question
Dernière réponse : dans Sécurité
bonjour,
j'ai le même probleme que la personne sur ce sujet(http://www.infos-du-net.com/forum/275584-11-ordi-infect...)
et je voulait savoir si je peut suivre la meme procedure seul ou est ce que je doit etre assiter?(car vous demander les rapport a chaque fois)
j'ai le même probleme que la personne sur ce sujet(http://www.infos-du-net.com/forum/275584-11-ordi-infect...)
et je voulait savoir si je peut suivre la meme procedure seul ou est ce que je doit etre assiter?(car vous demander les rapport a chaque fois)
Autres pages sur : question
Lassé par la pub ? Créez un compte
Bonjour,
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
voila le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:38, on 10/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Fichiers communs\AOL\1178891134\ee\AOLSoftware.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\mrofinu1188.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\AOL 9.0 VR\waol.exe
C:\Program Files\Micro Application\Sécurité Internet\Anti-Hacker\KAVPF.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AOL 9.0 VR\shellmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: PimpFish - {D593DE91-7B41-45C2-830E-E9A99AB142AA} - C:\Program Files\PimpFish\PimpFish.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1178891134\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kav.exe" /minimize
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD325762EA4EBF968951185EFC412806867680AEDE604D64C2661373F819EBDCD66A47
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccf67066] rundll32.exe "C:\WINDOWS\system32\wormqbqf.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0 VR\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: desktop(2).ini
O4 - Startup: desktop(3)(2).ini
O4 - Startup: desktop(3).ini
O4 - Startup: desktop(4).ini
O4 - Global Startup: Anti-Hacker.lnk = ?
O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL 8.0b\aoltray.exe
O4 - Global Startup: desktop(2)(2)(2).ini
O4 - Global Startup: desktop(2)(2).ini
O4 - Global Startup: desktop(2)(3).ini
O4 - Global Startup: desktop(2).ini
O4 - Global Startup: desktop(3)(2).ini
O4 - Global Startup: desktop(3).ini
O4 - Global Startup: desktop(4).ini
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: PimpFish - Saisir cette image - C:\Program Files\PimpFish\GRABPIC.HTM
O8 - Extra context menu item: PimpFish - Saisir le fichier cible - C:\Program Files\PimpFish\GRABLINK.HTM
O8 - Extra context menu item: PimpFish - Saisir les images auxquelles cette page est reliée - C:\Program Files\PimpFish\GRABPAGELINKS.HTM
O8 - Extra context menu item: PimpFish - Saisir les images sur cette page - C:\Program Files\PimpFish\GRABPAGEPICS.HTM
O8 - Extra context menu item: PimpFish - Saisir les vidéos sur cette page - C:\Program Files\PimpFish\GRABPAGEMOVIES.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 8587 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:38, on 10/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Fichiers communs\AOL\1178891134\ee\AOLSoftware.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\mrofinu1188.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\AOL 9.0 VR\waol.exe
C:\Program Files\Micro Application\Sécurité Internet\Anti-Hacker\KAVPF.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AOL 9.0 VR\shellmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: PimpFish - {D593DE91-7B41-45C2-830E-E9A99AB142AA} - C:\Program Files\PimpFish\PimpFish.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1178891134\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kav.exe" /minimize
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD325762EA4EBF968951185EFC412806867680AEDE604D64C2661373F819EBDCD66A47
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccf67066] rundll32.exe "C:\WINDOWS\system32\wormqbqf.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0 VR\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: desktop(2).ini
O4 - Startup: desktop(3)(2).ini
O4 - Startup: desktop(3).ini
O4 - Startup: desktop(4).ini
O4 - Global Startup: Anti-Hacker.lnk = ?
O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL 8.0b\aoltray.exe
O4 - Global Startup: desktop(2)(2)(2).ini
O4 - Global Startup: desktop(2)(2).ini
O4 - Global Startup: desktop(2)(3).ini
O4 - Global Startup: desktop(2).ini
O4 - Global Startup: desktop(3)(2).ini
O4 - Global Startup: desktop(3).ini
O4 - Global Startup: desktop(4).ini
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: PimpFish - Saisir cette image - C:\Program Files\PimpFish\GRABPIC.HTM
O8 - Extra context menu item: PimpFish - Saisir le fichier cible - C:\Program Files\PimpFish\GRABLINK.HTM
O8 - Extra context menu item: PimpFish - Saisir les images auxquelles cette page est reliée - C:\Program Files\PimpFish\GRABPAGELINKS.HTM
O8 - Extra context menu item: PimpFish - Saisir les images sur cette page - C:\Program Files\PimpFish\GRABPAGEPICS.HTM
O8 - Extra context menu item: PimpFish - Saisir les vidéos sur cette page - C:\Program Files\PimpFish\GRABPAGEMOVIES.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 8587 bytes
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-dessus, à partir de "clique sur le bouton Scan for Vundo".
voila le nouveau rapport HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:11, on 10/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\AOL\1178891134\ee\AOLSoftware.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\mrofinu1188.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Micro Application\Sécurité Internet\Anti-Hacker\KAVPF.exe
C:\Program Files\AOL 9.0 VR\waol.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\AOL 9.0 VR\shellmon.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: PimpFish - {D593DE91-7B41-45C2-830E-E9A99AB142AA} - C:\Program Files\PimpFish\PimpFish.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1178891134\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kav.exe" /minimize
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD325762EA4EBF968951185EFC412806867680AEDE604D64C2661373F819EBDCD66A47
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccf67066] rundll32.exe "C:\WINDOWS\system32\wormqbqf.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0 VR\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: desktop(2).ini
O4 - Startup: desktop(3)(2).ini
O4 - Startup: desktop(3).ini
O4 - Startup: desktop(4).ini
O4 - Global Startup: Anti-Hacker.lnk = ?
O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL 8.0b\aoltray.exe
O4 - Global Startup: desktop(2)(2)(2).ini
O4 - Global Startup: desktop(2)(2).ini
O4 - Global Startup: desktop(2)(3).ini
O4 - Global Startup: desktop(2).ini
O4 - Global Startup: desktop(3)(2).ini
O4 - Global Startup: desktop(3).ini
O4 - Global Startup: desktop(4).ini
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: PimpFish - Saisir cette image - C:\Program Files\PimpFish\GRABPIC.HTM
O8 - Extra context menu item: PimpFish - Saisir le fichier cible - C:\Program Files\PimpFish\GRABLINK.HTM
O8 - Extra context menu item: PimpFish - Saisir les images auxquelles cette page est reliée - C:\Program Files\PimpFish\GRABPAGELINKS.HTM
O8 - Extra context menu item: PimpFish - Saisir les images sur cette page - C:\Program Files\PimpFish\GRABPAGEPICS.HTM
O8 - Extra context menu item: PimpFish - Saisir les vidéos sur cette page - C:\Program Files\PimpFish\GRABPAGEMOVIES.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 8677 bytes
el le rapport vundofix
VundoFix V7.0.1
Scan started at 00:32:55 09/03/2008
Listing files found while scanning....
VundoFix V7.0.1
Scan started at 12:11:45 10/03/2008
Listing files found while scanning....
C:\WINDOWS\system32\bmaipdac.dll
C:\windows\system32\sdfqxlmy.dllbox
C:\WINDOWS\system32\uhpgoqpr.dll
C:\WINDOWS\system32\uzxtijmr.dll
C:\windows\system32\uzxtijmr.dllbox
C:\windows\system32\wqbfsccv.dllbox
Beginning removal...
Attempting to delete C:\WINDOWS\system32\bmaipdac.dll
C:\WINDOWS\system32\bmaipdac.dll Has been deleted!
Attempting to delete C:\windows\system32\sdfqxlmy.dllbox
C:\windows\system32\sdfqxlmy.dllbox Has been deleted!
Attempting to delete C:\WINDOWS\system32\uhpgoqpr.dll
C:\WINDOWS\system32\uhpgoqpr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\uzxtijmr.dll
C:\WINDOWS\system32\uzxtijmr.dll Has been deleted!
Attempting to delete C:\windows\system32\uzxtijmr.dllbox
C:\windows\system32\uzxtijmr.dllbox Has been deleted!
Attempting to delete C:\windows\system32\wqbfsccv.dllbox
C:\windows\system32\wqbfsccv.dllbox Has been deleted!
Performing Repairs to the registry.
Done!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:11, on 10/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\AOL\1178891134\ee\AOLSoftware.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\mrofinu1188.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Micro Application\Sécurité Internet\Anti-Hacker\KAVPF.exe
C:\Program Files\AOL 9.0 VR\waol.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\AOL 9.0 VR\shellmon.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: PimpFish - {D593DE91-7B41-45C2-830E-E9A99AB142AA} - C:\Program Files\PimpFish\PimpFish.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1178891134\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kav.exe" /minimize
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD325762EA4EBF968951185EFC412806867680AEDE604D64C2661373F819EBDCD66A47
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccf67066] rundll32.exe "C:\WINDOWS\system32\wormqbqf.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0 VR\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: desktop(2).ini
O4 - Startup: desktop(3)(2).ini
O4 - Startup: desktop(3).ini
O4 - Startup: desktop(4).ini
O4 - Global Startup: Anti-Hacker.lnk = ?
O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL 8.0b\aoltray.exe
O4 - Global Startup: desktop(2)(2)(2).ini
O4 - Global Startup: desktop(2)(2).ini
O4 - Global Startup: desktop(2)(3).ini
O4 - Global Startup: desktop(2).ini
O4 - Global Startup: desktop(3)(2).ini
O4 - Global Startup: desktop(3).ini
O4 - Global Startup: desktop(4).ini
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: PimpFish - Saisir cette image - C:\Program Files\PimpFish\GRABPIC.HTM
O8 - Extra context menu item: PimpFish - Saisir le fichier cible - C:\Program Files\PimpFish\GRABLINK.HTM
O8 - Extra context menu item: PimpFish - Saisir les images auxquelles cette page est reliée - C:\Program Files\PimpFish\GRABPAGELINKS.HTM
O8 - Extra context menu item: PimpFish - Saisir les images sur cette page - C:\Program Files\PimpFish\GRABPAGEPICS.HTM
O8 - Extra context menu item: PimpFish - Saisir les vidéos sur cette page - C:\Program Files\PimpFish\GRABPAGEMOVIES.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 8677 bytes
el le rapport vundofix
VundoFix V7.0.1
Scan started at 00:32:55 09/03/2008
Listing files found while scanning....
VundoFix V7.0.1
Scan started at 12:11:45 10/03/2008
Listing files found while scanning....
C:\WINDOWS\system32\bmaipdac.dll
C:\windows\system32\sdfqxlmy.dllbox
C:\WINDOWS\system32\uhpgoqpr.dll
C:\WINDOWS\system32\uzxtijmr.dll
C:\windows\system32\uzxtijmr.dllbox
C:\windows\system32\wqbfsccv.dllbox
Beginning removal...
Attempting to delete C:\WINDOWS\system32\bmaipdac.dll
C:\WINDOWS\system32\bmaipdac.dll Has been deleted!
Attempting to delete C:\windows\system32\sdfqxlmy.dllbox
C:\windows\system32\sdfqxlmy.dllbox Has been deleted!
Attempting to delete C:\WINDOWS\system32\uhpgoqpr.dll
C:\WINDOWS\system32\uhpgoqpr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\uzxtijmr.dll
C:\WINDOWS\system32\uzxtijmr.dll Has been deleted!
Attempting to delete C:\windows\system32\uzxtijmr.dllbox
C:\windows\system32\uzxtijmr.dllbox Has been deleted!
Attempting to delete C:\windows\system32\wqbfsccv.dllbox
C:\windows\system32\wqbfsccv.dllbox Has been deleted!
Performing Repairs to the registry.
Done!
1) Affiche les fichiers et dossiers cachés …
Pour ce faire, tu vas dans un dossier, par ex. "Mes Images".
Ensuite, clique sur > Outils > Options des dossiers ...
clique sur l' onglet « Affichage » et ...
coche ---> Afficher les fichiers et dossiers cachés
décoche > Masquer les extensions des fichiers dont le type est connu
décoche > Masquer les fichiers protégés du système d' exploitation (recommandé).
« Appliquer » et « OK ».
2) Désactive toute protection résidente ( antivirus…) !
Télécharge Combofix de sUBs :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Aide à l’utilisation de combofix ici: http://bibou0007.forumpro.fr/tutos-f45/tutorial-combofi...
Redémarre en mode sans échecs : aide ici >>>
http://forum.telecharger.01net.com/telecharger/virus_et...
/!\ Ne jamais redémarrer en mode sans échec via msconfig ! /!\
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
3) Copie/colle un nouveau rapport HiJackThis avec.
voila le rapport
ComboFix 08-03-10.1 - jérôme 2008-03-10 17:14:08.1 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.361 [GMT 1:00]
Endroit: C:\Documents and Settings\jérôme\Bureau\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
ADS - svchost.exe: deleted 68 bytes in 1 streams.
ADS - ntoskrnl.exe: deleted 68 bytes in 1 streams.
ADS - explorer.exe: deleted 132 bytes in 1 streams.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Helper
C:\Program Files\inetget2
C:\Program Files\Outlook Express\redy777444.dll
C:\Program Files\Outlook Express\redy821058.dll
C:\Program Files\Video Add-on
C:\Program Files\Video Add-on\ot.ico
C:\Program Files\Video Add-on\ts.ico
C:\Program Files\Video Add-on\uninst.exe
C:\Temp\sanR24
C:\WINDOWS\BMcfc543fa.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\'
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bkleaaul.dll
C:\WINDOWS\system32\calhwocv.ini
C:\WINDOWS\system32\ffsmihic.dll
C:\WINDOWS\system32\hggedeb.dll
C:\WINDOWS\system32\hipevjev.dll
C:\WINDOWS\system32\ieaqakgo.dll
C:\WINDOWS\system32\jjcvcyuo.dll
C:\WINDOWS\system32\ljdgvncr.dll
C:\WINDOWS\system32\lokmcxnj.dll
C:\WINDOWS\system32\lqfsclmx.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdpbinjy.ini
C:\WINDOWS\system32\mggtdfav.dll
C:\WINDOWS\system32\mljhhgf.dll
C:\WINDOWS\system32\nmlkmluk.dll
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\opnopnk.dll
C:\WINDOWS\system32\otmdkbdh.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\prutv.ini
C:\WINDOWS\system32\prutv.ini2
C:\WINDOWS\system32\ptcbfirm.dll
C:\WINDOWS\system32\qndjvunv.dll
C:\WINDOWS\system32\rcnvgdjl.ini
C:\WINDOWS\system32\rqrqqoo.dll
C:\WINDOWS\system32\tarwufji.dll
C:\WINDOWS\system32\ugcwyvql.dll
C:\WINDOWS\system32\vcowhlac.dll
C:\WINDOWS\system32\vhqwhmho.dll
C:\WINDOWS\system32\vturp.dll
C:\WINDOWS\system32\wmymsnvm.dll
C:\WINDOWS\system32\wujtvjac.dll
C:\WINDOWS\system32\xlowhtjp.dll
C:\WINDOWS\system32\xxyxwxw.dll
C:\WINDOWS\system32\yjnibpdm.dll
C:\winlogon.exe
C:\x.dat
C:\z.dat
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-10 to 2008-03-10 ))))))))))))))))))))))))))))))))))))
.
2008-03-10 12:30 . 2008-03-10 12:30 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-03-09 18:34 . 2008-03-09 18:34 91,200 --a------ C:\WINDOWS\system32\mlquvnvx.dll
2008-03-09 18:31 . 2008-03-10 05:27 1,308,581 ---hs---- C:\WINDOWS\system32\fqbqmrow.ini
2008-03-09 18:31 . 2008-03-09 18:31 89,664 --a------ C:\WINDOWS\system32\wnlpgoml.dll
2008-03-09 18:31 . 2008-03-09 18:31 86,592 --a------ C:\WINDOWS\system32\wormqbqf.dll
2008-03-09 12:48 . 2008-03-09 12:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-09 12:48 . 2008-03-09 12:48 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-09 00:32 . 2008-03-10 12:30 <REP> d-------- C:\VundoFix Backups
2008-03-09 00:14 . 2008-03-09 00:14 <REP> d-------- C:\Program Files\Trend Micro
2008-03-08 23:19 . 2008-03-08 23:19 <REP> d-------- C:\Program Files\RegCleaner
2008-03-08 21:00 . 2008-03-08 21:00 136,627 --a------ C:\WINDOWS\POTA777444.exe
2008-03-08 18:33 . 2008-03-09 16:03 1,308,401 ---hs---- C:\WINDOWS\system32\yratvfev.ini
2008-03-07 18:35 . 2008-03-08 09:31 2,209,032 ---hs---- C:\WINDOWS\system32\nlouikau.ini
2008-03-07 18:35 . 2008-03-07 18:35 87,104 --a------ C:\WINDOWS\system32\uakiuoln.dll
2008-03-07 18:32 . 2008-03-07 18:32 90,688 --a------ C:\WINDOWS\system32\ujamaykd.dll
2008-03-07 18:28 . 2008-03-07 18:28 88,640 --a------ C:\WINDOWS\system32\dvucfpya.dll
2008-03-06 17:07 . 2008-03-07 18:31 2,345,403 ---hs---- C:\WINDOWS\system32\sgnbnqpb.ini
2008-03-05 23:45 . 2008-03-05 23:45 37,376 -ra------ C:\WINDOWS\mrofinu1188.exe
2008-03-05 17:07 . 2008-03-06 16:54 1,307,614 ---hs---- C:\WINDOWS\system32\sfvfhgck.ini
2008-03-05 17:05 . 2008-03-05 17:05 52,800 --a------ C:\WINDOWS\system32\vqetmhdq.dll
2008-03-05 16:59 . 2008-03-05 16:59 134 --a------ C:\n.bat
2008-03-05 16:58 . 2008-03-05 16:58 40,960 --a------ C:\Documents and Settings\sylvain\f.exe
2008-03-05 16:58 . 2008-03-05 16:58 300 --a------ C:\2488.bat
2008-03-04 21:26 . 2008-03-04 21:26 52,800 --a------ C:\WINDOWS\system32\jutskicc.dll
2008-03-04 20:51 . 2008-03-04 20:51 <REP> d-------- C:\Program Files\Fichiers communs\Stardock
2008-03-04 20:51 . 2008-03-04 20:51 <REP> d-------- C:\Program Files\CONEXANT
2008-03-04 20:51 . 2008-03-04 21:26 <REP> d-------- C:\Program Files\Alcohol Toolbar
2008-03-04 20:50 . 2008-03-04 20:50 <REP> d-------- C:\Program Files\jv16 PowerTools 2008
2008-03-04 20:50 . 2008-03-04 20:50 <REP> d-------- C:\Program Files\DisqudurProtection
2008-03-04 20:09 . 2008-03-04 20:50 <REP> d-------- C:\Program Files\Fichiers communs\DisqudurProtection
2008-03-04 20:09 . 2008-03-04 20:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\disqudurprotection
2008-03-04 20:09 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-03-04 16:56 . 2008-03-04 16:56 52,800 --------- C:\WINDOWS\system32\wdlrobpr.dll
2008-03-04 16:49 . 2008-03-04 16:49 52,800 --------- C:\WINDOWS\system32\wfftemir.dll
2008-03-03 15:54 . 2008-03-04 20:53 <REP> d-------- C:\Program Files\nvcoi
2008-03-02 15:48 . 2008-03-02 15:48 89,664 --------- C:\WINDOWS\system32\ywrekoks.dll
2008-03-02 15:46 . 2008-03-02 15:46 91,712 --------- C:\WINDOWS\system32\afdakebq.dll
2008-03-02 15:45 . 2008-03-04 20:46 276,123 --ahs---- C:\WINDOWS\system32\qtstv.ini2
2008-03-02 10:26 . 2008-03-02 10:26 300 --a------ C:\9807.bat
2008-03-02 07:55 . 2008-03-02 07:55 85,568 --a------ C:\WINDOWS\system32\luesctkm.dll
2008-03-02 07:55 . 2008-03-02 07:55 74 ---hs---- C:\WINDOWS\system32\mktcseul.ini
2008-03-02 07:52 . 2008-03-02 07:52 89,664 --------- C:\WINDOWS\system32\vugvfago.dll
2008-03-02 07:49 . 2008-03-02 07:49 163,904 --------- C:\WINDOWS\system32\cqluamqe.dll
2008-03-02 07:45 . 2008-03-02 07:45 91,712 --a------ C:\WINDOWS\system32\ebpegmgm.dll
2008-03-01 10:51 . 2008-03-08 14:34 <REP> d-------- C:\WINDOWS\system32\iDlo18
2008-03-01 10:51 . 2008-03-10 17:15 <REP> d-------- C:\Temp
2008-03-01 10:51 . 2008-03-01 10:51 300 --a------ C:\8116.bat
2008-03-01 09:39 . 2008-03-01 09:39 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-02-29 15:24 . 2008-02-29 15:24 <REP> d-------- C:\Program Files\Neuf
2008-02-25 15:19 . 2008-02-25 13:19 140,800 --a------ C:\WINDOWS\b149.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-10 14:46 --------- d-----w C:\Documents and Settings\sylvain\Application Data\OpenOffice.org2
2008-03-10 11:08 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2008-03-08 17:14 --------- d-----w C:\Program Files\Image-Line
2008-03-08 15:24 --------- d-----w C:\Program Files\VirtualDJ
2008-03-08 15:20 --------- d-----w C:\Program Files\Java
2008-03-08 13:52 --------- d-----w C:\Program Files\NetBattle
2008-03-04 19:51 --------- d-----w C:\Program Files\AlienGUIse
2008-03-04 17:55 --------- d-----w C:\Program Files\UBISOFT
2008-03-01 08:44 --------- d-----w C:\Program Files\LimeWire
2008-02-24 08:50 --------- d-----w C:\Program Files\Bodom-Child - RaBBi
2008-02-24 08:49 --------- d-----w C:\Program Files\Starcraft
2008-02-21 07:40 --------- d-----w C:\Documents and Settings\monika.CARON-93FE8C8F3\Application Data\AOL
2008-02-10 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-01-28 06:44 --------- d-----w C:\Program Files\Datel
2008-01-25 18:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 12:47 286,720 ----a-w C:\WINDOWS\iun507.exe
2007-10-01 11:15 282,628 ----a-w C:\WINDOWS\Fonts\Setup.exe
2007-08-07 10:13 150,966 --sh--w C:\WINDOWS\Resources\Themes\DameK UltraBlue\irunin.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60e4a2c1-b949-416f-a338-6fe5860c3113}]
2008-03-09 18:34 91200 --a------ C:\WINDOWS\system32\mlquvnvx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 14:32 700416]
"WINSOS VERIFY"="C:\Program Files\Winsos\WINSOS.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 14:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-11-02 14:53 77824 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-12-10 15:38 2749440 C:\WINDOWS\ALCWZRD.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-20 13:09 4583424]
"nwiz"="nwiz.exe" [2004-09-20 13:09 921600 C:\WINDOWS\system32\nwiz.exe]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 05:59 878080]
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2007-06-21 11:01 70952]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
"HostManager"="C:\Program Files\Fichiers communs\AOL\1178891134\ee\AOLSoftware.exe" [2006-11-17 14:16 50736]
"EPSON Stylus Photo RX520 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.exe" [2005-04-07 05:00 98304]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [ ]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-01-05 14:24 26112]
"KAVPersonal50"="C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kav.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"ccf67066"="C:\WINDOWS\system32\wormqbqf.dll" [2008-03-09 18:31 86592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggedeb]
hggedeb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-08-15 19:15 271672 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-01-05 14:24 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 15:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Games\\DUKE3D\\eduke32.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\BitZip\\bitzip.exe"=
"C:\\Program Files\\ZyDAS Technology Corporation\\ZyDAS_802.11g_Utility\\ZDWlan.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\1178891134\\ee\\aolsoftware.exe"=
"C:\\Program Files\\AOL 9.0 VR\\waol.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\System Information\\sinf.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 Klick;Klick;C:\WINDOWS\system32\drivers\klick.sys [2004-11-19 11:11]
R0 Klin;Klin;C:\WINDOWS\system32\drivers\klin.sys [2004-11-19 11:11]
R0 Klpf;Klpf;C:\WINDOWS\system32\drivers\Klpf.sys [2004-11-23 16:38]
R0 Klpid;Klpid;C:\WINDOWS\system32\drivers\Klpid.sys [2004-11-23 16:38]
R1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys [2004-11-26 13:38]
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2004-09-20 06:59]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2004-09-20 06:59]
S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2003-09-05 05:58]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 18:44]
S3 ids0018a;ids0018a;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0018a.sys []
S3 ids00196;ids00196;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00196.sys []
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fbus.sys [2006-11-10 08:55]
S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Fmdfl.sys [2006-11-10 08:55]
S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Fmdm.sys [2006-11-10 08:55]
S3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fmgmt.sys [2006-11-10 08:55]
S3 se2Fnd5;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (NDIS);C:\WINDOWS\system32\DRIVERS\se2Fnd5.sys [2006-11-10 08:55]
S3 SE2Fobex;Sony Ericsson Device 047 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Fobex.sys [2006-11-10 08:55]
S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);C:\WINDOWS\system32\DRIVERS\se2Funic.sys [2006-11-10 08:55]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-08-17 14:43]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 17:35:03
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 4231
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Micro Application\Sécurité Internet\Anti-Hacker\KAVPF.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-10 17:40:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-10 16:40:15
.
