dllcache\usbui.dll
2008-02-12 03:29 . 2002-08-29 01:32 51,968 --a------ C:\WINDOWS\system32\drivers\usbhub.sys
2008-02-12 03:29 . 2002-08-29 01:32 51,968 --a--c--- C:\WINDOWS\system32\dllcache\usbhub.sys
2008-02-12 03:29 . 2002-08-29 01:32 19,328 --a------ C:\WINDOWS\system32\drivers\usbehci.sys
2008-02-12 03:29 . 2002-08-29 11:44 5,120 --a------ C:\WINDOWS\system32\hccoin.dll
2008-02-12 03:27 . 2001-09-19 13:28 9,728 --a------ C:\WINDOWS\system32\drivers\viausb1.sys
2008-02-12 02:12 . 2008-02-12 02:12 <REP> d-------- C:\WINDOWS\system32\Lang
2008-02-12 01:38 . 2003-12-11 09:50 70,894 --a------ C:\WINDOWS\system32\drivers\LMouFlt2.Sys
2008-02-12 01:38 . 2003-12-11 09:50 37,916 --a------ C:\WINDOWS\system32\drivers\LHidUsb.sys
2008-02-12 01:38 . 2003-12-11 09:50 25,630 --a------ C:\WINDOWS\system32\drivers\LHidFlt2.Sys
2008-02-12 01:38 . 2002-08-29 11:39 22,656 --a------ C:\WINDOWS\system32\drivers\mouclass.sys
2008-02-12 01:38 . 2002-08-29 11:39 22,656 --a--c--- C:\WINDOWS\system32\dllcache\mouclass.sys
2008-02-12 01:38 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-02-12 01:38 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-02-12 01:35 . 2003-12-17 09:50 152,064 --------- C:\WINDOWS\system32\lmoufrc.dll
2008-02-12 01:35 . 2003-12-18 09:50 104,960 --a------ C:\WINDOWS\system32\COMNCTR.DLL
2008-02-12 01:35 . 2003-12-18 09:50 97,792 --a------ C:\WINDOWS\system32\LGUICOM.DLL
2008-02-12 01:35 . 2003-12-11 09:50 51,582 --------- C:\WINDOWS\system32\drivers\L8042PR2.SYS
2008-02-12 01:35 . 2003-12-11 09:50 23,372 --------- C:\WINDOWS\system32\LCOINST.DLL
2008-02-12 01:35 . 2003-12-11 09:50 20,992 --------- C:\WINDOWS\LOGI_MWX.EXE
2008-02-12 01:35 . 2003-12-18 09:50 16,896 --a------ C:\WINDOWS\system32\LMOUSE32.DLL
2008-02-12 01:35 . 2003-12-11 09:50 14,092 --------- C:\WINDOWS\system32\drivers\LCCFLTR.SYS
2008-02-12 01:35 . 2003-12-18 09:50 3,568 --a------ C:\WINDOWS\system32\LMOUSE16.DLL
2008-02-12 01:28 . 2003-10-03 16:28 45,056 --a------ C:\WINDOWS\system32\vusetup.dll
2008-02-12 01:28 . 2005-06-06 17:51 11,264 --a------ C:\WINDOWS\system32\drivers\vulfntr.sys
2008-02-12 01:28 . 2005-01-05 18:02 6,912 --a------ C:\WINDOWS\system32\drivers\vulfnth.sys
2008-02-12 01:11 . 2005-05-27 09:23 2,180,096 --a------ C:\WINDOWS\system32\drivers\lvsvf2.sys
2008-02-12 01:11 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-02-12 01:11 . 2003-02-21 05:42 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-02-12 01:11 . 2005-07-19 17:31 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
2008-02-12 01:10 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-02-11 22:17 . 2008-02-11 22:17 <REP> d-------- C:\Program Files\ma-config.com
2008-02-11 22:17 . 2008-02-14 02:31 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ma-config.com
2008-02-11 22:15 . 2008-02-11 22:15 <REP> d-------- C:\WINDOWS\vnDrvBas
2008-02-09 23:03 . 2008-02-09 23:03 491,520 -r-hsc--- C:\WINDOWS\system32\dllcache\wingptd.exe
2008-02-07 20:53 . 2008-02-07 20:53 <REP> d-------- C:\Program Files\Lavasoft
2008-02-07 20:53 . 2008-02-07 20:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-03 16:19 . 2008-02-03 16:20 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\FMZilla
2008-01-27 04:08 . 2008-01-27 04:08 14,100 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-01-18 22:03 . 2008-01-21 20:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\skypePM
2008-01-18 22:03 . 2008-01-18 22:03 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-01-18 21:01 . 2008-01-18 21:01 <REP> d-------- C:\Program Files\Skype
2008-01-18 21:01 . 2008-01-18 21:01 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-01-18 21:01 . 2008-01-18 21:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-01-18 21:01 . 2008-01-21 20:48 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Skype
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 17:38 --------- d-----w C:\Program Files\mIRC
2008-02-17 13:41 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-02-17 00:17 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\teamspeak2
2008-02-15 12:50 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\U3
2008-02-12 13:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-12 00:35 --------- d-----w C:\Program Files\Logitech
2008-02-12 00:35 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-02-11 16:25 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Ventrilo
2008-02-09 16:17 --------- d-----w C:\Program Files\Webcamfirst
2008-02-09 16:17 --------- d-----w C:\Program Files\Ventrilo
2008-02-07 19:52 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-07 19:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-01 11:25 --------- d-----w C:\Program Files\MSN Messenger
2008-01-28 18:40 --------- d-----w C:\Program Files\FlashGet
2008-01-17 00:12 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-02 15:23 --------- d-----w C:\Program Files\eRightSoft
2008-01-02 15:23 --------- d-----w C:\Program Files\AviSynth 2.5
2007-12-30 10:02 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org2
2007-12-24 19:23 --------- d-----w C:\Program Files\Sony
2007-12-24 19:12 --------- d-----w C:\Program Files\Common Files
2007-12-18 20:50 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Xfire
2007-12-18 19:51 --------- d-s---w C:\Program Files\Xfire
2005-09-23 23:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2002-08-29 12:45 519,747 --sh--r C:\WINDOWS\system32\agl2dd3.exe
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{140BD8E3-C167-11D4-B4A3-080000180323}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54 282624]
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"Cmaudio"="cmicnfg.cpl" []
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-12-05 01:41 81920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"MicroSoft Visual SP2"="igfsfdfsd32.exe" [2008-02-16 15:08 557056 C:\WINDOWS\system32\igfsfdfsd32.exe]
"MicroSoft Visual SP0"="igfsfdfsd32ss.exe" [2008-02-17 14:23 561152 C:\WINDOWS\system32\igfsfdfsd32ss.exe]
"MicroSoft Visual SP01"="igfsfdfsd3sda2ss.exe" [2008-02-17 14:27 557056 C:\WINDOWS\system32\igfsfdfsd3sda2ss.exe]
"MicroSoft ssadssjdhasjadas3s1"="kwjwjshshsx3.exe" [2008-02-17 14:56 466944 C:\WINDOWS\system32\kwjwjshshsx3.exe]
"Windows Service Agent"="agl2dd3.exe" [2002-08-29 13:45 519747 C:\WINDOWS\system32\agl2dd3.exe]
"Windows Services Aganter"="ksamanz.exe" [2008-02-17 14:59 487424 C:\WINDOWS\system32\ksamanz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MicroSoft Visual SP2"="igfsfdfsd32.exe" [2008-02-16 15:08 557056 C:\WINDOWS\system32\igfsfdfsd32.exe]
"MicroSoft Visual SP0"="igfsfdfsd32ss.exe" [2008-02-17 14:23 561152 C:\WINDOWS\system32\igfsfdfsd32ss.exe]
"MicroSoft Visual SP01"="igfsfdfsd3sda2ss.exe" [2008-02-17 14:27 557056 C:\WINDOWS\system32\igfsfdfsd3sda2ss.exe]
"MicroSoft ssadssjdhasjadas3s1"="kwjwjshshsx3.exe" [2008-02-17 14:56 466944 C:\WINDOWS\system32\kwjwjshshsx3.exe]
"Windows Service Agent"="agl2dd3.exe" [2002-08-29 13:45 519747 C:\WINDOWS\system32\agl2dd3.exe]
"Windows Services Aganter"="ksamanz.exe" [2008-02-17 14:59 487424 C:\WINDOWS\system32\ksamanz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"MicroSoft Visual SP2"="igfsfdfsd32.exe" [2008-02-16 15:08 557056 C:\WINDOWS\system32\igfsfdfsd32.exe]
"MicroSoft Visual SP0"="igfsfdfsd32ss.exe" [2008-02-17 14:23 561152 C:\WINDOWS\system32\igfsfdfsd32ss.exe]
"MicroSoft Visual SP01"="igfsfdfsd3sda2ss.exe" [2008-02-17 14:27 557056 C:\WINDOWS\system32\igfsfdfsd3sda2ss.exe]
"MicroSoft ssadssjdhasjadas3s1"="kwjwjshshsx3.exe" [2008-02-17 14:56 466944 C:\WINDOWS\system32\kwjwjshshsx3.exe]
"Windows Services Aganter"="ksamanz.exe" [2008-02-17 14:59 487424 C:\WINDOWS\system32\ksamanz.exe]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 10:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Schedule]
C:\Program Files\Fichiers communs\Acronis\Schedule\schedule.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2005-11-15 20:21 1204224 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-09-24 00:08 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-07-19 17:32 221184 C:\WINDOWS\System32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-12-15 03:23 75520 C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)
R0 Defrag32b;Defrag32Boot;C:\WINDOWS\System32\drivers\Defrag32b.sys [2005-05-12 08:47]
R0 videX32;videX32;C:\WINDOWS\System32\DRIVERS\videX32.sys [2007-09-21 17:49]
R2 Asus Protocol Driver Control;Asus Protocol Driver Control;"C:\WINDOWS\System32\dllcache\wingptd.exe" [2008-02-09 23:03]
R2 Defrag32;Defrag32;C:\WINDOWS\System32\drivers\Defrag32.sys [2005-05-12 08:47]
R2 PDSched;PDScheduler;C:\Program Files\Raxco\PerfectDisk\PDSched.exe [2005-05-12 11:43]
R3 brfilt;Pilote de filtre Brother MFC;C:\WINDOWS\System32\Drivers\Brfilt.sys [2001-08-17 20:12]
R3 BrSerWDM;Pilote série Brother;C:\WINDOWS\System32\Drivers\BrSerWdm.sys [2003-03-13 23:04]
R3 BrUsbMdm;Brother MFC USB modem télécopieur uniquement;C:\WINDOWS\System32\Drivers\BrUsbMdm.sys [2001-08-17 20:12]
R3 BrUsbScn;Pilote de scanneur Brother MFC USB;C:\WINDOWS\System32\Drivers\BrUsbScn.sys [2001-08-17 20:12]
S2 Microsoft Windows TCP Protocol;Microsoft Windows TCP Protocol;"C:\WINDOWS\System32\dllcache\wintcps.exe" []
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2004-10-15 12:50]
S3 CrystalCpuInfo;CrystalCpuInfo;C:\Program Files\OCCT\CpuInfo.sys []
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [2007-09-21 19:24]
S3 viafilter;VIA USB Filter;C:\WINDOWS\System32\Drivers\viausb1.sys [2001-09-19 13:28]
S3 VNICPKT5;VNICPKT5 Protocol Driver;C:\WINDOWS\System32\VNICPKT5.SYS []
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 18:43:48
Windows 5.1.2600 Service Pack 1 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\D-Link\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\BRMFRSMG.EXE
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-17 18:45:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-17 17:45:38
ComboFix 08-02-17.2 - Administrateur 2008-02-17 18(=)39(=)38.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.349 [GMT 1:00]
Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\.exe
C:\WINDOWS\system32\a.exe
C:\WINDOWS\system32\ag.exe
C:\WINDOWS\system32\djeee99.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_NPF
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-17 to 2008-02-17 ))))))))))))))))))))))))))))))))))))
.
