bonjour à tous,
je crois que je suis encore infecté (xp 2000);
qui peut m'aider ?
merci
voici le rapport d'un scan que je viens de faire :
Malwarebytes' Anti-Malware 1.11
Version de la base de données: 604
Type de recherche: Examen complet (A:\|C:\|D:\|E:\|)
Eléments examinés: 152050
Temps écoulé: 1 hour(s), 13 minute(s), 43 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 16
Clé(s) du Registre infectée(s): 41
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 56
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS.2\system32\byXQJDsQ.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\byXRifgE.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\ddcCSLBr.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\ddcYqrSL.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\fcccbcca.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\fccyYRlm.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\fgyeiyeh.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\jkkJyWMC.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\khfDwwtQ.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\khfGvsrs.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\qoMghhhH.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\schbpuyt.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\tuvUNeef.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\tuvWmKeF.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\yayaYqQg.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\ddcBUkkj.dll (Trojan.Vundo) -> No action taken.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201a5621-38f4-4975-904e-1e15038e8f38} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{201a5621-38f4-4975-904e-1e15038e8f38} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{24ef7d18-eff1-4005-adad-4b68d4c66a30} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{24ef7d18-eff1-4005-adad-4b68d4c66a30} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{439fdc75-9c9f-434d-a466-7a48f289de9c} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{439fdc75-9c9f-434d-a466-7a48f289de9c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51967a8d-f240-496e-ab99-74300e42a093} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{51967a8d-f240-496e-ab99-74300e42a093} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5f250ee2-4e49-418c-8790-b5c409b7e492} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5f250ee2-4e49-418c-8790-b5c409b7e492} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6da5fb25-eeca-4374-b54e-b3cbf63a27bf} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6da5fb25-eeca-4374-b54e-b3cbf63a27bf} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6dcb697a-e36d-42a3-b0cb-f776250055c7} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6dcb697a-e36d-42a3-b0cb-f776250055c7} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6f30152d-5560-4552-bc04-2e338813b511} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6f30152d-5560-4552-bc04-2e338813b511} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{782e6493-c0e1-4db6-a955-33e2afaba886} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{782e6493-c0e1-4db6-a955-33e2afaba886} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8e9b5a18-cf5c-453c-b402-346fc612bc4c} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8e9b5a18-cf5c-453c-b402-346fc612bc4c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94e24d96-6a21-4680-84af-8ce278a55e44} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{94e24d96-6a21-4680-84af-8ce278a55e44} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f2de5dd8-f4a5-4051-bcab-ad2510dd6e4e} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{f2de5dd8-f4a5-4051-bcab-ad2510dd6e4e} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc050245-72a5-488a-afa5-b9215d7b75a2} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{fc050245-72a5-488a-afa5-b9215d7b75a2} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcbukkj (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMcb8d9233 (Trojan.Agent) -> No action taken.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS.2\system32\byXQJDsQ.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\QsDJQXyb.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\QsDJQXyb.ini2 (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\byXRifgE.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\EgfiRXyb.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\EgfiRXyb.ini2 (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\ddcCSLBr.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\rBLSCcdd.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\rBLSCcdd.ini2 (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\ddcYqrSL.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\LSrqYcdd.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\LSrqYcdd.ini2 (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\fcccbcca.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\accbcccf.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\accbcccf.ini2 (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\fccyYRlm.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\mlRYyccf.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\mlRYyccf.ini2 (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\fgyeiyeh.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\heyieygf.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\jkkJyWMC.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\CMWyJkkj.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\CMWyJkkj.ini2 (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\khfDwwtQ.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\QtwwDfhk.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\QtwwDfhk.ini2 (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\khfGvsrs.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\srsvGfhk.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\srsvGfhk.ini2 (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\lnlourvr.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\rvruolnl.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\mtlgfoij.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\jiofgltm.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\qoMghhhH.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\HhhhgMoq.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\HhhhgMoq.ini2 (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\schbpuyt.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\tyupbhcs.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\ssokcbhv.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\vhbckoss.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\tlafrfbh.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\hbfrfalt.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\tuvUNeef.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\feeNUvut.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\feeNUvut.ini2 (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\tuvWmKeF.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\FeKmWvut.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\FeKmWvut.ini2 (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\yayaYqQg.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\gQqYayay.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\gQqYayay.ini2 (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\ddcBUkkj.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0327163.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0327164.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0327165.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS.2\system32\jnvtlqof.dll (Trojan.Agent) -> No action taken.
Salut,
En effet, applique les actions 
Télécharge Hijackthis (de Trend Micro)
Poste un rapport en suivant ce Tuto.
Répondre à XmichouX
bonsoir et merci ,
voilà le rapport hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:20, on 2008-04-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS.2\System32\smss.exe
C:\WINDOWS.2\system32\winlogon.exe
C:\WINDOWS.2\system32\services.exe
C:\WINDOWS.2\system32\lsass.exe
C:\WINDOWS.2\system32\Ati2evxx.exe
C:\WINDOWS.2\system32\svchost.exe
C:\WINDOWS.2\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS.2\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS.2\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS.2\system32\Ati2evxx.exe
C:\WINDOWS.2\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS.2\system32\pctspk.exe
C:\WINDOWS.2\system32\ezSP_Px.exe
C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS.2\system32\atiptaxx.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS.2\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS.2\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {eb821794-d5e5-1b0a-3c44-256ac81d24c9} - {9c42d18c-a652-44c3-a0b1-5e5d497128be} - C:\WINDOWS.2\system32\veblyjku.dll
O2 - BHO: (no name) - {B23457DA-58C8-415E-855E-3F7B56C0540E} - C:\WINDOWS.2\system32\qoMghhhH.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.2\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS.2\System32\NeroCheck.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS.2\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [D-Link Wireless G WUA-1340] C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless G DWA-110] C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [c8bea1af] rundll32.exe "C:\WINDOWS.2\system32\gsgcxtil.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.2\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [EPSON Stylus C40 Series] C:\WINDOWS.2\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE /P23 "EPSON Stylus C40 Series" /O6 "USB001" /M "Stylus C40"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.2\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.2\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.2\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.2\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS.2\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS.2\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.2\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.2\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows.2\system32\nwprovau.dll
O16 - DPF: Interface Chat Voila - http://chat15.x-echo.com/version5/Applet/vchatsign.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.f [...] r_cert.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activ [...] stubie.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/024678 [...] xIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 6201160101
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b32846.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Reg [...] lashax.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.2\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS.2\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Norman NJeeves - Unknown owner - C:\NORMAN\Nvc\BIN\NJEEVES.EXE (file missing)
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Nvc\BIN\Zanda.exe (file missing)
O23 - Service: Norman Virus Control on-access component (nvcoas) - Unknown owner - C:\NORMAN\Nvc\BIN\nvcoas.exe (file missing)
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS.2\system32\pctspk.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 14080 bytes
Re,
Télécharge Combofix (de sUBs) sur ton Bureau. (Tuto)
Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe. (Clique droit->Exécuter en tant qu'administrateur si sous Vista)
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
Le rapport se trouve ici : C:\Combofix.txt
Répondre à XmichouX
voilà je crois que c'est ça mais je suis pas sur car il y en a un autre je le mets à la suite :
ComboFix 08-04-20.2 - Propriétaire 2008-04-20 21:36:15.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.49 [GMT 2:00]
Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Propriétaire\Application Data\macromedia\Flash Player\#SharedObjects\QASFKFJD\iforex.com
C:\Documents and Settings\Propriétaire\Application Data\macromedia\Flash Player\#SharedObjects\QASFKFJD\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Propriétaire\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Propriétaire\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\WINDOWS.2\cookies.ini
C:\WINDOWS.2\pskt.ini
C:\WINDOWS.2\system32\ajjqcucc.dll
C:\WINDOWS.2\system32\aqwfimkt.dll
C:\WINDOWS.2\system32\bhpdhqpo.dll
C:\WINDOWS.2\system32\cblnekfg.dll
C:\WINDOWS.2\system32\cqkyrwyv.dll
C:\WINDOWS.2\system32\csltuqqs.dll
C:\WINDOWS.2\system32\cyexiver.dll
C:\WINDOWS.2\system32\dlopnxuc.dll
C:\WINDOWS.2\system32\egwyrtkd.dll
C:\WINDOWS.2\system32\epgvneuj.dll
C:\WINDOWS.2\system32\exktahpu.dll
C:\WINDOWS.2\system32\fgddifoa.dll
C:\WINDOWS.2\system32\gikcwycd.dll
C:\WINDOWS.2\system32\hbxgjnyq.dll
C:\WINDOWS.2\system32\iggftock.dll
C:\WINDOWS.2\system32\iuhmtobf.dll
C:\WINDOWS.2\system32\iuttomvi.dll
C:\WINDOWS.2\system32\iwqqpsak.ini
C:\WINDOWS.2\system32\iwrofrwo.dll
C:\WINDOWS.2\system32\jxhbpiql.dll
C:\WINDOWS.2\system32\kaekvqud.dll
C:\WINDOWS.2\system32\laxbnmvc.ini
C:\WINDOWS.2\system32\lbyiwahp.dll
C:\WINDOWS.2\system32\liqehldo.dll
C:\WINDOWS.2\system32\mcrh.tmp
C:\WINDOWS.2\system32\mcsfdnts.dll
C:\WINDOWS.2\system32\mihkwgnl.ini
C:\WINDOWS.2\system32\mncaetev.dll
C:\WINDOWS.2\system32\mohmyqsl.dll
C:\WINDOWS.2\system32\msftpsjq.dll
C:\WINDOWS.2\system32\odwqqhlk.dll
C:\WINDOWS.2\system32\ontslymr.dll
C:\WINDOWS.2\system32\phupmews.dll
C:\WINDOWS.2\system32\qepjyosf.dll
C:\WINDOWS.2\system32\qlbdpquc.dll
C:\WINDOWS.2\system32\qqdiarox.dll
C:\WINDOWS.2\system32\rfmsmpkh.dll
C:\WINDOWS.2\system32\rqcebrya.dll
C:\WINDOWS.2\system32\rstllder.dll
C:\WINDOWS.2\system32\rvkrtusy.dll
C:\WINDOWS.2\system32\rysrvunt.dll
C:\WINDOWS.2\system32\stdkhdrh.dll
C:\WINDOWS.2\system32\trxvhkqj.dll
C:\WINDOWS.2\system32\tsbalftw.dll
C:\WINDOWS.2\system32\usdorxhk.dll
C:\WINDOWS.2\system32\veblyjku.dll
C:\WINDOWS.2\system32\vgevgxui.dll
C:\WINDOWS.2\system32\vrkxcssb.dll
C:\WINDOWS.2\system32\vuuphdpv.dll
C:\WINDOWS.2\system32\vwddwsrh.dll
C:\WINDOWS.2\system32\wagvbydd.dll
C:\WINDOWS.2\system32\wedgrxjr.dll
C:\WINDOWS.2\system32\yhgcvmrh.dll
C:\WINDOWS.2\system32\yqgsuqui.dll
.
---- Previous Run -------
.