2008-02-17 19:27:43 --- E O F ---
et le nouveau HiJackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:41:41, on 10/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Fichiers communs\AOL\1178891134\ee\AOLSoftware.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Micro Application\Sécurité Internet\Anti-Hacker\KAVPF.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PimpFish Toolbar Opcode Handler - {29C88E20-4234-41B9-A9DB-982958C95FB1} - C:\Program Files\PimpFish\PimpFish.dll
O2 - BHO: {3113c068-5ef6-833a-f614-949b1c2a4e06} - {60e4a2c1-b949-416f-a338-6fe5860c3113} - C:\WINDOWS\system32\mlquvnvx.dll
O2 - BHO: FloatBar Class - {75B1A646-CDCE-4C06-B52F-84F4463B4FC8} - C:\Program Files\PimpFish\FloatBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: PimpFish - {D593DE91-7B41-45C2-830E-E9A99AB142AA} - C:\Program Files\PimpFish\PimpFish.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1178891134\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kav.exe" /minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccf67066] rundll32.exe "C:\WINDOWS\system32\wormqbqf.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: desktop(2).ini
O4 - Startup: desktop(3)(2).ini
O4 - Startup: desktop(3).ini
O4 - Startup: desktop(4).ini
O4 - Global Startup: Anti-Hacker.lnk = ?
O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL 8.0b\aoltray.exe
O4 - Global Startup: desktop(2)(2)(2).ini
O4 - Global Startup: desktop(2)(2).ini
O4 - Global Startup: desktop(2)(3).ini
O4 - Global Startup: desktop(2).ini
O4 - Global Startup: desktop(3)(2).ini
O4 - Global Startup: desktop(3).ini
O4 - Global Startup: desktop(4).ini
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: PimpFish - Saisir cette image - C:\Program Files\PimpFish\GRABPIC.HTM
O8 - Extra context menu item: PimpFish - Saisir le fichier cible - C:\Program Files\PimpFish\GRABLINK.HTM
O8 - Extra context menu item: PimpFish - Saisir les images auxquelles cette page est reliée - C:\Program Files\PimpFish\GRABPAGELINKS.HTM
O8 - Extra context menu item: PimpFish - Saisir les images sur cette page - C:\Program Files\PimpFish\GRABPAGEPICS.HTM
O8 - Extra context menu item: PimpFish - Saisir les vidéos sur cette page - C:\Program Files\PimpFish\GRABPAGEMOVIES.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O20 - Winlogon Notify: hggedeb - hggedeb.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 9547 bytes
ComboFix 08-03-10.1 - jérôme 2008-03-10 17:14:08.1 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.361 [GMT 1:00]
Endroit: C:\Documents and Settings\jérôme\Bureau\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
ADS - svchost.exe: deleted 68 bytes in 1 streams.
ADS - ntoskrnl.exe: deleted 68 bytes in 1 streams.
ADS - explorer.exe: deleted 132 bytes in 1 streams.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Helper
C:\Program Files\inetget2
C:\Program Files\Outlook Express\redy777444.dll
C:\Program Files\Outlook Express\redy821058.dll
C:\Program Files\Video Add-on
C:\Program Files\Video Add-on\ot.ico
C:\Program Files\Video Add-on\ts.ico
C:\Program Files\Video Add-on\uninst.exe
C:\Temp\sanR24
C:\WINDOWS\BMcfc543fa.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\'
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bkleaaul.dll
C:\WINDOWS\system32\calhwocv.ini
C:\WINDOWS\system32\ffsmihic.dll
C:\WINDOWS\system32\hggedeb.dll
C:\WINDOWS\system32\hipevjev.dll
C:\WINDOWS\system32\ieaqakgo.dll
C:\WINDOWS\system32\jjcvcyuo.dll
C:\WINDOWS\system32\ljdgvncr.dll
C:\WINDOWS\system32\lokmcxnj.dll
C:\WINDOWS\system32\lqfsclmx.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdpbinjy.ini
C:\WINDOWS\system32\mggtdfav.dll
C:\WINDOWS\system32\mljhhgf.dll
C:\WINDOWS\system32\nmlkmluk.dll
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\opnopnk.dll
C:\WINDOWS\system32\otmdkbdh.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\prutv.ini
C:\WINDOWS\system32\prutv.ini2
C:\WINDOWS\system32\ptcbfirm.dll
C:\WINDOWS\system32\qndjvunv.dll
C:\WINDOWS\system32\rcnvgdjl.ini
C:\WINDOWS\system32\rqrqqoo.dll
C:\WINDOWS\system32\tarwufji.dll
C:\WINDOWS\system32\ugcwyvql.dll
C:\WINDOWS\system32\vcowhlac.dll
C:\WINDOWS\system32\vhqwhmho.dll
C:\WINDOWS\system32\vturp.dll
C:\WINDOWS\system32\wmymsnvm.dll
C:\WINDOWS\system32\wujtvjac.dll
C:\WINDOWS\system32\xlowhtjp.dll
C:\WINDOWS\system32\xxyxwxw.dll
C:\WINDOWS\system32\yjnibpdm.dll
C:\winlogon.exe
C:\x.dat
C:\z.dat
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-10 to 2008-03-10 ))))))))))))))))))))))))))))))))))))
.
2008-03-10 12:30 . 2008-03-10 12:30 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-03-09 18:34 . 2008-03-09 18:34 91,200 --a------ C:\WINDOWS\system32\mlquvnvx.dll
2008-03-09 18:31 . 2008-03-10 05:27 1,308,581 ---hs---- C:\WINDOWS\system32\fqbqmrow.ini
2008-03-09 18:31 . 2008-03-09 18:31 89,664 --a------ C:\WINDOWS\system32\wnlpgoml.dll
2008-03-09 18:31 . 2008-03-09 18:31 86,592 --a------ C:\WINDOWS\system32\wormqbqf.dll
2008-03-09 12:48 . 2008-03-09 12:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-09 12:48 . 2008-03-09 12:48 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-09 00:32 . 2008-03-10 12:30 <REP> d-------- C:\VundoFix Backups
2008-03-09 00:14 . 2008-03-09 00:14 <REP> d-------- C:\Program Files\Trend Micro
2008-03-08 23:19 . 2008-03-08 23:19 <REP> d-------- C:\Program Files\RegCleaner
2008-03-08 21:00 . 2008-03-08 21:00 136,627 --a------ C:\WINDOWS\POTA777444.exe
2008-03-08 18:33 . 2008-03-09 16:03 1,308,401 ---hs---- C:\WINDOWS\system32\yratvfev.ini
2008-03-07 18:35 . 2008-03-08 09:31 2,209,032 ---hs---- C:\WINDOWS\system32\nlouikau.ini
2008-03-07 18:35 . 2008-03-07 18:35 87,104 --a------ C:\WINDOWS\system32\uakiuoln.dll
2008-03-07 18:32 . 2008-03-07 18:32 90,688 --a------ C:\WINDOWS\system32\ujamaykd.dll
2008-03-07 18:28 . 2008-03-07 18:28 88,640 --a------ C:\WINDOWS\system32\dvucfpya.dll
2008-03-06 17:07 . 2008-03-07 18:31 2,345,403 ---hs---- C:\WINDOWS\system32\sgnbnqpb.ini
2008-03-05 23:45 . 2008-03-05 23:45 37,376 -ra------ C:\WINDOWS\mrofinu1188.exe
2008-03-05 17:07 . 2008-03-06 16:54 1,307,614 ---hs---- C:\WINDOWS\system32\sfvfhgck.ini
2008-03-05 17:05 . 2008-03-05 17:05 52,800 --a------ C:\WINDOWS\system32\vqetmhdq.dll
2008-03-05 16:59 . 2008-03-05 16:59 134 --a------ C:\n.bat
2008-03-05 16:58 . 2008-03-05 16:58 40,960 --a------ C:\Documents and Settings\sylvain\f.exe
2008-03-05 16:58 . 2008-03-05 16:58 300 --a------ C:\2488.bat
2008-03-04 21:26 . 2008-03-04 21:26 52,800 --a------ C:\WINDOWS\system32\jutskicc.dll
2008-03-04 20:51 . 2008-03-04 20:51 <REP> d-------- C:\Program Files\Fichiers communs\Stardock
2008-03-04 20:51 . 2008-03-04 20:51 <REP> d-------- C:\Program Files\CONEXANT
2008-03-04 20:51 . 2008-03-04 21:26 <REP> d-------- C:\Program Files\Alcohol Toolbar
2008-03-04 20:50 . 2008-03-04 20:50 <REP> d-------- C:\Program Files\jv16 PowerTools 2008
2008-03-04 20:50 . 2008-03-04 20:50 <REP> d-------- C:\Program Files\DisqudurProtection
2008-03-04 20:09 . 2008-03-04 20:50 <REP> d-------- C:\Program Files\Fichiers communs\DisqudurProtection
2008-03-04 20:09 . 2008-03-04 20:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\disqudurprotection
2008-03-04 20:09 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-03-04 16:56 . 2008-03-04 16:56 52,800 --------- C:\WINDOWS\system32\wdlrobpr.dll
2008-03-04 16:49 . 2008-03-04 16:49 52,800 --------- C:\WINDOWS\system32\wfftemir.dll
2008-03-03 15:54 . 2008-03-04 20:53 <REP> d-------- C:\Program Files\nvcoi
2008-03-02 15:48 . 2008-03-02 15:48 89,664 --------- C:\WINDOWS\system32\ywrekoks.dll
2008-03-02 15:46 . 2008-03-02 15:46 91,712 --------- C:\WINDOWS\system32\afdakebq.dll
2008-03-02 15:45 . 2008-03-04 20:46 276,123 --ahs---- C:\WINDOWS\system32\qtstv.ini2
2008-03-02 10:26 . 2008-03-02 10:26 300 --a------ C:\9807.bat
2008-03-02 07:55 . 2008-03-02 07:55 85,568 --a------ C:\WINDOWS\system32\luesctkm.dll
2008-03-02 07:55 . 2008-03-02 07:55 74 ---hs---- C:\WINDOWS\system32\mktcseul.ini
2008-03-02 07:52 . 2008-03-02 07:52 89,664 --------- C:\WINDOWS\system32\vugvfago.dll
2008-03-02 07:49 . 2008-03-02 07:49 163,904 --------- C:\WINDOWS\system32\cqluamqe.dll
2008-03-02 07:45 . 2008-03-02 07:45 91,712 --a------ C:\WINDOWS\system32\ebpegmgm.dll
2008-03-01 10:51 . 2008-03-08 14:34 <REP> d-------- C:\WINDOWS\system32\iDlo18
2008-03-01 10:51 . 2008-03-10 17:15 <REP> d-------- C:\Temp
2008-03-01 10:51 . 2008-03-01 10:51 300 --a------ C:\8116.bat
2008-03-01 09:39 . 2008-03-01 09:39 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-02-29 15:24 . 2008-02-29 15:24 <REP> d-------- C:\Program Files\Neuf
2008-02-25 15:19 . 2008-02-25 13:19 140,800 --a------ C:\WINDOWS\b149.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-10 14:46 --------- d-----w C:\Documents and Settings\sylvain\Application Data\OpenOffice.org2
2008-03-10 11:08 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2008-03-08 17:14 --------- d-----w C:\Program Files\Image-Line
2008-03-08 15:24 --------- d-----w C:\Program Files\VirtualDJ
2008-03-08 15:20 --------- d-----w C:\Program Files\Java
2008-03-08 13:52 --------- d-----w C:\Program Files\NetBattle
2008-03-04 19:51 --------- d-----w C:\Program Files\AlienGUIse
2008-03-04 17:55 --------- d-----w C:\Program Files\UBISOFT
2008-03-01 08:44 --------- d-----w C:\Program Files\LimeWire
2008-02-24 08:50 --------- d-----w C:\Program Files\Bodom-Child - RaBBi
2008-02-24 08:49 --------- d-----w C:\Program Files\Starcraft
2008-02-21 07:40 --------- d-----w C:\Documents and Settings\monika.CARON-93FE8C8F3\Application Data\AOL
2008-02-10 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-01-28 06:44 --------- d-----w C:\Program Files\Datel
2008-01-25 18:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 12:47 286,720 ----a-w C:\WINDOWS\iun507.exe
2007-10-01 11:15 282,628 ----a-w C:\WINDOWS\Fonts\Setup.exe
2007-08-07 10:13 150,966 --sh--w C:\WINDOWS\Resources\Themes\DameK UltraBlue\irunin.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60e4a2c1-b949-416f-a338-6fe5860c3113}]
2008-03-09 18:34 91200 --a------ C:\WINDOWS\system32\mlquvnvx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 14:32 700416]
"WINSOS VERIFY"="C:\Program Files\Winsos\WINSOS.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 14:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-11-02 14:53 77824 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-12-10 15:38 2749440 C:\WINDOWS\ALCWZRD.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-20 13:09 4583424]
"nwiz"="nwiz.exe" [2004-09-20 13:09 921600 C:\WINDOWS\system32\nwiz.exe]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 05:59 878080]
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2007-06-21 11:01 70952]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
"HostManager"="C:\Program Files\Fichiers communs\AOL\1178891134\ee\AOLSoftware.exe" [2006-11-17 14:16 50736]
"EPSON Stylus Photo RX520 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.exe" [2005-04-07 05:00 98304]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [ ]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-01-05 14:24 26112]
"KAVPersonal50"="C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kav.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"ccf67066"="C:\WINDOWS\system32\wormqbqf.dll" [2008-03-09 18:31 86592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggedeb]
hggedeb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-08-15 19:15 271672 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-01-05 14:24 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 15:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Games\\DUKE3D\\eduke32.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\BitZip\\bitzip.exe"=
"C:\\Program Files\\ZyDAS Technology Corporation\\ZyDAS_802.11g_Utility\\ZDWlan.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\1178891134\\ee\\aolsoftware.exe"=
"C:\\Program Files\\AOL 9.0 VR\\waol.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\System Information\\sinf.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 Klick;Klick;C:\WINDOWS\system32\drivers\klick.sys [2004-11-19 11:11]
R0 Klin;Klin;C:\WINDOWS\system32\drivers\klin.sys [2004-11-19 11:11]
R0 Klpf;Klpf;C:\WINDOWS\system32\drivers\Klpf.sys [2004-11-23 16:38]
R0 Klpid;Klpid;C:\WINDOWS\system32\drivers\Klpid.sys [2004-11-23 16:38]
R1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys [2004-11-26 13:38]
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2004-09-20 06:59]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2004-09-20 06:59]
S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2003-09-05 05:58]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 18:44]
S3 ids0018a;ids0018a;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0018a.sys []
S3 ids00196;ids00196;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00196.sys []
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fbus.sys [2006-11-10 08:55]
S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Fmdfl.sys [2006-11-10 08:55]
S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Fmdm.sys [2006-11-10 08:55]
S3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fmgmt.sys [2006-11-10 08:55]
S3 se2Fnd5;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (NDIS);C:\WINDOWS\system32\DRIVERS\se2Fnd5.sys [2006-11-10 08:55]
S3 SE2Fobex;Sony Ericsson Device 047 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Fobex.sys [2006-11-10 08:55]
S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);C:\WINDOWS\system32\DRIVERS\se2Funic.sys [2006-11-10 08:55]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-08-17 14:43]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 17:35:03
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 4231
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Micro Application\Sécurité Internet\Anti-Hacker\KAVPF.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-10 17:40:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-10 16:40:15
.
2008-02-17 19:27:43 --- E O F ---
et le nouveau HiJackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:41:41, on 10/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Fichiers communs\AOL\1178891134\ee\AOLSoftware.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Micro Application\Sécurité Internet\Anti-Hacker\KAVPF.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PimpFish Toolbar Opcode Handler - {29C88E20-4234-41B9-A9DB-982958C95FB1} - C:\Program Files\PimpFish\PimpFish.dll
O2 - BHO: {3113c068-5ef6-833a-f614-949b1c2a4e06} - {60e4a2c1-b949-416f-a338-6fe5860c3113} - C:\WINDOWS\system32\mlquvnvx.dll
O2 - BHO: FloatBar Class - {75B1A646-CDCE-4C06-B52F-84F4463B4FC8} - C:\Program Files\PimpFish\FloatBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: PimpFish - {D593DE91-7B41-45C2-830E-E9A99AB142AA} - C:\Program Files\PimpFish\PimpFish.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1178891134\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kav.exe" /minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccf67066] rundll32.exe "C:\WINDOWS\system32\wormqbqf.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: desktop(2).ini
O4 - Startup: desktop(3)(2).ini
O4 - Startup: desktop(3).ini
O4 - Startup: desktop(4).ini
O4 - Global Startup: Anti-Hacker.lnk = ?
O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL 8.0b\aoltray.exe
O4 - Global Startup: desktop(2)(2)(2).ini
O4 - Global Startup: desktop(2)(2).ini
O4 - Global Startup: desktop(2)(3).ini
O4 - Global Startup: desktop(2).ini
O4 - Global Startup: desktop(3)(2).ini
O4 - Global Startup: desktop(3).ini
O4 - Global Startup: desktop(4).ini
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: PimpFish - Saisir cette image - C:\Program Files\PimpFish\GRABPIC.HTM
O8 - Extra context menu item: PimpFish - Saisir le fichier cible - C:\Program Files\PimpFish\GRABLINK.HTM
O8 - Extra context menu item: PimpFish - Saisir les images auxquelles cette page est reliée - C:\Program Files\PimpFish\GRABPAGELINKS.HTM
O8 - Extra context menu item: PimpFish - Saisir les images sur cette page - C:\Program Files\PimpFish\GRABPAGEPICS.HTM
O8 - Extra context menu item: PimpFish - Saisir les vidéos sur cette page - C:\Program Files\PimpFish\GRABPAGEMOVIES.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O20 - Winlogon Notify: hggedeb - hggedeb.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 9547 bytes
Copie le texte se situant dans le cadre ci-dessous, sans le mot citation :
Citation :
File::C:\WINDOWS\system32\mlquvnvx.dll
C:\WINDOWS\system32\fqbqmrow.ini
C:\WINDOWS\system32\wnlpgoml.dll
C:\WINDOWS\system32\wormqbqf.dll
C:\WINDOWS\system32\yratvfev.ini
C:\WINDOWS\system32\nlouikau.ini
C:\WINDOWS\system32\uakiuoln.dll
C:\WINDOWS\system32\ujamaykd.dll
C:\WINDOWS\system32\dvucfpya.dll
C:\WINDOWS\system32\sgnbnqpb.ini
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\sfvfhgck.ini
C:\WINDOWS\system32\vqetmhdq.dll
C:\WINDOWS\system32\jutskicc.dll
C:\WINDOWS\system32\ywrekoks.dll
C:\WINDOWS\system32\afdakebq.dll
C:\WINDOWS\system32\qtstv.ini2
C:\Documents and Settings\sylvain\f.exe
C:\WINDOWS\system32\wdlrobpr.dll
C:\WINDOWS\system32\wfftemir.dll
C:\WINDOWS\system32\luesctkm.dll
C:\WINDOWS\system32\mktcseul.ini
C:\WINDOWS\system32\vugvfago.dll
C:\WINDOWS\system32\cqluamqe.dll
C:\WINDOWS\system32\ebpegmgm.dll
C:\WINDOWS\b149.exe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60e4a2c1-b949-416f-a338-6fe5860c3113}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccf67066"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggedeb]
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un nouveau rapport Hijackthis.
S'il n'y a pas de redémarrage, poste quand même les rapports.
le rapport
ComboFix 08-03-10.1 - jérôme 2008-03-10 18:01:33.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.105 [GMT 1:00]
Endroit: C:\Documents and Settings\jérôme\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\jÚr¶me\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\sylvain\Local Settings\Application Data\vyjikqxdb.dat
C:\Documents and Settings\sylvain\Local Settings\Application Data\vyjikqxdb.exe
C:\Documents and Settings\sylvain\Local Settings\Application Data\vyjikqxdb_nav.dat
C:\Documents and Settings\sylvain\Local Settings\Application Data\vyjikqxdb_navps.dat
C:\WINDOWS\b149.exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\qtstv.ini2
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-10 to 2008-03-10 ))))))))))))))))))))))))))))))))))))
.