2008-02-17 17:36 . 2008-02-17 17:36 <REP> d-------- C:\Documents and Settings\Administrateur\DoctorWeb
2008-02-17 14:59 . 2008-02-17 14:59 487,424 --a------ C:\WINDOWS\system32\ksamanz.exe
2008-02-17 14:56 . 2008-02-17 14:56 466,944 --a------ C:\WINDOWS\system32\kwjwjshshsx3.exe
2008-02-17 14:51 . 2008-02-17 16:58 109,762 --a------ C:\WINDOWS\system32\dfsdfds.exe
2008-02-17 14:50 . 2008-02-17 16:14 10,065 --a------ C:\WINDOWS\system32\murdEr.sys
2008-02-17 14:50 . 2007-11-30 00:56 3,157 --a------ C:\WINDOWS\system32\mirc.ini
2008-02-17 14:50 . 2007-08-23 10:15 1,144 --a------ C:\WINDOWS\system32\nassor
2008-02-17 14:50 . 2006-10-08 23:05 1,144 --a------ C:\WINDOWS\system32\murd3r
2008-02-17 14:50 . 2007-09-14 05:14 127 --a------ C:\WINDOWS\system32\remote.ini
2008-02-17 14:49 . 2008-02-17 16:58 109,762 --a------ C:\WINDOWS\system32\dfdfds.exe
2008-02-17 14:27 . 2008-02-17 14:27 557,056 --a------ C:\WINDOWS\system32\igfsfdfsd3sda2ss.exe
2008-02-17 14:23 . 2008-02-17 14:23 561,152 --a------ C:\WINDOWS\system32\igfsfdfsd32ss.exe
2008-02-16 15:08 . 2008-02-16 15:08 557,056 --a------ C:\WINDOWS\system32\igfsfdfsd32.exe
2008-02-15 02:18 . 2008-02-15 02:19 218,624 --a------ C:\WINDOWS\system32\wedoms.exe
2008-02-14 02:18 . 2001-08-23 16:58 36,224 --a------ C:\WINDOWS\system32\drivers\isapnp.sys
2008-02-14 02:18 . 2001-08-23 16:58 36,224 --a--c--- C:\WINDOWS\system32\dllcache\isapnp.sys
2008-02-14 02:17 . 2008-02-14 02:17 <REP> d-------- C:\Program Files\VIA
2008-02-14 02:17 . 2003-07-02 04:42 27,904 --a------ C:\WINDOWS\system32\drivers\VIAAGP1.SYS
2008-02-14 02:17 . 2007-09-21 17:49 9,216 --a------ C:\WINDOWS\system32\drivers\videX32.sys
2008-02-14 01:57 . 2005-11-17 15:46 337,320 --------- C:\WINDOWS\system32\difxapi.dll
2008-02-14 01:57 . 2006-10-27 16:26 69,632 --a------ C:\WINDOWS\system32\vuins32.dll
2008-02-14 01:57 . 2007-09-21 19:24 43,520 --a------ C:\WINDOWS\system32\drivers\fetnd5bv.sys
2008-02-14 01:57 . 2003-11-11 18:41 41,984 --a------ C:\WINDOWS\system32\drivers\fetnd5b.sys
2008-02-14 00:27 . 2008-02-14 00:27 <REP> d-------- C:\Program Files\C-Media 3D Audio
2008-02-13 00:06 . 2007-06-27 14:42 207,488 -ra------ C:\WINDOWS\system32\drivers\vinyl97.sys
2008-02-12 17:39 . 2001-08-17 21:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-02-12 17:38 . 2001-08-23 17:47 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-02-12 17:37 . 2001-08-23 17:18 899,914 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-02-12 17:36 . 2001-08-17 21:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-02-12 17:35 . 2001-08-23 17:47 372,824 --a--c--- C:\WINDOWS\system32\dllcache\iconf32.dll
2008-02-12 17:34 . 2001-08-23 17:46 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-02-12 17:33 . 2001-08-17 20:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-02-12 17:32 . 2001-08-23 17:04 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-02-12 17:31 . 2001-08-17 21:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-02-12 14:07 . 2002-08-29 02:01 56,832 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2008-02-12 14:07 . 2002-08-29 02:01 56,832 --a--c--- C:\WINDOWS\system32\dllcache\sysaudio.sys
2008-02-12 13:44 . 2008-02-12 13:44 <REP> d-------- C:\Program Files\Lavalys
2008-02-12 03:29 . 2002-08-29 01:32 135,552 --a------ C:\WINDOWS\system32\drivers\usbport.sys
2008-02-12 03:29 . 2002-08-29 01:32 135,552 --a--c--- C:\WINDOWS\system32\dllcache\usbport.sys
2008-02-12 03:29 . 2001-08-23 17:47 70,144 --a------ C:\WINDOWS\system32\usbui.dll
2008-02-12 03:29 . 2001-08-23 17:47 70,144 --a--c--- C:\WINDOWS\system32\dllcache\usbui.dll
2008-02-12 03:29 . 2002-08-29 01:32 51,968 --a------ C:\WINDOWS\system32\drivers\usbhub.sys
2008-02-12 03:29 . 2002-08-29 01:32 51,968 --a--c--- C:\WINDOWS\system32\dllcache\usbhub.sys
2008-02-12 03:29 . 2002-08-29 01:32 19,328 --a------ C:\WINDOWS\system32\drivers\usbehci.sys
2008-02-12 03:29 . 2002-08-29 11:44 5,120 --a------ C:\WINDOWS\system32\hccoin.dll
2008-02-12 03:27 . 2001-09-19 13:28 9,728 --a------ C:\WINDOWS\system32\drivers\viausb1.sys
2008-02-12 02:12 . 2008-02-12 02:12 <REP> d-------- C:\WINDOWS\system32\Lang
2008-02-12 01:38 . 2003-12-11 09:50 70,894 --a------ C:\WINDOWS\system32\drivers\LMouFlt2.Sys
2008-02-12 01:38 . 2003-12-11 09:50 37,916 --a------ C:\WINDOWS\system32\drivers\LHidUsb.sys
2008-02-12 01:38 . 2003-12-11 09:50 25,630 --a------ C:\WINDOWS\system32\drivers\LHidFlt2.Sys
2008-02-12 01:38 . 2002-08-29 11:39 22,656 --a------ C:\WINDOWS\system32\drivers\mouclass.sys
2008-02-12 01:38 . 2002-08-29 11:39 22,656 --a--c--- C:\WINDOWS\system32\dllcache\mouclass.sys
2008-02-12 01:38 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-02-12 01:38 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-02-12 01:35 . 2003-12-17 09:50 152,064 --------- C:\WINDOWS\system32\lmoufrc.dll
2008-02-12 01:35 . 2003-12-18 09:50 104,960 --a------ C:\WINDOWS\system32\COMNCTR.DLL
2008-02-12 01:35 . 2003-12-18 09:50 97,792 --a------ C:\WINDOWS\system32\LGUICOM.DLL
2008-02-12 01:35 . 2003-12-11 09:50 51,582 --------- C:\WINDOWS\system32\drivers\L8042PR2.SYS
2008-02-12 01:35 . 2003-12-11 09:50 23,372 --------- C:\WINDOWS\system32\LCOINST.DLL
2008-02-12 01:35 . 2003-12-11 09:50 20,992 --------- C:\WINDOWS\LOGI_MWX.EXE
2008-02-12 01:35 . 2003-12-18 09:50 16,896 --a------ C:\WINDOWS\system32\LMOUSE32.DLL
2008-02-12 01:35 . 2003-12-11 09:50 14,092 --------- C:\WINDOWS\system32\drivers\LCCFLTR.SYS
2008-02-12 01:35 . 2003-12-18 09:50 3,568 --a------ C:\WINDOWS\system32\LMOUSE16.DLL
2008-02-12 01:28 . 2003-10-03 16:28 45,056 --a------ C:\WINDOWS\system32\vusetup.dll
2008-02-12 01:28 . 2005-06-06 17:51 11,264 --a------ C:\WINDOWS\system32\drivers\vulfntr.sys
2008-02-12 01:28 . 2005-01-05 18:02 6,912 --a------ C:\WINDOWS\system32\drivers\vulfnth.sys
2008-02-12 01:11 . 2005-05-27 09:23 2,180,096 --a------ C:\WINDOWS\system32\drivers\lvsvf2.sys
2008-02-12 01:11 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-02-12 01:11 . 2003-02-21 05:42 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-02-12 01:11 . 2005-07-19 17:31 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
2008-02-12 01:10 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-02-11 22:17 . 2008-02-11 22:17 <REP> d-------- C:\Program Files\ma-config.com
2008-02-11 22:17 . 2008-02-14 02:31 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ma-config.com
2008-02-11 22:15 . 2008-02-11 22:15 <REP> d-------- C:\WINDOWS\vnDrvBas
2008-02-09 23:03 . 2008-02-09 23:03 491,520 -r-hsc--- C:\WINDOWS\system32\dllcache\wingptd.exe
2008-02-07 20:53 . 2008-02-07 20:53 <REP> d-------- C:\Program Files\Lavasoft
2008-02-07 20:53 . 2008-02-07 20:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-03 16:19 . 2008-02-03 16:20 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\FMZilla
2008-01-27 04:08 . 2008-01-27 04:08 14,100 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-01-18 22:03 . 2008-01-21 20:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\skypePM
2008-01-18 22:03 . 2008-01-18 22:03 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-01-18 21:01 . 2008-01-18 21:01 <REP> d-------- C:\Program Files\Skype
2008-01-18 21:01 . 2008-01-18 21:01 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-01-18 21:01 . 2008-01-18 21:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-01-18 21:01 . 2008-01-21 20:48 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Skype
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 17:38 --------- d-----w C:\Program Files\mIRC
2008-02-17 13:41 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-02-17 00:17 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\teamspeak2
2008-02-15 12:50 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\U3
2008-02-12 13:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-12 00:35 --------- d-----w C:\Program Files\Logitech
2008-02-12 00:35 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-02-11 16:25 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Ventrilo
2008-02-09 16:17 --------- d-----w C:\Program Files\Webcamfirst
2008-02-09 16:17 --------- d-----w C:\Program Files\Ventrilo
2008-02-07 19:52 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-07 19:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-01 11:25 --------- d-----w C:\Program Files\MSN Messenger
2008-01-28 18:40 --------- d-----w C:\Program Files\FlashGet
2008-01-17 00:12 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-02 15:23 --------- d-----w C:\Program Files\eRightSoft
2008-01-02 15:23 --------- d-----w C:\Program Files\AviSynth 2.5
2007-12-30 10:02 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org2
2007-12-24 19:23 --------- d-----w C:\Program Files\Sony
2007-12-24 19:12 --------- d-----w C:\Program Files\Common Files
2007-12-18 20:50 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Xfire
2007-12-18 19:51 --------- d-s---w C:\Program Files\Xfire