C:\Documents and Settings\Propriétaire\Application Data\macromedia\Flash Player\#SharedObjects\QASFKFJD\iforex.com
C:\Documents and Settings\Propriétaire\Application Data\macromedia\Flash Player\#SharedObjects\QASFKFJD\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Propriétaire\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Propriétaire\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Program Files\purityscan
C:\WINDOWS.2\BMcb8d9233.xml
C:\WINDOWS.2\cookies.ini
C:\WINDOWS.2\Downloaded Program Files\setup.inf
C:\WINDOWS.2\pskt.ini
C:\WINDOWS.2\system32\acwtanlc.dll
C:\WINDOWS.2\system32\aupcrirj.dll
C:\WINDOWS.2\system32\axyuhpna.dll
C:\WINDOWS.2\system32\aydrbfrr.ini
C:\WINDOWS.2\system32\bblnwbjy.dll
C:\WINDOWS.2\system32\Bdcdefii.ini
C:\WINDOWS.2\system32\Bdcdefii.ini2
C:\WINDOWS.2\system32\bilujhxx.dll
C:\WINDOWS.2\system32\bqlndeka.ini
C:\WINDOWS.2\system32\bxxnvvof.dll
C:\WINDOWS.2\system32\byspkkub.ini
C:\WINDOWS.2\system32\cpccdydj.dll
C:\WINDOWS.2\system32\cqvdyiuw.dll
C:\WINDOWS.2\system32\cugqcqkq.dll
C:\WINDOWS.2\system32\DeeggMoq.ini
C:\WINDOWS.2\system32\DeeggMoq.ini2
C:\WINDOWS.2\system32\dhpalifi.dll
C:\WINDOWS.2\system32\dlqgpwwi.dll
C:\WINDOWS.2\system32\dqhbjule.ini
C:\WINDOWS.2\system32\drivers\downld
C:\WINDOWS.2\system32\eaqaawby.dll
C:\WINDOWS.2\system32\edrvowjq.ini
C:\WINDOWS.2\system32\efrrjcmf.ini
C:\WINDOWS.2\system32\efyqxubp.ini
C:\WINDOWS.2\system32\ehtfuvgi.dll
C:\WINDOWS.2\system32\eogqswkj.dll
C:\WINDOWS.2\system32\fbcvwrbw.ini
C:\WINDOWS.2\system32\fmcjrrfe.dll
C:\WINDOWS.2\system32\fttqukfo.dll
C:\WINDOWS.2\system32\fwcantov.dll
C:\WINDOWS.2\system32\gcpxdxfe.dll
C:\WINDOWS.2\system32\gjQqWvut.ini
C:\WINDOWS.2\system32\gjQqWvut.ini2
C:\WINDOWS.2\system32\glabcepe.dll
C:\WINDOWS.2\system32\gtnnakmj.dll
C:\WINDOWS.2\system32\havnbjay.dll
C:\WINDOWS.2\system32\henottfm.dll
C:\WINDOWS.2\system32\hjfhwktx.dll
C:\WINDOWS.2\system32\hjtqobha.ini
C:\WINDOWS.2\system32\igvufthe.ini
C:\WINDOWS.2\system32\iRAayccf.ini
C:\WINDOWS.2\system32\iRAayccf.ini2
C:\WINDOWS.2\system32\irvfpsmn.dll
C:\WINDOWS.2\system32\ismkvvhv.dll
C:\WINDOWS.2\system32\jbiqioml.dll
C:\WINDOWS.2\system32\jchdflrf.dll
C:\WINDOWS.2\system32\JTDgfMoq.ini
C:\WINDOWS.2\system32\JTDgfMoq.ini2
C:\WINDOWS.2\system32\jvlctpot.dll
C:\WINDOWS.2\system32\keigxtof.ini
C:\WINDOWS.2\system32\kfnawone.dll
C:\WINDOWS.2\system32\KRqtCJjl.ini
C:\WINDOWS.2\system32\KRqtCJjl.ini2
C:\WINDOWS.2\system32\kuyttbcw.dll
C:\WINDOWS.2\system32\lchsedqk.dll
C:\WINDOWS.2\system32\lrkoxdtp.dll
C:\WINDOWS.2\system32\lsesfndq.dll
C:\WINDOWS.2\system32\mcrh.tmp
C:\WINDOWS.2\system32\mfttoneh.ini
C:\WINDOWS.2\system32\mkvbsonk.dll
C:\WINDOWS.2\system32\mwayhetk.dll
C:\WINDOWS.2\system32\mydlggpb.dll
C:\WINDOWS.2\system32\nemyjcad.dll
C:\WINDOWS.2\system32\nhixetbv.ini
C:\WINDOWS.2\system32\nmhirimr.ini
C:\WINDOWS.2\system32\nokjjweb.dll
C:\WINDOWS.2\system32\NopqBJjl.ini
C:\WINDOWS.2\system32\NopqBJjl.ini2
C:\WINDOWS.2\system32\nrkoxtns.dll
C:\WINDOWS.2\system32\nTtuvyxx.ini
C:\WINDOWS.2\system32\nTtuvyxx.ini2
C:\WINDOWS.2\system32\nvbweeip.dll
C:\WINDOWS.2\system32\nvvfptlt.ini
C:\WINDOWS.2\system32\nwmblouh.ini
C:\WINDOWS.2\system32\ofkuqttf.ini
C:\WINDOWS.2\system32\pbuxqyfe.dll
C:\WINDOWS.2\system32\pgjvougy.dll
C:\WINDOWS.2\system32\pjnaggut.ini
C:\WINDOWS.2\system32\PpqsDfhk.ini2
C:\WINDOWS.2\system32\pqtDgfii.ini
C:\WINDOWS.2\system32\pqtDgfii.ini2
C:\WINDOWS.2\system32\psmvrnmd.dll
C:\WINDOWS.2\system32\pwebjyds.dll
C:\WINDOWS.2\system32\qjwovrde.dll
C:\WINDOWS.2\system32\qugmikep.dll
C:\WINDOWS.2\system32\qWGMnnnn.ini
C:\WINDOWS.2\system32\qWGMnnnn.ini2
C:\WINDOWS.2\system32\reaygqyu.ini
C:\WINDOWS.2\system32\regptagf.ini
C:\WINDOWS.2\system32\rmirihmn.dll
C:\WINDOWS.2\system32\romwnjvy.ini
C:\WINDOWS.2\system32\rrbcofwi.dll
C:\WINDOWS.2\system32\rufovuna.dll
C:\WINDOWS.2\system32\RYcJkUvw.ini
C:\WINDOWS.2\system32\RYcJkUvw.ini2
C:\WINDOWS.2\system32\sjrvaxew.dll
C:\WINDOWS.2\system32\srCLRqss.ini
C:\WINDOWS.2\system32\srCLRqss.ini2
C:\WINDOWS.2\system32\srfyhogt.dll
C:\WINDOWS.2\system32\srmcrmuj.dll
C:\WINDOWS.2\system32\suFLRqss.ini
C:\WINDOWS.2\system32\suFLRqss.ini2
C:\WINDOWS.2\system32\tfaoxutn.ini
C:\WINDOWS.2\system32\tgohyfrs.ini
C:\WINDOWS.2\system32\tnfgfcwn.ini
C:\WINDOWS.2\system32\ttocmfoa.dll
C:\WINDOWS.2\system32\tugganjp.dll
C:\WINDOWS.2\system32\twxEgfii.ini2
C:\WINDOWS.2\system32\uashqusk.dll
C:\WINDOWS.2\system32\uavxrgxr.dll
C:\WINDOWS.2\system32\UCdfPqss.ini2
C:\WINDOWS.2\system32\uyqgyaer.dll
C:\WINDOWS.2\system32\vbwjysug.ini
C:\WINDOWS.2\system32\vCKTAcfe.ini2
C:\WINDOWS.2\system32\vfthuony.dll
C:\WINDOWS.2\system32\viwkknyn.ini
C:\WINDOWS.2\system32\vjnamsae.dll
C:\WINDOWS.2\system32\WaGhQXbc.ini
C:\WINDOWS.2\system32\WaGhQXbc.ini2
C:\WINDOWS.2\system32\wcbttyuk.ini
C:\WINDOWS.2\system32\wpkchecq.dll
C:\WINDOWS.2\system32\wwskoadq.dll
C:\WINDOWS.2\system32\xayacccf.ini2
C:\WINDOWS.2\system32\xHOWayay.ini
C:\WINDOWS.2\system32\xHOWayay.ini2
C:\WINDOWS.2\system32\xhwweptj.dll
C:\WINDOWS.2\system32\xidmhjqb.dll
C:\WINDOWS.2\system32\xmkxhcbr.ini
C:\WINDOWS.2\system32\xoeylxxp.ini
C:\WINDOWS.2\system32\xrwvqmha.dll
C:\WINDOWS.2\system32\ybbefMoq.ini
C:\WINDOWS.2\system32\ybbefMoq.ini2
C:\WINDOWS.2\system32\yrfypbtn.dll
C:\WINDOWS.2\system32\yulaiubl.dll
C:\WINDOWS.2\system32\yvjnwmor.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NwSapAgent
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-20 to 2008-04-20 ))))))))))))))))))))))))))))))))))))
.
2008-04-20 15:06 . 2008-04-20 15:06 <REP> d-------- C:\Documents and Settings\florent\Application Data\Malwarebytes
2008-04-19 16:55 . 2008-04-19 20:19 1,540,969 ---hs---- C:\WINDOWS.2\system32\dsomdcqe.ini
2008-04-19 13:40 . 2008-04-19 16:55 1,540,737 ---hs---- C:\WINDOWS.2\system32\bddlxtbx.ini
2008-04-18 16:32 . 2008-04-18 16:34 <REP> d-------- C:\Program Files\Panda Security
2008-04-17 18:41 . 2008-04-18 19:38 1,542,465 ---hs---- C:\WINDOWS.2\system32\tcuwfukm.ini
2008-04-17 13:10 . 2008-04-17 16:18 1,528,970 ---hs---- C:\WINDOWS.2\system32\vsearrdr.ini
2008-04-17 03:21 . 2008-04-17 13:09 1,524,476 ---hs---- C:\WINDOWS.2\system32\siyqchrs.ini
2008-04-17 03:12 . 2008-04-17 03:12 1,524,184 ---hs---- C:\WINDOWS.2\system32\bjukkjrt.ini
2008-04-17 00:24 . 2008-04-17 00:24 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Martau
2008-04-17 00:23 . 2008-04-17 00:23 <REP> d-------- C:\Program Files\Total Uninstall 4
2008-04-16 21:30 . 2008-04-16 21:30 <REP> d-------- C:\Program Files\AxBx
2008-04-16 21:07 . 2008-04-17 01:24 1,524,708 ---hs---- C:\WINDOWS.2\system32\aducujlo.ini
2008-04-16 14:01 . 2008-04-16 16:49 1,557,971 ---hs---- C:\WINDOWS.2\system32\bpgctnuw.ini
2008-04-16 00:55 . 2008-04-17 03:14 56 --a------ C:\WINDOWS.2\yesmessenger.ini
2008-04-16 00:54 . 2007-11-26 13:46 316 --a------ C:\WINDOWS.2\yes_messenger.ini
2008-04-16 00:53 . 2008-04-16 00:54 <REP> d-------- C:\Program Files\YesMessenger
2008-04-16 00:29 . 2008-04-16 00:55 1,603,177 ---hs---- C:\WINDOWS.2\system32\tvhngnev.ini
2008-04-15 19:56 . 2008-04-16 00:16 1,600,661 ---hs---- C:\WINDOWS.2\system32\bhggalxp.ini
2008-04-15 18:31 . 2008-04-15 19:53 1,600,429 ---hs---- C:\WINDOWS.2\system32\rpqxvjmq.ini
2008-04-13 23:03 . 2008-04-13 23:03 315,808 --a------ C:\WINDOWS.2\system32\tuvWqQjg.dll
2008-04-11 20:08 . 2008-04-11 20:21 1,374 --a------ C:\WINDOWS.2\imsins.BAK
2008-04-11 16:07 . 2008-04-20 14:39 109,107 --a------ C:\WINDOWS.2\BMcb8d9233.xml
2008-04-11 03:25 . 2008-04-11 03:26 <REP> d-------- C:\ComboFix[1]
2008-04-11 02:53 . 2008-04-11 02:53 315,600 --a------ C:\WINDOWS.2\system32\ljJBqpoN.dll
2008-04-11 01:47 . 2008-04-11 01:47 <REP> d-------- C:\_OTMoveIt
2008-04-11 01:34 . 2008-04-11 01:34 315,600 --a------ C:\WINDOWS.2\system32\yayaWOHx.dll
2008-04-10 23:56 . 2008-04-10 23:56 315,600 --a------ C:\WINDOWS.2\system32\nnnnMGWq.dll
2008-04-10 01:45 . 2008-04-10 01:45 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-10 01:45 . 2008-04-10 01:45 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Malwarebytes
2008-04-09 00:46 . 2008-04-09 00:46 <REP> d-------- C:\Program Files\Trend Micro
2008-04-08 20:14 . 2008-04-08 20:14 <REP> d-------- C:\Program Files\jv16 PowerTools 2008
2008-04-08 20:14 . 2008-04-08 20:14 23 --a------ C:\WINDOWS.2\system32\ebddbd6_z.ocx
2008-04-08 20:14 . 2008-04-08 20:14 23 --ahs---- C:\WINDOWS.2\system32\acbffdbdd_z.dll
2008-04-08 18:29 . 2008-04-16 21:26 <REP> d-------- C:\Program Files\Registry Easy
2008-04-08 17:03 . 2008-04-08 17:03 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Grisoft
2008-04-08 13:04 . 2008-04-08 13:10 594,503 --a------ C:\318304_FRA_i386_zip8avril.exe
2008-04-08 13:00 . 2008-04-01 17:48 509,832 --a------ C:\WindowsXP-KB939780-v2-x86-FRA.exe
2008-04-08 00:08 . 2008-04-08 00:08 8,161,400 --a------ C:\Windows-KB890830-V1.39.exe
2008-04-07 22:47 . 2008-04-07 22:47 <REP> d-------- C:\Program Files\Uniblue
2008-04-06 21:52 . 2008-04-06 21:52 3,097 --a------ C:\WINDOWS.2\system32\spupdsvc.inf
2008-04-06 21:49 . 2004-08-19 16:10 848,384 --------- C:\WINDOWS.2\system32\ir41_32.ax
2008-04-06 21:49 . 2004-08-19 16:09 755,200 --------- C:\WINDOWS.2\system32\ir50_32.dll
2008-04-06 21:49 . 2004-08-19 16:09 338,432 --------- C:\WINDOWS.2\system32\ir41_qcx.dll
2008-04-06 21:49 . 2004-08-19 16:09 200,192 --------- C:\WINDOWS.2\system32\ir50_qc.dll
2008-04-06 21:49 . 2004-08-19 16:10 199,680 --------- C:\WINDOWS.2\system32\iac25_32.ax
2008-04-06 21:49 . 2004-08-19 16:09 183,808 --------- C:\WINDOWS.2\system32\ir50_qcx.dll
2008-04-06 21:49 . 2004-08-19 16:09 120,320 --------- C:\WINDOWS.2\system32\ir41_qc.dll
2008-04-06 21:47 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS.2\000001_.tmp
2008-04-06 15:41 . 2008-04-06 15:41 <REP> d-------- C:\Program Files\CCleaner
2008-04-04 21:29 . 2008-04-04 21:29 12,236 --a------ C:\WINDOWS.2\system32\cbXRLeBq.dll
2008-04-04 20:43 . 2008-04-04 20:43 <REP> d-------- C:\Program Files\Unlocker
2008-04-04 19:08 . 2008-04-04 19:08 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-04 05:33 . 2008-04-04 05:33 <REP> d-------- C:\lj281
2008-04-04 00:36 . 2008-04-04 00:36 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Kaspersky Lab Setup Files
2008-04-03 21:26 . 2008-04-04 00:38 <REP> d-------- C:\Program Files\Defenza
2008-04-03 21:26 . 1996-08-20 21:37 15,840 --a------ C:\WINDOWS.2\system32\Machnm1.exe
2008-04-03 21:26 . 2005-09-25 17:37 5,632 --a------ C:\WINDOWS.2\system32\Machnm64.sys
2008-04-03 21:26 . 2008-04-03 21:26 3,120 --a------ C:\WINDOWS.2\system32\118290.54
2008-04-03 21:26 . 2008-04-03 21:26 3,120 --a------ C:\WINDOWS.2\118294.78
2008-04-03 21:26 . 2003-08-13 01:27 2,304 --a------ C:\WINDOWS.2\system32\Machnm32.sys
2008-04-03 21:18 . 2008-04-09 12:52 664 --a------ C:\WINDOWS.2\system32\d3d9caps.dat
2008-04-03 04:36 . 2008-04-03 04:36 54,156 --ah----- C:\WINDOWS.2\QTFont.qfn
2008-04-03 04:36 . 2008-04-03 04:36 1,409 --a------ C:\WINDOWS.2\QTFont.for
2008-04-03 03:23 . 2008-04-03 20:42 <REP> d-------- C:\Program Files\iGraal
2008-04-02 23:46 . 2008-04-04 18:41 <REP> d-------- C:\Program Files\RegCleaner
2008-04-02 13:59 . 2008-04-03 17:34 <REP> d-------- C:\WINDOWS.2\BDOSCAN8
2008-04-01 00:46 . 2008-04-01 00:46 <REP> d-------- C:\Documents and Settings\Propriétaire