2008-03-10 17:25 . 2008-03-10 17:25 318,025 --a------ C:\catchme2008-03-10_180131,06.zip
2008-03-10 12:30 . 2008-03-10 12:30 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-03-09 18:34 . 2008-03-09 18:34 91,200 --a------ C:\WINDOWS\system32\mlquvnvx.dll
2008-03-09 18:31 . 2008-03-10 05:27 1,308,581 ---hs---- C:\WINDOWS\system32\fqbqmrow.ini
2008-03-09 18:31 . 2008-03-09 18:31 89,664 --a------ C:\WINDOWS\system32\wnlpgoml.dll
2008-03-09 18:31 . 2008-03-09 18:31 86,592 --a------ C:\WINDOWS\system32\wormqbqf.dll
2008-03-09 12:48 . 2008-03-09 12:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-09 12:48 . 2008-03-09 12:48 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-09 00:32 . 2008-03-10 12:30 <REP> d-------- C:\VundoFix Backups
2008-03-09 00:14 . 2008-03-09 00:14 <REP> d-------- C:\Program Files\Trend Micro
2008-03-08 23:19 . 2008-03-08 23:19 <REP> d-------- C:\Program Files\RegCleaner
2008-03-08 21:00 . 2008-03-08 21:00 136,627 --a------ C:\WINDOWS\POTA777444.exe
2008-03-08 18:33 . 2008-03-09 16:03 1,308,401 ---hs---- C:\WINDOWS\system32\yratvfev.ini
2008-03-07 18:35 . 2008-03-08 09:31 2,209,032 ---hs---- C:\WINDOWS\system32\nlouikau.ini
2008-03-07 18:35 . 2008-03-07 18:35 87,104 --a------ C:\WINDOWS\system32\uakiuoln.dll
2008-03-07 18:32 . 2008-03-07 18:32 90,688 --a------ C:\WINDOWS\system32\ujamaykd.dll
2008-03-07 18:28 . 2008-03-07 18:28 88,640 --a------ C:\WINDOWS\system32\dvucfpya.dll
2008-03-06 17:07 . 2008-03-07 18:31 2,345,403 ---hs---- C:\WINDOWS\system32\sgnbnqpb.ini
2008-03-05 17:07 . 2008-03-06 16:54 1,307,614 ---hs---- C:\WINDOWS\system32\sfvfhgck.ini
2008-03-05 17:05 . 2008-03-05 17:05 52,800 --a------ C:\WINDOWS\system32\vqetmhdq.dll
2008-03-05 16:59 . 2008-03-05 16:59 134 --a------ C:\n.bat
2008-03-05 16:58 . 2008-03-05 16:58 40,960 --a------ C:\Documents and Settings\sylvain\f.exe
2008-03-05 16:58 . 2008-03-05 16:58 300 --a------ C:\2488.bat
2008-03-04 21:26 . 2008-03-04 21:26 52,800 --a------ C:\WINDOWS\system32\jutskicc.dll
2008-03-04 20:51 . 2008-03-04 20:51 <REP> d-------- C:\Program Files\Fichiers communs\Stardock
2008-03-04 20:51 . 2008-03-04 20:51 <REP> d-------- C:\Program Files\CONEXANT
2008-03-04 20:51 . 2008-03-04 21:26 <REP> d-------- C:\Program Files\Alcohol Toolbar
2008-03-04 20:50 . 2008-03-04 20:50 <REP> d-------- C:\Program Files\jv16 PowerTools 2008
2008-03-04 20:50 . 2008-03-04 20:50 <REP> d-------- C:\Program Files\DisqudurProtection
2008-03-04 20:09 . 2008-03-04 20:50 <REP> d-------- C:\Program Files\Fichiers communs\DisqudurProtection
2008-03-04 20:09 . 2008-03-04 20:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\disqudurprotection
2008-03-04 20:09 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-03-04 16:56 . 2008-03-04 16:56 52,800 --------- C:\WINDOWS\system32\wdlrobpr.dll
2008-03-04 16:49 . 2008-03-04 16:49 52,800 --------- C:\WINDOWS\system32\wfftemir.dll
2008-03-03 15:54 . 2008-03-04 20:53 <REP> d-------- C:\Program Files\nvcoi
2008-03-02 15:48 . 2008-03-02 15:48 89,664 --------- C:\WINDOWS\system32\ywrekoks.dll
2008-03-02 15:46 . 2008-03-02 15:46 91,712 --------- C:\WINDOWS\system32\afdakebq.dll
2008-03-02 10:26 . 2008-03-02 10:26 300 --a------ C:\9807.bat
2008-03-02 07:55 . 2008-03-02 07:55 85,568 --a------ C:\WINDOWS\system32\luesctkm.dll
2008-03-02 07:55 . 2008-03-02 07:55 74 ---hs---- C:\WINDOWS\system32\mktcseul.ini
2008-03-02 07:52 . 2008-03-02 07:52 89,664 --------- C:\WINDOWS\system32\vugvfago.dll
2008-03-02 07:49 . 2008-03-02 07:49 163,904 --------- C:\WINDOWS\system32\cqluamqe.dll
2008-03-02 07:45 . 2008-03-02 07:45 91,712 --a------ C:\WINDOWS\system32\ebpegmgm.dll
2008-03-01 10:52 . 2008-03-01 10:52 40,960 --a------ C:\Documents and Settings\jérôme\f.exe
2008-03-01 10:52 . 2008-03-01 10:52 40,960 --a------ C:\Documents and Settings\jérôme\f.exe
2008-03-01 10:51 . 2008-03-08 14:34 <REP> d-------- C:\WINDOWS\system32\iDlo18
2008-03-01 10:51 . 2008-03-10 17:15 <REP> d-------- C:\Temp
2008-03-01 10:51 . 2008-03-01 10:51 300 --a------ C:\8116.bat
2008-03-01 09:39 . 2008-03-01 09:39 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-02-29 15:24 . 2008-02-29 15:24 <REP> d-------- C:\Program Files\Neuf
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-10 14:46 --------- d-----w C:\Documents and Settings\sylvain\Application Data\OpenOffice.org2
2008-03-10 11:08 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2008-03-08 17:14 --------- d-----w C:\Program Files\Image-Line
2008-03-08 15:24 --------- d-----w C:\Program Files\VirtualDJ
2008-03-08 15:20 --------- d-----w C:\Program Files\Java
2008-03-08 13:52 --------- d-----w C:\Program Files\NetBattle
2008-03-06 19:19 --------- d-----w C:\Documents and Settings\jérôme\Application Data\Azureus
2008-03-04 19:51 --------- d-----w C:\Program Files\AlienGUIse
2008-03-04 17:55 --------- d-----w C:\Program Files\UBISOFT
2008-03-01 08:44 --------- d-----w C:\Program Files\LimeWire
2008-02-25 09:11 --------- d-----w C:\Documents and Settings\jérôme\Application Data\Apple Computer
2008-02-24 08:50 --------- d-----w C:\Program Files\Bodom-Child - RaBBi
2008-02-24 08:49 --------- d-----w C:\Program Files\Starcraft
2008-02-21 07:40 --------- d-----w C:\Documents and Settings\monika.CARON-93FE8C8F3\Application Data\AOL
2008-02-10 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-01-28 06:44 --------- d-----w C:\Program Files\Datel
2008-01-25 18:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-20 00:45 --------- d-----w C:\Documents and Settings\jérôme\Application Data\OpenOffice.org2
2007-12-27 12:47 286,720 ----a-w C:\WINDOWS\iun507.exe
2007-10-01 11:15 282,628 ----a-w C:\WINDOWS\Fonts\Setup.exe
2007-08-07 10:13 150,966 --sh--w C:\WINDOWS\Resources\Themes\DameK UltraBlue\irunin.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60e4a2c1-b949-416f-a338-6fe5860c3113}]
2008-03-09 18:34 91200 --a------ C:\WINDOWS\system32\mlquvnvx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 14:32 700416]
"WINSOS VERIFY"="C:\Program Files\Winsos\WINSOS.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 14:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-11-02 14:53 77824 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-12-10 15:38 2749440 C:\WINDOWS\ALCWZRD.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-20 13:09 4583424]
"nwiz"="nwiz.exe" [2004-09-20 13:09 921600 C:\WINDOWS\system32\nwiz.exe]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 05:59 878080]
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2007-06-21 11:01 70952]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
"HostManager"="C:\Program Files\Fichiers communs\AOL\1178891134\ee\AOLSoftware.exe" [2006-11-17 14:16 50736]
"EPSON Stylus Photo RX520 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.exe" [2005-04-07 05:00 98304]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 20:33 57344]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-01-05 14:24 26112]
"KAVPersonal50"="C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kav.exe" [2004-11-26 13:32 155751]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"ccf67066"="C:\WINDOWS\system32\wormqbqf.dll" [2008-03-09 18:31 86592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
C:\Documents and Settings\sylvain\Menu D‚marrer\Programmes\D‚marrage\
desktop(2)(2)(2).ini [2007-05-11 13:13:17 84]
desktop(2)(2).ini [2007-05-11 13:13:17 84]
desktop(2)(3).ini [2007-05-11 13:13:17 84]
desktop(2).ini [2007-05-11 13:13:17 84]
desktop(3)(2).ini [2007-05-11 13:13:17 84]
desktop(3).ini [2007-05-11 13:13:17 84]
OpenOffice.org 2.2(2).lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 15:54:56 393216]
OpenOffice.org 2.2(3).lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 15:54:56 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggedeb]
hggedeb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-08-15 19:15 271672 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-01-05 14:24 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 15:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Games\\DUKE3D\\eduke32.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\BitZip\\bitzip.exe"=
"C:\\Program Files\\ZyDAS Technology Corporation\\ZyDAS_802.11g_Utility\\ZDWlan.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\1178891134\\ee\\aolsoftware.exe"=
"C:\\Program Files\\AOL 9.0 VR\\waol.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\System Information\\sinf.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 Klick;Klick;C:\WINDOWS\system32\drivers\klick.sys [2004-11-19 11:11]
R0 Klin;Klin;C:\WINDOWS\system32\drivers\klin.sys [2004-11-19 11:11]
R0 Klpf;Klpf;C:\WINDOWS\system32\drivers\Klpf.sys [2004-11-23 16:38]
R0 Klpid;Klpid;C:\WINDOWS\system32\drivers\Klpid.sys [2004-11-23 16:38]
R1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys [2004-11-26 13:38]
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2004-09-20 06:59]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2004-09-20 06:59]
S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2003-09-05 05:58]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 18:44]
S3 ids0018a;ids0018a;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0018a.sys []
S3 ids00196;ids00196;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00196.sys []
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fbus.sys [2006-11-10 08:55]
S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Fmdfl.sys [2006-11-10 08:55]
S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Fmdm.sys [2006-11-10 08:55]
S3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fmgmt.sys [2006-11-10 08:55]
S3 se2Fnd5;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (NDIS);C:\WINDOWS\system32\DRIVERS\se2Fnd5.sys [2006-11-10 08:55]
S3 SE2Fobex;Sony Ericsson Device 047 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Fobex.sys [2006-11-10 08:55]
S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);C:\WINDOWS\system32\DRIVERS\se2Funic.sys [2006-11-10 08:55]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-08-17 14:43]
*Newly Created Service* - KLSTM
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 18:04:42
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 4228
**************************************************************************
.
Temps d'accomplissement: 2008-03-10 18:07:43
ComboFix-quarantined-files.txt 2008-03-10 17:07:29
ComboFix2.txt 2008-03-10 16:40:20
.
2008-02-17 19:27:43 --- E O F ---
el le nouveau Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:09:59, on 10/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Fichiers communs\AOL\1178891134\ee\AOLSoftware.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Micro Application\Sécurité Internet\Anti-Hacker\KAVPF.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PimpFish Toolbar Opcode Handler - {29C88E20-4234-41B9-A9DB-982958C95FB1} - C:\Program Files\PimpFish\PimpFish.dll
O2 - BHO: {3113c068-5ef6-833a-f614-949b1c2a4e06} - {60e4a2c1-b949-416f-a338-6fe5860c3113} - C:\WINDOWS\system32\mlquvnvx.dll
O2 - BHO: FloatBar Class - {75B1A646-CDCE-4C06-B52F-84F4463B4FC8} - C:\Program Files\PimpFish\FloatBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: PimpFish - {D593DE91-7B41-45C2-830E-E9A99AB142AA} - C:\Program Files\PimpFish\PimpFish.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1178891134\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kav.exe" /minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccf67066] rundll32.exe "C:\WINDOWS\system32\wormqbqf.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: desktop(2).ini
O4 - Startup: desktop(3)(2).ini
O4 - Startup: desktop(3).ini
O4 - Startup: desktop(4).ini
O4 - Global Startup: Anti-Hacker.lnk = ?
O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL 8.0b\aoltray.exe
O4 - Global Startup: desktop(2)(2)(2).ini
O4 - Global Startup: desktop(2)(2).ini
O4 - Global Startup: desktop(2)(3).ini
O4 - Global Startup: desktop(2).ini
O4 - Global Startup: desktop(3)(2).ini
O4 - Global Startup: desktop(3).ini
O4 - Global Startup: desktop(4).ini
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: PimpFish - Saisir cette image - C:\Program Files\PimpFish\GRABPIC.HTM
O8 - Extra context menu item: PimpFish - Saisir le fichier cible - C:\Program Files\PimpFish\GRABLINK.HTM
O8 - Extra context menu item: PimpFish - Saisir les images auxquelles cette page est reliée - C:\Program Files\PimpFish\GRABPAGELINKS.HTM
O8 - Extra context menu item: PimpFish - Saisir les images sur cette page - C:\Program Files\PimpFish\GRABPAGEPICS.HTM
O8 - Extra context menu item: PimpFish - Saisir les vidéos sur cette page - C:\Program Files\PimpFish\GRABPAGEMOVIES.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O20 - Winlogon Notify: hggedeb - hggedeb.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 9459 bytes
ComboFix 08-03-10.1 - jérôme 2008-03-10 18:01:33.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.105 [GMT 1:00]
Endroit: C:\Documents and Settings\jérôme\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\jÚr¶me\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\sylvain\Local Settings\Application Data\vyjikqxdb.dat
C:\Documents and Settings\sylvain\Local Settings\Application Data\vyjikqxdb.exe
C:\Documents and Settings\sylvain\Local Settings\Application Data\vyjikqxdb_nav.dat
C:\Documents and Settings\sylvain\Local Settings\Application Data\vyjikqxdb_navps.dat
C:\WINDOWS\b149.exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\qtstv.ini2
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-10 to 2008-03-10 ))))))))))))))))))))))))))))))))))))
.
2008-03-10 17:25 . 2008-03-10 17:25 318,025 --a------ C:\catchme2008-03-10_180131,06.zip
2008-03-10 12:30 . 2008-03-10 12:30 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-03-09 18:34 . 2008-03-09 18:34 91,200 --a------ C:\WINDOWS\system32\mlquvnvx.dll
2008-03-09 18:31 . 2008-03-10 05:27 1,308,581 ---hs---- C:\WINDOWS\system32\fqbqmrow.ini
2008-03-09 18:31 . 2008-03-09 18:31 89,664 --a------ C:\WINDOWS\system32\wnlpgoml.dll
2008-03-09 18:31 . 2008-03-09 18:31 86,592 --a------ C:\WINDOWS\system32\wormqbqf.dll
2008-03-09 12:48 . 2008-03-09 12:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-09 12:48 . 2008-03-09 12:48 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-09 00:32 . 2008-03-10 12:30 <REP> d-------- C:\VundoFix Backups
2008-03-09 00:14 . 2008-03-09 00:14 <REP> d-------- C:\Program Files\Trend Micro
2008-03-08 23:19 . 2008-03-08 23:19 <REP> d-------- C:\Program Files\RegCleaner
2008-03-08 21:00 . 2008-03-08 21:00 136,627 --a------ C:\WINDOWS\POTA777444.exe
2008-03-08 18:33 . 2008-03-09 16:03 1,308,401 ---hs---- C:\WINDOWS\system32\yratvfev.ini
2008-03-07 18:35 . 2008-03-08 09:31 2,209,032 ---hs---- C:\WINDOWS\system32\nlouikau.ini
2008-03-07 18:35 . 2008-03-07 18:35 87,104 --a------ C:\WINDOWS\system32\uakiuoln.dll
2008-03-07 18:32 . 2008-03-07 18:32 90,688 --a------ C:\WINDOWS\system32\ujamaykd.dll
2008-03-07 18:28 . 2008-03-07 18:28 88,640 --a------ C:\WINDOWS\system32\dvucfpya.dll
2008-03-06 17:07 . 2008-03-07 18:31 2,345,403 ---hs---- C:\WINDOWS\system32\sgnbnqpb.ini
2008-03-05 17:07 . 2008-03-06 16:54 1,307,614 ---hs---- C:\WINDOWS\system32\sfvfhgck.ini
2008-03-05 17:05 . 2008-03-05 17:05 52,800 --a------ C:\WINDOWS\system32\vqetmhdq.dll
2008-03-05 16:59 . 2008-03-05 16:59 134 --a------ C:\n.bat
2008-03-05 16:58 . 2008-03-05 16:58 40,960 --a------ C:\Documents and Settings\sylvain\f.exe
2008-03-05 16:58 . 2008-03-05 16:58 300 --a------ C:\2488.bat
2008-03-04 21:26 . 2008-03-04 21:26 52,800 --a------ C:\WINDOWS\system32\jutskicc.dll
2008-03-04 20:51 . 2008-03-04 20:51 <REP> d-------- C:\Program Files\Fichiers communs\Stardock
2008-03-04 20:51 . 2008-03-04 20:51 <REP> d-------- C:\Program Files\CONEXANT
2008-03-04 20:51 . 2008-03-04 21:26 <REP> d-------- C:\Program Files\Alcohol Toolbar
2008-03-04 20:50 . 2008-03-04 20:50 <REP> d-------- C:\Program Files\jv16 PowerTools 2008
2008-03-04 20:50 . 2008-03-04 20:50 <REP> d-------- C:\Program Files\DisqudurProtection
2008-03-04 20:09 . 2008-03-04 20:50 <REP> d-------- C:\Program Files\Fichiers communs\DisqudurProtection
2008-03-04 20:09 . 2008-03-04 20:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\disqudurprotection
2008-03-04 20:09 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-03-04 16:56 . 2008-03-04 16:56 52,800 --------- C:\WINDOWS\system32\wdlrobpr.dll
2008-03-04 16:49 . 2008-03-04 16:49 52,800 --------- C:\WINDOWS\system32\wfftemir.dll
2008-03-03 15:54 . 2008-03-04 20:53 <REP> d-------- C:\Program Files\nvcoi
2008-03-02 15:48 . 2008-03-02 15:48 89,664 --------- C:\WINDOWS\system32\ywrekoks.dll
2008-03-02 15:46 . 2008-03-02 15:46 91,712 --------- C:\WINDOWS\system32\afdakebq.dll
2008-03-02 10:26 . 2008-03-02 10:26 300 --a------ C:\9807.bat
2008-03-02 07:55 . 2008-03-02 07:55 85,568 --a------ C:\WINDOWS\system32\luesctkm.dll
2008-03-02 07:55 . 2008-03-02 07:55 74 ---hs---- C:\WINDOWS\system32\mktcseul.ini
2008-03-02 07:52 . 2008-03-02 07:52 89,664 --------- C:\WINDOWS\system32\vugvfago.dll
2008-03-02 07:49 . 2008-03-02 07:49 163,904 --------- C:\WINDOWS\system32\cqluamqe.dll
2008-03-02 07:45 . 2008-03-02 07:45 91,712 --a------ C:\WINDOWS\system32\ebpegmgm.dll
2008-03-01 10:52 . 2008-03-01 10:52 40,960 --a------ C:\Documents and Settings\jérôme\f.exe
2008-03-01 10:52 . 2008-03-01 10:52 40,960 --a------ C:\Documents and Settings\jérôme\f.exe
2008-03-01 10:51 . 2008-03-08 14:34 <REP> d-------- C:\WINDOWS\system32\iDlo18
2008-03-01 10:51 . 2008-03-10 17:15 <REP> d-------- C:\Temp
2008-03-01 10:51 . 2008-03-01 10:51 300 --a------ C:\8116.bat
2008-03-01 09:39 . 2008-03-01 09:39 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-02-29 15:24 . 2008-02-29 15:24 <REP> d-------- C:\Program Files\Neuf
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-10 14:46 --------- d-----w C:\Documents and Settings\sylvain\Application Data\OpenOffice.org2
2008-03-10 11:08 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2008-03-08 17:14 --------- d-----w C:\Program Files\Image-Line
2008-03-08 15:24 --------- d-----w C:\Program Files\VirtualDJ
2008-03-08 15:20 --------- d-----w C:\Program Files\Java
2008-03-08 13:52 --------- d-----w C:\Program Files\NetBattle
2008-03-06 19:19 --------- d-----w C:\Documents and Settings\jérôme\Application Data\Azureus
2008-03-04 19:51 --------- d-----w C:\Program Files\AlienGUIse
2008-03-04 17:55 --------- d-----w C:\Program Files\UBISOFT
2008-03-01 08:44 --------- d-----w C:\Program Files\LimeWire
2008-02-25 09:11 --------- d-----w C:\Documents and Settings\jérôme\Application Data\Apple Computer
2008-02-24 08:50 --------- d-----w C:\Program Files\Bodom-Child - RaBBi
2008-02-24 08:49 --------- d-----w C:\Program Files\Starcraft
2008-02-21 07:40 --------- d-----w C:\Documents and Settings\monika.CARON-93FE8C8F3\Application Data\AOL
2008-02-10 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-01-28 06:44 --------- d-----w C:\Program Files\Datel
2008-01-25 18:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-20 00:45 --------- d-----w C:\Documents and Settings\jérôme\Application Data\OpenOffice.org2
2007-12-27 12:47 286,720 ----a-w C:\WINDOWS\iun507.exe
2007-10-01 11:15 282,628 ----a-w C:\WINDOWS\Fonts\Setup.exe
2007-08-07 10:13 150,966 --sh--w C:\WINDOWS\Resources\Themes\DameK UltraBlue\irunin.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60e4a2c1-b949-416f-a338-6fe5860c3113}]
2008-03-09 18:34 91200 --a------ C:\WINDOWS\system32\mlquvnvx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 14:32 700416]
"WINSOS VERIFY"="C:\Program Files\Winsos\WINSOS.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 14:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-11-02 14:53 77824 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-12-10 15:38 2749440 C:\WINDOWS\ALCWZRD.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-20 13:09 4583424]
"nwiz"="nwiz.exe" [2004-09-20 13:09 921600 C:\WINDOWS\system32\nwiz.exe]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 05:59 878080]
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2007-06-21 11:01 70952]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
"HostManager"="C:\Program Files\Fichiers communs\AOL\1178891134\ee\AOLSoftware.exe" [2006-11-17 14:16 50736]
"EPSON Stylus Photo RX520 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.exe" [2005-04-07 05:00 98304]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 20:33 57344]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-01-05 14:24 26112]
"KAVPersonal50"="C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kav.exe" [2004-11-26 13:32 155751]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"ccf67066"="C:\WINDOWS\system32\wormqbqf.dll" [2008-03-09 18:31 86592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
C:\Documents and Settings\sylvain\Menu D‚marrer\Programmes\D‚marrage\
desktop(2)(2)(2).ini [2007-05-11 13:13:17 84]
desktop(2)(2).ini [2007-05-11 13:13:17 84]
desktop(2)(3).ini [2007-05-11 13:13:17 84]
desktop(2).ini [2007-05-11 13:13:17 84]
desktop(3)(2).ini [2007-05-11 13:13:17 84]
desktop(3).ini [2007-05-11 13:13:17 84]
OpenOffice.org 2.2(2).lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 15:54:56 393216]
OpenOffice.org 2.2(3).lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 15:54:56 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggedeb]
hggedeb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-08-15 19:15 271672 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-01-05 14:24 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 15:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Games\\DUKE3D\\eduke32.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\BitZip\\bitzip.exe"=
"C:\\Program Files\\ZyDAS Technology Corporation\\ZyDAS_802.11g_Utility\\ZDWlan.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\1178891134\\ee\\aolsoftware.exe"=
"C:\\Program Files\\AOL 9.0 VR\\waol.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\System Information\\sinf.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 Klick;Klick;C:\WINDOWS\system32\drivers\klick.sys [2004-11-19 11:11]
R0 Klin;Klin;C:\WINDOWS\system32\drivers\klin.sys [2004-11-19 11:11]
R0 Klpf;Klpf;C:\WINDOWS\system32\drivers\Klpf.sys [2004-11-23 16:38]
R0 Klpid;Klpid;C:\WINDOWS\system32\drivers\Klpid.sys [2004-11-23 16:38]
R1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys [2004-11-26 13:38]
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2004-09-20 06:59]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2004-09-20 06:59]
S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2003-09-05 05:58]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 18:44]
S3 ids0018a;ids0018a;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0018a.sys []
S3 ids00196;ids00196;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00196.sys []
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fbus.sys [2006-11-10 08:55]
S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Fmdfl.sys [2006-11-10 08:55]
S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Fmdm.sys [2006-11-10 08:55]
S3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fmgmt.sys [2006-11-10 08:55]
S3 se2Fnd5;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (NDIS);C:\WINDOWS\system32\DRIVERS\se2Fnd5.sys [2006-11-10 08:55]
S3 SE2Fobex;Sony Ericsson Device 047 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Fobex.sys [2006-11-10 08:55]
S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);C:\WINDOWS\system32\DRIVERS\se2Funic.sys [2006-11-10 08:55]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-08-17 14:43]
*Newly Created Service* - KLSTM
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 18:04:42
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 4228
**************************************************************************
.