2005-09-23 23:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2002-08-29 12:45 519,747 --sh--r C:\WINDOWS\system32\agl2dd3.exe
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{140BD8E3-C167-11D4-B4A3-080000180323}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54 282624]
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"Cmaudio"="cmicnfg.cpl" []
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-12-05 01:41 81920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"MicroSoft Visual SP2"="igfsfdfsd32.exe" [2008-02-16 15:08 557056 C:\WINDOWS\system32\igfsfdfsd32.exe]
"MicroSoft Visual SP0"="igfsfdfsd32ss.exe" [2008-02-17 14:23 561152 C:\WINDOWS\system32\igfsfdfsd32ss.exe]
"MicroSoft Visual SP01"="igfsfdfsd3sda2ss.exe" [2008-02-17 14:27 557056 C:\WINDOWS\system32\igfsfdfsd3sda2ss.exe]
"MicroSoft ssadssjdhasjadas3s1"="kwjwjshshsx3.exe" [2008-02-17 14:56 466944 C:\WINDOWS\system32\kwjwjshshsx3.exe]
"Windows Service Agent"="agl2dd3.exe" [2002-08-29 13:45 519747 C:\WINDOWS\system32\agl2dd3.exe]
"Windows Services Aganter"="ksamanz.exe" [2008-02-17 14:59 487424 C:\WINDOWS\system32\ksamanz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MicroSoft Visual SP2"="igfsfdfsd32.exe" [2008-02-16 15:08 557056 C:\WINDOWS\system32\igfsfdfsd32.exe]
"MicroSoft Visual SP0"="igfsfdfsd32ss.exe" [2008-02-17 14:23 561152 C:\WINDOWS\system32\igfsfdfsd32ss.exe]
"MicroSoft Visual SP01"="igfsfdfsd3sda2ss.exe" [2008-02-17 14:27 557056 C:\WINDOWS\system32\igfsfdfsd3sda2ss.exe]
"MicroSoft ssadssjdhasjadas3s1"="kwjwjshshsx3.exe" [2008-02-17 14:56 466944 C:\WINDOWS\system32\kwjwjshshsx3.exe]
"Windows Service Agent"="agl2dd3.exe" [2002-08-29 13:45 519747 C:\WINDOWS\system32\agl2dd3.exe]
"Windows Services Aganter"="ksamanz.exe" [2008-02-17 14:59 487424 C:\WINDOWS\system32\ksamanz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"MicroSoft Visual SP2"="igfsfdfsd32.exe" [2008-02-16 15:08 557056 C:\WINDOWS\system32\igfsfdfsd32.exe]
"MicroSoft Visual SP0"="igfsfdfsd32ss.exe" [2008-02-17 14:23 561152 C:\WINDOWS\system32\igfsfdfsd32ss.exe]
"MicroSoft Visual SP01"="igfsfdfsd3sda2ss.exe" [2008-02-17 14:27 557056 C:\WINDOWS\system32\igfsfdfsd3sda2ss.exe]
"MicroSoft ssadssjdhasjadas3s1"="kwjwjshshsx3.exe" [2008-02-17 14:56 466944 C:\WINDOWS\system32\kwjwjshshsx3.exe]
"Windows Services Aganter"="ksamanz.exe" [2008-02-17 14:59 487424 C:\WINDOWS\system32\ksamanz.exe]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 10:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Schedule]
C:\Program Files\Fichiers communs\Acronis\Schedule\schedule.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2005-11-15 20:21 1204224 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-09-24 00:08 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-07-19 17:32 221184 C:\WINDOWS\System32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-12-15 03:23 75520 C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)
R0 Defrag32b;Defrag32Boot;C:\WINDOWS\System32\drivers\Defrag32b.sys [2005-05-12 08:47]
R0 videX32;videX32;C:\WINDOWS\System32\DRIVERS\videX32.sys [2007-09-21 17:49]
R2 Asus Protocol Driver Control;Asus Protocol Driver Control;"C:\WINDOWS\System32\dllcache\wingptd.exe" [2008-02-09 23:03]
R2 Defrag32;Defrag32;C:\WINDOWS\System32\drivers\Defrag32.sys [2005-05-12 08:47]
R2 PDSched;PDScheduler;C:\Program Files\Raxco\PerfectDisk\PDSched.exe [2005-05-12 11:43]
R3 brfilt;Pilote de filtre Brother MFC;C:\WINDOWS\System32\Drivers\Brfilt.sys [2001-08-17 20:12]
R3 BrSerWDM;Pilote série Brother;C:\WINDOWS\System32\Drivers\BrSerWdm.sys [2003-03-13 23:04]
R3 BrUsbMdm;Brother MFC USB modem télécopieur uniquement;C:\WINDOWS\System32\Drivers\BrUsbMdm.sys [2001-08-17 20:12]
R3 BrUsbScn;Pilote de scanneur Brother MFC USB;C:\WINDOWS\System32\Drivers\BrUsbScn.sys [2001-08-17 20:12]
S2 Microsoft Windows TCP Protocol;Microsoft Windows TCP Protocol;"C:\WINDOWS\System32\dllcache\wintcps.exe" []
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2004-10-15 12:50]
S3 CrystalCpuInfo;CrystalCpuInfo;C:\Program Files\OCCT\CpuInfo.sys []
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [2007-09-21 19:24]
S3 viafilter;VIA USB Filter;C:\WINDOWS\System32\Drivers\viausb1.sys [2001-09-19 13:28]
S3 VNICPKT5;VNICPKT5 Protocol Driver;C:\WINDOWS\System32\VNICPKT5.SYS []
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 18:43:48
Windows 5.1.2600 Service Pack 1 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\D-Link\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\BRMFRSMG.EXE
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-17 18:45:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-17 17:45:38
Re,
Télécharge ewido anti-spyware micro scanner sur ton bureau.
Double-clique sur le fichier ewido_micro.exe pour l'exécuter.
Le programme va demander dès son lancement un accès internet pour se mettre à jour, accepte.
Puis, un nouvel écran apparaît, assure toi que toutes les cases soient cochées.
Clique sur Start Scan et laisse l'outil travailler.
Quand l'outil à fini, clique sur save report et sauvegarde le rapport sur ton bureau.
Poste le dans ta prochaine réponse.
Nb : ne clique pas tout de suite sur Remove infections; nous devons nous assurer que toutes les détections soient infectieuses car certains utilitaires légitimes pourraient apparaître dans le rapport.
Télécharge ewido anti-spyware micro scanner sur ton bureau.
Nb : ne clique pas tout de suite sur Remove infections; nous devons nous assurer que toutes les détections soient infectieuses car certains utilitaires légitimes pourraient apparaître dans le rapport.
__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________
Name: TrackingCookie.Smartadserver
Path: :mozilla.20:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b3q39xju.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Smartadserver
Path: :mozilla.22:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b3q39xju.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Smartadserver
Path: :mozilla.23:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b3q39xju.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Smartadserver
Path: :mozilla.24:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b3q39xju.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Weborama
Path: :mozilla.30:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b3q39xju.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Weborama
Path: :mozilla.31:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b3q39xju.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Weborama
Path: :mozilla.32:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b3q39xju.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Estat
Path: :mozilla.47:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b3q39xju.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Overture
Path: :mozilla.48:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b3q39xju.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Atdmt
Path: :mozilla.78:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b3q39xju.default\cookies.txt
Risk: Medium
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________
Name: TrackingCookie.Smartadserver
Path: :mozilla.20:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b3q39xju.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Smartadserver
Path: :mozilla.22:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b3q39xju.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Smartadserver
Path: :mozilla.23:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b3q39xju.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Smartadserver
Path: :mozilla.24:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b3q39xju.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Weborama
Path: :mozilla.30:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b3q39xju.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Weborama
Path: :mozilla.31:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b3q39xju.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Weborama
Path: :mozilla.32:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b3q39xju.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Estat
Path: :mozilla.47:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b3q39xju.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Overture
Path: :mozilla.48:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b3q39xju.default\cookies.txt
Risk: Medium
Name: TrackingCookie.Atdmt
Path: :mozilla.78:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b3q39xju.default\cookies.txt
Risk: Medium
Re,
Fais un scan en ligne Kaspersky avec Internet Explorer :
Clique sur ![]()
Clique maintenant sur J'accepte.
Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
Patiente pendant l'installation des Mises à jour.
Choisis par la suite l'analyse du Poste de travail
Sauvegarde puis colle le rapport généré en fin d'analyse.