2008-04-01 00:46 . <REP> C:\Documents and Settings\PropriÚtaire\Bureau
2008-04-01 00:46 . <REP> C:\Documents and Settings\PropriÚtaire\Bureau
2008-04-01 00:46 . 2005-08-22 14:41 316,416 --a------ C:\vx2cleaner.dlx
2008-04-01 00:46 . 2005-08-22 14:41 29,636 --a------ C:\vx2cleaner.chm
2008-04-01 00:42 . 2008-04-01 00:42 <REP> d-------- C:\Program Files\Lavasoft
2008-03-28 23:02 . 2001-08-02 18:36 151,552 -ra------ C:\WINDOWS.2\system32\ptsetup.dll
2008-03-28 23:02 . 2001-08-02 18:36 122,880 -ra------ C:\WINDOWS.2\system32\ptuninst.exe
2008-03-28 22:59 . 2001-08-17 16:31 117,503 --a------ C:\WINDOWS.2\system32\drivers\ptserial.sys
2008-03-28 22:38 . 2008-03-28 22:38 <REP> d-------- C:\Program Files\VIA
2008-03-28 22:38 . 2005-04-13 16:54 331,184 --------- C:\WINDOWS.2\system32\difxapi.dll
2008-03-28 22:36 . 2008-03-28 22:36 524,288 --a------ C:\via_pata_sata_+ide_v160a(20061101140444).zip
2008-03-28 22:11 . 2006-10-17 21:22 9,216 --a------ C:\WINDOWS.2\system32\drivers\videX32.sys
2008-03-28 21:17 . 2006-05-03 12:57 520,192 --------- C:\WINDOWS.2\system32\ati2sgag.exe
2008-03-28 21:13 . 2008-03-28 21:13 <REP> d-------- C:\ATI
2008-03-28 21:03 . 2008-03-28 21:03 199,066 --a------ C:\6A6LMM45.ZIP
2008-03-26 18:26 . 2008-03-26 18:27 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS.2\Application Data\MGS
2008-03-26 18:24 . 2008-03-26 18:24 <REP> d-------- C:\WINDOWS.2\system32\FlashAX
2008-03-25 02:40 . 2008-03-25 03:30 <REP> d-------- C:\Program Files\Call of Duty Single Player Demo
2008-03-24 15:58 . 2005-05-26 16:34 2,297,552 --a------ C:\WINDOWS.2\system32\d3dx9_26.dll
2008-03-24 15:56 . 2008-03-24 15:56 <REP> d-------- C:\Program Files\JoWooD
2008-03-24 03:20 . 2008-03-24 03:23 <REP> d-------- C:\Program Files\AMD
2008-03-24 03:19 . 2006-06-07 15:15 29,696 --a------ C:\WINDOWS.2\system32\drivers\AmdTools.sys
2008-03-24 03:14 . 2008-04-06 15:48 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-24 03:11 . 2008-03-24 03:11 <REP> d-------- C:\Program Files\AMDAGP
2008-03-24 02:59 . 2008-03-24 02:59 <REP> d-------- C:\Program Files\DIFX
2008-03-24 02:40 . 2008-03-24 02:40 23,600 --a------ C:\WINDOWS.2\system32\drivers\TVICHW32.SYS
2008-03-23 19:02 . 2008-04-20 21:52 13 --a------ C:\WINDOWS.2\system32\ANIWZCSUSERNAME{8D3DF001-96B2-4957-BF8A-EE4A008AA0B6}
2008-03-23 02:54 . 2008-03-23 02:54 <REP> d-------- C:\Program Files\Barb Sect Mapi
2008-03-23 01:15 . 2008-03-23 01:15 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Downloaded Installations
2008-03-23 01:14 . 2006-10-04 16:06 1,197,294 -----c--- C:\WINDOWS.2\system32\dllcache\sysmain.sdb
2008-03-23 01:14 . 2006-10-04 16:06 764,868 -----c--- C:\WINDOWS.2\system32\dllcache\apph_sp.sdb
2008-03-23 01:14 . 2006-10-04 16:06 217,118 -----c--- C:\WINDOWS.2\system32\dllcache\apphelp.sdb
2008-03-23 01:12 . 2008-03-23 01:12 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-03-23 01:09 . 2008-03-23 01:09 <REP> d-------- C:\WINDOWS.2\system32\LogFiles
2008-03-23 01:09 . 2008-03-23 01:11 <REP> d-------- C:\WINDOWS.2\system32\drivers\UMDF
2008-03-23 00:58 . 2008-03-23 11:43 <REP> d-------- C:\Documents and Settings\florent\Contacts
2008-03-23 00:21 . 2008-03-23 00:21 <REP> d-------- C:\Documents and Settings\florent\Application Data\Barb Sect Mapi
2008-03-23 00:21 . 2008-03-23 02:54 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Mapi Meta Book Bits
2008-03-22 21:39 . 2008-03-22 21:39 1,180,160 --a------ C:\WINDOWS.2\system32\crashlog.tar
2008-03-22 19:47 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS.2\system32\mucltui.dll
2008-03-22 19:47 . 2007-07-30 20:19 207,736 --a------ C:\WINDOWS.2\system32\muweb.dll
2008-03-22 19:47 . 2007-07-30 20:18 30,072 --a------ C:\WINDOWS.2\system32\mucltui.dll.mui
2008-03-22 19:38 . 2008-03-22 19:38 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-22 19:36 . 2008-03-22 19:40 <REP> d-------- C:\Program Files\Windows Live
2008-03-22 19:35 . 2008-03-22 19:35 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS.2\Application Data\WLInstaller
2008-03-22 19:07 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS.2\system32\dllcache\ieframe.dll
2008-03-22 19:07 . 2007-07-01 05:31 2,455,488 -----c--- C:\WINDOWS.2\system32\dllcache\ieapfltr.dat
2008-03-22 19:07 . 2007-07-01 05:36 1,048,576 -----c--- C:\WINDOWS.2\system32\dllcache\ieframe.dll.mui
2008-03-22 19:07 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS.2\system32\dllcache\msfeeds.dll
2008-03-22 19:07 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS.2\system32\dllcache\ieapfltr.dll
2008-03-22 19:07 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS.2\system32\dllcache\iertutil.dll
2008-03-22 19:07 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS.2\system32\dllcache\icardie.dll
2008-03-22 19:07 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS.2\system32\dllcache\msfeedsbs.dll
2008-03-22 19:07 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS.2\system32\dllcache\ieudinit.exe
2008-03-22 19:05 . 2008-03-22 19:11 <REP> d-------- C:\WINDOWS.2\system32\fr-fr
2008-03-22 18:33 . 2008-03-22 18:33 <REP> d-------- C:\Program Files\MSXML 4.0
2008-03-22 18:11 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS.2\system32\dllcache\rpcrt4.dll
2008-03-22 17:55 . 2007-07-30 20:19 38,232 --a------ C:\WINDOWS.2\system32\wucltui.dll.mui
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-20 17:54 --------- d-----w C:\Program Files\eMule
2008-04-18 10:32 428 ----a-w C:\WINDOWS.2\system32\drivers\fwdrv.err
2008-04-16 22:29 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-04-16 22:29 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Symantec
2008-04-13 16:20 --------- d-----w C:\Program Files\OpenOffice.org1.1.3
2008-04-09 23:44 --------- d-----w C:\Program Files\Common Files
2008-04-04 19:05 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Spybot - Search & Destroy
2008-04-03 22:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-03 21:45 --------- d-----w C:\Program Files\InterActual
2008-04-03 19:25 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-04-01 00:30 262,144 ----a-w C:\ntuser.dat
2008-03-28 21:54 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-23 12:16 --------- d-----w C:\Program Files\Norton AntiVirus
2008-03-23 11:29 --------- d-----w C:\Program Files\eFax Messenger Plus 3.2
2008-03-23 10:30 --------- d-----w C:\Program Files\ClockSync
2008-03-23 10:10 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Morefirstproxyloud
2008-03-22 23:22 --------- d-----w C:\Program Files\Yahoo!
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS.2\system32\win32k.sys
2008-03-03 20:46 --------- d-----w C:\Program Files\Fichiers communs\FotoWire
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS.2\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS.2\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS.2\system32\dnsrslvr.dll
.
((((((((((((((((((((((((((((( snapshot_2008-04-14_18.28.14.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-14 16:09:56 2,048 --s-a-w C:\WINDOWS.2\bootstat.dat
+ 2008-04-20 19:47:19 2,048 --s-a-w C:\WINDOWS.2\bootstat.dat
+ 2008-03-25 16:13:04 124,208 ----a-w C:\WINDOWS.2\Downloaded Program Files\as2stubie.dll
+ 2007-07-18 11:49:56 12,592 ----a-w C:\WINDOWS.2\Downloaded Program Files\libcomm.dll
+ 2008-04-20 19:47:35 16,384 ----atw C:\WINDOWS.2\Temp\Perflib_Perfdata_648.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B23457DA-58C8-415E-855E-3F7B56C0540E}]
C:\WINDOWS.2\system32\qoMghhhH.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS.2\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [ ]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-25 01:20 401491]
"EPSON Stylus C40 Series"="C:\WINDOWS.2\System32\spool\DRIVERS\W32X86\3\E_A10IC2.exe" [2001-10-04 03:01 69632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-08-03 00:34 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 03:36 36975]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]
"PCTVOICE"="pctspk.exe" [2001-08-02 18:37 155648 C:\WINDOWS.2\system32\pctspk.exe]
"NeroFilterCheck"="C:\WINDOWS.2\system32\NeroCheck.exe" [2001-08-06 20:03 155648]
"NeroCheck"="C:\WINDOWS.2\System32\NeroCheck.exe" [2001-08-06 20:03 155648]
"HydarVisionDesktopManager"="" []
"ezShieldProtector for Px"="C:\WINDOWS.2\system32\ezSP_Px.exe" [2002-08-20 10:29 40960]
"D-Link Wireless G WUA-1340"="C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe" [2007-08-27 17:25 1662976]
"D-Link D-Link Wireless G DWA-110"="C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe" [2007-05-04 11:26 1662976]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2003-11-10 15:30 70816]
"AtiPTA"="atiptaxx.exe" [2001-09-14 19:15 245760 C:\WINDOWS.2\system32\atiptaxx.exe]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 12:49 49152]
"Motive SmartBridge"="C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe" [2005-02-24 15:01 397312]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-01-04 23:53 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 17:24 278528]
"RegistryMechanic"="" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS.2\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
"Zone Alarm"="vsmon.exe" []
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.2^Menu Démarrer^Programmes^Démarrage^Activer l'ensemble clavier et souris sans fil Labtec.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.2\Menu Démarrer\Programmes\Démarrage\Activer l'ensemble clavier et souris sans fil Labtec.lnk
backup=C:\WINDOWS.2\pss\Activer l'ensemble clavier et souris sans fil Labtec.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.2^Menu Démarrer^Programmes^Démarrage^eFax Menu Temps Réel 3.2.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.2\Menu Démarrer\Programmes\Démarrage\eFax Menu Temps Réel 3.2.lnk
backup=C:\WINDOWS.2\pss\eFax Menu Temps Réel 3.2.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.2^Menu Démarrer^Programmes^Démarrage^eFax Tray Menu 3.2.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.2\Menu Démarrer\Programmes\Démarrage\eFax Tray Menu 3.2.lnk
backup=C:\WINDOWS.2\pss\eFax Tray Menu 3.2.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.2^Menu Démarrer^Programmes^Démarrage^EPSON Status Monitor 3 Environment Check 2.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.2\Menu Démarrer\Programmes\Démarrage\EPSON Status Monitor 3 Environment Check 2.lnk
backup=C:\WINDOWS.2\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.2^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.2\Menu Démarrer\Programmes\Démarrage\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS.2\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.2^Menu Démarrer^Programmes^Démarrage^Mon Assistant Internet.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.2\Menu Démarrer\Programmes\Démarrage\Mon Assistant Internet.lnk
backup=C:\WINDOWS.2\pss\Mon Assistant Internet.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^dBpowerAMP.lnk]
path=C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\dBpowerAMP.lnk
backup=C:\WINDOWS.2\pss\dBpowerAMP.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 1.1.3.lnk]
path=C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 1.1.3.lnk
backup=C:\WINDOWS.2\pss\OpenOffice.org 1.1.3.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^YesMessenger.lnk]