Temps d'accomplissement: 2008-03-10 18:07:43
ComboFix-quarantined-files.txt 2008-03-10 17:07:29
ComboFix2.txt 2008-03-10 16:40:20
.
2008-02-17 19:27:43 --- E O F ---
el le nouveau Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:09:59, on 10/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Fichiers communs\AOL\1178891134\ee\AOLSoftware.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Micro Application\Sécurité Internet\Anti-Hacker\KAVPF.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PimpFish Toolbar Opcode Handler - {29C88E20-4234-41B9-A9DB-982958C95FB1} - C:\Program Files\PimpFish\PimpFish.dll
O2 - BHO: {3113c068-5ef6-833a-f614-949b1c2a4e06} - {60e4a2c1-b949-416f-a338-6fe5860c3113} - C:\WINDOWS\system32\mlquvnvx.dll
O2 - BHO: FloatBar Class - {75B1A646-CDCE-4C06-B52F-84F4463B4FC8} - C:\Program Files\PimpFish\FloatBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: PimpFish - {D593DE91-7B41-45C2-830E-E9A99AB142AA} - C:\Program Files\PimpFish\PimpFish.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1178891134\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kav.exe" /minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccf67066] rundll32.exe "C:\WINDOWS\system32\wormqbqf.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: desktop(2).ini
O4 - Startup: desktop(3)(2).ini
O4 - Startup: desktop(3).ini
O4 - Startup: desktop(4).ini
O4 - Global Startup: Anti-Hacker.lnk = ?
O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL 8.0b\aoltray.exe
O4 - Global Startup: desktop(2)(2)(2).ini
O4 - Global Startup: desktop(2)(2).ini
O4 - Global Startup: desktop(2)(3).ini
O4 - Global Startup: desktop(2).ini
O4 - Global Startup: desktop(3)(2).ini
O4 - Global Startup: desktop(3).ini
O4 - Global Startup: desktop(4).ini
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: PimpFish - Saisir cette image - C:\Program Files\PimpFish\GRABPIC.HTM
O8 - Extra context menu item: PimpFish - Saisir le fichier cible - C:\Program Files\PimpFish\GRABLINK.HTM
O8 - Extra context menu item: PimpFish - Saisir les images auxquelles cette page est reliée - C:\Program Files\PimpFish\GRABPAGELINKS.HTM
O8 - Extra context menu item: PimpFish - Saisir les images sur cette page - C:\Program Files\PimpFish\GRABPAGEPICS.HTM
O8 - Extra context menu item: PimpFish - Saisir les vidéos sur cette page - C:\Program Files\PimpFish\GRABPAGEMOVIES.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O20 - Winlogon Notify: hggedeb - hggedeb.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 9459 bytes
ComboFix 08-03-10.1 - jérôme 2008-03-10 18:17:13.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.109 [GMT 1:00]
Endroit: C:\Documents and Settings\jérôme\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\jÚr¶me\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-10 to 2008-03-10 ))))))))))))))))))))))))))))))))))))
.
2008-03-10 17:25 . 2008-03-10 17:25 318,025 --a------ C:\catchme2008-03-10_180131,06.zip
2008-03-10 12:30 . 2008-03-10 12:30 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-03-09 18:34 . 2008-03-09 18:34 91,200 --a------ C:\WINDOWS\system32\mlquvnvx.dll
2008-03-09 18:31 . 2008-03-10 05:27 1,308,581 ---hs---- C:\WINDOWS\system32\fqbqmrow.ini
2008-03-09 18:31 . 2008-03-09 18:31 89,664 --a------ C:\WINDOWS\system32\wnlpgoml.dll
2008-03-09 18:31 . 2008-03-09 18:31 86,592 --a------ C:\WINDOWS\system32\wormqbqf.dll
2008-03-09 12:48 . 2008-03-09 12:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-09 12:48 . 2008-03-09 12:48 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-09 00:32 . 2008-03-10 12:30 <REP> d-------- C:\VundoFix Backups
2008-03-09 00:14 . 2008-03-09 00:14 <REP> d-------- C:\Program Files\Trend Micro
2008-03-08 23:19 . 2008-03-08 23:19 <REP> d-------- C:\Program Files\RegCleaner
2008-03-08 21:00 . 2008-03-08 21:00 136,627 --a------ C:\WINDOWS\POTA777444.exe
2008-03-08 18:33 . 2008-03-09 16:03 1,308,401 ---hs---- C:\WINDOWS\system32\yratvfev.ini
2008-03-07 18:35 . 2008-03-08 09:31 2,209,032 ---hs---- C:\WINDOWS\system32\nlouikau.ini
2008-03-07 18:35 . 2008-03-07 18:35 87,104 --a------ C:\WINDOWS\system32\uakiuoln.dll
2008-03-07 18:32 . 2008-03-07 18:32 90,688 --a------ C:\WINDOWS\system32\ujamaykd.dll
2008-03-07 18:28 . 2008-03-07 18:28 88,640 --a------ C:\WINDOWS\system32\dvucfpya.dll
2008-03-06 17:07 . 2008-03-07 18:31 2,345,403 ---hs---- C:\WINDOWS\system32\sgnbnqpb.ini
2008-03-05 17:07 . 2008-03-06 16:54 1,307,614 ---hs---- C:\WINDOWS\system32\sfvfhgck.ini
2008-03-05 17:05 . 2008-03-05 17:05 52,800 --a------ C:\WINDOWS\system32\vqetmhdq.dll
2008-03-05 16:59 . 2008-03-05 16:59 134 --a------ C:\n.bat
2008-03-05 16:58 . 2008-03-05 16:58 40,960 --a------ C:\Documents and Settings\sylvain\f.exe
2008-03-05 16:58 . 2008-03-05 16:58 300 --a------ C:\2488.bat
2008-03-04 21:26 . 2008-03-04 21:26 52,800 --a------ C:\WINDOWS\system32\jutskicc.dll
2008-03-04 20:51 . 2008-03-04 20:51 <REP> d-------- C:\Program Files\Fichiers communs\Stardock
2008-03-04 20:51 . 2008-03-04 20:51 <REP> d-------- C:\Program Files\CONEXANT
2008-03-04 20:51 . 2008-03-04 21:26 <REP> d-------- C:\Program Files\Alcohol Toolbar
2008-03-04 20:50 . 2008-03-04 20:50 <REP> d-------- C:\Program Files\jv16 PowerTools 2008
2008-03-04 20:50 . 2008-03-04 20:50 <REP> d-------- C:\Program Files\DisqudurProtection
2008-03-04 20:09 . 2008-03-04 20:50 <REP> d-------- C:\Program Files\Fichiers communs\DisqudurProtection
2008-03-04 20:09 . 2008-03-04 20:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\disqudurprotection
2008-03-04 20:09 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-03-04 16:56 . 2008-03-04 16:56 52,800 --------- C:\WINDOWS\system32\wdlrobpr.dll
2008-03-04 16:49 . 2008-03-04 16:49 52,800 --------- C:\WINDOWS\system32\wfftemir.dll
2008-03-03 15:54 . 2008-03-04 20:53 <REP> d-------- C:\Program Files\nvcoi
2008-03-02 15:48 . 2008-03-02 15:48 89,664 --------- C:\WINDOWS\system32\ywrekoks.dll
2008-03-02 15:46 . 2008-03-02 15:46 91,712 --------- C:\WINDOWS\system32\afdakebq.dll
2008-03-02 10:26 . 2008-03-02 10:26 300 --a------ C:\9807.bat
2008-03-02 07:55 . 2008-03-02 07:55 85,568 --a------ C:\WINDOWS\system32\luesctkm.dll
2008-03-02 07:55 . 2008-03-02 07:55 74 ---hs---- C:\WINDOWS\system32\mktcseul.ini
2008-03-02 07:52 . 2008-03-02 07:52 89,664 --------- C:\WINDOWS\system32\vugvfago.dll
2008-03-02 07:49 . 2008-03-02 07:49 163,904 --------- C:\WINDOWS\system32\cqluamqe.dll
2008-03-02 07:45 . 2008-03-02 07:45 91,712 --a------ C:\WINDOWS\system32\ebpegmgm.dll
2008-03-01 10:52 . 2008-03-01 10:52 40,960 --a------ C:\Documents and Settings\jérôme\f.exe
2008-03-01 10:52 . 2008-03-01 10:52 40,960 --a------ C:\Documents and Settings\jérôme\f.exe
2008-03-01 10:51 . 2008-03-08 14:34 <REP> d-------- C:\WINDOWS\system32\iDlo18
2008-03-01 10:51 . 2008-03-10 17:15 <REP> d-------- C:\Temp
2008-03-01 10:51 . 2008-03-01 10:51 300 --a------ C:\8116.bat
2008-03-01 09:39 . 2008-03-01 09:39 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-02-29 15:24 . 2008-02-29 15:24 <REP> d-------- C:\Program Files\Neuf
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-10 14:46 --------- d-----w C:\Documents and Settings\sylvain\Application Data\OpenOffice.org2
2008-03-10 11:08 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2008-03-08 17:14 --------- d-----w C:\Program Files\Image-Line
2008-03-08 15:24 --------- d-----w C:\Program Files\VirtualDJ
2008-03-08 15:20 --------- d-----w C:\Program Files\Java
2008-03-08 13:52 --------- d-----w C:\Program Files\NetBattle
2008-03-06 19:19 --------- d-----w C:\Documents and Settings\jérôme\Application Data\Azureus
2008-03-04 19:51 --------- d-----w C:\Program Files\AlienGUIse
2008-03-04 17:55 --------- d-----w C:\Program Files\UBISOFT
2008-03-01 08:44 --------- d-----w C:\Program Files\LimeWire
2008-02-25 09:11 --------- d-----w C:\Documents and Settings\jérôme\Application Data\Apple Computer
2008-02-24 08:50 --------- d-----w C:\Program Files\Bodom-Child - RaBBi
2008-02-24 08:49 --------- d-----w C:\Program Files\Starcraft
2008-02-21 07:40 --------- d-----w C:\Documents and Settings\monika.CARON-93FE8C8F3\Application Data\AOL
2008-02-10 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-01-28 06:44 --------- d-----w C:\Program Files\Datel
2008-01-25 18:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-20 00:45 --------- d-----w C:\Documents and Settings\jérôme\Application Data\OpenOffice.org2
2007-12-27 12:47 286,720 ----a-w C:\WINDOWS\iun507.exe
2007-10-01 11:15 282,628 ----a-w C:\WINDOWS\Fonts\Setup.exe
2007-08-07 10:13 150,966 --sh--w C:\WINDOWS\Resources\Themes\DameK UltraBlue\irunin.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60e4a2c1-b949-416f-a338-6fe5860c3113}]
2008-03-09 18:34 91200 --a------ C:\WINDOWS\system32\mlquvnvx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 14:32 700416]
"WINSOS VERIFY"="C:\Program Files\Winsos\WINSOS.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 14:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-11-02 14:53 77824 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-12-10 15:38 2749440 C:\WINDOWS\ALCWZRD.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-20 13:09 4583424]
"nwiz"="nwiz.exe" [2004-09-20 13:09 921600 C:\WINDOWS\system32\nwiz.exe]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 05:59 878080]
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2007-06-21 11:01 70952]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
"HostManager"="C:\Program Files\Fichiers communs\AOL\1178891134\ee\AOLSoftware.exe" [2006-11-17 14:16 50736]
"EPSON Stylus Photo RX520 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.exe" [2005-04-07 05:00 98304]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 20:33 57344]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-01-05 14:24 26112]
"KAVPersonal50"="C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kav.exe" [2004-11-26 13:32 155751]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"ccf67066"="C:\WINDOWS\system32\wormqbqf.dll" [2008-03-09 18:31 86592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
C:\Documents and Settings\sylvain\Menu D‚marrer\Programmes\D‚marrage\
desktop(2)(2)(2).ini [2007-05-11 13:13:17 84]
desktop(2)(2).ini [2007-05-11 13:13:17 84]
desktop(2)(3).ini [2007-05-11 13:13:17 84]
desktop(2).ini [2007-05-11 13:13:17 84]
desktop(3)(2).ini [2007-05-11 13:13:17 84]
desktop(3).ini [2007-05-11 13:13:17 84]
OpenOffice.org 2.2(2).lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 15:54:56 393216]
OpenOffice.org 2.2(3).lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 15:54:56 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggedeb]
hggedeb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-08-15 19:15 271672 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-01-05 14:24 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 15:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Games\\DUKE3D\\eduke32.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\BitZip\\bitzip.exe"=
"C:\\Program Files\\ZyDAS Technology Corporation\\ZyDAS_802.11g_Utility\\ZDWlan.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\1178891134\\ee\\aolsoftware.exe"=
"C:\\Program Files\\AOL 9.0 VR\\waol.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\System Information\\sinf.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 Klick;Klick;C:\WINDOWS\system32\drivers\klick.sys [2004-11-19 11:11]
R0 Klin;Klin;C:\WINDOWS\system32\drivers\klin.sys [2004-11-19 11:11]
R0 Klpf;Klpf;C:\WINDOWS\system32\drivers\Klpf.sys [2004-11-23 16:38]
R0 Klpid;Klpid;C:\WINDOWS\system32\drivers\Klpid.sys [2004-11-23 16:38]
R1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys [2004-11-26 13:38]
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2004-09-20 06:59]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2004-09-20 06:59]
R3 ids00026;ids00026;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys [2004-11-19 13:10]
R3 klstm;klstm;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\klstm.sys [2004-11-19 13:12]
S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2003-09-05 05:58]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 18:44]
S3 ids0018a;ids0018a;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0018a.sys []
S3 ids00196;ids00196;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00196.sys []
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fbus.sys [2006-11-10 08:55]
S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Fmdfl.sys [2006-11-10 08:55]
S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Fmdm.sys [2006-11-10 08:55]
S3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fmgmt.sys [2006-11-10 08:55]
S3 se2Fnd5;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (NDIS);C:\WINDOWS\system32\DRIVERS\se2Fnd5.sys [2006-11-10 08:55]
S3 SE2Fobex;Sony Ericsson Device 047 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Fobex.sys [2006-11-10 08:55]
S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);C:\WINDOWS\system32\DRIVERS\se2Funic.sys [2006-11-10 08:55]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-08-17 14:43]
*Newly Created Service* - IDS00026
*Newly Created Service* - KLSTM
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 18:20:41
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
**************************************************************************
.
Temps d'accomplissement: 2008-03-10 18:24:02
ComboFix-quarantined-files.txt 2008-03-10 17:23:06
ComboFix2.txt 2008-03-10 17:07:44
ComboFix3.txt 2008-03-10 16:40:20
.
2008-02-17 19:27:43 --- E O F ---
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.109 [GMT 1:00]
Endroit: C:\Documents and Settings\jérôme\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\jÚr¶me\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-10 to 2008-03-10 ))))))))))))))))))))))))))))))))))))
.
2008-03-10 17:25 . 2008-03-10 17:25 318,025 --a------ C:\catchme2008-03-10_180131,06.zip
2008-03-10 12:30 . 2008-03-10 12:30 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-03-09 18:34 . 2008-03-09 18:34 91,200 --a------ C:\WINDOWS\system32\mlquvnvx.dll
2008-03-09 18:31 . 2008-03-10 05:27 1,308,581 ---hs---- C:\WINDOWS\system32\fqbqmrow.ini
2008-03-09 18:31 . 2008-03-09 18:31 89,664 --a------ C:\WINDOWS\system32\wnlpgoml.dll
2008-03-09 18:31 . 2008-03-09 18:31 86,592 --a------ C:\WINDOWS\system32\wormqbqf.dll
2008-03-09 12:48 . 2008-03-09 12:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-09 12:48 . 2008-03-09 12:48 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-09 00:32 . 2008-03-10 12:30 <REP> d-------- C:\VundoFix Backups
2008-03-09 00:14 . 2008-03-09 00:14 <REP> d-------- C:\Program Files\Trend Micro
2008-03-08 23:19 . 2008-03-08 23:19 <REP> d-------- C:\Program Files\RegCleaner
2008-03-08 21:00 . 2008-03-08 21:00 136,627 --a------ C:\WINDOWS\POTA777444.exe
2008-03-08 18:33 . 2008-03-09 16:03 1,308,401 ---hs---- C:\WINDOWS\system32\yratvfev.ini
2008-03-07 18:35 . 2008-03-08 09:31 2,209,032 ---hs---- C:\WINDOWS\system32\nlouikau.ini
2008-03-07 18:35 . 2008-03-07 18:35 87,104 --a------ C:\WINDOWS\system32\uakiuoln.dll
2008-03-07 18:32 . 2008-03-07 18:32 90,688 --a------ C:\WINDOWS\system32\ujamaykd.dll
2008-03-07 18:28 . 2008-03-07 18:28 88,640 --a------ C:\WINDOWS\system32\dvucfpya.dll
2008-03-06 17:07 . 2008-03-07 18:31 2,345,403 ---hs---- C:\WINDOWS\system32\sgnbnqpb.ini
2008-03-05 17:07 . 2008-03-06 16:54 1,307,614 ---hs---- C:\WINDOWS\system32\sfvfhgck.ini
2008-03-05 17:05 . 2008-03-05 17:05 52,800 --a------ C:\WINDOWS\system32\vqetmhdq.dll
2008-03-05 16:59 . 2008-03-05 16:59 134 --a------ C:\n.bat
2008-03-05 16:58 . 2008-03-05 16:58 40,960 --a------ C:\Documents and Settings\sylvain\f.exe
2008-03-05 16:58 . 2008-03-05 16:58 300 --a------ C:\2488.bat
2008-03-04 21:26 . 2008-03-04 21:26 52,800 --a------ C:\WINDOWS\system32\jutskicc.dll
2008-03-04 20:51 . 2008-03-04 20:51 <REP> d-------- C:\Program Files\Fichiers communs\Stardock
2008-03-04 20:51 . 2008-03-04 20:51 <REP> d-------- C:\Program Files\CONEXANT
2008-03-04 20:51 . 2008-03-04 21:26 <REP> d-------- C:\Program Files\Alcohol Toolbar
2008-03-04 20:50 . 2008-03-04 20:50 <REP> d-------- C:\Program Files\jv16 PowerTools 2008
2008-03-04 20:50 . 2008-03-04 20:50 <REP> d-------- C:\Program Files\DisqudurProtection
2008-03-04 20:09 . 2008-03-04 20:50 <REP> d-------- C:\Program Files\Fichiers communs\DisqudurProtection
2008-03-04 20:09 . 2008-03-04 20:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\disqudurprotection
2008-03-04 20:09 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-03-04 16:56 . 2008-03-04 16:56 52,800 --------- C:\WINDOWS\system32\wdlrobpr.dll
2008-03-04 16:49 . 2008-03-04 16:49 52,800 --------- C:\WINDOWS\system32\wfftemir.dll
2008-03-03 15:54 . 2008-03-04 20:53 <REP> d-------- C:\Program Files\nvcoi
2008-03-02 15:48 . 2008-03-02 15:48 89,664 --------- C:\WINDOWS\system32\ywrekoks.dll
2008-03-02 15:46 . 2008-03-02 15:46 91,712 --------- C:\WINDOWS\system32\afdakebq.dll
2008-03-02 10:26 . 2008-03-02 10:26 300 --a------ C:\9807.bat
2008-03-02 07:55 . 2008-03-02 07:55 85,568 --a------ C:\WINDOWS\system32\luesctkm.dll
2008-03-02 07:55 . 2008-03-02 07:55 74 ---hs---- C:\WINDOWS\system32\mktcseul.ini
2008-03-02 07:52 . 2008-03-02 07:52 89,664 --------- C:\WINDOWS\system32\vugvfago.dll
2008-03-02 07:49 . 2008-03-02 07:49 163,904 --------- C:\WINDOWS\system32\cqluamqe.dll
2008-03-02 07:45 . 2008-03-02 07:45 91,712 --a------ C:\WINDOWS\system32\ebpegmgm.dll
2008-03-01 10:52 . 2008-03-01 10:52 40,960 --a------ C:\Documents and Settings\jérôme\f.exe
2008-03-01 10:52 . 2008-03-01 10:52 40,960 --a------ C:\Documents and Settings\jérôme\f.exe
2008-03-01 10:51 . 2008-03-08 14:34 <REP> d-------- C:\WINDOWS\system32\iDlo18
2008-03-01 10:51 . 2008-03-10 17:15 <REP> d-------- C:\Temp
2008-03-01 10:51 . 2008-03-01 10:51 300 --a------ C:\8116.bat
2008-03-01 09:39 . 2008-03-01 09:39 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-02-29 15:24 . 2008-02-29 15:24 <REP> d-------- C:\Program Files\Neuf
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-10 14:46 --------- d-----w C:\Documents and Settings\sylvain\Application Data\OpenOffice.org2
2008-03-10 11:08 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2008-03-08 17:14 --------- d-----w C:\Program Files\Image-Line
2008-03-08 15:24 --------- d-----w C:\Program Files\VirtualDJ
2008-03-08 15:20 --------- d-----w C:\Program Files\Java
2008-03-08 13:52 --------- d-----w C:\Program Files\NetBattle
2008-03-06 19:19 --------- d-----w C:\Documents and Settings\jérôme\Application Data\Azureus
2008-03-04 19:51 --------- d-----w C:\Program Files\AlienGUIse
2008-03-04 17:55 --------- d-----w C:\Program Files\UBISOFT
2008-03-01 08:44 --------- d-----w C:\Program Files\LimeWire
2008-02-25 09:11 --------- d-----w C:\Documents and Settings\jérôme\Application Data\Apple Computer
2008-02-24 08:50 --------- d-----w C:\Program Files\Bodom-Child - RaBBi
2008-02-24 08:49 --------- d-----w C:\Program Files\Starcraft
2008-02-21 07:40 --------- d-----w C:\Documents and Settings\monika.CARON-93FE8C8F3\Application Data\AOL
2008-02-10 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-01-28 06:44 --------- d-----w C:\Program Files\Datel
2008-01-25 18:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-20 00:45 --------- d-----w C:\Documents and Settings\jérôme\Application Data\OpenOffice.org2
2007-12-27 12:47 286,720 ----a-w C:\WINDOWS\iun507.exe
2007-10-01 11:15 282,628 ----a-w C:\WINDOWS\Fonts\Setup.exe
2007-08-07 10:13 150,966 --sh--w C:\WINDOWS\Resources\Themes\DameK UltraBlue\irunin.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60e4a2c1-b949-416f-a338-6fe5860c3113}]
2008-03-09 18:34 91200 --a------ C:\WINDOWS\system32\mlquvnvx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 14:32 700416]
"WINSOS VERIFY"="C:\Program Files\Winsos\WINSOS.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 14:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-11-02 14:53 77824 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-12-10 15:38 2749440 C:\WINDOWS\ALCWZRD.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-20 13:09 4583424]
"nwiz"="nwiz.exe" [2004-09-20 13:09 921600 C:\WINDOWS\system32\nwiz.exe]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 05:59 878080]
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2007-06-21 11:01 70952]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
"HostManager"="C:\Program Files\Fichiers communs\AOL\1178891134\ee\AOLSoftware.exe" [2006-11-17 14:16 50736]
"EPSON Stylus Photo RX520 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.exe" [2005-04-07 05:00 98304]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 20:33 57344]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-01-05 14:24 26112]
"KAVPersonal50"="C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kav.exe" [2004-11-26 13:32 155751]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"ccf67066"="C:\WINDOWS\system32\wormqbqf.dll" [2008-03-09 18:31 86592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
C:\Documents and Settings\sylvain\Menu D‚marrer\Programmes\D‚marrage\
desktop(2)(2)(2).ini [2007-05-11 13:13:17 84]
desktop(2)(2).ini [2007-05-11 13:13:17 84]
desktop(2)(3).ini [2007-05-11 13:13:17 84]
desktop(2).ini [2007-05-11 13:13:17 84]
desktop(3)(2).ini [2007-05-11 13:13:17 84]
desktop(3).ini [2007-05-11 13:13:17 84]
OpenOffice.org 2.2(2).lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 15:54:56 393216]
OpenOffice.org 2.2(3).lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 15:54:56 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggedeb]
hggedeb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-08-15 19:15 271672 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-01-05 14:24 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 15:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Games\\DUKE3D\\eduke32.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\BitZip\\bitzip.exe"=
"C:\\Program Files\\ZyDAS Technology Corporation\\ZyDAS_802.11g_Utility\\ZDWlan.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\1178891134\\ee\\aolsoftware.exe"=
"C:\\Program Files\\AOL 9.0 VR\\waol.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\System Information\\sinf.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 Klick;Klick;C:\WINDOWS\system32\drivers\klick.sys [2004-11-19 11:11]
R0 Klin;Klin;C:\WINDOWS\system32\drivers\klin.sys [2004-11-19 11:11]
R0 Klpf;Klpf;C:\WINDOWS\system32\drivers\Klpf.sys [2004-11-23 16:38]
R0 Klpid;Klpid;C:\WINDOWS\system32\drivers\Klpid.sys [2004-11-23 16:38]
R1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys [2004-11-26 13:38]
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2004-09-20 06:59]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2004-09-20 06:59]
R3 ids00026;ids00026;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys [2004-11-19 13:10]
R3 klstm;klstm;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\klstm.sys [2004-11-19 13:12]
S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2003-09-05 05:58]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 18:44]
S3 ids0018a;ids0018a;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0018a.sys []
S3 ids00196;ids00196;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00196.sys []
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fbus.sys [2006-11-10 08:55]
S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Fmdfl.sys [2006-11-10 08:55]
S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Fmdm.sys [2006-11-10 08:55]
S3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fmgmt.sys [2006-11-10 08:55]
S3 se2Fnd5;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (NDIS);C:\WINDOWS\system32\DRIVERS\se2Fnd5.sys [2006-11-10 08:55]
S3 SE2Fobex;Sony Ericsson Device 047 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Fobex.sys [2006-11-10 08:55]
S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);C:\WINDOWS\system32\DRIVERS\se2Funic.sys [2006-11-10 08:55]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-08-17 14:43]
*Newly Created Service* - IDS00026
*Newly Created Service* - KLSTM
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 18:20:41
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
**************************************************************************
.