AIDE : Tuto sur le scan en ligne
NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
AIDE : Tuto sur le scan en ligne
NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, February 17, 2008 11:45:07 PM
Système d'exploitation : Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 17/02/2008
Enregistrements dans la base antivirus Kaspersky : 527780
-------------------------------------------------------------------------------
Paramètres d'analyse:
Analyser avec la base antivirus suivante: standard
Analyser les archives: vrai
Analyser les bases de messagerie: vrai
Cible de l'analyse - Poste de travail:
A:\
C:\
E:\
I:\
Statistiques de l'analyse:
Total d'objets analysés: 50296
Nombre de virus trouvés: 5
Nombre d'objets infectés: 10 / 0
Nombre d'objets suspects: 2
Durée de l'analyse: 02:22:41
Nom de l'objet infecté / Nom du virus / Dernière action
C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b3q39xju.default\cert8.db L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b3q39xju.default\formhistory.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b3q39xju.default\history.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b3q39xju.default\key3.db L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b3q39xju.default\parent.lock L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b3q39xju.default\search.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b3q39xju.default\urlclassifier2.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\b3q39xju.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\b3q39xju.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\b3q39xju.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\b3q39xju.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\MSHist012008021720080218\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip/Yazzle1552OinUninstaller.exe Suspect : Password-protected-EXE ignoré
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip ZIP: suspect - 1 ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt L'objet est verrouillé ignoré
C:\Program Files\Valve\Steam\logs\connection_log.txt L'objet est verrouillé ignoré
C:\Program Files\Valve\Steam\Steam.log L'objet est verrouillé ignoré
C:\Program Files\Valve\Steam\steamapps\winui.gcf L'objet est verrouillé ignoré
C:\QooBox\Quarantine\C\WINDOWS\system32\a.exe.vir Infecté : Trojan.Win32.Buzus.acm ignoré
C:\System Volume Information\_restore{AD096872-6585-46B1-9500-66001D35CCBD}\RP2\A0000006.exe Infecté : Trojan.Win32.Buzus.acm ignoré
C:\System Volume Information\_restore{AD096872-6585-46B1-9500-66001D35CCBD}\RP2\change.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\dfdfds.exe/data.rar/sr.exe Infecté : Trojan.Win32.Runner.x ignoré
C:\WINDOWS\system32\dfdfds.exe/data.rar Infecté : Trojan.Win32.Runner.x ignoré
C:\WINDOWS\system32\dfdfds.exe RarSFX: infecté - 2 ignoré
C:\WINDOWS\system32\dfsdfds.exe/data.rar/sr.exe Infecté : Trojan.Win32.Runner.x ignoré
C:\WINDOWS\system32\dfsdfds.exe/data.rar Infecté : Trojan.Win32.Runner.x ignoré
C:\WINDOWS\system32\dfsdfds.exe RarSFX: infecté - 2 ignoré
C:\WINDOWS\system32\dllcache\wingptd.exe Infecté : Backdoor.Win32.VanBot.jd ignoré
C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wedoms.exe Infecté : Backdoor.Win32.Rbot.hmj ignoré
C:\WINDOWS\Temp\Perflib_Perfdata_5b0.dat L'objet est verrouillé ignoré
C:\WINDOWS\Temp\_avast4_\Webshlock.txt L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
Analyse terminée.
KASPERSKY ON-LINE SCANNER REPORT
Sunday, February 17, 2008 11:45:07 PM
Système d'exploitation : Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 17/02/2008
Enregistrements dans la base antivirus Kaspersky : 527780
-------------------------------------------------------------------------------
Paramètres d'analyse:
Analyser avec la base antivirus suivante: standard
Analyser les archives: vrai
Analyser les bases de messagerie: vrai
Cible de l'analyse - Poste de travail:
A:\
C:\
E:\
I:\
Statistiques de l'analyse:
Total d'objets analysés: 50296
Nombre de virus trouvés: 5
Nombre d'objets infectés: 10 / 0
Nombre d'objets suspects: 2
Durée de l'analyse: 02:22:41
Nom de l'objet infecté / Nom du virus / Dernière action
C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b3q39xju.default\cert8.db L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b3q39xju.default\formhistory.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b3q39xju.default\history.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b3q39xju.default\key3.db L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b3q39xju.default\parent.lock L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b3q39xju.default\search.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b3q39xju.default\urlclassifier2.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\b3q39xju.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\b3q39xju.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\b3q39xju.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\b3q39xju.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\MSHist012008021720080218\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\Administrateur\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip/Yazzle1552OinUninstaller.exe Suspect : Password-protected-EXE ignoré
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip ZIP: suspect - 1 ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt L'objet est verrouillé ignoré
C:\Program Files\Valve\Steam\logs\connection_log.txt L'objet est verrouillé ignoré
C:\Program Files\Valve\Steam\Steam.log L'objet est verrouillé ignoré
C:\Program Files\Valve\Steam\steamapps\winui.gcf L'objet est verrouillé ignoré
C:\QooBox\Quarantine\C\WINDOWS\system32\a.exe.vir Infecté : Trojan.Win32.Buzus.acm ignoré
C:\System Volume Information\_restore{AD096872-6585-46B1-9500-66001D35CCBD}\RP2\A0000006.exe Infecté : Trojan.Win32.Buzus.acm ignoré
C:\System Volume Information\_restore{AD096872-6585-46B1-9500-66001D35CCBD}\RP2\change.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\dfdfds.exe/data.rar/sr.exe Infecté : Trojan.Win32.Runner.x ignoré
C:\WINDOWS\system32\dfdfds.exe/data.rar Infecté : Trojan.Win32.Runner.x ignoré
C:\WINDOWS\system32\dfdfds.exe RarSFX: infecté - 2 ignoré
C:\WINDOWS\system32\dfsdfds.exe/data.rar/sr.exe Infecté : Trojan.Win32.Runner.x ignoré
C:\WINDOWS\system32\dfsdfds.exe/data.rar Infecté : Trojan.Win32.Runner.x ignoré
C:\WINDOWS\system32\dfsdfds.exe RarSFX: infecté - 2 ignoré
C:\WINDOWS\system32\dllcache\wingptd.exe Infecté : Backdoor.Win32.VanBot.jd ignoré
C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wedoms.exe Infecté : Backdoor.Win32.Rbot.hmj ignoré
C:\WINDOWS\Temp\Perflib_Perfdata_5b0.dat L'objet est verrouillé ignoré
C:\WINDOWS\Temp\_avast4_\Webshlock.txt L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
Analyse terminée.
Re,
Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Sélectionne tous les emplacements dans le cadre ci-dessous :
[fixed]C:\WINDOWS\system32\dfdfds.exe
C:\WINDOWS\system32\dllcache\wingptd.exe
C:\WINDOWS\system32\wedoms.exe
C:\WINDOWS\system32\ksamanz.exe
C:\WINDOWS\system32\kwjwjshshsx3.exe
C:\Documents and Settings\Administrateur\Bureau\perso alex\Progs downloades\avast free .exe
C:\Documents and Settings\Administrateur\Bureau\perso alex\Progs downloades\icone 3d plan .exe
C:\WINDOWS\system32\igfsfdfsd32.exe
C:\WINDOWS\system32\igfsfdfsd32ss.exe
C:\WINDOWS\system32\igfsfdfsd3sda2ss.exe
C:\WINDOWS\system32\kwjwjshshsx3.exe
C:\WINDOWS\system32\agl2dd3.exe
C:\WINDOWS\system32\ksamanz.exe[/fixed
---> Clique-droit puis Copier (ou Ctrl+C)
Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
Clique maintenant sur [#ff0000]MoveIt![/#f]
[#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.[/#f]
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
->Informations sur le logiciel<-
Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Sélectionne tous les emplacements dans le cadre ci-dessous :
[fixed]C:\WINDOWS\system32\dfdfds.exe
C:\WINDOWS\system32\dllcache\wingptd.exe
C:\WINDOWS\system32\wedoms.exe
C:\WINDOWS\system32\ksamanz.exe
C:\WINDOWS\system32\kwjwjshshsx3.exe
C:\Documents and Settings\Administrateur\Bureau\perso alex\Progs downloades\avast free .exe
C:\Documents and Settings\Administrateur\Bureau\perso alex\Progs downloades\icone 3d plan .exe
C:\WINDOWS\system32\igfsfdfsd32.exe
C:\WINDOWS\system32\igfsfdfsd32ss.exe
C:\WINDOWS\system32\igfsfdfsd3sda2ss.exe
C:\WINDOWS\system32\kwjwjshshsx3.exe
C:\WINDOWS\system32\agl2dd3.exe
C:\WINDOWS\system32\ksamanz.exe[/fixed
---> Clique-droit puis Copier (ou Ctrl+C)
Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
Clique maintenant sur [#ff0000]MoveIt![/#f]
[#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.[/#f]
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
->Informations sur le logiciel<-
Re bonjour, sans faire expres dans le premier rapport j'ai copié le
OTMoveIt2 v1.0.20 log created on 02182008_135107
-------------------------------------------------------------------------------------------------------------
C:\WINDOWS\system32\dfdfds.exe moved successfully.
File/Folder C:\WINDOWS\system32\kwjwjshshsx3.exe not found.
File/Folder C:\WINDOWS\system32\ksamanz.exe not found.
OTMoveIt2 v1.0.20 log created on 02182008_135219
^^ Donc apres j'ai refait les lignes sans le fixed dans le 2 eme rapport :
Merci pour toute ton aide .
File/Folder [fixed]C:\WINDOWS\system32\dfdfds.exe not found.
C:\WINDOWS\system32\dllcache\wingptd.exe moved successfully.
C:\WINDOWS\system32\wedoms.exe moved successfully.
C:\WINDOWS\system32\ksamanz.exe moved successfully.
C:\WINDOWS\system32\kwjwjshshsx3.exe moved successfully.
C:\Documents and Settings\Administrateur\Bureau\perso alex\Progs downloades\avast free .exe moved successfully.
C:\Documents and Settings\Administrateur\Bureau\perso alex\Progs downloades\icone 3d plan .exe moved successfully.
C:\WINDOWS\system32\igfsfdfsd32.exe moved successfully.
C:\WINDOWS\system32\igfsfdfsd32ss.exe moved successfully.
C:\WINDOWS\system32\igfsfdfsd3sda2ss.exe moved successfully.
File/Folder C:\WINDOWS\system32\kwjwjshshsx3.exe not found.
C:\WINDOWS\system32\agl2dd3.exe moved successfully.
File/Folder C:\WINDOWS\system32\ksamanz.exe
not found.Merci pour toute ton aide .
File/Folder [fixed]C:\WINDOWS\system32\dfdfds.exe not found.
C:\WINDOWS\system32\dllcache\wingptd.exe moved successfully.
C:\WINDOWS\system32\wedoms.exe moved successfully.
C:\WINDOWS\system32\ksamanz.exe moved successfully.
C:\WINDOWS\system32\kwjwjshshsx3.exe moved successfully.
C:\Documents and Settings\Administrateur\Bureau\perso alex\Progs downloades\avast free .exe moved successfully.
C:\Documents and Settings\Administrateur\Bureau\perso alex\Progs downloades\icone 3d plan .exe moved successfully.
C:\WINDOWS\system32\igfsfdfsd32.exe moved successfully.
C:\WINDOWS\system32\igfsfdfsd32ss.exe moved successfully.
C:\WINDOWS\system32\igfsfdfsd3sda2ss.exe moved successfully.
File/Folder C:\WINDOWS\system32\kwjwjshshsx3.exe not found.
C:\WINDOWS\system32\agl2dd3.exe moved successfully.
File/Folder C:\WINDOWS\system32\ksamanz.exe
OTMoveIt2 v1.0.20 log created on 02182008_135107
-------------------------------------------------------------------------------------------------------------
C:\WINDOWS\system32\dfdfds.exe moved successfully.
File/Folder C:\WINDOWS\system32\kwjwjshshsx3.exe not found.