path=C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\YesMessenger.lnk
backup=C:\WINDOWS.2\pss\YesMessenger.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\Program Files]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\Program Files\Communaute]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\Program Files\Communaute\Affection]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\Program Files\Communaute\Affection\allo.exe]
--a------ 2005-03-28 09:25 2373120 C:\Program Files\Communaute\Affection\allo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\Program Files\Gnetwork]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\Program Files\Gnetwork\P2P]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\Program Files\Gnetwork\P2P\wincg.exe]
--a------ 2005-03-28 09:26 2267648 C:\Program Files\Gnetwork\P2P\wincg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryBooster 2 d’Uniblue ]
--a------ 2007-11-21 17:07 1902592 C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryEasy.exe]
--a------ 2008-02-21 15:18 4057088 C:\Program Files\Registry Easy\RegistryEasy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2005-12-09 08:30 35328 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17564:TCP"= 17564:TCP:NortonAV
"12355:TCP"= 12355:TCP:NortonAV
"14038:TCP"= 14038:TCP:NortonAV
"17709:TCP"= 17709:TCP:NortonAV
"14384:TCP"= 14384:TCP:NortonAV
"14831:TCP"= 14831:TCP:NortonAV
R0 videX32;videX32;C:\WINDOWS.2\system32\DRIVERS\videX32.sys [2006-10-17 21:22]
R1 aswSP;avast! Self Protection;C:\WINDOWS.2\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 fwdrv;Firewall Driver;C:\WINDOWS.2\system32\drivers\fwdrv.sys [2004-09-01 14:08]
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS.2\system32\drivers\kbfilter.sys [2003-03-27 13:55]
R1 moufiltr;Mouse Filter Driver;C:\WINDOWS.2\system32\drivers\moufiltr.sys [2003-01-23 14:29]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS.2\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 CINEMSUP;Software Cinemaster NT4.0 Driver;C:\WINDOWS.2\system32\DRIVERS\CINEMSUP.SYS [1999-09-20 11:05]
R3 amdtools;AMD Special Tools Driver;C:\WINDOWS.2\system32\DRIVERS\amdtools.sys [2006-06-07 15:15]
S2 Ndiskio;Ndiskio;C:\NORMAN\Nvc\NSE\NDISKIO.SYS []
S2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS.2\system32\pctspk.exe [2001-08-02 18:37]
S3 ATICDSDr;ATICDSDr;C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\ATICDSDr.sys []
S3 nvcfsr;nvcfsr;C:\NORMAN\Nvc\BIN\nvcfsr.sys []
S3 nvcoafl51;nvcoafl51;C:\NORMAN\Nvc\BIN\nvcoafl51.sys []
S3 nvcoaft51;nvcoaft51;C:\NORMAN\Nvc\BIN\nvcoaft51.sys []
S3 nvcoarc51;nvcoarc51;C:\NORMAN\Nvc\BIN\nvcoarc51.sys []
S3 nvcoas;Norman Virus Control on-access component;C:\NORMAN\Nvc\BIN\nvcoas.exe []
S3 NVCScheduler;Norman Virus Control Scheduler;C:\NORMAN\Nvc\BIN\NVCSCHED.EXE []
S3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS.2\system32\DRIVERS\ptserlp.sys [2001-08-17 22:28]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-20 20:00:00 C:\WINDOWS.2\Tasks\ABC00328918BBFC0.job"
- c:\docume~1\florent\applic~1\barbse~1\site wipe coal.exe
"2008-04-18 14:00:13 C:\WINDOWS.2\Tasks\{7D2635DE-C3C6-4B06-AD2C-509DA8E37C90}_TRISTANI-GRJVPJ_Propriétaire.job"
ComboFix 08-04-20.2 - Propriétaire 2008-04-20 21:36:15.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.49 [GMT 2:00]
Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Propriétaire\Application Data\macromedia\Flash Player\#SharedObjects\QASFKFJD\iforex.com
C:\Documents and Settings\Propriétaire\Application Data\macromedia\Flash Player\#SharedObjects\QASFKFJD\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Propriétaire\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Propriétaire\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\WINDOWS.2\cookies.ini
C:\WINDOWS.2\pskt.ini
C:\WINDOWS.2\system32\ajjqcucc.dll
C:\WINDOWS.2\system32\aqwfimkt.dll
C:\WINDOWS.2\system32\bhpdhqpo.dll
C:\WINDOWS.2\system32\cblnekfg.dll
C:\WINDOWS.2\system32\cqkyrwyv.dll
C:\WINDOWS.2\system32\csltuqqs.dll
C:\WINDOWS.2\system32\cyexiver.dll
C:\WINDOWS.2\system32\dlopnxuc.dll
C:\WINDOWS.2\system32\egwyrtkd.dll
C:\WINDOWS.2\system32\epgvneuj.dll
C:\WINDOWS.2\system32\exktahpu.dll
C:\WINDOWS.2\system32\fgddifoa.dll
C:\WINDOWS.2\system32\gikcwycd.dll
C:\WINDOWS.2\system32\hbxgjnyq.dll
C:\WINDOWS.2\system32\iggftock.dll
C:\WINDOWS.2\system32\iuhmtobf.dll
C:\WINDOWS.2\system32\iuttomvi.dll
C:\WINDOWS.2\system32\iwqqpsak.ini
C:\WINDOWS.2\system32\iwrofrwo.dll
C:\WINDOWS.2\system32\jxhbpiql.dll
C:\WINDOWS.2\system32\kaekvqud.dll
C:\WINDOWS.2\system32\laxbnmvc.ini
C:\WINDOWS.2\system32\lbyiwahp.dll
C:\WINDOWS.2\system32\liqehldo.dll
C:\WINDOWS.2\system32\mcrh.tmp
C:\WINDOWS.2\system32\mcsfdnts.dll
C:\WINDOWS.2\system32\mihkwgnl.ini
C:\WINDOWS.2\system32\mncaetev.dll
C:\WINDOWS.2\system32\mohmyqsl.dll
C:\WINDOWS.2\system32\msftpsjq.dll
C:\WINDOWS.2\system32\odwqqhlk.dll
C:\WINDOWS.2\system32\ontslymr.dll
C:\WINDOWS.2\system32\phupmews.dll
C:\WINDOWS.2\system32\qepjyosf.dll
C:\WINDOWS.2\system32\qlbdpquc.dll
C:\WINDOWS.2\system32\qqdiarox.dll
C:\WINDOWS.2\system32\rfmsmpkh.dll
C:\WINDOWS.2\system32\rqcebrya.dll
C:\WINDOWS.2\system32\rstllder.dll
C:\WINDOWS.2\system32\rvkrtusy.dll
C:\WINDOWS.2\system32\rysrvunt.dll
C:\WINDOWS.2\system32\stdkhdrh.dll
C:\WINDOWS.2\system32\trxvhkqj.dll
C:\WINDOWS.2\system32\tsbalftw.dll
C:\WINDOWS.2\system32\usdorxhk.dll
C:\WINDOWS.2\system32\veblyjku.dll
C:\WINDOWS.2\system32\vgevgxui.dll
C:\WINDOWS.2\system32\vrkxcssb.dll
C:\WINDOWS.2\system32\vuuphdpv.dll
C:\WINDOWS.2\system32\vwddwsrh.dll
C:\WINDOWS.2\system32\wagvbydd.dll
C:\WINDOWS.2\system32\wedgrxjr.dll
C:\WINDOWS.2\system32\yhgcvmrh.dll
C:\WINDOWS.2\system32\yqgsuqui.dll
.
---- Previous Run -------
.
C:\Documents and Settings\Propriétaire\Application Data\macromedia\Flash Player\#SharedObjects\QASFKFJD\iforex.com
C:\Documents and Settings\Propriétaire\Application Data\macromedia\Flash Player\#SharedObjects\QASFKFJD\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Propriétaire\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Propriétaire\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Program Files\purityscan
C:\WINDOWS.2\BMcb8d9233.xml
C:\WINDOWS.2\cookies.ini
C:\WINDOWS.2\Downloaded Program Files\setup.inf
C:\WINDOWS.2\pskt.ini
C:\WINDOWS.2\system32\acwtanlc.dll
C:\WINDOWS.2\system32\aupcrirj.dll
C:\WINDOWS.2\system32\axyuhpna.dll
C:\WINDOWS.2\system32\aydrbfrr.ini
C:\WINDOWS.2\system32\bblnwbjy.dll
C:\WINDOWS.2\system32\Bdcdefii.ini
C:\WINDOWS.2\system32\Bdcdefii.ini2
C:\WINDOWS.2\system32\bilujhxx.dll
C:\WINDOWS.2\system32\bqlndeka.ini
C:\WINDOWS.2\system32\bxxnvvof.dll
C:\WINDOWS.2\system32\byspkkub.ini
C:\WINDOWS.2\system32\cpccdydj.dll
C:\WINDOWS.2\system32\cqvdyiuw.dll
C:\WINDOWS.2\system32\cugqcqkq.dll
C:\WINDOWS.2\system32\DeeggMoq.ini
C:\WINDOWS.2\system32\DeeggMoq.ini2
C:\WINDOWS.2\system32\dhpalifi.dll
C:\WINDOWS.2\system32\dlqgpwwi.dll
C:\WINDOWS.2\system32\dqhbjule.ini
C:\WINDOWS.2\system32\drivers\downld
C:\WINDOWS.2\system32\eaqaawby.dll
C:\WINDOWS.2\system32\edrvowjq.ini
C:\WINDOWS.2\system32\efrrjcmf.ini
C:\WINDOWS.2\system32\efyqxubp.ini
C:\WINDOWS.2\system32\ehtfuvgi.dll
C:\WINDOWS.2\system32\eogqswkj.dll
C:\WINDOWS.2\system32\fbcvwrbw.ini
C:\WINDOWS.2\system32\fmcjrrfe.dll
C:\WINDOWS.2\system32\fttqukfo.dll
C:\WINDOWS.2\system32\fwcantov.dll
C:\WINDOWS.2\system32\gcpxdxfe.dll
C:\WINDOWS.2\system32\gjQqWvut.ini
C:\WINDOWS.2\system32\gjQqWvut.ini2
C:\WINDOWS.2\system32\glabcepe.dll
C:\WINDOWS.2\system32\gtnnakmj.dll
C:\WINDOWS.2\system32\havnbjay.dll
C:\WINDOWS.2\system32\henottfm.dll
C:\WINDOWS.2\system32\hjfhwktx.dll
C:\WINDOWS.2\system32\hjtqobha.ini
C:\WINDOWS.2\system32\igvufthe.ini
C:\WINDOWS.2\system32\iRAayccf.ini
C:\WINDOWS.2\system32\iRAayccf.ini2
C:\WINDOWS.2\system32\irvfpsmn.dll
C:\WINDOWS.2\system32\ismkvvhv.dll
C:\WINDOWS.2\system32\jbiqioml.dll
C:\WINDOWS.2\system32\jchdflrf.dll
C:\WINDOWS.2\system32\JTDgfMoq.ini
C:\WINDOWS.2\system32\JTDgfMoq.ini2
C:\WINDOWS.2\system32\jvlctpot.dll
C:\WINDOWS.2\system32\keigxtof.ini
C:\WINDOWS.2\system32\kfnawone.dll
C:\WINDOWS.2\system32\KRqtCJjl.ini
C:\WINDOWS.2\system32\KRqtCJjl.ini2
C:\WINDOWS.2\system32\kuyttbcw.dll
C:\WINDOWS.2\system32\lchsedqk.dll
C:\WINDOWS.2\system32\lrkoxdtp.dll
C:\WINDOWS.2\system32\lsesfndq.dll
C:\WINDOWS.2\system32\mcrh.tmp
C:\WINDOWS.2\system32\mfttoneh.ini
C:\WINDOWS.2\system32\mkvbsonk.dll
C:\WINDOWS.2\system32\mwayhetk.dll
C:\WINDOWS.2\system32\mydlggpb.dll
C:\WINDOWS.2\system32\nemyjcad.dll
C:\WINDOWS.2\system32\nhixetbv.ini
C:\WINDOWS.2\system32\nmhirimr.ini
C:\WINDOWS.2\system32\nokjjweb.dll
C:\WINDOWS.2\system32\NopqBJjl.ini
C:\WINDOWS.2\system32\NopqBJjl.ini2
C:\WINDOWS.2\system32\nrkoxtns.dll
C:\WINDOWS.2\system32\nTtuvyxx.ini
C:\WINDOWS.2\system32\nTtuvyxx.ini2
C:\WINDOWS.2\system32\nvbweeip.dll
C:\WINDOWS.2\system32\nvvfptlt.ini
C:\WINDOWS.2\system32\nwmblouh.ini
C:\WINDOWS.2\system32\ofkuqttf.ini
C:\WINDOWS.2\system32\pbuxqyfe.dll
C:\WINDOWS.2\system32\pgjvougy.dll
C:\WINDOWS.2\system32\pjnaggut.ini
C:\WINDOWS.2\system32\PpqsDfhk.ini2
C:\WINDOWS.2\system32\pqtDgfii.ini
C:\WINDOWS.2\system32\pqtDgfii.ini2
C:\WINDOWS.2\system32\psmvrnmd.dll
C:\WINDOWS.2\system32\pwebjyds.dll
C:\WINDOWS.2\system32\qjwovrde.dll
C:\WINDOWS.2\system32\qugmikep.dll
C:\WINDOWS.2\system32\qWGMnnnn.ini
C:\WINDOWS.2\system32\qWGMnnnn.ini2
C:\WINDOWS.2\system32\reaygqyu.ini
C:\WINDOWS.2\system32\regptagf.ini
C:\WINDOWS.2\system32\rmirihmn.dll
C:\WINDOWS.2\system32\romwnjvy.ini
C:\WINDOWS.2\system32\rrbcofwi.dll
C:\WINDOWS.2\system32\rufovuna.dll
C:\WINDOWS.2\system32\RYcJkUvw.ini
C:\WINDOWS.2\system32\RYcJkUvw.ini2
C:\WINDOWS.2\system32\sjrvaxew.dll
C:\WINDOWS.2\system32\srCLRqss.ini
C:\WINDOWS.2\system32\srCLRqss.ini2
C:\WINDOWS.2\system32\srfyhogt.dll
C:\WINDOWS.2\system32\srmcrmuj.dll
C:\WINDOWS.2\system32\suFLRqss.ini
C:\WINDOWS.2\system32\suFLRqss.ini2
C:\WINDOWS.2\system32\tfaoxutn.ini
C:\WINDOWS.2\system32\tgohyfrs.ini
C:\WINDOWS.2\system32\tnfgfcwn.ini
C:\WINDOWS.2\system32\ttocmfoa.dll
C:\WINDOWS.2\system32\tugganjp.dll
C:\WINDOWS.2\system32\twxEgfii.ini2
C:\WINDOWS.2\system32\uashqusk.dll
C:\WINDOWS.2\system32\uavxrgxr.dll
C:\WINDOWS.2\system32\UCdfPqss.ini2
C:\WINDOWS.2\system32\uyqgyaer.dll
C:\WINDOWS.2\system32\vbwjysug.ini
C:\WINDOWS.2\system32\vCKTAcfe.ini2
C:\WINDOWS.2\system32\vfthuony.dll
C:\WINDOWS.2\system32\viwkknyn.ini
C:\WINDOWS.2\system32\vjnamsae.dll
C:\WINDOWS.2\system32\WaGhQXbc.ini
C:\WINDOWS.2\system32\WaGhQXbc.ini2
C:\WINDOWS.2\system32\wcbttyuk.ini
C:\WINDOWS.2\system32\wpkchecq.dll
C:\WINDOWS.2\system32\wwskoadq.dll
C:\WINDOWS.2\system32\xayacccf.ini2
C:\WINDOWS.2\system32\xHOWayay.ini
C:\WINDOWS.2\system32\xHOWayay.ini2
C:\WINDOWS.2\system32\xhwweptj.dll
C:\WINDOWS.2\system32\xidmhjqb.dll
C:\WINDOWS.2\system32\xmkxhcbr.ini
C:\WINDOWS.2\system32\xoeylxxp.ini
C:\WINDOWS.2\system32\xrwvqmha.dll
C:\WINDOWS.2\system32\ybbefMoq.ini
C:\WINDOWS.2\system32\ybbefMoq.ini2
C:\WINDOWS.2\system32\yrfypbtn.dll
C:\WINDOWS.2\system32\yulaiubl.dll
C:\WINDOWS.2\system32\yvjnwmor.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NwSapAgent
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-20 to 2008-04-20 ))))))))))))))))))))))))))))))))))))
.