Temps d'accomplissement: 2008-03-10 18:24:02
ComboFix-quarantined-files.txt 2008-03-10 17:23:06
ComboFix2.txt 2008-03-10 17:07:44
ComboFix3.txt 2008-03-10 16:40:20
.
2008-02-17 19:27:43 --- E O F ---
Re,
Elle n'a pas marché, on va procéder autrement![;)]( ";)")
1) Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
Ou si le lien ne marche pas ici : http://up.sur-la-toile.com/iadW
Double-clique sur OTMoveIt.exe pour le lancer.
Assure toi que la case "Unregister Dll's and Ocx's" soit bien cochée !!!
Copie le texte qui se trouve dans l'encadré ci-dessous, sans le mot citation, et colle le dans le cadre de gauche de OTMoveIt nommé Paste List of Files/Folders to be moved.
C:\WINDOWS\system32\mlquvnvx.dll
C:\WINDOWS\system32\fqbqmrow.ini
C:\WINDOWS\system32\wnlpgoml.dll
C:\WINDOWS\system32\wormqbqf.dll
C:\WINDOWS\system32\yratvfev.ini
C:\WINDOWS\system32\nlouikau.ini
C:\WINDOWS\system32\uakiuoln.dll
C:\WINDOWS\system32\ujamaykd.dll
C:\WINDOWS\system32\dvucfpya.dll
C:\WINDOWS\system32\sgnbnqpb.ini
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\sfvfhgck.ini
C:\WINDOWS\system32\vqetmhdq.dll
C:\WINDOWS\system32\jutskicc.dll
C:\WINDOWS\system32\ywrekoks.dll
C:\WINDOWS\system32\afdakebq.dll
C:\WINDOWS\system32\qtstv.ini2
C:\Documents and Settings\sylvain\f.exe
C:\WINDOWS\system32\wdlrobpr.dll
C:\WINDOWS\system32\wfftemir.dll
C:\WINDOWS\system32\luesctkm.dll
C:\WINDOWS\system32\mktcseul.ini
C:\WINDOWS\system32\vugvfago.dll
C:\WINDOWS\system32\cqluamqe.dll
C:\WINDOWS\system32\ebpegmgm.dll
C:\WINDOWS\b149.exe
Clique sur MoveIt! pour lancer la suppression.
Si OTMoveIt propose de redémarrer ton PC, accepte.
Lorsque un résultat apparaît dans le cadre Results, clique sur Exit.
Dans ta future réponse, envoie le rapport de OTMoveIt situé sur C:\_OTMoveIt\MovedFiles.
2) Refais un combofix normal ( donc sans script, comme le tout premier que tu as fait ).
Si ces deux manip' ne portent pas leur fruit, c'est qu'il y a un fichier qui relance l'infection donc pas de souci, on va s'en sortir :super:
Elle n'a pas marché, on va procéder autrement
1) Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
Ou si le lien ne marche pas ici : http://up.sur-la-toile.com/iadW
Citation :
C:\WINDOWS\system32\mlquvnvx.dll
C:\WINDOWS\system32\fqbqmrow.ini
C:\WINDOWS\system32\wnlpgoml.dll
C:\WINDOWS\system32\wormqbqf.dll
C:\WINDOWS\system32\yratvfev.ini
C:\WINDOWS\system32\nlouikau.ini
C:\WINDOWS\system32\uakiuoln.dll
C:\WINDOWS\system32\ujamaykd.dll
C:\WINDOWS\system32\dvucfpya.dll
C:\WINDOWS\system32\sgnbnqpb.ini
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\sfvfhgck.ini
C:\WINDOWS\system32\vqetmhdq.dll
C:\WINDOWS\system32\jutskicc.dll
C:\WINDOWS\system32\ywrekoks.dll
C:\WINDOWS\system32\afdakebq.dll
C:\WINDOWS\system32\qtstv.ini2
C:\Documents and Settings\sylvain\f.exe
C:\WINDOWS\system32\wdlrobpr.dll
C:\WINDOWS\system32\wfftemir.dll
C:\WINDOWS\system32\luesctkm.dll
C:\WINDOWS\system32\mktcseul.ini
C:\WINDOWS\system32\vugvfago.dll
C:\WINDOWS\system32\cqluamqe.dll
C:\WINDOWS\system32\ebpegmgm.dll
C:\WINDOWS\b149.exe
2) Refais un combofix normal ( donc sans script, comme le tout premier que tu as fait ).
Si ces deux manip' ne portent pas leur fruit, c'est qu'il y a un fichier qui relance l'infection donc pas de souci, on va s'en sortir :super:
OTMoveIt
LoadLibrary failed for C:\WINDOWS\system32\mlquvnvx.dll
C:\WINDOWS\system32\mlquvnvx.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\mlquvnvx.dll scheduled to be moved on reboot.
C:\WINDOWS\system32\fqbqmrow.ini moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\wnlpgoml.dll
C:\WINDOWS\system32\wnlpgoml.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\wnlpgoml.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\wormqbqf.dll
C:\WINDOWS\system32\wormqbqf.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\wormqbqf.dll scheduled to be moved on reboot.
C:\WINDOWS\system32\yratvfev.ini moved successfully.
C:\WINDOWS\system32\nlouikau.ini moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\uakiuoln.dll
C:\WINDOWS\system32\uakiuoln.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\uakiuoln.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\ujamaykd.dll
C:\WINDOWS\system32\ujamaykd.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\ujamaykd.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\dvucfpya.dll
C:\WINDOWS\system32\dvucfpya.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\dvucfpya.dll scheduled to be moved on reboot.
C:\WINDOWS\system32\sgnbnqpb.ini moved successfully.
File/Folder C:\WINDOWS\mrofinu1188.exe not found.
C:\WINDOWS\system32\sfvfhgck.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\vqetmhdq.dll
C:\WINDOWS\system32\vqetmhdq.dll NOT unregistered.
C:\WINDOWS\system32\vqetmhdq.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\jutskicc.dll
C:\WINDOWS\system32\jutskicc.dll NOT unregistered.
C:\WINDOWS\system32\jutskicc.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\ywrekoks.dll
C:\WINDOWS\system32\ywrekoks.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\ywrekoks.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\afdakebq.dll
C:\WINDOWS\system32\afdakebq.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\afdakebq.dll scheduled to be moved on reboot.
File/Folder C:\WINDOWS\system32\qtstv.ini2 not found.
C:\Documents and Settings\sylvain\f.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wdlrobpr.dll
C:\WINDOWS\system32\wdlrobpr.dll NOT unregistered.
C:\WINDOWS\system32\wdlrobpr.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wfftemir.dll
C:\WINDOWS\system32\wfftemir.dll NOT unregistered.
C:\WINDOWS\system32\wfftemir.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\luesctkm.dll
C:\WINDOWS\system32\luesctkm.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\luesctkm.dll scheduled to be moved on reboot.
C:\WINDOWS\system32\mktcseul.ini moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\vugvfago.dll
C:\WINDOWS\system32\vugvfago.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\vugvfago.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\cqluamqe.dll
C:\WINDOWS\system32\cqluamqe.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\cqluamqe.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\ebpegmgm.dll
C:\WINDOWS\system32\ebpegmgm.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\ebpegmgm.dll scheduled to be moved on reboot.
File/Folder C:\WINDOWS\b149.exe not found.
Created on 03/12/2008 07:43:59
combofix
ComboFix 08-03-10.1 - jérôme 2008-03-12 7:47:02.4 - NTFSx86
Endroit: C:\Documents and Settings\jérôme\Bureau\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-12 to 2008-03-12 ))))))))))))))))))))))))))))))))))))
.
2008-03-12 07:43 . 2008-03-12 07:43 <REP> d-------- C:\_OTMoveIt
2008-03-10 17:25 . 2008-03-10 17:25 318,025 --a------ C:\catchme2008-03-10_180131,06.zip
2008-03-10 12:30 . 2008-03-10 12:30 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-03-09 18:34 . 2008-03-09 18:34 91,200 --a------ C:\WINDOWS\system32\mlquvnvx.dll
2008-03-09 18:31 . 2008-03-09 18:31 89,664 --a------ C:\WINDOWS\system32\wnlpgoml.dll
2008-03-09 18:31 . 2008-03-09 18:31 86,592 --a------ C:\WINDOWS\system32\wormqbqf.dll
2008-03-09 12:48 . 2008-03-09 12:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-09 12:48 . 2008-03-09 12:48 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-09 00:32 . 2008-03-10 12:30 <REP> d-------- C:\VundoFix Backups
2008-03-09 00:14 . 2008-03-09 00:14 <REP> d-------- C:\Program Files\Trend Micro
2008-03-08 23:19 . 2008-03-08 23:19 <REP> d-------- C:\Program Files\RegCleaner
2008-03-08 21:00 . 2008-03-08 21:00 136,627 --a------ C:\WINDOWS\POTA777444.exe
2008-03-07 18:35 . 2008-03-07 18:35 87,104 --a------ C:\WINDOWS\system32\uakiuoln.dll
2008-03-07 18:32 . 2008-03-07 18:32 90,688 --a------ C:\WINDOWS\system32\ujamaykd.dll
2008-03-07 18:28 . 2008-03-07 18:28 88,640 --a------ C:\WINDOWS\system32\dvucfpya.dll
2008-03-05 16:59 . 2008-03-05 16:59 134 --a------ C:\n.bat
2008-03-05 16:58 . 2008-03-05 16:58 300 --a------ C:\2488.bat
2008-03-04 20:51 . 2008-03-04 20:51 <REP> d-------- C:\Program Files\Fichiers communs\Stardock
2008-03-04 20:51 . 2008-03-04 20:51 <REP> d-------- C:\Program Files\CONEXANT
2008-03-04 20:51 . 2008-03-04 21:26 <REP> d-------- C:\Program Files\Alcohol Toolbar
2008-03-04 20:50 . 2008-03-04 20:50 <REP> d-------- C:\Program Files\jv16 PowerTools 2008
2008-03-04 20:50 . 2008-03-04 20:50 <REP> d-------- C:\Program Files\DisqudurProtection
2008-03-04 20:09 . 2008-03-04 20:50 <REP> d-------- C:\Program Files\Fichiers communs\DisqudurProtection
2008-03-04 20:09 . 2008-03-04 20:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\disqudurprotection
2008-03-04 20:09 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-03-03 15:54 . 2008-03-04 20:53 <REP> d-------- C:\Program Files\nvcoi
2008-03-02 15:48 . 2008-03-02 15:48 89,664 --------- C:\WINDOWS\system32\ywrekoks.dll
2008-03-02 15:46 . 2008-03-02 15:46 91,712 --------- C:\WINDOWS\system32\afdakebq.dll
2008-03-02 10:26 . 2008-03-02 10:26 300 --a------ C:\9807.bat
2008-03-02 07:55 . 2008-03-02 07:55 85,568 --a------ C:\WINDOWS\system32\luesctkm.dll
2008-03-02 07:52 . 2008-03-02 07:52 89,664 --------- C:\WINDOWS\system32\vugvfago.dll
2008-03-02 07:49 . 2008-03-02 07:49 163,904 --------- C:\WINDOWS\system32\cqluamqe.dll
2008-03-02 07:45 . 2008-03-02 07:45 91,712 --a------ C:\WINDOWS\system32\ebpegmgm.dll
2008-03-01 10:52 . 2008-03-01 10:52 40,960 --a------ C:\Documents and Settings\jérôme\f.exe
2008-03-01 10:52 . 2008-03-01 10:52 40,960 --a------ C:\Documents and Settings\jérôme\f.exe
2008-03-01 10:51 . 2008-03-08 14:34 <REP> d-------- C:\WINDOWS\system32\iDlo18
2008-03-01 10:51 . 2008-03-10 17:15 <REP> d-------- C:\Temp
2008-03-01 10:51 . 2008-03-01 10:51 300 --a------ C:\8116.bat
2008-03-01 09:39 . 2008-03-01 09:39 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-02-29 15:24 . 2008-02-29 15:24 <REP> d-------- C:\Program Files\Neuf
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-12 06:42 --------- d-----w C:\Documents and Settings\jérôme\Application Data\Azureus
2008-03-12 03:37 --------- d-----w C:\Documents and Settings\sylvain\Application Data\OpenOffice.org2
2008-03-10 11:08 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2008-03-08 17:14 --------- d-----w C:\Program Files\Image-Line
2008-03-08 15:24 --------- d-----w C:\Program Files\VirtualDJ
2008-03-08 15:20 --------- d-----w C:\Program Files\Java
2008-03-08 13:52 --------- d-----w C:\Program Files\NetBattle
2008-03-04 19:51 --------- d-----w C:\Program Files\AlienGUIse
2008-03-04 17:55 --------- d-----w C:\Program Files\UBISOFT
2008-03-01 08:44 --------- d-----w C:\Program Files\LimeWire
2008-02-25 09:11 --------- d-----w C:\Documents and Settings\jérôme\Application Data\Apple Computer
2008-02-24 08:50 --------- d-----w C:\Program Files\Bodom-Child - RaBBi
2008-02-24 08:49 --------- d-----w C:\Program Files\Starcraft
2008-02-21 07:40 --------- d-----w C:\Documents and Settings\monika.CARON-93FE8C8F3\Application Data\AOL
2008-02-10 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-01-28 06:44 --------- d-----w C:\Program Files\Datel
2008-01-25 18:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-20 00:45 --------- d-----w C:\Documents and Settings\jérôme\Application Data\OpenOffice.org2
2007-12-27 12:47 286,720 ----a-w C:\WINDOWS\iun507.exe
2007-10-01 11:15 282,628 ----a-w C:\WINDOWS\Fonts\Setup.exe
2007-08-07 10:13 150,966 --sh--w C:\WINDOWS\Resources\Themes\DameK UltraBlue\irunin.dat
.
((((((((((((((((((((((((((((( snapshot@2008-03-10_17.40.01.28 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-02-04 23:09:46 18,214,008 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60e4a2c1-b949-416f-a338-6fe5860c3113}]
2008-03-09 18:34 91200 --a------ C:\WINDOWS\system32\mlquvnvx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 14:32 700416]
"WINSOS VERIFY"="C:\Program Files\Winsos\WINSOS.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 14:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-11-02 14:53 77824 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-12-10 15:38 2749440 C:\WINDOWS\ALCWZRD.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-20 13:09 4583424]
"nwiz"="nwiz.exe" [2004-09-20 13:09 921600 C:\WINDOWS\system32\nwiz.exe]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 05:59 878080]
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2007-06-21 11:01 70952]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
"HostManager"="C:\Program Files\Fichiers communs\AOL\1178891134\ee\AOLSoftware.exe" [2006-11-17 14:16 50736]
"EPSON Stylus Photo RX520 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.exe" [2005-04-07 05:00 98304]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 20:33 57344]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-01-05 14:24 26112]
"KAVPersonal50"="C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kav.exe" [2004-11-26 13:32 155751]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"ccf67066"="C:\WINDOWS\system32\wormqbqf.dll" [2008-03-09 18:31 86592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
C:\Documents and Settings\sylvain\Menu D‚marrer\Programmes\D‚marrage\
desktop(2)(2)(2).ini [2007-05-11 13:13:17 84]
desktop(2)(2).ini [2007-05-11 13:13:17 84]
desktop(2)(3).ini [2007-05-11 13:13:17 84]
desktop(2).ini [2007-05-11 13:13:17 84]
desktop(3)(2).ini [2007-05-11 13:13:17 84]
desktop(3).ini [2007-05-11 13:13:17 84]
OpenOffice.org 2.2(2).lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 15:54:56 393216]
OpenOffice.org 2.2(3).lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 15:54:56 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggedeb]
hggedeb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-08-15 19:15 271672 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-01-05 14:24 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 15:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Games\\DUKE3D\\eduke32.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\BitZip\\bitzip.exe"=
"C:\\Program Files\\ZyDAS Technology Corporation\\ZyDAS_802.11g_Utility\\ZDWlan.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\1178891134\\ee\\aolsoftware.exe"=
"C:\\Program Files\\AOL 9.0 VR\\waol.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\System Information\\sinf.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 Klick;Klick;C:\WINDOWS\system32\drivers\klick.sys [2004-11-19 11:11]
R0 Klin;Klin;C:\WINDOWS\system32\drivers\klin.sys [2004-11-19 11:11]
R0 Klpf;Klpf;C:\WINDOWS\system32\drivers\Klpf.sys [2004-11-23 16:38]
R0 Klpid;Klpid;C:\WINDOWS\system32\drivers\Klpid.sys [2004-11-23 16:38]
R1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys [2004-11-26 13:38]
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2004-09-20 06:59]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2004-09-20 06:59]
R3 ids00026;ids00026;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys [2004-11-19 13:10]
R3 klstm;klstm;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\klstm.sys [2004-11-19 13:12]
S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2003-09-05 05:58]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 18:44]
S3 ids0018a;ids0018a;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0018a.sys []
S3 ids00196;ids00196;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00196.sys []
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fbus.sys [2006-11-10 08:55]
S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Fmdfl.sys [2006-11-10 08:55]
S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Fmdm.sys [2006-11-10 08:55]
S3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fmgmt.sys [2006-11-10 08:55]
S3 se2Fnd5;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (NDIS);C:\WINDOWS\system32\DRIVERS\se2Fnd5.sys [2006-11-10 08:55]
S3 SE2Fobex;Sony Ericsson Device 047 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Fobex.sys [2006-11-10 08:55]
S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);C:\WINDOWS\system32\DRIVERS\se2Funic.sys [2006-11-10 08:55]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-08-17 14:43]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-12 07:51:45
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
**************************************************************************
.
Temps d'accomplissement: 2008-03-12 7:53:53
ComboFix-quarantined-files.txt 2008-03-12 06:52:56
ComboFix2.txt 2008-03-10 17:24:03
ComboFix3.txt 2008-03-10 17:07:44
ComboFix4.txt 2008-03-10 16:40:20
.
2008-03-12 03:38:43 --- E O F ---
ps: je suis en nuit donc je me connecte seulement le matin jusqu'a 10h environ
LoadLibrary failed for C:\WINDOWS\system32\mlquvnvx.dll
C:\WINDOWS\system32\mlquvnvx.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\mlquvnvx.dll scheduled to be moved on reboot.
C:\WINDOWS\system32\fqbqmrow.ini moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\wnlpgoml.dll
C:\WINDOWS\system32\wnlpgoml.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\wnlpgoml.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\wormqbqf.dll
C:\WINDOWS\system32\wormqbqf.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\wormqbqf.dll scheduled to be moved on reboot.
C:\WINDOWS\system32\yratvfev.ini moved successfully.
C:\WINDOWS\system32\nlouikau.ini moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\uakiuoln.dll
C:\WINDOWS\system32\uakiuoln.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\uakiuoln.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\ujamaykd.dll
C:\WINDOWS\system32\ujamaykd.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\ujamaykd.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\dvucfpya.dll
C:\WINDOWS\system32\dvucfpya.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\dvucfpya.dll scheduled to be moved on reboot.
C:\WINDOWS\system32\sgnbnqpb.ini moved successfully.
File/Folder C:\WINDOWS\mrofinu1188.exe not found.
C:\WINDOWS\system32\sfvfhgck.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\vqetmhdq.dll
C:\WINDOWS\system32\vqetmhdq.dll NOT unregistered.
C:\WINDOWS\system32\vqetmhdq.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\jutskicc.dll
C:\WINDOWS\system32\jutskicc.dll NOT unregistered.
C:\WINDOWS\system32\jutskicc.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\ywrekoks.dll
C:\WINDOWS\system32\ywrekoks.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\ywrekoks.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\afdakebq.dll
C:\WINDOWS\system32\afdakebq.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\afdakebq.dll scheduled to be moved on reboot.
File/Folder C:\WINDOWS\system32\qtstv.ini2 not found.
C:\Documents and Settings\sylvain\f.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wdlrobpr.dll
C:\WINDOWS\system32\wdlrobpr.dll NOT unregistered.
C:\WINDOWS\system32\wdlrobpr.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wfftemir.dll
C:\WINDOWS\system32\wfftemir.dll NOT unregistered.
C:\WINDOWS\system32\wfftemir.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\luesctkm.dll
C:\WINDOWS\system32\luesctkm.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\luesctkm.dll scheduled to be moved on reboot.
C:\WINDOWS\system32\mktcseul.ini moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\vugvfago.dll
C:\WINDOWS\system32\vugvfago.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\vugvfago.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\cqluamqe.dll
C:\WINDOWS\system32\cqluamqe.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\cqluamqe.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\ebpegmgm.dll
C:\WINDOWS\system32\ebpegmgm.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\ebpegmgm.dll scheduled to be moved on reboot.
File/Folder C:\WINDOWS\b149.exe not found.
Created on 03/12/2008 07:43:59
combofix
ComboFix 08-03-10.1 - jérôme 2008-03-12 7:47:02.4 - NTFSx86
Endroit: C:\Documents and Settings\jérôme\Bureau\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-12 to 2008-03-12 ))))))))))))))))))))))))))))))))))))
.