File/Folder C:\WINDOWS\system32\ksamanz.exe not found.
OTMoveIt2 v1.0.20 log created on 02182008_135219
Merci pour toute ton aide :
Rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:51, on 2008-02-18
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\D-Link\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\System32\BRMFRSMG.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunServices: [MicroSoft Visual SP0] igfsfdfsd32ss.exe
O4 - HKLM\..\RunServices: [MicroSoft Visual SP01] igfsfdfsd3sda2ss.exe
O4 - HKLM\..\RunServices: [MicroSoft ssadssjdhasjadas3s1] kwjwjshshsx3.exe
O4 - HKLM\..\RunServices: [Windows Services Aganter] ksamanz.exe
O4 - HKUS\S-1-5-18\..\Run: [MicroSoft Visual SP2] igfsfdfsd32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MicroSoft Visual SP0] igfsfdfsd32ss.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MicroSoft Visual SP01] igfsfdfsd3sda2ss.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MicroSoft ssadssjdhasjadas3s1] kwjwjshshsx3.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Service Agent] agl2dd3.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Services Aganter] ksamanz.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [MicroSoft Visual SP2] igfsfdfsd32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MicroSoft Visual SP2] igfsfdfsd32.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [MicroSoft Visual SP2] igfsfdfsd32.exe (User 'Default user')
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files\Rapidown\RapidownGetAll.htm
O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\RapidownGet.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\D-Link\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\Rapidown.exe (file missing)
O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\Rapidown.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Asus Protocol Driver Control - Unknown owner - C:\WINDOWS\System32\dllcache\wingptd.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\D-Link\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
--
End of file - 8353 bytes
------------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------------
Rapport Combofix :
ComboFix 08-02-18.1 - Administrateur 2008-02-18 18(=)48(=)17.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.485 [GMT 1:00]
Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-18 to 2008-02-18 ))))))))))))))))))))))))))))))))))))
.
2008-02-18 17:29 . 2008-02-18 17:29 <REP> d-------- C:\WINDOWS\ERUNT
2008-02-18 13:51 . 2008-02-18 13:51 <REP> d-------- C:\_OTMoveIt
2008-02-18 01:18 . 2008-02-18 01:18 <REP> d-------- C:\kav
2008-02-17 23:55 . 2008-02-17 23:57 <REP> d-------- C:\Downloads
2008-02-17 17:36 . 2008-02-17 17:36 <REP> d-------- C:\Documents and Settings\Administrateur\DoctorWeb
2008-02-17 14:51 . 2008-02-17 16:58 109,762 --a------ C:\WINDOWS\system32\dfsdfds.exe
2008-02-17 14:50 . 2008-02-17 16:14 10,065 --a------ C:\WINDOWS\system32\murdEr.sys
2008-02-17 14:50 . 2007-11-30 00:56 3,157 --a------ C:\WINDOWS\system32\mirc.ini
2008-02-17 14:50 . 2007-08-23 10:15 1,144 --a------ C:\WINDOWS\system32\nassor
2008-02-17 14:50 . 2006-10-08 23:05 1,144 --a------ C:\WINDOWS\system32\murd3r
2008-02-17 14:50 . 2007-09-14 05:14 127 --a------ C:\WINDOWS\system32\remote.ini
2008-02-14 02:18 . 2001-08-23 16:58 36,224 --a------ C:\WINDOWS\system32\drivers\isapnp.sys
2008-02-14 02:18 . 2001-08-23 16:58 36,224 --a--c--- C:\WINDOWS\system32\dllcache\isapnp.sys
2008-02-14 02:17 . 2008-02-14 02:17 <REP> d-------- C:\Program Files\VIA
2008-02-14 02:17 . 2003-07-02 04:42 27,904 --a------ C:\WINDOWS\system32\drivers\VIAAGP1.SYS
2008-02-14 02:17 . 2007-09-21 17:49 9,216 --a------ C:\WINDOWS\system32\drivers\videX32.sys
2008-02-14 01:57 . 2005-11-17 15:46 337,320 --------- C:\WINDOWS\system32\difxapi.dll
2008-02-14 01:57 . 2006-10-27 16:26 69,632 --a------ C:\WINDOWS\system32\vuins32.dll
2008-02-14 01:57 . 2007-09-21 19:24 43,520 --a------ C:\WINDOWS\system32\drivers\fetnd5bv.sys
2008-02-14 01:57 . 2003-11-11 18:41 41,984 --a------ C:\WINDOWS\system32\drivers\fetnd5b.sys
2008-02-14 00:27 . 2008-02-14 00:27 <REP> d-------- C:\Program Files\C-Media 3D Audio
2008-02-13 00:06 . 2007-06-27 14:42 207,488 -ra------ C:\WINDOWS\system32\drivers\vinyl97.sys
2008-02-12 17:39 . 2001-08-17 21:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-02-12 17:38 . 2001-08-23 17:47 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-02-12 17:37 . 2001-08-23 17:18 899,914 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-02-12 17:36 . 2001-08-17 21:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-02-12 17:35 . 2001-08-23 17:47 372,824 --a--c--- C:\WINDOWS\system32\dllcache\iconf32.dll
2008-02-12 17:34 . 2001-08-23 17:46 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-02-12 17:33 . 2001-08-17 20:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-02-12 17:32 . 2001-08-23 17:04 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-02-12 17:31 . 2001-08-17 21:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-02-12 14:07 . 2002-08-29 02:01 56,832 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2008-02-12 14:07 . 2002-08-29 02:01 56,832 --a--c--- C:\WINDOWS\system32\dllcache\sysaudio.sys
2008-02-12 13:44 . 2008-02-12 13:44 <REP> d-------- C:\Program Files\Lavalys
2008-02-12 03:29 . 2002-08-29 01:32 135,552 --a------ C:\WINDOWS\system32\drivers\usbport.sys
2008-02-12 03:29 . 2002-08-29 01:32 135,552 --a--c--- C:\WINDOWS\system32\dllcache\usbport.sys
2008-02-12 03:29 . 2001-08-23 17:47 70,144 --a------ C:\WINDOWS\system32\usbui.dll
2008-02-12 03:29 . 2001-08-23 17:47 70,144 --a--c--- C:\WINDOWS\system32\dllcache\usbui.dll
2008-02-12 03:29 . 2002-08-29 01:32 51,968 --a------ C:\WINDOWS\system32\drivers\usbhub.sys
2008-02-12 03:29 . 2002-08-29 01:32 51,968 --a--c--- C:\WINDOWS\system32\dllcache\usbhub.sys
2008-02-12 03:29 . 2002-08-29 01:32 19,328 --a------ C:\WINDOWS\system32\drivers\usbehci.sys
2008-02-12 03:29 . 2002-08-29 11:44 5,120 --a------ C:\WINDOWS\system32\hccoin.dll
2008-02-12 03:27 . 2001-09-19 13:28 9,728 --a------ C:\WINDOWS\system32\drivers\viausb1.sys
2008-02-12 02:12 . 2008-02-12 02:12 <REP> d-------- C:\WINDOWS\system32\Lang
2008-02-12 01:38 . 2003-12-11 09:50 70,894 --a------ C:\WINDOWS\system32\drivers\LMouFlt2.Sys
2008-02-12 01:38 . 2003-12-11 09:50 37,916 --a------ C:\WINDOWS\system32\drivers\LHidUsb.sys
2008-02-12 01:38 . 2003-12-11 09:50 25,630 --a------ C:\WINDOWS\system32\drivers\LHidFlt2.Sys
2008-02-12 01:38 . 2002-08-29 11:39 22,656 --a------ C:\WINDOWS\system32\drivers\mouclass.sys
2008-02-12 01:38 . 2002-08-29 11:39 22,656 --a--c--- C:\WINDOWS\system32\dllcache\mouclass.sys
2008-02-12 01:38 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-02-12 01:38 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-02-12 01:35 . 2003-12-17 09:50 152,064 --------- C:\WINDOWS\system32\lmoufrc.dll
2008-02-12 01:35 . 2003-12-18 09:50 104,960 --a------ C:\WINDOWS\system32\COMNCTR.DLL
2008-02-12 01:35 . 2003-12-18 09:50 97,792 --a------ C:\WINDOWS\system32\LGUICOM.DLL
2008-02-12 01:35 . 2003-12-11 09:50 51,582 --------- C:\WINDOWS\system32\drivers\L8042PR2.SYS
2008-02-12 01:35 . 2003-12-11 09:50 23,372 --------- C:\WINDOWS\system32\LCOINST.DLL
2008-02-12 01:35 . 2003-12-11 09:50 20,992 --------- C:\WINDOWS\LOGI_MWX.EXE
2008-02-12 01:35 . 2003-12-18 09:50 16,896 --a------ C:\WINDOWS\system32\LMOUSE32.DLL
2008-02-12 01:35 . 2003-12-11 09:50 14,092 --------- C:\WINDOWS\system32\drivers\LCCFLTR.SYS
2008-02-12 01:35 . 2003-12-18 09:50 3,568 --a------ C:\WINDOWS\system32\LMOUSE16.DLL
2008-02-12 01:28 . 2003-10-03 16:28 45,056 --a------ C:\WINDOWS\system32\vusetup.dll
2008-02-12 01:28 . 2005-06-06 17:51 11,264 --a------ C:\WINDOWS\system32\drivers\vulfntr.sys
2008-02-12 01:28 . 2005-01-05 18:02 6,912 --a------ C:\WINDOWS\system32\drivers\vulfnth.sys
2008-02-12 01:11 . 2005-05-27 09:23 2,180,096 --a------ C:\WINDOWS\system32\drivers\lvsvf2.sys
2008-02-12 01:11 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-02-12 01:11 . 2003-02-21 05:42 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-02-12 01:11 . 2005-07-19 17:31 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
2008-02-12 01:10 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-02-11 22:17 . 2008-02-11 22:17 <REP> d-------- C:\Program Files\ma-config.com
2008-02-11 22:17 . 2008-02-14 02:31 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ma-config.com
2008-02-11 22:15 . 2008-02-11 22:15 <REP> d-------- C:\WINDOWS\vnDrvBas
2008-02-07 20:53 . 2008-02-07 20:53 <REP> d-------- C:\Program Files\Lavasoft
2008-02-07 20:53 . 2008-02-07 20:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-03 16:19 . 2008-02-03 16:20 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\FMZilla
2008-01-27 04:08 . 2008-01-27 04:08 14,100 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-01-18 22:03 . 2008-01-21 20:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\skypePM
2008-01-18 22:03 . 2008-01-18 22:03 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-01-18 21:01 . 2008-01-18 21:01 <REP> d-------- C:\Program Files\Skype
2008-01-18 21:01 . 2008-01-18 21:01 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-01-18 21:01 . 2008-01-18 21:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-01-18 21:01 . 2008-01-21 20:48 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Skype
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-18 16:23 --------- d-----w C:\Program Files\mIRC
2008-02-18 15:53 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-02-18 03:06 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\teamspeak2
2008-02-18 00:22 --------- d-----w C:\Program Files\FlashGet
2008-02-15 12:50 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\U3
2008-02-12 13:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-12 00:35 --------- d-----w C:\Program Files\Logitech
2008-02-12 00:35 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-02-11 16:25 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Ventrilo
2008-02-09 16:17 --------- d-----w C:\Program Files\Webcamfirst