2008-04-20 15:06 . 2008-04-20 15:06 <REP> d-------- C:\Documents and Settings\florent\Application Data\Malwarebytes
2008-04-19 16:55 . 2008-04-19 20:19 1,540,969 ---hs---- C:\WINDOWS.2\system32\dsomdcqe.ini
2008-04-19 13:40 . 2008-04-19 16:55 1,540,737 ---hs---- C:\WINDOWS.2\system32\bddlxtbx.ini
2008-04-18 16:32 . 2008-04-18 16:34 <REP> d-------- C:\Program Files\Panda Security
2008-04-17 18:41 . 2008-04-18 19:38 1,542,465 ---hs---- C:\WINDOWS.2\system32\tcuwfukm.ini
2008-04-17 13:10 . 2008-04-17 16:18 1,528,970 ---hs---- C:\WINDOWS.2\system32\vsearrdr.ini
2008-04-17 03:21 . 2008-04-17 13:09 1,524,476 ---hs---- C:\WINDOWS.2\system32\siyqchrs.ini
2008-04-17 03:12 . 2008-04-17 03:12 1,524,184 ---hs---- C:\WINDOWS.2\system32\bjukkjrt.ini
2008-04-17 00:24 . 2008-04-17 00:24 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Martau
2008-04-17 00:23 . 2008-04-17 00:23 <REP> d-------- C:\Program Files\Total Uninstall 4
2008-04-16 21:30 . 2008-04-16 21:30 <REP> d-------- C:\Program Files\AxBx
2008-04-16 21:07 . 2008-04-17 01:24 1,524,708 ---hs---- C:\WINDOWS.2\system32\aducujlo.ini
2008-04-16 14:01 . 2008-04-16 16:49 1,557,971 ---hs---- C:\WINDOWS.2\system32\bpgctnuw.ini
2008-04-16 00:55 . 2008-04-17 03:14 56 --a------ C:\WINDOWS.2\yesmessenger.ini
2008-04-16 00:54 . 2007-11-26 13:46 316 --a------ C:\WINDOWS.2\yes_messenger.ini
2008-04-16 00:53 . 2008-04-16 00:54 <REP> d-------- C:\Program Files\YesMessenger
2008-04-16 00:29 . 2008-04-16 00:55 1,603,177 ---hs---- C:\WINDOWS.2\system32\tvhngnev.ini
2008-04-15 19:56 . 2008-04-16 00:16 1,600,661 ---hs---- C:\WINDOWS.2\system32\bhggalxp.ini
2008-04-15 18:31 . 2008-04-15 19:53 1,600,429 ---hs---- C:\WINDOWS.2\system32\rpqxvjmq.ini
2008-04-13 23:03 . 2008-04-13 23:03 315,808 --a------ C:\WINDOWS.2\system32\tuvWqQjg.dll
2008-04-11 20:08 . 2008-04-11 20:21 1,374 --a------ C:\WINDOWS.2\imsins.BAK
2008-04-11 16:07 . 2008-04-20 14:39 109,107 --a------ C:\WINDOWS.2\BMcb8d9233.xml
2008-04-11 03:25 . 2008-04-11 03:26 <REP> d-------- C:\ComboFix[1]
2008-04-11 02:53 . 2008-04-11 02:53 315,600 --a------ C:\WINDOWS.2\system32\ljJBqpoN.dll
2008-04-11 01:47 . 2008-04-11 01:47 <REP> d-------- C:\_OTMoveIt
2008-04-11 01:34 . 2008-04-11 01:34 315,600 --a------ C:\WINDOWS.2\system32\yayaWOHx.dll
2008-04-10 23:56 . 2008-04-10 23:56 315,600 --a------ C:\WINDOWS.2\system32\nnnnMGWq.dll
2008-04-10 01:45 . 2008-04-10 01:45 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-10 01:45 . 2008-04-10 01:45 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Malwarebytes
2008-04-09 00:46 . 2008-04-09 00:46 <REP> d-------- C:\Program Files\Trend Micro
2008-04-08 20:14 . 2008-04-08 20:14 <REP> d-------- C:\Program Files\jv16 PowerTools 2008
2008-04-08 20:14 . 2008-04-08 20:14 23 --a------ C:\WINDOWS.2\system32\ebddbd6_z.ocx
2008-04-08 20:14 . 2008-04-08 20:14 23 --ahs---- C:\WINDOWS.2\system32\acbffdbdd_z.dll
2008-04-08 18:29 . 2008-04-16 21:26 <REP> d-------- C:\Program Files\Registry Easy
2008-04-08 17:03 . 2008-04-08 17:03 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Grisoft
2008-04-08 13:04 . 2008-04-08 13:10 594,503 --a------ C:\318304_FRA_i386_zip8avril.exe
2008-04-08 13:00 . 2008-04-01 17:48 509,832 --a------ C:\WindowsXP-KB939780-v2-x86-FRA.exe
2008-04-08 00:08 . 2008-04-08 00:08 8,161,400 --a------ C:\Windows-KB890830-V1.39.exe
2008-04-07 22:47 . 2008-04-07 22:47 <REP> d-------- C:\Program Files\Uniblue
2008-04-06 21:52 . 2008-04-06 21:52 3,097 --a------ C:\WINDOWS.2\system32\spupdsvc.inf
2008-04-06 21:49 . 2004-08-19 16:10 848,384 --------- C:\WINDOWS.2\system32\ir41_32.ax
2008-04-06 21:49 . 2004-08-19 16:09 755,200 --------- C:\WINDOWS.2\system32\ir50_32.dll
2008-04-06 21:49 . 2004-08-19 16:09 338,432 --------- C:\WINDOWS.2\system32\ir41_qcx.dll
2008-04-06 21:49 . 2004-08-19 16:09 200,192 --------- C:\WINDOWS.2\system32\ir50_qc.dll
2008-04-06 21:49 . 2004-08-19 16:10 199,680 --------- C:\WINDOWS.2\system32\iac25_32.ax
2008-04-06 21:49 . 2004-08-19 16:09 183,808 --------- C:\WINDOWS.2\system32\ir50_qcx.dll
2008-04-06 21:49 . 2004-08-19 16:09 120,320 --------- C:\WINDOWS.2\system32\ir41_qc.dll
2008-04-06 21:47 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS.2\000001_.tmp
2008-04-06 15:41 . 2008-04-06 15:41 <REP> d-------- C:\Program Files\CCleaner
2008-04-04 21:29 . 2008-04-04 21:29 12,236 --a------ C:\WINDOWS.2\system32\cbXRLeBq.dll
2008-04-04 20:43 . 2008-04-04 20:43 <REP> d-------- C:\Program Files\Unlocker
2008-04-04 19:08 . 2008-04-04 19:08 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-04 05:33 . 2008-04-04 05:33 <REP> d-------- C:\lj281
2008-04-04 00:36 . 2008-04-04 00:36 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Kaspersky Lab Setup Files
2008-04-03 21:26 . 2008-04-04 00:38 <REP> d-------- C:\Program Files\Defenza
2008-04-03 21:26 . 1996-08-20 21:37 15,840 --a------ C:\WINDOWS.2\system32\Machnm1.exe
2008-04-03 21:26 . 2005-09-25 17:37 5,632 --a------ C:\WINDOWS.2\system32\Machnm64.sys
2008-04-03 21:26 . 2008-04-03 21:26 3,120 --a------ C:\WINDOWS.2\system32\118290.54
2008-04-03 21:26 . 2008-04-03 21:26 3,120 --a------ C:\WINDOWS.2\118294.78
2008-04-03 21:26 . 2003-08-13 01:27 2,304 --a------ C:\WINDOWS.2\system32\Machnm32.sys
2008-04-03 21:18 . 2008-04-09 12:52 664 --a------ C:\WINDOWS.2\system32\d3d9caps.dat
2008-04-03 04:36 . 2008-04-03 04:36 54,156 --ah----- C:\WINDOWS.2\QTFont.qfn
2008-04-03 04:36 . 2008-04-03 04:36 1,409 --a------ C:\WINDOWS.2\QTFont.for
2008-04-03 03:23 . 2008-04-03 20:42 <REP> d-------- C:\Program Files\iGraal
2008-04-02 23:46 . 2008-04-04 18:41 <REP> d-------- C:\Program Files\RegCleaner
2008-04-02 13:59 . 2008-04-03 17:34 <REP> d-------- C:\WINDOWS.2\BDOSCAN8
2008-04-01 00:46 . 2008-04-01 00:46 <REP> d-------- C:\Documents and Settings\Propriétaire
2008-04-01 00:46 . <REP> C:\Documents and Settings\PropriÚtaire\Bureau
2008-04-01 00:46 . <REP> C:\Documents and Settings\PropriÚtaire\Bureau
2008-04-01 00:46 . 2005-08-22 14:41 316,416 --a------ C:\vx2cleaner.dlx
2008-04-01 00:46 . 2005-08-22 14:41 29,636 --a------ C:\vx2cleaner.chm
2008-04-01 00:42 . 2008-04-01 00:42 <REP> d-------- C:\Program Files\Lavasoft
2008-03-28 23:02 . 2001-08-02 18:36 151,552 -ra------ C:\WINDOWS.2\system32\ptsetup.dll
2008-03-28 23:02 . 2001-08-02 18:36 122,880 -ra------ C:\WINDOWS.2\system32\ptuninst.exe
2008-03-28 22:59 . 2001-08-17 16:31 117,503 --a------ C:\WINDOWS.2\system32\drivers\ptserial.sys
2008-03-28 22:38 . 2008-03-28 22:38 <REP> d-------- C:\Program Files\VIA
2008-03-28 22:38 . 2005-04-13 16:54 331,184 --------- C:\WINDOWS.2\system32\difxapi.dll
2008-03-28 22:36 . 2008-03-28 22:36 524,288 --a------ C:\via_pata_sata_+ide_v160a(20061101140444).zip
2008-03-28 22:11 . 2006-10-17 21:22 9,216 --a------ C:\WINDOWS.2\system32\drivers\videX32.sys
2008-03-28 21:17 . 2006-05-03 12:57 520,192 --------- C:\WINDOWS.2\system32\ati2sgag.exe
2008-03-28 21:13 . 2008-03-28 21:13 <REP> d-------- C:\ATI
2008-03-28 21:03 . 2008-03-28 21:03 199,066 --a------ C:\6A6LMM45.ZIP
2008-03-26 18:26 . 2008-03-26 18:27 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS.2\Application Data\MGS
2008-03-26 18:24 . 2008-03-26 18:24 <REP> d-------- C:\WINDOWS.2\system32\FlashAX
2008-03-25 02:40 . 2008-03-25 03:30 <REP> d-------- C:\Program Files\Call of Duty Single Player Demo
2008-03-24 15:58 . 2005-05-26 16:34 2,297,552 --a------ C:\WINDOWS.2\system32\d3dx9_26.dll
2008-03-24 15:56 . 2008-03-24 15:56 <REP> d-------- C:\Program Files\JoWooD
2008-03-24 03:20 . 2008-03-24 03:23 <REP> d-------- C:\Program Files\AMD
2008-03-24 03:19 . 2006-06-07 15:15 29,696 --a------ C:\WINDOWS.2\system32\drivers\AmdTools.sys
2008-03-24 03:14 . 2008-04-06 15:48 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-24 03:11 . 2008-03-24 03:11 <REP> d-------- C:\Program Files\AMDAGP
2008-03-24 02:59 . 2008-03-24 02:59 <REP> d-------- C:\Program Files\DIFX
2008-03-24 02:40 . 2008-03-24 02:40 23,600 --a------ C:\WINDOWS.2\system32\drivers\TVICHW32.SYS
2008-03-23 19:02 . 2008-04-20 21:52 13 --a------ C:\WINDOWS.2\system32\ANIWZCSUSERNAME{8D3DF001-96B2-4957-BF8A-EE4A008AA0B6}
2008-03-23 02:54 . 2008-03-23 02:54 <REP> d-------- C:\Program Files\Barb Sect Mapi
2008-03-23 01:15 . 2008-03-23 01:15 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Downloaded Installations
2008-03-23 01:14 . 2006-10-04 16:06 1,197,294 -----c--- C:\WINDOWS.2\system32\dllcache\sysmain.sdb
2008-03-23 01:14 . 2006-10-04 16:06 764,868 -----c--- C:\WINDOWS.2\system32\dllcache\apph_sp.sdb
2008-03-23 01:14 . 2006-10-04 16:06 217,118 -----c--- C:\WINDOWS.2\system32\dllcache\apphelp.sdb
2008-03-23 01:12 . 2008-03-23 01:12 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-03-23 01:09 . 2008-03-23 01:09 <REP> d-------- C:\WINDOWS.2\system32\LogFiles
2008-03-23 01:09 . 2008-03-23 01:11 <REP> d-------- C:\WINDOWS.2\system32\drivers\UMDF
2008-03-23 00:58 . 2008-03-23 11:43 <REP> d-------- C:\Documents and Settings\florent\Contacts
2008-03-23 00:21 . 2008-03-23 00:21 <REP> d-------- C:\Documents and Settings\florent\Application Data\Barb Sect Mapi
2008-03-23 00:21 . 2008-03-23 02:54 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Mapi Meta Book Bits
2008-03-22 21:39 . 2008-03-22 21:39 1,180,160 --a------ C:\WINDOWS.2\system32\crashlog.tar
2008-03-22 19:47 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS.2\system32\mucltui.dll
2008-03-22 19:47 . 2007-07-30 20:19 207,736 --a------ C:\WINDOWS.2\system32\muweb.dll
2008-03-22 19:47 . 2007-07-30 20:18 30,072 --a------ C:\WINDOWS.2\system32\mucltui.dll.mui
2008-03-22 19:38 . 2008-03-22 19:38 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-22 19:36 . 2008-03-22 19:40 <REP> d-------- C:\Program Files\Windows Live
2008-03-22 19:35 . 2008-03-22 19:35 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS.2\Application Data\WLInstaller
2008-03-22 19:07 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS.2\system32\dllcache\ieframe.dll
2008-03-22 19:07 . 2007-07-01 05:31 2,455,488 -----c--- C:\WINDOWS.2\system32\dllcache\ieapfltr.dat
2008-03-22 19:07 . 2007-07-01 05:36 1,048,576 -----c--- C:\WINDOWS.2\system32\dllcache\ieframe.dll.mui
2008-03-22 19:07 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS.2\system32\dllcache\msfeeds.dll
2008-03-22 19:07 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS.2\system32\dllcache\ieapfltr.dll
2008-03-22 19:07 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS.2\system32\dllcache\iertutil.dll
2008-03-22 19:07 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS.2\system32\dllcache\icardie.dll
2008-03-22 19:07 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS.2\system32\dllcache\msfeedsbs.dll
2008-03-22 19:07 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS.2\system32\dllcache\ieudinit.exe
2008-03-22 19:05 . 2008-03-22 19:11 <REP> d-------- C:\WINDOWS.2\system32\fr-fr
2008-03-22 18:33 . 2008-03-22 18:33 <REP> d-------- C:\Program Files\MSXML 4.0
2008-03-22 18:11 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS.2\system32\dllcache\rpcrt4.dll
2008-03-22 17:55 . 2007-07-30 20:19 38,232 --a------ C:\WINDOWS.2\system32\wucltui.dll.mui
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-20 17:54 --------- d-----w C:\Program Files\eMule
2008-04-18 10:32 428 ----a-w C:\WINDOWS.2\system32\drivers\fwdrv.err
2008-04-16 22:29 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-04-16 22:29 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Symantec
2008-04-13 16:20 --------- d-----w C:\Program Files\OpenOffice.org1.1.3
2008-04-09 23:44 --------- d-----w C:\Program Files\Common Files
2008-04-04 19:05 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Spybot - Search & Destroy
2008-04-03 22:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-03 21:45 --------- d-----w C:\Program Files\InterActual
2008-04-03 19:25 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-04-01 00:30 262,144 ----a-w C:\ntuser.dat
2008-03-28 21:54 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-23 12:16 --------- d-----w C:\Program Files\Norton AntiVirus
2008-03-23 11:29 --------- d-----w C:\Program Files\eFax Messenger Plus 3.2
2008-03-23 10:30 --------- d-----w C:\Program Files\ClockSync
2008-03-23 10:10 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Morefirstproxyloud
2008-03-22 23:22 --------- d-----w C:\Program Files\Yahoo!