2008-03-12 07:43 . 2008-03-12 07:43 <REP> d-------- C:\_OTMoveIt
2008-03-10 17:25 . 2008-03-10 17:25 318,025 --a------ C:\catchme2008-03-10_180131,06.zip
2008-03-10 12:30 . 2008-03-10 12:30 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-03-09 18:34 . 2008-03-09 18:34 91,200 --a------ C:\WINDOWS\system32\mlquvnvx.dll
2008-03-09 18:31 . 2008-03-09 18:31 89,664 --a------ C:\WINDOWS\system32\wnlpgoml.dll
2008-03-09 18:31 . 2008-03-09 18:31 86,592 --a------ C:\WINDOWS\system32\wormqbqf.dll
2008-03-09 12:48 . 2008-03-09 12:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-09 12:48 . 2008-03-09 12:48 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-09 00:32 . 2008-03-10 12:30 <REP> d-------- C:\VundoFix Backups
2008-03-09 00:14 . 2008-03-09 00:14 <REP> d-------- C:\Program Files\Trend Micro
2008-03-08 23:19 . 2008-03-08 23:19 <REP> d-------- C:\Program Files\RegCleaner
2008-03-08 21:00 . 2008-03-08 21:00 136,627 --a------ C:\WINDOWS\POTA777444.exe
2008-03-07 18:35 . 2008-03-07 18:35 87,104 --a------ C:\WINDOWS\system32\uakiuoln.dll
2008-03-07 18:32 . 2008-03-07 18:32 90,688 --a------ C:\WINDOWS\system32\ujamaykd.dll
2008-03-07 18:28 . 2008-03-07 18:28 88,640 --a------ C:\WINDOWS\system32\dvucfpya.dll
2008-03-05 16:59 . 2008-03-05 16:59 134 --a------ C:\n.bat
2008-03-05 16:58 . 2008-03-05 16:58 300 --a------ C:\2488.bat
2008-03-04 20:51 . 2008-03-04 20:51 <REP> d-------- C:\Program Files\Fichiers communs\Stardock
2008-03-04 20:51 . 2008-03-04 20:51 <REP> d-------- C:\Program Files\CONEXANT
2008-03-04 20:51 . 2008-03-04 21:26 <REP> d-------- C:\Program Files\Alcohol Toolbar
2008-03-04 20:50 . 2008-03-04 20:50 <REP> d-------- C:\Program Files\jv16 PowerTools 2008
2008-03-04 20:50 . 2008-03-04 20:50 <REP> d-------- C:\Program Files\DisqudurProtection
2008-03-04 20:09 . 2008-03-04 20:50 <REP> d-------- C:\Program Files\Fichiers communs\DisqudurProtection
2008-03-04 20:09 . 2008-03-04 20:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\disqudurprotection
2008-03-04 20:09 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-03-03 15:54 . 2008-03-04 20:53 <REP> d-------- C:\Program Files\nvcoi
2008-03-02 15:48 . 2008-03-02 15:48 89,664 --------- C:\WINDOWS\system32\ywrekoks.dll
2008-03-02 15:46 . 2008-03-02 15:46 91,712 --------- C:\WINDOWS\system32\afdakebq.dll
2008-03-02 10:26 . 2008-03-02 10:26 300 --a------ C:\9807.bat
2008-03-02 07:55 . 2008-03-02 07:55 85,568 --a------ C:\WINDOWS\system32\luesctkm.dll
2008-03-02 07:52 . 2008-03-02 07:52 89,664 --------- C:\WINDOWS\system32\vugvfago.dll
2008-03-02 07:49 . 2008-03-02 07:49 163,904 --------- C:\WINDOWS\system32\cqluamqe.dll
2008-03-02 07:45 . 2008-03-02 07:45 91,712 --a------ C:\WINDOWS\system32\ebpegmgm.dll
2008-03-01 10:52 . 2008-03-01 10:52 40,960 --a------ C:\Documents and Settings\jérôme\f.exe
2008-03-01 10:52 . 2008-03-01 10:52 40,960 --a------ C:\Documents and Settings\jérôme\f.exe
2008-03-01 10:51 . 2008-03-08 14:34 <REP> d-------- C:\WINDOWS\system32\iDlo18
2008-03-01 10:51 . 2008-03-10 17:15 <REP> d-------- C:\Temp
2008-03-01 10:51 . 2008-03-01 10:51 300 --a------ C:\8116.bat
2008-03-01 09:39 . 2008-03-01 09:39 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-02-29 15:24 . 2008-02-29 15:24 <REP> d-------- C:\Program Files\Neuf
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-12 06:42 --------- d-----w C:\Documents and Settings\jérôme\Application Data\Azureus
2008-03-12 03:37 --------- d-----w C:\Documents and Settings\sylvain\Application Data\OpenOffice.org2
2008-03-10 11:08 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2008-03-08 17:14 --------- d-----w C:\Program Files\Image-Line
2008-03-08 15:24 --------- d-----w C:\Program Files\VirtualDJ
2008-03-08 15:20 --------- d-----w C:\Program Files\Java
2008-03-08 13:52 --------- d-----w C:\Program Files\NetBattle
2008-03-04 19:51 --------- d-----w C:\Program Files\AlienGUIse
2008-03-04 17:55 --------- d-----w C:\Program Files\UBISOFT
2008-03-01 08:44 --------- d-----w C:\Program Files\LimeWire
2008-02-25 09:11 --------- d-----w C:\Documents and Settings\jérôme\Application Data\Apple Computer
2008-02-24 08:50 --------- d-----w C:\Program Files\Bodom-Child - RaBBi
2008-02-24 08:49 --------- d-----w C:\Program Files\Starcraft
2008-02-21 07:40 --------- d-----w C:\Documents and Settings\monika.CARON-93FE8C8F3\Application Data\AOL
2008-02-10 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-01-28 06:44 --------- d-----w C:\Program Files\Datel
2008-01-25 18:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-20 00:45 --------- d-----w C:\Documents and Settings\jérôme\Application Data\OpenOffice.org2
2007-12-27 12:47 286,720 ----a-w C:\WINDOWS\iun507.exe
2007-10-01 11:15 282,628 ----a-w C:\WINDOWS\Fonts\Setup.exe
2007-08-07 10:13 150,966 --sh--w C:\WINDOWS\Resources\Themes\DameK UltraBlue\irunin.dat
.
((((((((((((((((((((((((((((( snapshot@2008-03-10_17.40.01.28 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-02-04 23:09:46 18,214,008 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60e4a2c1-b949-416f-a338-6fe5860c3113}]
2008-03-09 18:34 91200 --a------ C:\WINDOWS\system32\mlquvnvx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 14:32 700416]
"WINSOS VERIFY"="C:\Program Files\Winsos\WINSOS.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 14:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-11-02 14:53 77824 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-12-10 15:38 2749440 C:\WINDOWS\ALCWZRD.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-20 13:09 4583424]
"nwiz"="nwiz.exe" [2004-09-20 13:09 921600 C:\WINDOWS\system32\nwiz.exe]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 05:59 878080]
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2007-06-21 11:01 70952]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
"HostManager"="C:\Program Files\Fichiers communs\AOL\1178891134\ee\AOLSoftware.exe" [2006-11-17 14:16 50736]
"EPSON Stylus Photo RX520 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.exe" [2005-04-07 05:00 98304]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 20:33 57344]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-01-05 14:24 26112]
"KAVPersonal50"="C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kav.exe" [2004-11-26 13:32 155751]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"ccf67066"="C:\WINDOWS\system32\wormqbqf.dll" [2008-03-09 18:31 86592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
C:\Documents and Settings\sylvain\Menu D‚marrer\Programmes\D‚marrage\
desktop(2)(2)(2).ini [2007-05-11 13:13:17 84]
desktop(2)(2).ini [2007-05-11 13:13:17 84]
desktop(2)(3).ini [2007-05-11 13:13:17 84]
desktop(2).ini [2007-05-11 13:13:17 84]
desktop(3)(2).ini [2007-05-11 13:13:17 84]
desktop(3).ini [2007-05-11 13:13:17 84]
OpenOffice.org 2.2(2).lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 15:54:56 393216]
OpenOffice.org 2.2(3).lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 15:54:56 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggedeb]
hggedeb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-08-15 19:15 271672 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-01-05 14:24 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 15:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Games\\DUKE3D\\eduke32.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\BitZip\\bitzip.exe"=
"C:\\Program Files\\ZyDAS Technology Corporation\\ZyDAS_802.11g_Utility\\ZDWlan.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\1178891134\\ee\\aolsoftware.exe"=
"C:\\Program Files\\AOL 9.0 VR\\waol.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\System Information\\sinf.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 Klick;Klick;C:\WINDOWS\system32\drivers\klick.sys [2004-11-19 11:11]
R0 Klin;Klin;C:\WINDOWS\system32\drivers\klin.sys [2004-11-19 11:11]
R0 Klpf;Klpf;C:\WINDOWS\system32\drivers\Klpf.sys [2004-11-23 16:38]
R0 Klpid;Klpid;C:\WINDOWS\system32\drivers\Klpid.sys [2004-11-23 16:38]
R1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys [2004-11-26 13:38]
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2004-09-20 06:59]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2004-09-20 06:59]
R3 ids00026;ids00026;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys [2004-11-19 13:10]
R3 klstm;klstm;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\klstm.sys [2004-11-19 13:12]
S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2003-09-05 05:58]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 18:44]
S3 ids0018a;ids0018a;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0018a.sys []
S3 ids00196;ids00196;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00196.sys []
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fbus.sys [2006-11-10 08:55]
S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Fmdfl.sys [2006-11-10 08:55]
S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Fmdm.sys [2006-11-10 08:55]
S3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fmgmt.sys [2006-11-10 08:55]
S3 se2Fnd5;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (NDIS);C:\WINDOWS\system32\DRIVERS\se2Fnd5.sys [2006-11-10 08:55]
S3 SE2Fobex;Sony Ericsson Device 047 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Fobex.sys [2006-11-10 08:55]
S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);C:\WINDOWS\system32\DRIVERS\se2Funic.sys [2006-11-10 08:55]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-08-17 14:43]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-12 07:51:45
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
**************************************************************************
.
Temps d'accomplissement: 2008-03-12 7:53:53
ComboFix-quarantined-files.txt 2008-03-12 06:52:56
ComboFix2.txt 2008-03-10 17:24:03
ComboFix3.txt 2008-03-10 17:07:44
ComboFix4.txt 2008-03-10 16:40:20
.
2008-03-12 03:38:43 --- E O F ---
ps: je suis en nuit donc je me connecte seulement le matin jusqu'a 10h environ
1) Relance Vundofix
* Ne clique pas sur Scan for a vundo"
* Clique droit au milieux de la fenêtre
* Clique sur Add more files ?
* Copie/colle les fichiers ci-dessous ( un par case) :
Citation :
C:\WINDOWS\system32\mlquvnvx.dllC:\WINDOWS\system32\wnlpgoml.dll
C:\WINDOWS\system32\wormqbqf.dll
C:\WINDOWS\system32\uakiuoln.dll
C:\WINDOWS\system32\ujamaykd.dll
C:\WINDOWS\system32\dvucfpya.dll
C:\WINDOWS\system32\ywrekoks.dll
C:\WINDOWS\system32\afdakebq.dll
C:\WINDOWS\system32\luesctkm.dll
C:\WINDOWS\system32\vugvfago.dll
C:\WINDOWS\system32\cqluamqe.dll
C:\WINDOWS\system32\ebpegmgm.dll
* Clique sur "Add files"
* Ensuite clique sur Close Windows
* Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
* Si l'outils demande un redémarrage, accepte
* Poste le rapport Vundofix
2) Télécharge sur ton bureau : Clean (de Malekal) >Tuto<
Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
Double-clic sur clean.cmd. (L%u2019extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé.
Poste le rapport se trouve ici : C:\rapport_clean.txt
Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.
3) Télécharge Deckard's System Scanner (DSS) (ou DSS) sur ton Bureau.
NB : Tu dois être connecté avec des droits d'Administrateur.
Attention, il est conseillé de stopper temporairement les logiciels résidents de protection (pare-feu, antivirus, etc.)
Attention, si tu tardes trop, la réponse Abandon sera automatiquement validée
main.txt <- ouvert en premier plan et en plein écran
extra.txt <- ouvert en second plan et en fenêtré (regarde la barre des taches)
S'il s'agit d'une utilisation supplémentaire de DSS :
main.txt <- ouvert en premier plan et en plein écran
Ce que fait DSS :
1) Relance Vundofix
* Ne clique pas sur Scan for a vundo"
* Clique droit au milieux de la fenêtre
* Clique sur Add more files ?
* Copie/colle les fichiers ci-dessous ( un par case) :
Citation :
C:\WINDOWS\system32\mlquvnvx.dll
C:\WINDOWS\system32\wnlpgoml.dll
C:\WINDOWS\system32\wormqbqf.dll
C:\WINDOWS\system32\uakiuoln.dll
C:\WINDOWS\system32\ujamaykd.dll
C:\WINDOWS\system32\dvucfpya.dll
C:\WINDOWS\system32\ywrekoks.dll
C:\WINDOWS\system32\afdakebq.dll
C:\WINDOWS\system32\luesctkm.dll
C:\WINDOWS\system32\vugvfago.dll
C:\WINDOWS\system32\cqluamqe.dll
C:\WINDOWS\system32\ebpegmgm.dll
çà je comprend
Clique sur "Add files"
* Ensuite clique sur Close Windows
* Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
* Si l'outils demande un redémarrage, accepte
* Poste le rapport Vundofix
ja pas de add file ou remove vundo juste scan et fix
* Ne clique pas sur Scan for a vundo"
* Clique droit au milieux de la fenêtre
* Clique sur Add more files ?
* Copie/colle les fichiers ci-dessous ( un par case) :
Citation :
C:\WINDOWS\system32\mlquvnvx.dll
C:\WINDOWS\system32\wnlpgoml.dll
C:\WINDOWS\system32\wormqbqf.dll
C:\WINDOWS\system32\uakiuoln.dll
C:\WINDOWS\system32\ujamaykd.dll
C:\WINDOWS\system32\dvucfpya.dll
C:\WINDOWS\system32\ywrekoks.dll
C:\WINDOWS\system32\afdakebq.dll
C:\WINDOWS\system32\luesctkm.dll
C:\WINDOWS\system32\vugvfago.dll
C:\WINDOWS\system32\cqluamqe.dll
C:\WINDOWS\system32\ebpegmgm.dll
çà je comprend
Clique sur "Add files"
* Ensuite clique sur Close Windows
* Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
* Si l'outils demande un redémarrage, accepte
* Poste le rapport Vundofix
ja pas de add file ou remove vundo juste scan et fix
rapport vundofix
VundoFix V7.0.1
Scan started at 09:49:41 14/03/2008
Listing files found while scanning....
No infected files were found.
rapport clean
14/03/2008 a 10:02:19,09
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\Fichiers communs\Totem Shared\" FOUND
"C:\Program Files\vg\" FOUND
"C:\Program Files\Viewpoint\" FOUND
voila les rapport dss
le main.txt
Deckard's System Scanner v20071014.68
Run by jérôme on 2008-03-14 10:08:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
25: 2008-03-14 09:09:02 UTC - RP277 - Deckard's System Scanner Restore Point
24: 2008-03-12 03:37:19 UTC - RP276 - Software Distribution Service 3.0
23: 2008-03-11 17:26:12 UTC - RP275 - Point de vérification système
22: 2008-03-10 17:16:58 UTC - RP274 - ComboFix created restore point
21: 2008-03-10 17:01:19 UTC - RP273 - ComboFix created restore point
-- First Restore Point --
1: 2008-03-04 20:01:19 UTC - RP253 - Point de vérification système
Backed up registry hives.
Performed disk cleanup.
Percentage of Memory in Use: 77% (more than 75%).
-- HijackThis (run as jérôme.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:09:55, on 14/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Fichiers communs\AOL\1178891134\ee\AOLSoftware.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\AOL 9.0 VR\waol.exe
C:\Program Files\Micro Application\Sécurité Internet\Anti-Hacker\KAVPF.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AOL 9.0 VR\shellmon.exe
C:\Documents and Settings\jérôme\Mes documents\dss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\jérôme.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PimpFish Toolbar Opcode Handler - {29C88E20-4234-41B9-A9DB-982958C95FB1} - C:\Program Files\PimpFish\PimpFish.dll
O2 - BHO: {3113c068-5ef6-833a-f614-949b1c2a4e06} - {60e4a2c1-b949-416f-a338-6fe5860c3113} - C:\WINDOWS\system32\mlquvnvx.dll (file missing)
O2 - BHO: FloatBar Class - {75B1A646-CDCE-4C06-B52F-84F4463B4FC8} - C:\Program Files\PimpFish\FloatBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: PimpFish - {D593DE91-7B41-45C2-830E-E9A99AB142AA} - C:\Program Files\PimpFish\PimpFish.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1178891134\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kav.exe" /minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccf67066] rundll32.exe "C:\WINDOWS\system32\wormqbqf.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0 VR\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: desktop(2).ini
O4 - Startup: desktop(3)(2).ini
O4 - Startup: desktop(3).ini
O4 - Startup: desktop(4).ini
O4 - Global Startup: Anti-Hacker.lnk = ?