2008-02-09 16:17 --------- d-----w C:\Program Files\Ventrilo
2008-02-07 19:52 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-07 19:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-01 11:25 --------- d-----w C:\Program Files\MSN Messenger
2008-01-17 00:12 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-02 15:23 --------- d-----w C:\Program Files\eRightSoft
2008-01-02 15:23 --------- d-----w C:\Program Files\AviSynth 2.5
2007-12-30 10:02 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org2
2007-12-24 19:23 --------- d-----w C:\Program Files\Sony
2007-12-24 19:12 --------- d-----w C:\Program Files\Common Files
2007-12-18 20:50 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Xfire
2007-12-18 19:51 --------- d-s---w C:\Program Files\Xfire
2007-12-18 18:55 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-12-18 18:55 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-12-18 18:55 1,073,152 ----a-w C:\WINDOWS\system32\nvcpluir.dll
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-05 01:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2005-09-23 23:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{140BD8E3-C167-11D4-B4A3-080000180323}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"Cmaudio"="cmicnfg.cpl" []
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-12-05 01:41 81920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"MicroSoft Visual SP0"="igfsfdfsd32ss.exe" []
"MicroSoft Visual SP01"="igfsfdfsd3sda2ss.exe" []
"MicroSoft ssadssjdhasjadas3s1"="kwjwjshshsx3.exe" []
"Windows Services Aganter"="ksamanz.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MicroSoft Visual SP2"="igfsfdfsd32.exe" []
"MicroSoft Visual SP0"="igfsfdfsd32ss.exe" []
"MicroSoft Visual SP01"="igfsfdfsd3sda2ss.exe" []
"MicroSoft ssadssjdhasjadas3s1"="kwjwjshshsx3.exe" []
"Windows Service Agent"="agl2dd3.exe" []
"Windows Services Aganter"="ksamanz.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"MicroSoft Visual SP2"="igfsfdfsd32.exe" []
"MicroSoft Visual SP0"="igfsfdfsd32ss.exe" []
"MicroSoft Visual SP01"="igfsfdfsd3sda2ss.exe" []
"MicroSoft ssadssjdhasjadas3s1"="kwjwjshshsx3.exe" []
"Windows Services Aganter"="ksamanz.exe" []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 10:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Schedule]
C:\Program Files\Fichiers communs\Acronis\Schedule\schedule.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2005-11-15 20:21 1204224 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-09-24 00:08 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-07-19 17:32 221184 C:\WINDOWS\System32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-12-15 03:23 75520 C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)
R0 Defrag32b;Defrag32Boot;C:\WINDOWS\System32\drivers\Defrag32b.sys [2005-05-12 08:47]
R0 videX32;videX32;C:\WINDOWS\System32\DRIVERS\videX32.sys [2007-09-21 17:49]
R2 Defrag32;Defrag32;C:\WINDOWS\System32\drivers\Defrag32.sys [2005-05-12 08:47]
R2 PDSched;PDScheduler;C:\Program Files\Raxco\PerfectDisk\PDSched.exe [2005-05-12 11:43]
R3 brfilt;Pilote de filtre Brother MFC;C:\WINDOWS\System32\Drivers\Brfilt.sys [2001-08-17 20:12]
R3 BrSerWDM;Pilote série Brother;C:\WINDOWS\System32\Drivers\BrSerWdm.sys [2003-03-13 23:04]
R3 BrUsbMdm;Brother MFC USB modem télécopieur uniquement;C:\WINDOWS\System32\Drivers\BrUsbMdm.sys [2001-08-17 20:12]
R3 BrUsbScn;Pilote de scanneur Brother MFC USB;C:\WINDOWS\System32\Drivers\BrUsbScn.sys [2001-08-17 20:12]
S2 Asus Protocol Driver Control;Asus Protocol Driver Control;"C:\WINDOWS\System32\dllcache\wingptd.exe" []
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2004-10-15 12:50]
S3 CrystalCpuInfo;CrystalCpuInfo;C:\Program Files\OCCT\CpuInfo.sys []
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [2007-09-21 19:24]
S3 viafilter;VIA USB Filter;C:\WINDOWS\System32\Drivers\viausb1.sys [2001-09-19 13:28]
S3 VNICPKT5;VNICPKT5 Protocol Driver;C:\WINDOWS\System32\VNICPKT5.SYS []
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 18:49:15
Windows 5.1.2600 Service Pack 1 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Merci
Rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:51, on 2008-02-18
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\D-Link\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\System32\BRMFRSMG.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunServices: [MicroSoft Visual SP0] igfsfdfsd32ss.exe
O4 - HKLM\..\RunServices: [MicroSoft Visual SP01] igfsfdfsd3sda2ss.exe
O4 - HKLM\..\RunServices: [MicroSoft ssadssjdhasjadas3s1] kwjwjshshsx3.exe
O4 - HKLM\..\RunServices: [Windows Services Aganter] ksamanz.exe
O4 - HKUS\S-1-5-18\..\Run: [MicroSoft Visual SP2] igfsfdfsd32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MicroSoft Visual SP0] igfsfdfsd32ss.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MicroSoft Visual SP01] igfsfdfsd3sda2ss.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MicroSoft ssadssjdhasjadas3s1] kwjwjshshsx3.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Service Agent] agl2dd3.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Services Aganter] ksamanz.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [MicroSoft Visual SP2] igfsfdfsd32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MicroSoft Visual SP2] igfsfdfsd32.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [MicroSoft Visual SP2] igfsfdfsd32.exe (User 'Default user')
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files\Rapidown\RapidownGetAll.htm
O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\RapidownGet.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\D-Link\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\Rapidown.exe (file missing)
O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\Rapidown.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Asus Protocol Driver Control - Unknown owner - C:\WINDOWS\System32\dllcache\wingptd.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\D-Link\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
--
End of file - 8353 bytes
------------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------------
Rapport Combofix :
ComboFix 08-02-18.1 - Administrateur 2008-02-18 18(=)48(=)17.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.485 [GMT 1:00]
Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-18 to 2008-02-18 ))))))))))))))))))))))))))))))))))))
.
2008-02-18 17:29 . 2008-02-18 17:29 <REP> d-------- C:\WINDOWS\ERUNT
2008-02-18 13:51 . 2008-02-18 13:51 <REP> d-------- C:\_OTMoveIt
2008-02-18 01:18 . 2008-02-18 01:18 <REP> d-------- C:\kav
2008-02-17 23:55 . 2008-02-17 23:57 <REP> d-------- C:\Downloads
2008-02-17 17:36 . 2008-02-17 17:36 <REP> d-------- C:\Documents and Settings\Administrateur\DoctorWeb
2008-02-17 14:51 . 2008-02-17 16:58 109,762 --a------ C:\WINDOWS\system32\dfsdfds.exe
2008-02-17 14:50 . 2008-02-17 16:14 10,065 --a------ C:\WINDOWS\system32\murdEr.sys
2008-02-17 14:50 . 2007-11-30 00:56 3,157 --a------ C:\WINDOWS\system32\mirc.ini
2008-02-17 14:50 . 2007-08-23 10:15 1,144 --a------ C:\WINDOWS\system32\nassor
2008-02-17 14:50 . 2006-10-08 23:05 1,144 --a------ C:\WINDOWS\system32\murd3r
2008-02-17 14:50 . 2007-09-14 05:14 127 --a------ C:\WINDOWS\system32\remote.ini
2008-02-14 02:18 . 2001-08-23 16:58 36,224 --a------ C:\WINDOWS\system32\drivers\isapnp.sys
2008-02-14 02:18 . 2001-08-23 16:58 36,224 --a--c--- C:\WINDOWS\system32\dllcache\isapnp.sys
2008-02-14 02:17 . 2008-02-14 02:17 <REP> d-------- C:\Program Files\VIA
2008-02-14 02:17 . 2003-07-02 04:42 27,904 --a------ C:\WINDOWS\system32\drivers\VIAAGP1.SYS
2008-02-14 02:17 . 2007-09-21 17:49 9,216 --a------ C:\WINDOWS\system32\drivers\videX32.sys
2008-02-14 01:57 . 2005-11-17 15:46 337,320 --------- C:\WINDOWS\system32\difxapi.dll
2008-02-14 01:57 . 2006-10-27 16:26 69,632 --a------ C:\WINDOWS\system32\vuins32.dll
2008-02-14 01:57 . 2007-09-21 19:24 43,520 --a------ C:\WINDOWS\system32\drivers\fetnd5bv.sys
2008-02-14 01:57 . 2003-11-11 18:41 41,984 --a------ C:\WINDOWS\system32\drivers\fetnd5b.sys
2008-02-14 00:27 . 2008-02-14 00:27 <REP> d-------- C:\Program Files\C-Media 3D Audio
2008-02-13 00:06 . 2007-06-27 14:42 207,488 -ra------ C:\WINDOWS\system32\drivers\vinyl97.sys
2008-02-12 17:39 . 2001-08-17 21:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-02-12 17:38 . 2001-08-23 17:47 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-02-12 17:37 . 2001-08-23 17:18 899,914 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-02-12 17:36 . 2001-08-17 21:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-02-12 17:35 . 2001-08-23 17:47 372,824 --a--c--- C:\WINDOWS\system32\dllcache\iconf32.dll
2008-02-12 17:34 . 2001-08-23 17:46 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-02-12 17:33 . 2001-08-17 20:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-02-12 17:32 . 2001-08-23 17:04 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-02-12 17:31 . 2001-08-17 21:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-02-12 14:07 . 2002-08-29 02:01 56,832 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2008-02-12 14:07 . 2002-08-29 02:01 56,832 --a--c--- C:\WINDOWS\system32\dllcache\sysaudio.sys
2008-02-12 13:44 . 2008-02-12 13:44 <REP> d-------- C:\Program Files\Lavalys
2008-02-12 03:29 . 2002-08-29 01:32 135,552 --a------ C:\WINDOWS\system32\drivers\usbport.sys
2008-02-12 03:29 . 2002-08-29 01:32 135,552 --a--c--- C:\WINDOWS\system32\dllcache\usbport.sys
2008-02-12 03:29 . 2001-08-23 17:47 70,144 --a------ C:\WINDOWS\system32\usbui.dll
2008-02-12 03:29 . 2001-08-23 17:47 70,144 --a--c--- C:\WINDOWS\system32\dllcache\usbui.dll
2008-02-12 03:29 . 2002-08-29 01:32 51,968 --a------ C:\WINDOWS\system32\drivers\usbhub.sys
2008-02-12 03:29 . 2002-08-29 01:32 51,968 --a--c--- C:\WINDOWS\system32\dllcache\usbhub.sys
2008-02-12 03:29 . 2002-08-29 01:32 19,328 --a------ C:\WINDOWS\system32\drivers\usbehci.sys
2008-02-12 03:29 . 2002-08-29 11:44 5,120 --a------ C:\WINDOWS\system32\hccoin.dll
2008-02-12 03:27 . 2001-09-19 13:28 9,728 --a------ C:\WINDOWS\system32\drivers\viausb1.sys