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS.2\system32\win32k.sys
2008-03-03 20:46 --------- d-----w C:\Program Files\Fichiers communs\FotoWire
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS.2\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS.2\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS.2\system32\dnsrslvr.dll
.
((((((((((((((((((((((((((((( snapshot_2008-04-14_18.28.14.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-14 16:09:56 2,048 --s-a-w C:\WINDOWS.2\bootstat.dat
+ 2008-04-20 19:47:19 2,048 --s-a-w C:\WINDOWS.2\bootstat.dat
+ 2008-03-25 16:13:04 124,208 ----a-w C:\WINDOWS.2\Downloaded Program Files\as2stubie.dll
+ 2007-07-18 11:49:56 12,592 ----a-w C:\WINDOWS.2\Downloaded Program Files\libcomm.dll
+ 2008-04-20 19:47:35 16,384 ----atw C:\WINDOWS.2\Temp\Perflib_Perfdata_648.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B23457DA-58C8-415E-855E-3F7B56C0540E}]
C:\WINDOWS.2\system32\qoMghhhH.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS.2\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [ ]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-25 01:20 401491]
"EPSON Stylus C40 Series"="C:\WINDOWS.2\System32\spool\DRIVERS\W32X86\3\E_A10IC2.exe" [2001-10-04 03:01 69632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-08-03 00:34 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 03:36 36975]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]
"PCTVOICE"="pctspk.exe" [2001-08-02 18:37 155648 C:\WINDOWS.2\system32\pctspk.exe]
"NeroFilterCheck"="C:\WINDOWS.2\system32\NeroCheck.exe" [2001-08-06 20:03 155648]
"NeroCheck"="C:\WINDOWS.2\System32\NeroCheck.exe" [2001-08-06 20:03 155648]
"HydarVisionDesktopManager"="" []
"ezShieldProtector for Px"="C:\WINDOWS.2\system32\ezSP_Px.exe" [2002-08-20 10:29 40960]
"D-Link Wireless G WUA-1340"="C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe" [2007-08-27 17:25 1662976]
"D-Link D-Link Wireless G DWA-110"="C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe" [2007-05-04 11:26 1662976]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2003-11-10 15:30 70816]
"AtiPTA"="atiptaxx.exe" [2001-09-14 19:15 245760 C:\WINDOWS.2\system32\atiptaxx.exe]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 12:49 49152]
"Motive SmartBridge"="C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe" [2005-02-24 15:01 397312]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-01-04 23:53 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 17:24 278528]
"RegistryMechanic"="" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS.2\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
"Zone Alarm"="vsmon.exe" []
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.2^Menu Démarrer^Programmes^Démarrage^Activer l'ensemble clavier et souris sans fil Labtec.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.2\Menu Démarrer\Programmes\Démarrage\Activer l'ensemble clavier et souris sans fil Labtec.lnk
backup=C:\WINDOWS.2\pss\Activer l'ensemble clavier et souris sans fil Labtec.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.2^Menu Démarrer^Programmes^Démarrage^eFax Menu Temps Réel 3.2.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.2\Menu Démarrer\Programmes\Démarrage\eFax Menu Temps Réel 3.2.lnk
backup=C:\WINDOWS.2\pss\eFax Menu Temps Réel 3.2.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.2^Menu Démarrer^Programmes^Démarrage^eFax Tray Menu 3.2.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.2\Menu Démarrer\Programmes\Démarrage\eFax Tray Menu 3.2.lnk
backup=C:\WINDOWS.2\pss\eFax Tray Menu 3.2.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.2^Menu Démarrer^Programmes^Démarrage^EPSON Status Monitor 3 Environment Check 2.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.2\Menu Démarrer\Programmes\Démarrage\EPSON Status Monitor 3 Environment Check 2.lnk
backup=C:\WINDOWS.2\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.2^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.2\Menu Démarrer\Programmes\Démarrage\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS.2\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.2^Menu Démarrer^Programmes^Démarrage^Mon Assistant Internet.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.2\Menu Démarrer\Programmes\Démarrage\Mon Assistant Internet.lnk
backup=C:\WINDOWS.2\pss\Mon Assistant Internet.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^dBpowerAMP.lnk]
path=C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\dBpowerAMP.lnk
backup=C:\WINDOWS.2\pss\dBpowerAMP.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 1.1.3.lnk]
path=C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 1.1.3.lnk
backup=C:\WINDOWS.2\pss\OpenOffice.org 1.1.3.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^YesMessenger.lnk]
path=C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\YesMessenger.lnk
backup=C:\WINDOWS.2\pss\YesMessenger.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\Program Files]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\Program Files\Communaute]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\Program Files\Communaute\Affection]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\Program Files\Communaute\Affection\allo.exe]
--a------ 2005-03-28 09:25 2373120 C:\Program Files\Communaute\Affection\allo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\Program Files\Gnetwork]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\Program Files\Gnetwork\P2P]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\Program Files\Gnetwork\P2P\wincg.exe]
--a------ 2005-03-28 09:26 2267648 C:\Program Files\Gnetwork\P2P\wincg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryBooster 2 d’Uniblue ]
--a------ 2007-11-21 17:07 1902592 C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryEasy.exe]
--a------ 2008-02-21 15:18 4057088 C:\Program Files\Registry Easy\RegistryEasy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2005-12-09 08:30 35328 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17564:TCP"= 17564:TCP:NortonAV
"12355:TCP"= 12355:TCP:NortonAV
"14038:TCP"= 14038:TCP:NortonAV
"17709:TCP"= 17709:TCP:NortonAV
"14384:TCP"= 14384:TCP:NortonAV
"14831:TCP"= 14831:TCP:NortonAV
R0 videX32;videX32;C:\WINDOWS.2\system32\DRIVERS\videX32.sys [2006-10-17 21:22]
R1 aswSP;avast! Self Protection;C:\WINDOWS.2\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 fwdrv;Firewall Driver;C:\WINDOWS.2\system32\drivers\fwdrv.sys [2004-09-01 14:08]
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS.2\system32\drivers\kbfilter.sys [2003-03-27 13:55]
R1 moufiltr;Mouse Filter Driver;C:\WINDOWS.2\system32\drivers\moufiltr.sys [2003-01-23 14:29]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS.2\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 CINEMSUP;Software Cinemaster NT4.0 Driver;C:\WINDOWS.2\system32\DRIVERS\CINEMSUP.SYS [1999-09-20 11:05]
R3 amdtools;AMD Special Tools Driver;C:\WINDOWS.2\system32\DRIVERS\amdtools.sys [2006-06-07 15:15]
S2 Ndiskio;Ndiskio;C:\NORMAN\Nvc\NSE\NDISKIO.SYS []
S2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS.2\system32\pctspk.exe [2001-08-02 18:37]
S3 ATICDSDr;ATICDSDr;C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\ATICDSDr.sys []
S3 nvcfsr;nvcfsr;C:\NORMAN\Nvc\BIN\nvcfsr.sys []
S3 nvcoafl51;nvcoafl51;C:\NORMAN\Nvc\BIN\nvcoafl51.sys []
S3 nvcoaft51;nvcoaft51;C:\NORMAN\Nvc\BIN\nvcoaft51.sys []
S3 nvcoarc51;nvcoarc51;C:\NORMAN\Nvc\BIN\nvcoarc51.sys []
S3 nvcoas;Norman Virus Control on-access component;C:\NORMAN\Nvc\BIN\nvcoas.exe []
S3 NVCScheduler;Norman Virus Control Scheduler;C:\NORMAN\Nvc\BIN\NVCSCHED.EXE []
S3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS.2\system32\DRIVERS\ptserlp.sys [2001-08-17 22:28]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-20 20:00:00 C:\WINDOWS.2\Tasks\ABC00328918BBFC0.job"
- c:\docume~1\florent\applic~1\barbse~1\site wipe coal.exe
"2008-04-18 14:00:13 C:\WINDOWS.2\Tasks\{7D2635DE-C3C6-4B06-AD2C-509DA8E37C90}_TRISTANI-GRJVPJ_Propriétaire.job"
Re,
Copie le texte se situant dans le cadre ci-dessous :
Driver:: File:: Folder:: Registry:: |
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt.
S'il n'y a pas de rédémarrage, poste quand même le rapport.
Message édité par XmichouX le 21-04-2008 à 00:08:55
Répondre à XmichouX
re,
j'essaye de copier le fichier et combofix ne veut pas le prendre, je fais
exactement ce que tu m'as dis mais ça marche pas.
Re,
- Aller dans poste de travail/outils/option des dossiers/affichage/décocher masquer les extensions dont le type est connu./Appliquer - - > OK
Maintenant vérifie bien que le fichier s'appelle bien CFScript.txt.txt et non pas CFSCript.txt.txt.
Les deux fichiers ( Combofix et Le CFScript ) doivent être placés au même endroit (ici sur le bureau, si ça ne marche toujours pas, copie-les à la racine de ta partition et recommence.
Répondre à XmichouX
bonjour,
ce matin je l'ai fais et apparement ça a fonctionné mais aprés il me dis compte rendu en cours de preparation et rien n'arrive à part des messages d'alertes en anglais comme quoi un programme risque de vous faire du mal avec symantec en meme temps un truc comme ça et je trouve pas de rapport..
Re,
Assure-toi bien que tes protections soient désactivées, refais-le.
Répondre à XmichouX
bonjour,
je l'ai refais et apparement ça a marché cela m'a meme affiché un rapport que je n'ai pas su copier ,en attendant merci beaucoup le pc marche bcp mieux,
par contre souvent quand mon fils joue à un jeu sur internet et meme quand on navigue ,la fléche de la souris s'immobilise et le pc est completement bloqué pourquoi ? et on a un ecran bleu.....avec message d'erreur...