O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL 8.0b\aoltray.exe
O4 - Global Startup: desktop(2)(2)(2).ini
O4 - Global Startup: desktop(2)(2).ini
O4 - Global Startup: desktop(2)(3).ini
O4 - Global Startup: desktop(2).ini
O4 - Global Startup: desktop(3)(2).ini
O4 - Global Startup: desktop(3).ini
O4 - Global Startup: desktop(4).ini
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
O8 - Extra context menu item: PimpFish - Saisir cette image - C:\Program Files\PimpFish\GRABPIC.HTM
O8 - Extra context menu item: PimpFish - Saisir le fichier cible - C:\Program Files\PimpFish\GRABLINK.HTM
O8 - Extra context menu item: PimpFish - Saisir les images auxquelles cette page est reliée - C:\Program Files\PimpFish\GRABPAGELINKS.HTM
O8 - Extra context menu item: PimpFish - Saisir les images sur cette page - C:\Program Files\PimpFish\GRABPAGEPICS.HTM
O8 - Extra context menu item: PimpFish - Saisir les vidéos sur cette page - C:\Program Files\PimpFish\GRABPAGEMOVIES.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O20 - Winlogon Notify: hggedeb - hggedeb.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 9631 bytes
-- File Associations -----------------------------------------------------------
.bat - batfile - DefaultIcon - C:\Program Files\AlienGUIse\Themes\ALXMorph\ALXMorph.icl,65
.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\Program Files\AlienGUIse\Themes\ALXMorph\ALXMorph.icl,55
.txt - txtfile - DefaultIcon - C:\Program Files\AlienGUIse\Themes\ALXMorph\ALXMorph.icl,57
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 Klick - c:\windows\system32\drivers\klick.sys <Not Verified; Kaspersky Labs; Kaspersky Anti-Virus>
R0 Klin - c:\windows\system32\drivers\klin.sys <Not Verified; Kaspersky Labs; Kaspersky Anti-Virus>
R0 Klpf - c:\windows\system32\drivers\klpf.sys <Not Verified; KL; KL klpf>
R0 Klpid - c:\windows\system32\drivers\klpid.sys <Not Verified; KL; KL klpid>
R1 Klmc - c:\windows\system32\drivers\klmc.sys <Not Verified; Kaspersky Lab; Kaspersky Anti-Virus Personal>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft(R) ASPI Shell>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
S3 BRGSp50 (BRGSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\brgsp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 ids0018a - c:\documents and settings\all users\application data\kaspersky anti-virus personal\5.0\bases\ids0018a.sys (file missing)
S3 ids00196 - c:\documents and settings\all users\application data\kaspersky anti-virus personal\5.0\bases\ids00196.sys (file missing)
S3 USBIO (USBIO Driver (usbio.sys)) - c:\windows\system32\drivers\usbio.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver>
S3 ZD1211BU(ZyDAS) (ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)) - c:\windows\system32\drivers\zd1211bu.sys <Not Verified; ZyDAS Technology Corporation; ZD1211B 802.11 b+g USB LAN Adapter>
S3 ZDPSp50 (ZDPSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\zdpsp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\fichiers communs\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 kavsvc - "c:\program files\micro application\sécurité internet\anti-virus\kavsvc.exe" <Not Verified; Kaspersky Lab; Kaspersky Anti-Virus Personal>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Files created between 2008-02-14 and 2008-03-14 -----------------------------
2008-03-14 10:08:11 0 d-------- C:\upload_moi_CARON-93FE8C8F3
2008-03-10 17:11:46 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-10 17:11:46 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-10 17:11:46 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-10 17:11:46 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-09 00:32:55 0 d-------- C:\VundoFix Backups
2008-03-09 00:14:22 0 d-------- C:\Program Files\Trend Micro
2008-03-08 23:19:55 0 d-------- C:\Program Files\RegCleaner
2008-03-08 21:00:34 136627 --a------ C:\WINDOWS\POTA777444.exe
2008-03-05 16:59:20 134 --a------ C:\n.bat
2008-03-05 16:58:31 300 --a------ C:\2488.bat
2008-03-04 20:51:49 0 d-------- C:\Program Files\CONEXANT
2008-03-04 20:51:42 0 d-------- C:\Program Files\Alcohol Toolbar
2008-03-04 20:51:04 0 d-------- C:\Program Files\Fichiers communs\Stardock
2008-03-04 20:50:25 0 d-------- C:\Program Files\DisqudurProtection
2008-03-04 20:50:02 0 d-------- C:\Program Files\jv16 PowerTools 2008
2008-03-04 20:09:44 0 d-------- C:\Documents and Settings\All Users\Application Data\disqudurprotection
2008-03-04 20:09:32 0 d-------- C:\Program Files\Fichiers communs\DisqudurProtection
2008-03-03 15:54:39 0 d-------- C:\Program Files\nvcoi
2008-03-02 10:33:37 8650752 --a------ C:\Documents and Settings\jérôme\ntuser.dat
2008-03-02 10:26:11 300 --a------ C:\9807.bat
2008-03-01 10:52:11 40960 --a------ C:\Documents and Settings\jérôme\f.exe
2008-03-01 10:51:59 300 --a------ C:\8116.bat
2008-03-01 10:51:47 0 d-------- C:\WINDOWS\system32\iDlo18
2008-03-01 10:51:47 0 d-------- C:\Temp
2008-03-01 09:39:55 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2008-02-29 15:24:58 0 d-------- C:\Program Files\Neuf
2008-02-21 08:41:43 0 d-------- C:\Documents and Settings\monika.CARON-93FE8C8F3\Application Data\Mozilla
2008-02-21 08:41:13 0 d-------- C:\Documents and Settings\monika.CARON-93FE8C8F3\Application Data\Adobe
2008-02-21 08:40:34 0 d-------- C:\Documents and Settings\monika.CARON-93FE8C8F3\Application Data\Macromedia
-- Find3M Report ---------------------------------------------------------------
2008-03-14 09:44:23 0 d-------- C:\Documents and Settings\jérôme\Application Data\Azureus
2008-03-10 12:08:09 0 d-------- C:\Program Files\Fichiers communs\Teleca Shared
2008-03-08 21:01:44 0 d-------- C:\Program Files\Windows NT
2008-03-08 18:14:19 0 d-------- C:\Program Files\Image-Line
2008-03-08 16:24:14 0 d-------- C:\Program Files\VirtualDJ
2008-03-08 16:20:13 0 d-------- C:\Program Files\Java
2008-03-08 14:52:44 0 d-------- C:\Program Files\NetBattle
2008-03-04 20:51:25 0 d-------- C:\Program Files\AlienGUIse
2008-03-04 20:09:32 0 d-------- C:\Program Files\Fichiers communs
2008-03-04 18:55:59 0 d-------- C:\Program Files\UBISOFT
2008-03-01 09:44:36 0 d-------- C:\Program Files\LimeWire
2008-02-29 22:31:04 468072 --a------ C:\WINDOWS\system32\perfh00C.dat
2008-02-29 22:31:04 75266 --a------ C:\WINDOWS\system32\perfc00C.dat
2008-02-25 10:11:15 0 d-------- C:\Documents and Settings\jérôme\Application Data\Apple Computer
2008-02-24 09:50:40 0 d-------- C:\Program Files\Bodom-Child - RaBBi
2008-02-24 09:49:39 0 d-------- C:\Program Files\Starcraft
2008-01-28 07:44:01 0 d-------- C:\Program Files\Datel
2008-01-25 19:30:19 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-20 01:45:47 0 d-------- C:\Documents and Settings\jérôme\Application Data\OpenOffice.org2
2007-12-27 13:47:09 286720 --a------ C:\WINDOWS\iun507.exe <Not Verified; Indigo Rose Corporation; Setup Factory 5.0 Uninstaller>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60e4a2c1-b949-416f-a338-6fe5860c3113}]
C:\WINDOWS\system32\mlquvnvx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [27/10/2004 14:21 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMan"="SOUNDMAN.EXE" [02/11/2004 14:53 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [10/12/2004 15:38 C:\WINDOWS\ALCWZRD.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [20/09/2004 13:09]
"nwiz"="nwiz.exe" [20/09/2004 13:09 C:\WINDOWS\system32\nwiz.exe]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [05/09/2003 05:59]
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [21/06/2007 11:01]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [29/06/2007 05:24]
"HostManager"="C:\Program Files\Fichiers communs\AOL\1178891134\ee\AOLSoftware.exe" [17/11/2006 14:16]
"EPSON Stylus Photo RX520 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.exe" [07/04/2005 05:00]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 11:50]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [23/06/2005 20:33]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [05/01/2008 14:24]
"KAVPersonal50"="C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kav.exe" [26/11/2004 13:32]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]
"ccf67066"="C:\WINDOWS\system32\wormqbqf.dll" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [05/08/2004 13:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 17:24]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [12/06/2006 14:32]
"WINSOS VERIFY"="C:\Program Files\Winsos\WINSOS.exe" []
"AOL Fast Start"="C:\Program Files\AOL 9.0 VR\AOL.exe" [21/06/2007 12:44]
C:\Documents and Settings\j‚r“me\Menu D‚marrer\Programmes\D‚marrage\
desktop(2).ini [11/05/2007 13:13:17]
desktop(3)(2).ini [11/05/2007 13:13:17]
desktop(3).ini [11/05/2007 13:13:17]
desktop(4).ini [11/05/2007 13:13:17]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Anti-Hacker.lnk - C:\Program Files\Micro Application\S‚curit‚ Internet\Anti-Hacker\KAVPF.exe [22/04/2005 13:22:07]
AOL 8.0 Ic“ne AOL.lnk - C:\Program Files\AOL 8.0b\aoltray.exe [05/01/2008 14:23:28]
desktop(2)(2)(2).ini [11/05/2007 13:13:17]
desktop(2)(2).ini [11/05/2007 13:13:17]
desktop(2)(3).ini [11/05/2007 13:13:17]
desktop(2).ini [11/05/2007 13:13:17]
desktop(3)(2).ini [11/05/2007 13:13:17]
desktop(3).ini [11/05/2007 13:13:17]
desktop(4).ini [11/05/2007 13:13:17]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggedeb]
hggedeb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 20/12/2001 22:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
-- End of Deckard's System Scanner: finished at 2008-03-14 10:10:52 ------------
et le extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Édition familiale (build 2600) SP 2.0
Architecture: X86; Language: French
CPU 0: Intel(R) Pentium(R) 4 CPU 3.40GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 3.40GHz
Percentage of Memory in Use: 78%
Physical Memory (total/avail): 511.29 MiB / 109.7 MiB
Pagefile Memory (total/avail): 1249.37 MiB / 900.57 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1937.88 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 186.3 GiB total, 47.55 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
L: is Removable (No Media)
\\.\PHYSICALDRIVE0 - WDC WD2000JD-00HBB0 - 186.31 GiB - 1 partition
\PARTITION0 (bootable) - Système de fichiers installable - 186.3 GiB - C:
\\.\PHYSICALDRIVE1 - Generic STORAGE DEVICE USB Device
\\.\PHYSICALDRIVE2 - Generic STORAGE DEVICE USB Device
\\.\PHYSICALDRIVE3 - Generic STORAGE DEVICE USB Device
\\.\PHYSICALDRIVE4 - Generic STORAGE DEVICE USB Device
\\.\PHYSICALDRIVE5 - Generic STORAGE DEVICE USB Device
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
FW: Anti-Hacker v1.7.0.130 (Micro Application)
AV: Anti-Virus v5.0.227 (Kaspersky Labs) Disabled
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Games\\DUKE3D\\eduke32.exe"="C:\\Program Files\\Games\\DUKE3D\\eduke32.exe:*:Enabled:eduke32"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\BitZip\\bitzip.exe"="C:\\Program Files\\BitZip\\bitzip.exe:*:Enabled:bitzip"
"C:\\Program Files\\ZyDAS Technology Corporation\\ZyDAS_802.11g_Utility\\ZDWlan.exe"="C:\\Program Files\\ZyDAS Technology Corporation\\ZyDAS_802.11g_Utility\\ZDWlan.exe:*:Enabled:ZDWLan Utility"
"C:\\Program Files\\Fichiers communs\\AOL\\1178891134\\ee\\aolsoftware.exe"="C:\\Program Files\\Fichiers communs\\AOL\\1178891134\\ee\\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\\Program Files\\AOL 9.0 VR\\waol.exe"="C:\\Program Files\\AOL 9.0 VR\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Fichiers communs\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"="C:\\Program Files\\Fichiers communs\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Fichiers communs\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Fichiers communs\\AOL\\System Information\\sinf.exe:*:Enabled:AOL System Information"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\jérôme\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=CARON-93FE8C8F3
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\jérôme
LOGONSERVER=\\CARON-93FE8C8F3
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Fichiers communs\Teleca Shared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JRME~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\JRME~1\LOCALS~1\Temp
USERDOMAIN=CARON-93FE8C8F3
USERNAME=jérôme
USERPROFILE=C:\Documents and Settings\jérôme
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
sylvain (admin)
jérôme (admin)
fabrice (admin)
monika.CARON-93FE8C8F3 (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x040c
--> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x040c
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x040c
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MTP_U\Setup.exe" /remove /l0x040c
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_NOMADJUKEBOXTYPE2_U\Setup.exe" /remove /l0x040c
--> "C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x040c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DF9BF77-7E10-4973-965E-3B7013ABEA6D}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DF9BF77-7E10-4973-965E-3B7013ABEA6D}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x40c
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Action Replay Code Manager --> "C:\Program Files\Datel\Action Replay Code Manager\unins000.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.1 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Edition Découverte 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Alcohol Toolbar --> "C:\WINDOWS\Alcohol_Toolbar_Uninstaller_7937.exe" _?=C:\Program Files\Alcohol Toolbar
AlienGUIse Theme Manager --> C:\PROGRA~1\ALIENG~1\thememgr.exe /uninstallwise
Anti-Hacker --> "C:\Program Files\Micro Application\Sécurité Internet\Anti-Hacker\uninstall.exe"
Anti-Virus --> "C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\uninstall.exe"
AOL - Assistant de désinstallation --> C:\Program Files\Fichiers communs\AOL\uninstaller.exe
AOL France --> C:\Program Files\Fichiers communs\aolshare\Aolunins_fr.exe
AOL Toolbar 5.0 --> "C:\Program Files\AOL\AOL Toolbar 5.0\uninstall.exe"
Apple Mobile Device Support --> MsiExec.exe /I{763E8D6C-0098-4FF4-801A-3F311D2D9D80}
Apple Software Update --> MsiExec.exe /I{492724FC-3B26-46B4-824F-3CE2722D9AA0}
Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe
ArcSoft PhotoImpression 6 --> C:\Program Files\InstallShield Installation Information\{E7E01744-E50E-4B93-AD73-AEF0AC65BD88}\setup.exe -runfromtemp -l0x0009 -removeonly
ASIO4ALL --> C:\Program Files\ASIO4ALL v2\uninstall.exe
AudibleManager --> C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
Audio Conversion Wizard 2.0 --> "C:\Program Files\LitexMedia\Audio Conversion Wizard\unins000.exe"
Azureus --> C:\Program Files\Azureus\Uninstall.exe
battlestarTheme --> C:\Documents and Settings\fabrice\Mes documents\UninstTheme.exe "C:\Documents and Settings\fabrice\Mes documents\battlestar.theme"
Command & Conquer Die ersten 10 Jahre --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66D6F3BD-CA23-41A4-9FA3-96B26B32528D}\setup.exe" -l0x7 -removeonly
Correctif Lecteur Windows Media 10 - KB895316 --> "C:\WINDOWS\$NtUninstallKB895316$\spuninst\spuninst.exe"
Correctif pour Lecteur Windows Media 11 (KB939683) --> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif Windows XP - KB834707 -->
Correctif Windows XP - KB873339 -->
Correctif Windows XP - KB883517 --> C:\WINDOWS\$NtUninstallKB883517$\spuninst\spuninst.exe
Correctif Windows XP - KB883529 --> C:\WINDOWS\$NtUninstallKB883529$\spuninst\spuninst.exe
Correctif Windows XP - KB883667 -->
Correctif Windows XP - KB884020 --> C:\WINDOWS\$NtUninstallKB884020$\spuninst\spuninst.exe
Correctif Windows XP - KB884575 --> C:\WINDOWS\$NtUninstallKB884575$\spuninst\spuninst.exe
Correctif Windows XP - KB885222 --> C:\WINDOWS\$NtUninstallKB885222$\spuninst\spuninst.exe
Correctif Windows XP - KB885295 --> C:\WINDOWS\$NtUninstallKB885295$\spuninst\spuninst.exe
Correctif Windows XP - KB885523 --> C:\WINDOWS\$NtUninstallKB885523$\spuninst\spuninst.exe
Correctif Windows XP - KB885835 -->
Correctif Windows XP - KB885836 -->
Correctif Windows XP - KB885894 --> C:\WINDOWS\$NtUninstallKB885894$\spuninst\spuninst.exe
Correctif Windows XP - KB886185 -->
Correctif Windows XP - KB886677 --> C:\WINDOWS\$NtUninstallKB886677$\spuninst\spuninst.exe
Correctif Windows XP - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Correctif Windows XP - KB887742 --> C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Correctif Windows XP - KB887797 --> C:\WINDOWS\$NtUninstallKB887797$\spuninst\spuninst.exe
Correctif Windows XP - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Correctif Windows XP - KB890175 --> C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Correctif Windows XP - KB890831 --> C:\WINDOWS\$NtUninstallKB890831$\spuninst\spuninst.exe
Correctif Windows XP - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Correctif Windows XP - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x40c /remove
Creative System Information --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c /remove
Creative ZEN Vision M Series --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31C44235-A613-4E95-B297-207BF6C6A8C1}\SETUP.EXE" -l0x40c /remove
DameK UltraBlue --> C:\WINDOWS\iun6002.exe "C:\WINDOWS\Resources\Themes\DameK UltraBlue\irunin.ini"
Disc2Phone --> MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
Ecran de veille AOL Photos --> C:\Program Files\Fichiers communs\AOL\Screensaver\uninst_ygpss.exe
EDuke32 1.4.0 beta 2 --> C:\Program Files\Games\DUKE3D\uninst.exe
Empereur : L'Empire du Milieu 1.0.1.0 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{821DABD6-26F2-49E5-AE55-40A589ADBE6D}\Setup.exe" -l0x40c
EPSON Attach To Email --> C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x40c -UnInstall
EPSON Easy Photo Print --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27F650A9-6FAB-41C8-8621-92FF0118B0C4}\SETUP.EXE" -l0x40c UNINST
EPSON File Manager --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x40c UNINST
EPSON Image Clip Palette --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{314F6D08-A8B7-11D8-8446-0050BA1D384D}\Setup.exe" -l0x40c -u
EPSON Logiciel imprimante --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Scan Assistant --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x40c -u
EPSON Web-To-Page --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x40c -anything
ESPRX520 Guide d'utilisation --> C:\Program Files\EPSON\TPMANUAL\ESPRX520\USE_G\DOCUNINS.EXE
FL Studio 7 --> C:\Program Files\Image-Line\FL Studio 7\uninstall.exe
Fx Audio Converter --> C:\PROGRA~1\FXAUDI~1\UNWISE.EXE C:\PROGRA~1\FXAUDI~1\INSTALL.LOG
Gestionnaire de disques amovible Creative --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x40c /remove
Haali Media Splitter --> "C:\Program Files\Matroska Pack\haali\uninstall.exe"
High Definition Audio Driver Package - KB888111 -->
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IL Download Manager --> C:\Program Files\Image-Line\Downloader\uninstall.exe
iTunes --> MsiExec.exe /I{974C05A0-C76C-4724-A9A2-11D5D1355729}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Matroska Pack --> C:\Program Files\Matroska Pack\uninstall.exe
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office PowerPoint Viewer 2007 (French) --> MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour de sécurité pour Lecteur Windows Media (KB911564) --> "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) --> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB929969) --> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB931768) --> "C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB933566) --> "C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB937143) --> "C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB942615) --> "C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB944533) --> "C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB942840) --> "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB946627) --> "C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MultiMedia Software --> C:\Program Files\Video Add-on\uninst.exe
Myst IV - Revelation --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{96F702F3-7CA4-41B5-A70A-4F348DF99A9A}\setup.exe" -l0x40c
Myst V End Of Ages --> C:\Program Files\Ubisoft\Cyan Worlds\Myst V End Of Ages\_uninst\uninstaller.exe
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 2 SE --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Neuf - Kit de connexion --> C:\Program Files\Neuf\Kit\uninstall.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenAL --> "C:\Program Files\OpenAL\oalinst.exe" /U
OpenOffice.org 2.2 --> MsiExec.exe /I{3B7E7EF8-1680-4894-9D35-86BAB9EEB6AC}
PIF DESIGNER --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B90450DF-E781-46FD-B1F1-0C86DA40E443}\SETUP.EXE" -l0x40c anything
PimpFish --> "C:\Program Files\PimpFish\Uninstall.exe" "C:\Program Files\PimpFish\install.log"
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Ramdam Classique --> "C:\WINDOWS\gotouninstall.exe" "C:\Program Files\GOTO.games\Ramdam Classique\GOTOUNINSTALL.INI"
RealPlayer Basic --> C:\Program Files\Fichiers communs\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
RGSS-RTP Standard --> MsiExec.exe /I{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}
Riven --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA52E3D6-E486-4628-9C40-54E1F7583B53}\setup.exe" -l0x7
Réussir son Code de la Route --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6183FB3A-9BF2-405C-B3CD-86154BE2BC95}\SETUP.EXE" -l0x40c -removeonly
Réussir son Code de la Route - 10 Examens Blancs --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F2AF5639-7316-449D-A9F3-E54C11FEF915}\SETUP.EXE" -l0x40c -removeonly
SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F20&SUBSYS_200014F1
Sony Ericsson PC Suite --> MsiExec.exe /I{B56B1487-9A26-4AFD-A1FD-949C40F5F2BC}
SpeedTouch USB Software --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\setup.exe" /l040c -Control_Panel
Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Strip Kittens - Club Alex --> C:\WINDOWS\iun507.exe C:\Documents and Settings\jérôme\Mes documents\Azureus Downloads\Strip Kittens - Sexy Virtuels Girls 3D\Strip Kittens\alex-strip-irunin.ini
UxTheme Multipatcher Fr --> C:\Program Files\UxTheme Multipatcher Fr\uninstall.exe
VideoLAN VLC media player 0.8.6b --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Warzone 2100 --> C:\Program Files\Warzone 2100\uninstall.exe
Windows Live Messenger --> MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinHTTrack Website Copier 3.41-3 --> "C:\Program Files\WinHTTrack\unins000.exe"
ZENcast Organizer --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x40c /remove
-- Application Event Log -------------------------------------------------------
Event Record #/Type2348 / Error
Event Submitted/Written: 03/13/2008 04:47:00 AM
Event ID/Source: 1001 / Application Hang
Event Description:
Détecteur d'erreurs 157118984.
Event Record #/Type2347 / Error
Event Submitted/Written: 03/13/2008 04:46:47 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Application bloquée KAVPF.exe, version 1.7.0.130, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
Event Record #/Type2346 / Error
Event Submitted/Written: 03/13/2008 04:46:37 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Application bloquée KAVPF.exe, version 1.7.0.130, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
Event Record #/Type2332 / Error
Event Submitted/Written: 03/11/2008 07:34:44 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Application bloquée explorer.exe, version 6.0.2900.3156, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
Event Record #/Type2331 / Error
Event Submitted/Written: 03/11/2008 07:34:42 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Application bloquée explorer.exe, version 6.0.2900.3156, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type2446 / Warning
Event Submitted/Written: 03/14/2008 09:45:52 AM
Event ID/Source: 15208 / WPDMTPDriver
Event Description:
MTP Protocol Driver has detected that the device 'Creative Technology Ltd, Creative Zen Vision:M, 1.40.02_0.00.22' cannot accept read-only properties when creating new objects ((27)).
Event Record #/Type2438 / Warning
Event Submitted/Written: 03/14/2008 09:40:42 AM
Event ID/Source: 15208 / WPDMTPDriver
Event Description:
MTP Protocol Driver has detected that the device 'Creative Technology Ltd, Creative Zen Vision:M, 1.40.02_0.00.22' cannot accept read-only properties when creating new objects ((27)).
Event Record #/Type2436 / Warning
Event Submitted/Written: 03/14/2008 09:34:36 AM
Event ID/Source: 15208 / WPDMTPDriver
Event Description:
MTP Protocol Driver has detected that the device 'Creative Technology Ltd, Creative Zen Vision:M, 1.40.02_0.00.22' cannot accept read-only properties when creating new objects ((27)).
Event Record #/Type2379 / Warning
Event Submitted/Written: 03/13/2008 07:13:53 AM
Event ID/Source: 15208 / WPDMTPDriver
Event Description:
MTP Protocol Driver has detected that the device 'Creative Technology Ltd, Creative Zen Vision:M, 1.40.02_0.00.22' cannot accept read-only properties when creating new objects ((27)).
Event Record #/Type2378 / Error
Event Submitted/Written: 03/13/2008 07:13:43 AM
Event ID/Source: 15300 / WPDMTPDriver
Event Description:
MTP WPD Driver has failed to start. Error 0x8007001f.
-- End of Deckard's System Scanner: finished at 2008-03-14 10:10:52 ------------
VundoFix V7.0.1
Scan started at 09:49:41 14/03/2008
Listing files found while scanning....
No infected files were found.
rapport clean
14/03/2008 a 10:02:19,09
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\Fichiers communs\Totem Shared\" FOUND
"C:\Program Files\vg\" FOUND
"C:\Program Files\Viewpoint\" FOUND
voila les rapport dss
le main.txt
Deckard's System Scanner v20071014.68
Run by jérôme on 2008-03-14 10:08:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
25: 2008-03-14 09:09:02 UTC - RP277 - Deckard's System Scanner Restore Point
24: 2008-03-12 03:37:19 UTC - RP276 - Software Distribution Service 3.0
23: 2008-03-11 17:26:12 UTC - RP275 - Point de vérification système
22: 2008-03-10 17:16:58 UTC - RP274 - ComboFix created restore point
21: 2008-03-10 17:01:19 UTC - RP273 - ComboFix created restore point
-- First Restore Point --
1: 2008-03-04 20:01:19 UTC - RP253 - Point de vérification système
Backed up registry hives.
Performed disk cleanup.
Percentage of Memory in Use: 77% (more than 75%).
-- HijackThis (run as jérôme.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:09:55, on 14/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Fichiers communs\AOL\1178891134\ee\AOLSoftware.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\AOL 9.0 VR\waol.exe
C:\Program Files\Micro Application\Sécurité Internet\Anti-Hacker\KAVPF.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AOL 9.0 VR\shellmon.exe
C:\Documents and Settings\jérôme\Mes documents\dss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\jérôme.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PimpFish Toolbar Opcode Handler - {29C88E20-4234-41B9-A9DB-982958C95FB1} - C:\Program Files\PimpFish\PimpFish.dll
O2 - BHO: {3113c068-5ef6-833a-f614-949b1c2a4e06} - {60e4a2c1-b949-416f-a338-6fe5860c3113} - C:\WINDOWS\system32\mlquvnvx.dll (file missing)
O2 - BHO: FloatBar Class - {75B1A646-CDCE-4C06-B52F-84F4463B4FC8} - C:\Program Files\PimpFish\FloatBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: PimpFish - {D593DE91-7B41-45C2-830E-E9A99AB142AA} - C:\Program Files\PimpFish\PimpFish.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1178891134\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kav.exe" /minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccf67066] rundll32.exe "C:\WINDOWS\system32\wormqbqf.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0 VR\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: desktop(2).ini
O4 - Startup: desktop(3)(2).ini
O4 - Startup: desktop(3).ini
O4 - Startup: desktop(4).ini
O4 - Global Startup: Anti-Hacker.lnk = ?