2008-02-12 02:12 . 2008-02-12 02:12 <REP> d-------- C:\WINDOWS\system32\Lang
2008-02-12 01:38 . 2003-12-11 09:50 70,894 --a------ C:\WINDOWS\system32\drivers\LMouFlt2.Sys
2008-02-12 01:38 . 2003-12-11 09:50 37,916 --a------ C:\WINDOWS\system32\drivers\LHidUsb.sys
2008-02-12 01:38 . 2003-12-11 09:50 25,630 --a------ C:\WINDOWS\system32\drivers\LHidFlt2.Sys
2008-02-12 01:38 . 2002-08-29 11:39 22,656 --a------ C:\WINDOWS\system32\drivers\mouclass.sys
2008-02-12 01:38 . 2002-08-29 11:39 22,656 --a--c--- C:\WINDOWS\system32\dllcache\mouclass.sys
2008-02-12 01:38 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-02-12 01:38 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-02-12 01:35 . 2003-12-17 09:50 152,064 --------- C:\WINDOWS\system32\lmoufrc.dll
2008-02-12 01:35 . 2003-12-18 09:50 104,960 --a------ C:\WINDOWS\system32\COMNCTR.DLL
2008-02-12 01:35 . 2003-12-18 09:50 97,792 --a------ C:\WINDOWS\system32\LGUICOM.DLL
2008-02-12 01:35 . 2003-12-11 09:50 51,582 --------- C:\WINDOWS\system32\drivers\L8042PR2.SYS
2008-02-12 01:35 . 2003-12-11 09:50 23,372 --------- C:\WINDOWS\system32\LCOINST.DLL
2008-02-12 01:35 . 2003-12-11 09:50 20,992 --------- C:\WINDOWS\LOGI_MWX.EXE
2008-02-12 01:35 . 2003-12-18 09:50 16,896 --a------ C:\WINDOWS\system32\LMOUSE32.DLL
2008-02-12 01:35 . 2003-12-11 09:50 14,092 --------- C:\WINDOWS\system32\drivers\LCCFLTR.SYS
2008-02-12 01:35 . 2003-12-18 09:50 3,568 --a------ C:\WINDOWS\system32\LMOUSE16.DLL
2008-02-12 01:28 . 2003-10-03 16:28 45,056 --a------ C:\WINDOWS\system32\vusetup.dll
2008-02-12 01:28 . 2005-06-06 17:51 11,264 --a------ C:\WINDOWS\system32\drivers\vulfntr.sys
2008-02-12 01:28 . 2005-01-05 18:02 6,912 --a------ C:\WINDOWS\system32\drivers\vulfnth.sys
2008-02-12 01:11 . 2005-05-27 09:23 2,180,096 --a------ C:\WINDOWS\system32\drivers\lvsvf2.sys
2008-02-12 01:11 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-02-12 01:11 . 2003-02-21 05:42 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-02-12 01:11 . 2005-07-19 17:31 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
2008-02-12 01:10 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-02-11 22:17 . 2008-02-11 22:17 <REP> d-------- C:\Program Files\ma-config.com
2008-02-11 22:17 . 2008-02-14 02:31 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ma-config.com
2008-02-11 22:15 . 2008-02-11 22:15 <REP> d-------- C:\WINDOWS\vnDrvBas
2008-02-07 20:53 . 2008-02-07 20:53 <REP> d-------- C:\Program Files\Lavasoft
2008-02-07 20:53 . 2008-02-07 20:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-03 16:19 . 2008-02-03 16:20 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\FMZilla
2008-01-27 04:08 . 2008-01-27 04:08 14,100 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-01-18 22:03 . 2008-01-21 20:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\skypePM
2008-01-18 22:03 . 2008-01-18 22:03 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-01-18 21:01 . 2008-01-18 21:01 <REP> d-------- C:\Program Files\Skype
2008-01-18 21:01 . 2008-01-18 21:01 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-01-18 21:01 . 2008-01-18 21:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-01-18 21:01 . 2008-01-21 20:48 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Skype
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-18 16:23 --------- d-----w C:\Program Files\mIRC
2008-02-18 15:53 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-02-18 03:06 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\teamspeak2
2008-02-18 00:22 --------- d-----w C:\Program Files\FlashGet
2008-02-15 12:50 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\U3
2008-02-12 13:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-12 00:35 --------- d-----w C:\Program Files\Logitech
2008-02-12 00:35 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-02-11 16:25 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Ventrilo
2008-02-09 16:17 --------- d-----w C:\Program Files\Webcamfirst
2008-02-09 16:17 --------- d-----w C:\Program Files\Ventrilo
2008-02-07 19:52 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-07 19:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-01 11:25 --------- d-----w C:\Program Files\MSN Messenger
2008-01-17 00:12 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-02 15:23 --------- d-----w C:\Program Files\eRightSoft
2008-01-02 15:23 --------- d-----w C:\Program Files\AviSynth 2.5
2007-12-30 10:02 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org2
2007-12-24 19:23 --------- d-----w C:\Program Files\Sony
2007-12-24 19:12 --------- d-----w C:\Program Files\Common Files
2007-12-18 20:50 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Xfire
2007-12-18 19:51 --------- d-s---w C:\Program Files\Xfire
2007-12-18 18:55 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-12-18 18:55 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-12-18 18:55 1,073,152 ----a-w C:\WINDOWS\system32\nvcpluir.dll
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-05 01:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2005-09-23 23:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{140BD8E3-C167-11D4-B4A3-080000180323}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"Cmaudio"="cmicnfg.cpl" []
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-12-05 01:41 81920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"MicroSoft Visual SP0"="igfsfdfsd32ss.exe" []
"MicroSoft Visual SP01"="igfsfdfsd3sda2ss.exe" []
"MicroSoft ssadssjdhasjadas3s1"="kwjwjshshsx3.exe" []
"Windows Services Aganter"="ksamanz.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MicroSoft Visual SP2"="igfsfdfsd32.exe" []
"MicroSoft Visual SP0"="igfsfdfsd32ss.exe" []
"MicroSoft Visual SP01"="igfsfdfsd3sda2ss.exe" []
"MicroSoft ssadssjdhasjadas3s1"="kwjwjshshsx3.exe" []
"Windows Service Agent"="agl2dd3.exe" []
"Windows Services Aganter"="ksamanz.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"MicroSoft Visual SP2"="igfsfdfsd32.exe" []
"MicroSoft Visual SP0"="igfsfdfsd32ss.exe" []
"MicroSoft Visual SP01"="igfsfdfsd3sda2ss.exe" []
"MicroSoft ssadssjdhasjadas3s1"="kwjwjshshsx3.exe" []
"Windows Services Aganter"="ksamanz.exe" []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 10:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Schedule]
C:\Program Files\Fichiers communs\Acronis\Schedule\schedule.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2005-11-15 20:21 1204224 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-09-24 00:08 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-07-19 17:32 221184 C:\WINDOWS\System32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-12-15 03:23 75520 C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)
R0 Defrag32b;Defrag32Boot;C:\WINDOWS\System32\drivers\Defrag32b.sys [2005-05-12 08:47]
R0 videX32;videX32;C:\WINDOWS\System32\DRIVERS\videX32.sys [2007-09-21 17:49]
R2 Defrag32;Defrag32;C:\WINDOWS\System32\drivers\Defrag32.sys [2005-05-12 08:47]
R2 PDSched;PDScheduler;C:\Program Files\Raxco\PerfectDisk\PDSched.exe [2005-05-12 11:43]
R3 brfilt;Pilote de filtre Brother MFC;C:\WINDOWS\System32\Drivers\Brfilt.sys [2001-08-17 20:12]
R3 BrSerWDM;Pilote série Brother;C:\WINDOWS\System32\Drivers\BrSerWdm.sys [2003-03-13 23:04]
R3 BrUsbMdm;Brother MFC USB modem télécopieur uniquement;C:\WINDOWS\System32\Drivers\BrUsbMdm.sys [2001-08-17 20:12]
R3 BrUsbScn;Pilote de scanneur Brother MFC USB;C:\WINDOWS\System32\Drivers\BrUsbScn.sys [2001-08-17 20:12]
S2 Asus Protocol Driver Control;Asus Protocol Driver Control;"C:\WINDOWS\System32\dllcache\wingptd.exe" []
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2004-10-15 12:50]
S3 CrystalCpuInfo;CrystalCpuInfo;C:\Program Files\OCCT\CpuInfo.sys []
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [2007-09-21 19:24]
S3 viafilter;VIA USB Filter;C:\WINDOWS\System32\Drivers\viausb1.sys [2001-09-19 13:28]
S3 VNICPKT5;VNICPKT5 Protocol Driver;C:\WINDOWS\System32\VNICPKT5.SYS []
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 18:49:15
Windows 5.1.2600 Service Pack 1 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Merci
Re,
Fais ceci avant de continuer.
Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir
Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic
Fais ceci avant de continuer.
Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir
Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic
Voila il a detecter des virus, j'ai repondu a tout par mettre en quarantaine. J'aurais peut etre du faire supprimer ?
Report :
AntiVir PersonalEdition Classic
Report file date: 2008-02-18 19:24
Scanning for 1116118 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 1) [5.1.2600]
Username: SYSTEM
Computer name: UNICORNI-MIAZ3N
Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007-12-14 18:24:05
ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 2008-02-08 18:24:05
ANTIVIR3.VDF : 7.0.2.155 274944 Bytes 2008-02-18 18:24:05
AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 2008-02-18 18:24:08
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-02-18 18:24:08
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 2008-02-18 19:24
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'BrmfRsmg.exe' - '1' Module(s) have been scanned
Scan process 'PDSched.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'Brmfrmps.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'brss01a.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'brsvc01a.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
34 processes with 34 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '22' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4833d0cb.qua'!
C:\WINDOWS\system32\dfsdfds.exe
[0] Archive type: RAR SFX (self extracting)
--> sr.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.ZJ.5
[INFO] The file was moved to '482cde0b.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\_OTMoveIt\MovedFiles\02182008_135107\WINDOWS\system32\agl2dd3.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4825df04.qua'!
C:\_OTMoveIt\MovedFiles\02182008_135107\WINDOWS\system32\igfsfdfsd32.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481fdf07.qua'!