Re,
Poste moi le rapport : C:\Combofix.txt
Répondre à XmichouX
re,merci
je crois que c'est çà :
ComboFix 08-04-20.2 - Propriétaire 2008-04-21 15:18:22.6 - NTFSx86
Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Propriétaire\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
FILE ::
C:\318304_FRA_i386_zip8avril.exe
C:\Windows-KB890830-V1.39.exe
C:\WINDOWS.2\000001_.tmp
C:\WINDOWS.2\BMcb8d9233.xml
C:\WINDOWS.2\system32\acbffdbdd_z.dll
C:\WINDOWS.2\system32\aducujlo.ini
C:\WINDOWS.2\system32\bddlxtbx.ini
C:\WINDOWS.2\system32\bjukkjrt.ini
C:\WINDOWS.2\system32\bpgctnuw.ini
C:\WINDOWS.2\system32\cbXRLeBq.dll
C:\WINDOWS.2\system32\d3d9caps.dat
C:\WINDOWS.2\system32\dsomdcqe.ini
C:\WINDOWS.2\system32\ebddbd6_z.ocx
C:\WINDOWS.2\system32\ljJBqpoN.dll
C:\WINDOWS.2\system32\nnnnMGWq.dll
C:\WINDOWS.2\system32\qoMghhhH.dll
C:\WINDOWS.2\system32\siyqchrs.ini
C:\WINDOWS.2\system32\tcuwfukm.ini
C:\WINDOWS.2\system32\vsearrdr.ini
C:\WINDOWS.2\system32\yayaWOHx.dll
C:\WINDOWS.2\Tasks\ABC00328918BBFC0.job
C:\WindowsXP-KB939780-v2-x86-FRA.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS.2\system32\ANIWZCSUSERNAME{8D3DF001-96B2-4957-BF8A-EE4A008AA0B6}\
.
---- Previous Run -------
.
C:\318304_FRA_i386_zip8avril.exe
C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Mapi Meta Book Bits
C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Mapi Meta Book Bits\Free Mapi.exe
C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Mapi Meta Book Bits\iso platform.exe
C:\Documents and Settings\florent\Application Data\Barb Sect Mapi
C:\Documents and Settings\florent\Application Data\Barb Sect Mapi\0
C:\Documents and Settings\florent\Application Data\Barb Sect Mapi\DogModePokePlay.exe
C:\Documents and Settings\florent\Application Data\Barb Sect Mapi\safe date bows.exe
C:\Documents and Settings\florent\Application Data\Barb Sect Mapi\site wipe coal.exe
C:\Documents and Settings\florent\Application Data\Barb Sect Mapi\yrheunlm.exe
C:\Documents and Settings\florent\ravmonlog
C:\Documents and Settings\Propriétaire\Application Data\macromedia\Flash Player\#SharedObjects\QASFKFJD\iforex.com
C:\Documents and Settings\Propriétaire\Application Data\macromedia\Flash Player\#SharedObjects\QASFKFJD\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Propriétaire\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Propriétaire\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\Propriétaire\ravmonlog
C:\lj281
C:\lj281\HP1100_5.exe
C:\lj281\HP2010p5.cat
C:\lj281\HP2010p5.inf
C:\lj281\HPBAFD16.DLL
C:\lj281\HPBF2010.DRV
C:\lj281\HPBF2010.HLP
C:\lj281\HPBF2010.PMD
C:\lj281\HPBF2011.DLL
C:\lj281\HPBFAB.DDU
C:\lj281\HPBFAB16.DLL
C:\lj281\HPBFAB32.DLL
C:\lj281\HPBFTM16.DLL
C:\lj281\HPBFTM32.DLL
C:\lj281\hpdcmon.dll
C:\lj281\HPLicFR.txt
C:\lj281\UPWININI.DLL
C:\Program Files\Barb Sect Mapi
C:\Program Files\Defenza
C:\Program Files\Defenza\AlarmString.ini
C:\Program Files\Defenza\Anti-Spyware.ben
C:\Program Files\Defenza\AntiSpywarePopMenu.dll
C:\Program Files\Defenza\ASSelectFolder.exe
C:\Program Files\Defenza\ASSelectFolder.HLP
C:\Program Files\Defenza\ExpShell.dll
C:\Program Files\Defenza\InMisc.dll
C:\Program Files\Defenza\MFC71.dll
C:\Program Files\Defenza\pages\foot.htm
C:\Program Files\Defenza\pages\fullscan.htm
C:\Program Files\Defenza\pages\headpage.htm
C:\Program Files\Defenza\pages\homepage2.htm
C:\Program Files\Defenza\pages\Icon.ico
C:\Program Files\Defenza\pages\images\activate1.bmp
C:\Program Files\Defenza\pages\images\activate2.bmp
C:\Program Files\Defenza\pages\images\addlist.bmp
C:\Program Files\Defenza\pages\images\addlist_green.bmp
C:\Program Files\Defenza\pages\images\ap_off.jpg
C:\Program Files\Defenza\pages\images\ap_on.jpg
C:\Program Files\Defenza\pages\images\ap_on_red.jpg
C:\Program Files\Defenza\pages\images\bmpSettingPageBK.bmp
C:\Program Files\Defenza\pages\images\bmpThreadInfoWndBK.bmp
C:\Program Files\Defenza\pages\images\btSelectFile.bmp
C:\Program Files\Defenza\pages\images\btSelectFileOver.bmp
C:\Program Files\Defenza\pages\images\cleanup.bmp
C:\Program Files\Defenza\pages\images\cleanup.jpg
C:\Program Files\Defenza\pages\images\cleanup2.bmp
C:\Program Files\Defenza\pages\images\cleanup2.jpg
C:\Program Files\Defenza\pages\images\critical.jpg
C:\Program Files\Defenza\pages\images\Defenza-scanchoice-up.bmp
C:\Program Files\Defenza\pages\images\Foot.bmp
C:\Program Files\Defenza\pages\images\FullScanOption.bmp
C:\Program Files\Defenza\pages\images\Head.bmp
C:\Program Files\Defenza\pages\images\help.bmp
C:\Program Files\Defenza\pages\images\help.gif
C:\Program Files\Defenza\pages\images\help_green.bmp
C:\Program Files\Defenza\pages\images\logo.gif
C:\Program Files\Defenza\pages\images\m_fscan.bmp
C:\Program Files\Defenza\pages\images\m_fscan_o.bmp
C:\Program Files\Defenza\pages\images\m_main.bmp
C:\Program Files\Defenza\pages\images\m_main_o.bmp
C:\Program Files\Defenza\pages\images\m_qscan.bmp
C:\Program Files\Defenza\pages\images\m_qscan_o.bmp
C:\Program Files\Defenza\pages\images\m_quarantine.bmp
C:\Program Files\Defenza\pages\images\m_quarantine_o.bmp
C:\Program Files\Defenza\pages\images\m_result.bmp
C:\Program Files\Defenza\pages\images\m_result_o.bmp
C:\Program Files\Defenza\pages\images\m_settings.bmp
C:\Program Files\Defenza\pages\images\m_settings_o.bmp
C:\Program Files\Defenza\pages\images\m_update.bmp
C:\Program Files\Defenza\pages\images\m_update_o.bmp
C:\Program Files\Defenza\pages\images\mainBody.bmp
C:\Program Files\Defenza\pages\images\malicious.jpg
C:\Program Files\Defenza\pages\images\managelist.bmp
C:\Program Files\Defenza\pages\images\managelist_green.bmp
C:\Program Files\Defenza\pages\images\Menu.bmp
C:\Program Files\Defenza\pages\images\moderate.jpg
C:\Program Files\Defenza\pages\images\PCdefAS-txtbox1.bmp
C:\Program Files\Defenza\pages\images\plus.gif
C:\Program Files\Defenza\pages\images\ResultBody.bmp
C:\Program Files\Defenza\pages\images\ScanBody.bmp
C:\Program Files\Defenza\pages\images\scanpc.bmp
C:\Program Files\Defenza\pages\images\scanpc_green.bmp
C:\Program Files\Defenza\pages\images\scanpc_green.jpg
C:\Program Files\Defenza\pages\images\scanpc_red.bmp
C:\Program Files\Defenza\pages\images\scanpc_red.jpg
C:\Program Files\Defenza\pages\images\ScanState1.bmp
C:\Program Files\Defenza\pages\images\ScanState2.bmp
C:\Program Files\Defenza\pages\images\SettingsBackground.bmp
C:\Program Files\Defenza\pages\images\severe.jpg
C:\Program Files\Defenza\pages\images\spacer.gif
C:\Program Files\Defenza\pages\images\startscan.bmp
C:\Program Files\Defenza\pages\images\startscan_green.bmp
C:\Program Files\Defenza\pages\images\stopscan.bmp
C:\Program Files\Defenza\pages\images\stopscan.jpg
C:\Program Files\Defenza\pages\images\stopscan_green.bmp
C:\Program Files\Defenza\pages\images\stopscan_red.bmp
C:\Program Files\Defenza\pages\images\stopscan2.jpg
C:\Program Files\Defenza\pages\images\threadInfoClose.bmp
C:\Program Files\Defenza\pages\images\ThreadInfoCloseOver.bmp
C:\Program Files\Defenza\pages\images\Thumbs.db
C:\Program Files\Defenza\pages\images\Update1_blue.bmp
C:\Program Files\Defenza\pages\images\update1_green.bmp
C:\Program Files\Defenza\pages\images\Update2_blue.bmp
C:\Program Files\Defenza\pages\images\Update2_green.bmp
C:\Program Files\Defenza\pages\images\UpdateBody.bmp
C:\Program Files\Defenza\pages\images\updateinfo.jpg
C:\Program Files\Defenza\pages\images\updateinfo_up.jpg
C:\Program Files\Defenza\pages\images2\activate1.bmp
C:\Program Files\Defenza\pages\images2\activate2.bmp
C:\Program Files\Defenza\pages\images2\addlist.bmp
C:\Program Files\Defenza\pages\images2\addlist_green.bmp
C:\Program Files\Defenza\pages\images2\ap_off.jpg
C:\Program Files\Defenza\pages\images2\ap_on.jpg
C:\Program Files\Defenza\pages\images2\ap_on_red.jpg
C:\Program Files\Defenza\pages\images2\bmpSettingPageBK.bmp
C:\Program Files\Defenza\pages\images2\bmpThreadInfoWndBK.bmp
C:\Program Files\Defenza\pages\images2\btSelectFile.bmp
C:\Program Files\Defenza\pages\images2\btSelectFileOver.bmp
C:\Program Files\Defenza\pages\images2\cleanup.bmp
C:\Program Files\Defenza\pages\images2\cleanup.jpg
C:\Program Files\Defenza\pages\images2\cleanup2.bmp
C:\Program Files\Defenza\pages\images2\cleanup2.jpg
C:\Program Files\Defenza\pages\images2\critical.jpg
C:\Program Files\Defenza\pages\images2\Defenza-scanchoice-up.bmp
C:\Program Files\Defenza\pages\images2\Foot.bmp
C:\Program Files\Defenza\pages\images2\FullScanOption.bmp
C:\Program Files\Defenza\pages\images2\Head.bmp
C:\Program Files\Defenza\pages\images2\help.bmp
C:\Program Files\Defenza\pages\images2\help.gif
C:\Program Files\Defenza\pages\images2\help_green.bmp
C:\Program Files\Defenza\pages\images2\logo.gif
C:\Program Files\Defenza\pages\images2\m_fscan.bmp
C:\Program Files\Defenza\pages\images2\m_fscan_o.bmp
C:\Program Files\Defenza\pages\images2\m_main.bmp
C:\Program Files\Defenza\pages\images2\m_main_o.bmp
C:\Program Files\Defenza\pages\images2\m_qscan.bmp
C:\Program Files\Defenza\pages\images2\m_qscan_o.bmp
C:\Program Files\Defenza\pages\images2\m_quarantine.bmp
C:\Program Files\Defenza\pages\images2\m_quarantine_o.bmp
C:\Program Files\Defenza\pages\images2\m_result.bmp
C:\Program Files\Defenza\pages\images2\m_result_o.bmp
C:\Program Files\Defenza\pages\images2\m_settings.bmp
C:\Program Files\Defenza\pages\images2\m_settings_o.bmp
C:\Program Files\Defenza\pages\images2\m_update.bmp
C:\Program Files\Defenza\pages\images2\m_update_o.bmp
C:\Program Files\Defenza\pages\images2\mainBody.bmp
C:\Program Files\Defenza\pages\images2\malicious.jpg
C:\Program Files\Defenza\pages\images2\managelist.bmp
C:\Program Files\Defenza\pages\images2\managelist_green.bmp
C:\Program Files\Defenza\pages\images2\Menu.bmp
C:\Program Files\Defenza\pages\images2\moderate.jpg
C:\Program Files\Defenza\pages\images2\PCdefAS-txtbox1.bmp
C:\Program Files\Defenza\pages\images2\plus.gif
C:\Program Files\Defenza\pages\images2\ResultBody.bmp
C:\Program Files\Defenza\pages\images2\ScanBody.bmp
C:\Program Files\Defenza\pages\images2\scanpc.bmp
C:\Program Files\Defenza\pages\images2\scanpc_green.bmp
C:\Program Files\Defenza\pages\images2\scanpc_green.jpg
C:\Program Files\Defenza\pages\images2\scanpc_red.bmp
C:\Program Files\Defenza\pages\images2\scanpc_red.jpg
C:\Program Files\Defenza\pages\images2\ScanState1.bmp