O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL 8.0b\aoltray.exe
O4 - Global Startup: desktop(2)(2)(2).ini
O4 - Global Startup: desktop(2)(2).ini
O4 - Global Startup: desktop(2)(3).ini
O4 - Global Startup: desktop(2).ini
O4 - Global Startup: desktop(3)(2).ini
O4 - Global Startup: desktop(3).ini
O4 - Global Startup: desktop(4).ini
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
O8 - Extra context menu item: PimpFish - Saisir cette image - C:\Program Files\PimpFish\GRABPIC.HTM
O8 - Extra context menu item: PimpFish - Saisir le fichier cible - C:\Program Files\PimpFish\GRABLINK.HTM
O8 - Extra context menu item: PimpFish - Saisir les images auxquelles cette page est reliée - C:\Program Files\PimpFish\GRABPAGELINKS.HTM
O8 - Extra context menu item: PimpFish - Saisir les images sur cette page - C:\Program Files\PimpFish\GRABPAGEPICS.HTM
O8 - Extra context menu item: PimpFish - Saisir les vidéos sur cette page - C:\Program Files\PimpFish\GRABPAGEMOVIES.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O20 - Winlogon Notify: hggedeb - hggedeb.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 9631 bytes
-- File Associations -----------------------------------------------------------
.bat - batfile - DefaultIcon - C:\Program Files\AlienGUIse\Themes\ALXMorph\ALXMorph.icl,65
.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\Program Files\AlienGUIse\Themes\ALXMorph\ALXMorph.icl,55
.txt - txtfile - DefaultIcon - C:\Program Files\AlienGUIse\Themes\ALXMorph\ALXMorph.icl,57
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 Klick - c:\windows\system32\drivers\klick.sys <Not Verified; Kaspersky Labs; Kaspersky Anti-Virus>
R0 Klin - c:\windows\system32\drivers\klin.sys <Not Verified; Kaspersky Labs; Kaspersky Anti-Virus>
R0 Klpf - c:\windows\system32\drivers\klpf.sys <Not Verified; KL; KL klpf>
R0 Klpid - c:\windows\system32\drivers\klpid.sys <Not Verified; KL; KL klpid>
R1 Klmc - c:\windows\system32\drivers\klmc.sys <Not Verified; Kaspersky Lab; Kaspersky Anti-Virus Personal>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft(R) ASPI Shell>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
S3 BRGSp50 (BRGSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\brgsp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 ids0018a - c:\documents and settings\all users\application data\kaspersky anti-virus personal\5.0\bases\ids0018a.sys (file missing)
S3 ids00196 - c:\documents and settings\all users\application data\kaspersky anti-virus personal\5.0\bases\ids00196.sys (file missing)
S3 USBIO (USBIO Driver (usbio.sys)) - c:\windows\system32\drivers\usbio.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver>
S3 ZD1211BU(ZyDAS) (ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)) - c:\windows\system32\drivers\zd1211bu.sys <Not Verified; ZyDAS Technology Corporation; ZD1211B 802.11 b+g USB LAN Adapter>
S3 ZDPSp50 (ZDPSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\zdpsp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\fichiers communs\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 kavsvc - "c:\program files\micro application\sécurité internet\anti-virus\kavsvc.exe" <Not Verified; Kaspersky Lab; Kaspersky Anti-Virus Personal>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Files created between 2008-02-14 and 2008-03-14 -----------------------------
2008-03-14 10:08:11 0 d-------- C:\upload_moi_CARON-93FE8C8F3
2008-03-10 17:11:46 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-10 17:11:46 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-10 17:11:46 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-10 17:11:46 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-09 00:32:55 0 d-------- C:\VundoFix Backups
2008-03-09 00:14:22 0 d-------- C:\Program Files\Trend Micro
2008-03-08 23:19:55 0 d-------- C:\Program Files\RegCleaner
2008-03-08 21:00:34 136627 --a------ C:\WINDOWS\POTA777444.exe
2008-03-05 16:59:20 134 --a------ C:\n.bat
2008-03-05 16:58:31 300 --a------ C:\2488.bat
2008-03-04 20:51:49 0 d-------- C:\Program Files\CONEXANT
2008-03-04 20:51:42 0 d-------- C:\Program Files\Alcohol Toolbar
2008-03-04 20:51:04 0 d-------- C:\Program Files\Fichiers communs\Stardock
2008-03-04 20:50:25 0 d-------- C:\Program Files\DisqudurProtection
2008-03-04 20:50:02 0 d-------- C:\Program Files\jv16 PowerTools 2008
2008-03-04 20:09:44 0 d-------- C:\Documents and Settings\All Users\Application Data\disqudurprotection
2008-03-04 20:09:32 0 d-------- C:\Program Files\Fichiers communs\DisqudurProtection
2008-03-03 15:54:39 0 d-------- C:\Program Files\nvcoi
2008-03-02 10:33:37 8650752 --a------ C:\Documents and Settings\jérôme\ntuser.dat
2008-03-02 10:26:11 300 --a------ C:\9807.bat
2008-03-01 10:52:11 40960 --a------ C:\Documents and Settings\jérôme\f.exe
2008-03-01 10:51:59 300 --a------ C:\8116.bat
2008-03-01 10:51:47 0 d-------- C:\WINDOWS\system32\iDlo18
2008-03-01 10:51:47 0 d-------- C:\Temp
2008-03-01 09:39:55 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2008-02-29 15:24:58 0 d-------- C:\Program Files\Neuf
2008-02-21 08:41:43 0 d-------- C:\Documents and Settings\monika.CARON-93FE8C8F3\Application Data\Mozilla
2008-02-21 08:41:13 0 d-------- C:\Documents and Settings\monika.CARON-93FE8C8F3\Application Data\Adobe
2008-02-21 08:40:34 0 d-------- C:\Documents and Settings\monika.CARON-93FE8C8F3\Application Data\Macromedia
-- Find3M Report ---------------------------------------------------------------
2008-03-14 09:44:23 0 d-------- C:\Documents and Settings\jérôme\Application Data\Azureus
2008-03-10 12:08:09 0 d-------- C:\Program Files\Fichiers communs\Teleca Shared
2008-03-08 21:01:44 0 d-------- C:\Program Files\Windows NT
2008-03-08 18:14:19 0 d-------- C:\Program Files\Image-Line
2008-03-08 16:24:14 0 d-------- C:\Program Files\VirtualDJ
2008-03-08 16:20:13 0 d-------- C:\Program Files\Java
2008-03-08 14:52:44 0 d-------- C:\Program Files\NetBattle
2008-03-04 20:51:25 0 d-------- C:\Program Files\AlienGUIse
2008-03-04 20:09:32 0 d-------- C:\Program Files\Fichiers communs
2008-03-04 18:55:59 0 d-------- C:\Program Files\UBISOFT
2008-03-01 09:44:36 0 d-------- C:\Program Files\LimeWire
2008-02-29 22:31:04 468072 --a------ C:\WINDOWS\system32\perfh00C.dat
2008-02-29 22:31:04 75266 --a------ C:\WINDOWS\system32\perfc00C.dat
2008-02-25 10:11:15 0 d-------- C:\Documents and Settings\jérôme\Application Data\Apple Computer
2008-02-24 09:50:40 0 d-------- C:\Program Files\Bodom-Child - RaBBi
2008-02-24 09:49:39 0 d-------- C:\Program Files\Starcraft
2008-01-28 07:44:01 0 d-------- C:\Program Files\Datel
2008-01-25 19:30:19 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-20 01:45:47 0 d-------- C:\Documents and Settings\jérôme\Application Data\OpenOffice.org2
2007-12-27 13:47:09 286720 --a------ C:\WINDOWS\iun507.exe <Not Verified; Indigo Rose Corporation; Setup Factory 5.0 Uninstaller>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60e4a2c1-b949-416f-a338-6fe5860c3113}]
C:\WINDOWS\system32\mlquvnvx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [27/10/2004 14:21 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMan"="SOUNDMAN.EXE" [02/11/2004 14:53 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [10/12/2004 15:38 C:\WINDOWS\ALCWZRD.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [20/09/2004 13:09]
"nwiz"="nwiz.exe" [20/09/2004 13:09 C:\WINDOWS\system32\nwiz.exe]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [05/09/2003 05:59]
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [21/06/2007 11:01]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [29/06/2007 05:24]
"HostManager"="C:\Program Files\Fichiers communs\AOL\1178891134\ee\AOLSoftware.exe" [17/11/2006 14:16]
"EPSON Stylus Photo RX520 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.exe" [07/04/2005 05:00]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 11:50]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [23/06/2005 20:33]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [05/01/2008 14:24]
"KAVPersonal50"="C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kav.exe" [26/11/2004 13:32]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]
"ccf67066"="C:\WINDOWS\system32\wormqbqf.dll" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [05/08/2004 13:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 17:24]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [12/06/2006 14:32]
"WINSOS VERIFY"="C:\Program Files\Winsos\WINSOS.exe" []
"AOL Fast Start"="C:\Program Files\AOL 9.0 VR\AOL.exe" [21/06/2007 12:44]
C:\Documents and Settings\j‚r“me\Menu D‚marrer\Programmes\D‚marrage\
desktop(2).ini [11/05/2007 13:13:17]
desktop(3)(2).ini [11/05/2007 13:13:17]
desktop(3).ini [11/05/2007 13:13:17]
desktop(4).ini [11/05/2007 13:13:17]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Anti-Hacker.lnk - C:\Program Files\Micro Application\S‚curit‚ Internet\Anti-Hacker\KAVPF.exe [22/04/2005 13:22:07]
AOL 8.0 Ic“ne AOL.lnk - C:\Program Files\AOL 8.0b\aoltray.exe [05/01/2008 14:23:28]
desktop(2)(2)(2).ini [11/05/2007 13:13:17]
desktop(2)(2).ini [11/05/2007 13:13:17]
desktop(2)(3).ini [11/05/2007 13:13:17]
desktop(2).ini [11/05/2007 13:13:17]
desktop(3)(2).ini [11/05/2007 13:13:17]
desktop(3).ini [11/05/2007 13:13:17]
desktop(4).ini [11/05/2007 13:13:17]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggedeb]
hggedeb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 20/12/2001 22:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
-- End of Deckard's System Scanner: finished at 2008-03-14 10:10:52 ------------
et le extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Édition familiale (build 2600) SP 2.0
Architecture: X86; Language: French
CPU 0: Intel(R) Pentium(R) 4 CPU 3.40GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 3.40GHz
Percentage of Memory in Use: 78%
Physical Memory (total/avail): 511.29 MiB / 109.7 MiB
Pagefile Memory (total/avail): 1249.37 MiB / 900.57 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1937.88 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 186.3 GiB total, 47.55 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
L: is Removable (No Media)
\\.\PHYSICALDRIVE0 - WDC WD2000JD-00HBB0 - 186.31 GiB - 1 partition
\PARTITION0 (bootable) - Système de fichiers installable - 186.3 GiB - C:
\\.\PHYSICALDRIVE1 - Generic STORAGE DEVICE USB Device
\\.\PHYSICALDRIVE2 - Generic STORAGE DEVICE USB Device
\\.\PHYSICALDRIVE3 - Generic STORAGE DEVICE USB Device
\\.\PHYSICALDRIVE4 - Generic STORAGE DEVICE USB Device
\\.\PHYSICALDRIVE5 - Generic STORAGE DEVICE USB Device
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
FW: Anti-Hacker v1.7.0.130 (Micro Application)
AV: Anti-Virus v5.0.227 (Kaspersky Labs) Disabled
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Games\\DUKE3D\\eduke32.exe"="C:\\Program Files\\Games\\DUKE3D\\eduke32.exe:*:Enabled:eduke32"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\BitZip\\bitzip.exe"="C:\\Program Files\\BitZip\\bitzip.exe:*:Enabled:bitzip"
"C:\\Program Files\\ZyDAS Technology Corporation\\ZyDAS_802.11g_Utility\\ZDWlan.exe"="C:\\Program Files\\ZyDAS Technology Corporation\\ZyDAS_802.11g_Utility\\ZDWlan.exe:*:Enabled:ZDWLan Utility"
"C:\\Program Files\\Fichiers communs\\AOL\\1178891134\\ee\\aolsoftware.exe"="C:\\Program Files\\Fichiers communs\\AOL\\1178891134\\ee\\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\\Program Files\\AOL 9.0 VR\\waol.exe"="C:\\Program Files\\AOL 9.0 VR\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Fichiers communs\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"="C:\\Program Files\\Fichiers communs\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Fichiers communs\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Fichiers communs\\AOL\\System Information\\sinf.exe:*:Enabled:AOL System Information"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\jérôme\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=CARON-93FE8C8F3
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\jérôme
LOGONSERVER=\\CARON-93FE8C8F3
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Fichiers communs\Teleca Shared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JRME~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\JRME~1\LOCALS~1\Temp
USERDOMAIN=CARON-93FE8C8F3
USERNAME=jérôme
USERPROFILE=C:\Documents and Settings\jérôme
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
sylvain (admin)
jérôme (admin)
fabrice (admin)
monika.CARON-93FE8C8F3 (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x040c
--> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x040c
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x040c
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MTP_U\Setup.exe" /remove /l0x040c
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_NOMADJUKEBOXTYPE2_U\Setup.exe" /remove /l0x040c
--> "C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x040c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DF9BF77-7E10-4973-965E-3B7013ABEA6D}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DF9BF77-7E10-4973-965E-3B7013ABEA6D}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x40c
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Action Replay Code Manager --> "C:\Program Files\Datel\Action Replay Code Manager\unins000.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.1 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Edition Découverte 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Alcohol Toolbar --> "C:\WINDOWS\Alcohol_Toolbar_Uninstaller_7937.exe" _?=C:\Program Files\Alcohol Toolbar
AlienGUIse Theme Manager --> C:\PROGRA~1\ALIENG~1\thememgr.exe /uninstallwise
Anti-Hacker --> "C:\Program Files\Micro Application\Sécurité Internet\Anti-Hacker\uninstall.exe"
Anti-Virus --> "C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\uninstall.exe"
AOL - Assistant de désinstallation --> C:\Program Files\Fichiers communs\AOL\uninstaller.exe
AOL France --> C:\Program Files\Fichiers communs\aolshare\Aolunins_fr.exe
AOL Toolbar 5.0 --> "C:\Program Files\AOL\AOL Toolbar 5.0\uninstall.exe"
Apple Mobile Device Support --> MsiExec.exe /I{763E8D6C-0098-4FF4-801A-3F311D2D9D80}
Apple Software Update --> MsiExec.exe /I{492724FC-3B26-46B4-824F-3CE2722D9AA0}
Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe
ArcSoft PhotoImpression 6 --> C:\Program Files\InstallShield Installation Information\{E7E01744-E50E-4B93-AD73-AEF0AC65BD88}\setup.exe -runfromtemp -l0x0009 -removeonly
ASIO4ALL --> C:\Program Files\ASIO4ALL v2\uninstall.exe
AudibleManager --> C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
Audio Conversion Wizard 2.0 --> "C:\Program Files\LitexMedia\Audio Conversion Wizard\unins000.exe"
Azureus --> C:\Program Files\Azureus\Uninstall.exe
battlestarTheme --> C:\Documents and Settings\fabrice\Mes documents\UninstTheme.exe "C:\Documents and Settings\fabrice\Mes documents\battlestar.theme"
Command & Conquer Die ersten 10 Jahre --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66D6F3BD-CA23-41A4-9FA3-96B26B32528D}\setup.exe" -l0x7 -removeonly
Correctif Lecteur Windows Media 10 - KB895316 --> "C:\WINDOWS\$NtUninstallKB895316$\spuninst\spuninst.exe"
Correctif pour Lecteur Windows Media 11 (KB939683) --> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif Windows XP - KB834707 -->
Correctif Windows XP - KB873339 -->
Correctif Windows XP - KB883517 --> C:\WINDOWS\$NtUninstallKB883517$\spuninst\spuninst.exe
Correctif Windows XP - KB883529 --> C:\WINDOWS\$NtUninstallKB883529$\spuninst\spuninst.exe
Correctif Windows XP - KB883667 -->
Correctif Windows XP - KB884020 --> C:\WINDOWS\$NtUninstallKB884020$\spuninst\spuninst.exe
Correctif Windows XP - KB884575 --> C:\WINDOWS\$NtUninstallKB884575$\spuninst\spuninst.exe
Correctif Windows XP - KB885222 --> C:\WINDOWS\$NtUninstallKB885222$\spuninst\spuninst.exe
Correctif Windows XP - KB885295 --> C:\WINDOWS\$NtUninstallKB885295$\spuninst\spuninst.exe
Correctif Windows XP - KB885523 --> C:\WINDOWS\$NtUninstallKB885523$\spuninst\spuninst.exe
Correctif Windows XP - KB885835 -->
Correctif Windows XP - KB885836 -->
Correctif Windows XP - KB885894 --> C:\WINDOWS\$NtUninstallKB885894$\spuninst\spuninst.exe
Correctif Windows XP - KB886185 -->
Correctif Windows XP - KB886677 --> C:\WINDOWS\$NtUninstallKB886677$\spuninst\spuninst.exe
Correctif Windows XP - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Correctif Windows XP - KB887742 --> C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Correctif Windows XP - KB887797 --> C:\WINDOWS\$NtUninstallKB887797$\spuninst\spuninst.exe
Correctif Windows XP - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Correctif Windows XP - KB890175 --> C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Correctif Windows XP - KB890831 --> C:\WINDOWS\$NtUninstallKB890831$\spuninst\spuninst.exe
Correctif Windows XP - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Correctif Windows XP - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x40c /remove
Creative System Information --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c /remove
Creative ZEN Vision M Series --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31C44235-A613-4E95-B297-207BF6C6A8C1}\SETUP.EXE" -l0x40c /remove
DameK UltraBlue --> C:\WINDOWS\iun6002.exe "C:\WINDOWS\Resources\Themes\DameK UltraBlue\irunin.ini"
Disc2Phone --> MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
Ecran de veille AOL Photos --> C:\Program Files\Fichiers communs\AOL\Screensaver\uninst_ygpss.exe
EDuke32 1.4.0 beta 2 --> C:\Program Files\Games\DUKE3D\uninst.exe
Empereur : L'Empire du Milieu 1.0.1.0 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{821DABD6-26F2-49E5-AE55-40A589ADBE6D}\Setup.exe" -l0x40c
EPSON Attach To Email --> C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x40c -UnInstall
EPSON Easy Photo Print --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27F650A9-6FAB-41C8-8621-92FF0118B0C4}\SETUP.EXE" -l0x40c UNINST
EPSON File Manager --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x40c UNINST
EPSON Image Clip Palette --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{314F6D08-A8B7-11D8-8446-0050BA1D384D}\Setup.exe" -l0x40c -u
EPSON Logiciel imprimante --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Scan Assistant --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x40c -u
EPSON Web-To-Page --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x40c -anything
ESPRX520 Guide d'utilisation --> C:\Program Files\EPSON\TPMANUAL\ESPRX520\USE_G\DOCUNINS.EXE
FL Studio 7 --> C:\Program Files\Image-Line\FL Studio 7\uninstall.exe
Fx Audio Converter --> C:\PROGRA~1\FXAUDI~1\UNWISE.EXE C:\PROGRA~1\FXAUDI~1\INSTALL.LOG
Gestionnaire de disques amovible Creative --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x40c /remove
Haali Media Splitter --> "C:\Program Files\Matroska Pack\haali\uninstall.exe"
High Definition Audio Driver Package - KB888111 -->
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IL Download Manager --> C:\Program Files\Image-Line\Downloader\uninstall.exe
iTunes --> MsiExec.exe /I{974C05A0-C76C-4724-A9A2-11D5D1355729}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Matroska Pack --> C:\Program Files\Matroska Pack\uninstall.exe
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office PowerPoint Viewer 2007 (French) --> MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour de sécurité pour Lecteur Windows Media (KB911564) --> "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) --> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB929969) --> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB931768) --> "C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB933566) --> "C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB937143) --> "C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB942615) --> "C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB944533) --> "C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB942840) --> "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB946627) --> "C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MultiMedia Software --> C:\Program Files\Video Add-on\uninst.exe
Myst IV - Revelation --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{96F702F3-7CA4-41B5-A70A-4F348DF99A9A}\setup.exe" -l0x40c
Myst V End Of Ages --> C:\Program Files\Ubisoft\Cyan Worlds\Myst V End Of Ages\_uninst\uninstaller.exe
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 2 SE --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Neuf - Kit de connexion --> C:\Program Files\Neuf\Kit\uninstall.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenAL --> "C:\Program Files\OpenAL\oalinst.exe" /U
OpenOffice.org 2.2 --> MsiExec.exe /I{3B7E7EF8-1680-4894-9D35-86BAB9EEB6AC}
PIF DESIGNER --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B90450DF-E781-46FD-B1F1-0C86DA40E443}\SETUP.EXE" -l0x40c anything
PimpFish --> "C:\Program Files\PimpFish\Uninstall.exe" "C:\Program Files\PimpFish\install.log"
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Ramdam Classique --> "C:\WINDOWS\gotouninstall.exe" "C:\Program Files\GOTO.games\Ramdam Classique\GOTOUNINSTALL.INI"
RealPlayer Basic --> C:\Program Files\Fichiers communs\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
RGSS-RTP Standard --> MsiExec.exe /I{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}
Riven --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA52E3D6-E486-4628-9C40-54E1F7583B53}\setup.exe" -l0x7
Réussir son Code de la Route --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6183FB3A-9BF2-405C-B3CD-86154BE2BC95}\SETUP.EXE" -l0x40c -removeonly
Réussir son Code de la Route - 10 Examens Blancs --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F2AF5639-7316-449D-A9F3-E54C11FEF915}\SETUP.EXE" -l0x40c -removeonly
SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F20&SUBSYS_200014F1
Sony Ericsson PC Suite --> MsiExec.exe /I{B56B1487-9A26-4AFD-A1FD-949C40F5F2BC}
SpeedTouch USB Software --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\setup.exe" /l040c -Control_Panel
Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Strip Kittens - Club Alex --> C:\WINDOWS\iun507.exe C:\Documents and Settings\jérôme\Mes documents\Azureus Downloads\Strip Kittens - Sexy Virtuels Girls 3D\Strip Kittens\alex-strip-irunin.ini
UxTheme Multipatcher Fr --> C:\Program Files\UxTheme Multipatcher Fr\uninstall.exe
VideoLAN VLC media player 0.8.6b --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Warzone 2100 --> C:\Program Files\Warzone 2100\uninstall.exe
Windows Live Messenger --> MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinHTTrack Website Copier 3.41-3 --> "C:\Program Files\WinHTTrack\unins000.exe"
ZENcast Organizer --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x40c /remove
-- Application Event Log -------------------------------------------------------
Event Record #/Type2348 / Error
Event Submitted/Written: 03/13/2008 04:47:00 AM
Event ID/Source: 1001 / Application Hang
Event Description:
Détecteur d'erreurs 157118984.
Event Record #/Type2347 / Error
Event Submitted/Written: 03/13/2008 04:46:47 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Application bloquée KAVPF.exe, version 1.7.0.130, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
Event Record #/Type2346 / Error
Event Submitted/Written: 03/13/2008 04:46:37 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Application bloquée KAVPF.exe, version 1.7.0.130, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
Event Record #/Type2332 / Error
Event Submitted/Written: 03/11/2008 07:34:44 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Application bloquée explorer.exe, version 6.0.2900.3156, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
Event Record #/Type2331 / Error
Event Submitted/Written: 03/11/2008 07:34:42 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Application bloquée explorer.exe, version 6.0.2900.3156, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type2446 / Warning
Event Submitted/Written: 03/14/2008 09:45:52 AM
Event ID/Source: 15208 / WPDMTPDriver
Event Description:
MTP Protocol Driver has detected that the device 'Creative Technology Ltd, Creative Zen Vision:M, 1.40.02_0.00.22' cannot accept read-only properties when creating new objects ((27)).
Event Record #/Type2438 / Warning
Event Submitted/Written: 03/14/2008 09:40:42 AM
Event ID/Source: 15208 / WPDMTPDriver
Event Description:
MTP Protocol Driver has detected that the device 'Creative Technology Ltd, Creative Zen Vision:M, 1.40.02_0.00.22' cannot accept read-only properties when creating new objects ((27)).
Event Record #/Type2436 / Warning
Event Submitted/Written: 03/14/2008 09:34:36 AM
Event ID/Source: 15208 / WPDMTPDriver
Event Description:
MTP Protocol Driver has detected that the device 'Creative Technology Ltd, Creative Zen Vision:M, 1.40.02_0.00.22' cannot accept read-only properties when creating new objects ((27)).
Event Record #/Type2379 / Warning
Event Submitted/Written: 03/13/2008 07:13:53 AM
Event ID/Source: 15208 / WPDMTPDriver
Event Description:
MTP Protocol Driver has detected that the device 'Creative Technology Ltd, Creative Zen Vision:M, 1.40.02_0.00.22' cannot accept read-only properties when creating new objects ((27)).
Event Record #/Type2378 / Error
Event Submitted/Written: 03/13/2008 07:13:43 AM
Event ID/Source: 15300 / WPDMTPDriver
Event Description:
MTP WPD Driver has failed to start. Error 0x8007001f.
-- End of Deckard's System Scanner: finished at 2008-03-14 10:10:52 ------------
On avance bien :super: mais ce n'est pas encore fini, tu étais plutôt bien infecté(e)
1) As-tu ton CD de windows ?
2) ~Redémarre l'ordinateur en mode sans échec (F8 au démarrage de l'ordinateur)
Aide
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 2 puis patiente.
~Redémarre normalement
Poste le rapport clean qui se trouve en C:\rapport_clean.txt
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumQuestion de math.
- Solutions[Résolu] Question bête: La 3G+ est-elle payante?
- SolutionsQuestion cache l3
- Forum[Question existentielle] Pizzas
- SolutionsQuestion Steam
- SolutionsQuestion sur la mémoire CG
- SolutionsQuestion téléchargement 7 Sur Microsoft store
- SolutionsQuestion processeur et carte graphique new config
- SolutionsQuestion table myslq
- Voir plus