C:\_OTMoveIt\MovedFiles\02182008_135107\WINDOWS\system32\igfsfdfsd32ss.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481fdf0a.qua'!
C:\_OTMoveIt\MovedFiles\02182008_135107\WINDOWS\system32\igfsfdfsd3sda2ss.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481fdf0c.qua'!
C:\_OTMoveIt\MovedFiles\02182008_135107\WINDOWS\system32\ksamanz.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481adf1b.qua'!
C:\_OTMoveIt\MovedFiles\02182008_135107\WINDOWS\system32\kwjwjshshsx3.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4823df21.qua'!
C:\_OTMoveIt\MovedFiles\02182008_135107\WINDOWS\system32\wedoms.exe
[DETECTION] Contains detection pattern of the worm WORM/Rbot.221184.15
[INFO] The file was moved to '481ddf11.qua'!
C:\_OTMoveIt\MovedFiles\02182008_135107\WINDOWS\system32\dllcache\wingptd.exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.JD
[INFO] The file was moved to '4827df16.qua'!
C:\_OTMoveIt\MovedFiles\02182008_135219\WINDOWS\system32\dfdfds.exe
[0] Archive type: RAR SFX (self extracting)
--> sr.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.ZJ.5
[INFO] The file was moved to '481ddf17.qua'!
End of the scan: 2008-02-18 20:38
Used time: 1:13:42 min
The scan has been done completely.
6367 Scanning directories
249223 Files were scanned
10 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
0 files were deleted
0 files were repaired
11 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
249213 Files not concerned
3556 Archives were scanned
2 Warnings
3 Notes
Report :
AntiVir PersonalEdition Classic
Report file date: 2008-02-18 19:24
Scanning for 1116118 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 1) [5.1.2600]
Username: SYSTEM
Computer name: UNICORNI-MIAZ3N
Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007-12-14 18:24:05
ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 2008-02-08 18:24:05
ANTIVIR3.VDF : 7.0.2.155 274944 Bytes 2008-02-18 18:24:05
AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 2008-02-18 18:24:08
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-02-18 18:24:08
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 2008-02-18 19:24
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'BrmfRsmg.exe' - '1' Module(s) have been scanned
Scan process 'PDSched.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'Brmfrmps.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'brss01a.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'brsvc01a.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
34 processes with 34 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '22' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '4833d0cb.qua'!
C:\WINDOWS\system32\dfsdfds.exe
[0] Archive type: RAR SFX (self extracting)
--> sr.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.ZJ.5
[INFO] The file was moved to '482cde0b.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\_OTMoveIt\MovedFiles\02182008_135107\WINDOWS\system32\agl2dd3.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4825df04.qua'!
C:\_OTMoveIt\MovedFiles\02182008_135107\WINDOWS\system32\igfsfdfsd32.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481fdf07.qua'!
C:\_OTMoveIt\MovedFiles\02182008_135107\WINDOWS\system32\igfsfdfsd32ss.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481fdf0a.qua'!
C:\_OTMoveIt\MovedFiles\02182008_135107\WINDOWS\system32\igfsfdfsd3sda2ss.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481fdf0c.qua'!
C:\_OTMoveIt\MovedFiles\02182008_135107\WINDOWS\system32\ksamanz.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '481adf1b.qua'!
C:\_OTMoveIt\MovedFiles\02182008_135107\WINDOWS\system32\kwjwjshshsx3.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4823df21.qua'!
C:\_OTMoveIt\MovedFiles\02182008_135107\WINDOWS\system32\wedoms.exe
[DETECTION] Contains detection pattern of the worm WORM/Rbot.221184.15
[INFO] The file was moved to '481ddf11.qua'!
C:\_OTMoveIt\MovedFiles\02182008_135107\WINDOWS\system32\dllcache\wingptd.exe
[DETECTION] Contains detection pattern of the worm WORM/VanBot.JD
[INFO] The file was moved to '4827df16.qua'!
C:\_OTMoveIt\MovedFiles\02182008_135219\WINDOWS\system32\dfdfds.exe
[0] Archive type: RAR SFX (self extracting)
--> sr.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.ZJ.5
[INFO] The file was moved to '481ddf17.qua'!
End of the scan: 2008-02-18 20:38
Used time: 1:13:42 min
The scan has been done completely.
6367 Scanning directories
249223 Files were scanned
10 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
0 files were deleted
0 files were repaired
11 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
249213 Files not concerned
3556 Archives were scanned
2 Warnings
3 Notes
Tu ne m'as pas repondu, dois je les supprimer avec antivir ?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51, on 2008-02-18
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\D-Link\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\System32\BRMFRSMG.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunServices: [MicroSoft Visual SP0] igfsfdfsd32ss.exe
O4 - HKLM\..\RunServices: [MicroSoft Visual SP01] igfsfdfsd3sda2ss.exe
O4 - HKLM\..\RunServices: [MicroSoft ssadssjdhasjadas3s1] kwjwjshshsx3.exe
O4 - HKLM\..\RunServices: [Windows Services Aganter] ksamanz.exe
O4 - HKUS\S-1-5-18\..\Run: [MicroSoft Visual SP2] igfsfdfsd32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MicroSoft Visual SP0] igfsfdfsd32ss.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MicroSoft Visual SP01] igfsfdfsd3sda2ss.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MicroSoft ssadssjdhasjadas3s1] kwjwjshshsx3.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Service Agent] agl2dd3.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Services Aganter] ksamanz.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [MicroSoft Visual SP2] igfsfdfsd32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MicroSoft Visual SP2] igfsfdfsd32.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [MicroSoft Visual SP2] igfsfdfsd32.exe (User 'Default user')
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files\Rapidown\RapidownGetAll.htm
O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\RapidownGet.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\D-Link\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\Rapidown.exe (file missing)
O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\Rapidown.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Asus Protocol Driver Control - Unknown owner - C:\WINDOWS\System32\dllcache\wingptd.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\D-Link\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
--
End of file - 8351 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51, on 2008-02-18
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\D-Link\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\System32\BRMFRSMG.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunServices: [MicroSoft Visual SP0] igfsfdfsd32ss.exe
O4 - HKLM\..\RunServices: [MicroSoft Visual SP01] igfsfdfsd3sda2ss.exe
O4 - HKLM\..\RunServices: [MicroSoft ssadssjdhasjadas3s1] kwjwjshshsx3.exe
O4 - HKLM\..\RunServices: [Windows Services Aganter] ksamanz.exe
O4 - HKUS\S-1-5-18\..\Run: [MicroSoft Visual SP2] igfsfdfsd32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MicroSoft Visual SP0] igfsfdfsd32ss.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MicroSoft Visual SP01] igfsfdfsd3sda2ss.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MicroSoft ssadssjdhasjadas3s1] kwjwjshshsx3.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Service Agent] agl2dd3.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Services Aganter] ksamanz.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [MicroSoft Visual SP2] igfsfdfsd32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MicroSoft Visual SP2] igfsfdfsd32.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [MicroSoft Visual SP2] igfsfdfsd32.exe (User 'Default user')
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files\Rapidown\RapidownGetAll.htm
O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\RapidownGet.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\D-Link\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\Rapidown.exe (file missing)
O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\Rapidown.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Asus Protocol Driver Control - Unknown owner - C:\WINDOWS\System32\dllcache\wingptd.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\D-Link\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
--
End of file - 8351 bytes
Re,
Fix les lignes dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES
Fix les lignes dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\RunServices: [MicroSoft Visual SP0] igfsfdfsd32ss.exe
O4 - HKLM\..\RunServices: [MicroSoft Visual SP01] igfsfdfsd3sda2ss.exe
O4 - HKLM\..\RunServices: [MicroSoft ssadssjdhasjadas3s1] kwjwjshshsx3.exe
O4 - HKLM\..\RunServices: [Windows Services Aganter] ksamanz.exe
O4 - HKUS\S-1-5-18\..\Run: [MicroSoft Visual SP2] igfsfdfsd32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MicroSoft Visual SP0] igfsfdfsd32ss.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MicroSoft Visual SP01] igfsfdfsd3sda2ss.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MicroSoft ssadssjdhasjadas3s1] kwjwjshshsx3.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Service Agent] agl2dd3.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Services Aganter] ksamanz.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [MicroSoft Visual SP2] igfsfdfsd32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MicroSoft Visual SP2] igfsfdfsd32.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [MicroSoft Visual SP2] igfsfdfsd32.exe (User 'Default user')
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\RunServices: [MicroSoft Visual SP0] igfsfdfsd32ss.exe
O4 - HKLM\..\RunServices: [MicroSoft Visual SP01] igfsfdfsd3sda2ss.exe
O4 - HKLM\..\RunServices: [MicroSoft ssadssjdhasjadas3s1] kwjwjshshsx3.exe
O4 - HKLM\..\RunServices: [Windows Services Aganter] ksamanz.exe
O4 - HKUS\S-1-5-18\..\Run: [MicroSoft Visual SP2] igfsfdfsd32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MicroSoft Visual SP0] igfsfdfsd32ss.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MicroSoft Visual SP01] igfsfdfsd3sda2ss.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MicroSoft ssadssjdhasjadas3s1] kwjwjshshsx3.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Service Agent] agl2dd3.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Services Aganter] ksamanz.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [MicroSoft Visual SP2] igfsfdfsd32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MicroSoft Visual SP2] igfsfdfsd32.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [MicroSoft Visual SP2] igfsfdfsd32.exe (User 'Default user')
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:03, on 2008-02-18
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\D-Link\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\System32\BRMFRSMG.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files\Rapidown\RapidownGetAll.htm
O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\RapidownGet.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\D-Link\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\Rapidown.exe (file missing)
O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\Rapidown.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Asus Protocol Driver Control - Unknown owner - C:\WINDOWS\System32\dllcache\wingptd.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\D-Link\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
--
End of file - 7162 bytes
Scan saved at 23:03, on 2008-02-18
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\LVCOMSX.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\D-Link\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\System32\BRMFRSMG.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files\Rapidown\RapidownGetAll.htm
O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\RapidownGet.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\D-Link\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\Rapidown.exe (file missing)
O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\Rapidown.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Asus Protocol Driver Control - Unknown owner - C:\WINDOWS\System32\dllcache\wingptd.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\D-Link\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
--
End of file - 7162 bytes
Lassé par la pub ? Créez un compte
- Contenus similaires :
- Forum[Résolu] Internet explorer très lent
- ForumMon pc est très lent !!! surtout sur internet !!
- ForumOrdinateur tres lent et internet explorer qui bug tout temps....
- ForumInternet très lent depuis quelques jours... virus?!
- ForumInternet très lent!! Virus?
- ForumAffichage des pages internet très lent[RESOLU]
- ForumInternet Tres Tres lent Meme apres formatage
- Forumouverture internet trés lent
- ForumChargement des pages internet très lent
- Voir plus