C:\Program Files\Defenza\pages\images2\ScanState2.bmp
C:\Program Files\Defenza\pages\images2\SettingsBackground.bmp
C:\Program Files\Defenza\pages\images2\severe.jpg
C:\Program Files\Defenza\pages\images2\spacer.gif
C:\Program Files\Defenza\pages\images2\startscan.bmp
C:\Program Files\Defenza\pages\images2\startscan_green.bmp
C:\Program Files\Defenza\pages\images2\stopscan.bmp
C:\Program Files\Defenza\pages\images2\stopscan.jpg
C:\Program Files\Defenza\pages\images2\stopscan_green.bmp
C:\Program Files\Defenza\pages\images2\stopscan_red.bmp
C:\Program Files\Defenza\pages\images2\stopscan2.jpg
C:\Program Files\Defenza\pages\images2\threadInfoClose.bmp
C:\Program Files\Defenza\pages\images2\ThreadInfoCloseOver.bmp
C:\Program Files\Defenza\pages\images2\Thumbs.db
C:\Program Files\Defenza\pages\images2\Update1_blue.bmp
C:\Program Files\Defenza\pages\images2\update1_green.bmp
C:\Program Files\Defenza\pages\images2\Update2_blue.bmp
C:\Program Files\Defenza\pages\images2\Update2_green.bmp
C:\Program Files\Defenza\pages\images2\UpdateBody.bmp
C:\Program Files\Defenza\pages\images2\updateinfo.jpg
C:\Program Files\Defenza\pages\images2\updateinfo_up.jpg
C:\Program Files\Defenza\pages\menupage.htm
C:\Program Files\Defenza\pages\quickscan.htm
C:\Program Files\Defenza\pages\scanresult.htm
C:\Program Files\Defenza\pages\updatepage.htm
C:\Program Files\Defenza\pcd-as.chm
C:\Program Files\Defenza\pcd-as.exe
C:\Program Files\Defenza\PcdasResults1.xml
C:\Program Files\Defenza\pcdreg.dll
C:\Program Files\Defenza\pcdscanner.exe
C:\Program Files\Defenza\QuarantineFolder\0.txt
C:\Program Files\Defenza\SBCSScan.exe
C:\Program Files\Defenza\SBScan.exe
C:\Program Files\Defenza\SBTE.dll
C:\Program Files\Defenza\SBTEDef.idx
C:\Program Files\Defenza\Setting\activate.ico
C:\Program Files\Defenza\Setting\contents\btCheckall.pj1
C:\Program Files\Defenza\Setting\contents\btCheckallover.pj1
C:\Program Files\Defenza\Setting\contents\btCleanMyPC.pj1
C:\Program Files\Defenza\Setting\contents\btCleanMyPCover.pj1
C:\Program Files\Defenza\Setting\contents\btCleanNowInResultPage.pj1
C:\Program Files\Defenza\Setting\contents\btCleanNowInResultPageover.pj1
C:\Program Files\Defenza\Setting\contents\btCleanUp.pj1
C:\Program Files\Defenza\Setting\contents\btCleanUpover.pj1
C:\Program Files\Defenza\Setting\contents\btClose1.pj1
C:\Program Files\Defenza\Setting\contents\btClose1over.pj1
C:\Program Files\Defenza\Setting\contents\btQDelete.pj1
C:\Program Files\Defenza\Setting\contents\btQDeleteover.pj1
C:\Program Files\Defenza\Setting\contents\btQQuarantine.pj1
C:\Program Files\Defenza\Setting\contents\btQQuarantineover.pj1
C:\Program Files\Defenza\Setting\contents\btquarantine.pj1
C:\Program Files\Defenza\Setting\contents\btquarantineover.pj1
C:\Program Files\Defenza\Setting\contents\btscancancel.pj1
C:\Program Files\Defenza\Setting\contents\btscancancelover.pj1
C:\Program Files\Defenza\Setting\contents\btscannow.pj1
C:\Program Files\Defenza\Setting\contents\btscannowover.pj1
C:\Program Files\Defenza\Setting\contents\btscanresult.pj1
C:\Program Files\Defenza\Setting\contents\btscanresultover.pj1
C:\Program Files\Defenza\Setting\contents\btSeeDetail.pj1
C:\Program Files\Defenza\Setting\contents\btSeeDetailover.pj1
C:\Program Files\Defenza\Setting\contents\btSelectFile.pj1
C:\Program Files\Defenza\Setting\contents\btSelectFileover.pj1
C:\Program Files\Defenza\Setting\contents\btSelectScanfoldFile.pj1
C:\Program Files\Defenza\Setting\contents\btSelectScanfoldFileover.pj1
C:\Program Files\Defenza\Setting\contents\btSelModeFull.pj1
C:\Program Files\Defenza\Setting\contents\btSelModeFullover.pj1
C:\Program Files\Defenza\Setting\contents\btselmodequick.pj1
C:\Program Files\Defenza\Setting\contents\btselmodequickover.pj1
C:\Program Files\Defenza\Setting\contents\btsetting.pj1
C:\Program Files\Defenza\Setting\contents\btSettingBrowse.pj1
C:\Program Files\Defenza\Setting\contents\btSettingBrowseover.pj1
C:\Program Files\Defenza\Setting\contents\btsettingover.pj1
C:\Program Files\Defenza\Setting\contents\btUnCheckall.pj1
C:\Program Files\Defenza\Setting\contents\btUnCheckallover.pj1
C:\Program Files\Defenza\Setting\contents\btupdateDB.pj1
C:\Program Files\Defenza\Setting\contents\btupdateDBover.pj1
C:\Program Files\Defenza\Setting\contents\btupdateLicense.pj1
C:\Program Files\Defenza\Setting\contents\btupdateLicenseover.pj1
C:\Program Files\Defenza\Setting\contents\btupdates.pj1
C:\Program Files\Defenza\Setting\contents\btupdatesover.pj1
C:\Program Files\Defenza\Setting\contents\close.pj1
C:\Program Files\Defenza\Setting\contents\closeover.pj1
C:\Program Files\Defenza\Setting\contents\help.pj1
C:\Program Files\Defenza\Setting\contents\helpover.pj1
C:\Program Files\Defenza\Setting\contents\ListHead.pj1
C:\Program Files\Defenza\Setting\contents\ListHeadover.pj1
C:\Program Files\Defenza\Setting\contents\mini.pj1
C:\Program Files\Defenza\Setting\contents\miniover.pj1
C:\Program Files\Defenza\Setting\contents\ScanBT.pj1
C:\Program Files\Defenza\Setting\contents\ScanBTover.pj1
C:\Program Files\Defenza\Setting\contents\SettingCancel.pj1
C:\Program Files\Defenza\Setting\contents\SettingCancelover.pj1
C:\Program Files\Defenza\Setting\contents\Settingclose.pj1
C:\Program Files\Defenza\Setting\contents\Settingcloseover.pj1
C:\Program Files\Defenza\Setting\contents\Settinghelp.pj1
C:\Program Files\Defenza\Setting\contents\Settinghelpover.pj1
C:\Program Files\Defenza\Setting\contents\SettingOK.pj1
C:\Program Files\Defenza\Setting\contents\SettingOKover.pj1
C:\Program Files\Defenza\Setting\contents\SettingSchedule.pj1
C:\Program Files\Defenza\Setting\contents\SettingScheduleDown.pj1
C:\Program Files\Defenza\Setting\contents\SettingScheduleover.pj1
C:\Program Files\Defenza\Setting\contents\SettingSet.pj1
C:\Program Files\Defenza\Setting\contents\SettingSetDown.pj1
C:\Program Files\Defenza\Setting\contents\SettingSetover.pj1
C:\Program Files\Defenza\Setting\contents\SettingUpdate.pj1
C:\Program Files\Defenza\Setting\contents\SettingUpdateDown.pj1
C:\Program Files\Defenza\Setting\contents\SettingUpdateover.pj1
C:\Program Files\Defenza\Setting\contents\StateShowWnd1.pj1
C:\Program Files\Defenza\Setting\contents\StateShowWnd1over.pj1
C:\Program Files\Defenza\Setting\contents\StateShowWnd2.pj1
C:\Program Files\Defenza\Setting\contents\StateShowWnd2over.pj1
C:\Program Files\Defenza\Setting\contents\StateShowWnd3.pj1
C:\Program Files\Defenza\Setting\contents\StateShowWnd3over.pj1
C:\Program Files\Defenza\Setting\contents\StateShowWnd4.pj1
C:\Program Files\Defenza\Setting\contents\StateShowWnd4over.pj1
C:\Program Files\Defenza\Setting\contents\ThreadInfoClose.pj1
C:\Program Files\Defenza\Setting\contents\ThreadInfoCloseover.pj1
C:\Program Files\Defenza\Setting\icon.ico
C:\Program Files\Defenza\Setting\resource\bmpSettingPageBK.pj1
C:\Program Files\Defenza\Setting\resource\quaratinepage.pj1
C:\Program Files\Defenza\Setting\resource\scan-disable.pj1
C:\Program Files\Defenza\Setting\resource\scanchoice-up.pj1
C:\Program Files\Defenza\Setting\resource\scanpage1.pj1
C:\Program Files\Defenza\Setting\resource\scanpage2.pj1
C:\Program Files\Defenza\Setting\resource\scanresults-over.pj1
C:\Program Files\Defenza\Setting\resource\settings-down.pj1
C:\Program Files\Defenza\Setting\resource\threat-over.pj1
C:\Program Files\Defenza\Setting\resource\txtbox-bg.pj1
C:\Program Files\Defenza\Setting\resource\Updatepage.pj1
C:\Program Files\Defenza\Setting\Setting.ini
C:\Program Files\Defenza\SpywareSetting.ini
C:\Program Files\Defenza\SpywareString.ini
C:\Program Files\Defenza\SUpdate.dat
C:\Program Files\Defenza\SUpdate.exe
C:\Program Files\Defenza\uninstall.ico
C:\Program Files\Defenza\UpdateIDXDBDLL.dll
C:\Program Files\purityscan
C:\Windows-KB890830-V1.39.exe
C:\WINDOWS.2\000001_.tmp
C:\WINDOWS.2\BMcb8d9233.xml
C:\WINDOWS.2\cookies.ini
C:\WINDOWS.2\Downloaded Program Files\setup.inf
C:\WINDOWS.2\pskt.ini
C:\WINDOWS.2\system32\acbffdbdd_z.dll
C:\WINDOWS.2\system32\acwtanlc.dll
C:\WINDOWS.2\system32\aducujlo.ini
C:\WINDOWS.2\system32\ajjqcucc.dll
C:\WINDOWS.2\system32\ANIWZCSUSERNAME{8D3DF001-96B2-4957-BF8A-EE4A008AA0B6}\
C:\WINDOWS.2\system32\aqwfimkt.dll
C:\WINDOWS.2\system32\aupcrirj.dll
C:\WINDOWS.2\system32\axyuhpna.dll
C:\WINDOWS.2\system32\aydrbfrr.ini
C:\WINDOWS.2\system32\bblnwbjy.dll
C:\WINDOWS.2\system32\Bdcdefii.ini
C:\WINDOWS.2\system32\Bdcdefii.ini2
C:\WINDOWS.2\system32\bddlxtbx.ini
C:\WINDOWS.2\system32\bhpdhqpo.dll
C:\WINDOWS.2\system32\bilujhxx.dll
C:\WINDOWS.2\system32\bjukkjrt.ini
C:\WINDOWS.2\system32\bpgctnuw.ini
C:\WINDOWS.2\system32\bqlndeka.ini
C:\WINDOWS.2\system32\bxxnvvof.dll
C:\WINDOWS.2\system32\byspkkub.ini
C:\WINDOWS.2\system32\cblnekfg.dll
C:\WINDOWS.2\system32\cbXRLeBq.dll
C:\WINDOWS.2\system32\cpccdydj.dll
C:\WINDOWS.2\system32\cqkyrwyv.dll
C:\WINDOWS.2\system32\cqvdyiuw.dll
C:\WINDOWS.2\system32\csltuqqs.dll
C:\WINDOWS.2\system32\cugqcqkq.dll
C:\WINDOWS.2\system32\cyexiver.dll
C:\WINDOWS.2\system32\d3d9caps.dat
C:\WINDOWS.2\system32\DeeggMoq.ini
C:\WINDOWS.2\system32\DeeggMoq.ini2
C:\WINDOWS.2\system32\dhpalifi.dll
C:\WINDOWS.2\system32\dlopnxuc.dll
C:\WINDOWS.2\system32\dlqgpwwi.dll
C:\WINDOWS.2\system32\dqhbjule.ini
C:\WINDOWS.2\system32\drivers\downld
C:\WINDOWS.2\system32\dsomdcqe.ini
C:\WINDOWS.2\system32\eaqaawby.dll
C:\WINDOWS.2\system32\ebddbd6_z.ocx
C:\WINDOWS.2\system32\edrvowjq.ini
C:\WINDOWS.2\system32\efrrjcmf.ini
C:\WINDOWS.2\system32\efyqxubp.ini
C:\WINDOWS.2\system32\egwyrtkd.dll
C:\WINDOWS.2\system32\ehtfuvgi.dll
C:\WINDOWS.2\system32\eogqswkj.dll
C:\WINDOWS.2\system32\epgvneuj.dll
C:\WINDOWS.2\system32\exktahpu.dll
C:\WINDOWS.2\system32\fbcvwrbw.ini
C:\WINDOWS.2\system32\fgddifoa.dll
C:\WINDOWS.2\system32\fmcjrrfe.dll
C:\WINDOWS.2\system32\fttqukfo.dll
C:\WINDOWS.2\system32\fwcantov.dll
C:\WINDOWS.2\system32\gcpxdxfe.dll
C:\WINDOWS.2\system32\gikcwycd.dll
C:\WINDOWS.2\system32\gjQqWvut.ini
C:\WINDOWS.2\system32\gjQqWvut.ini2
C:\WINDOWS.2\system32\glabcepe.dll
C:\WINDOWS.2\system32\gtnnakmj.dll
C:\WINDOWS.2\system32\havnbjay.dll
C:\WINDOWS.2\system32\hbxgjnyq.dll
C:\WINDOWS.2\system32\henottfm.dll
C:\WINDOWS.2\system32\hjfhwktx.dll
C:\WINDOWS.2\system32\hjtqobha.ini
C:\WINDOWS.2\system32\iggftock.dll
C:\WINDOWS.2\system32\igvufthe.ini
C:\WINDOWS.2\system32\iRAayccf.ini
C:\WINDOWS.2\system32\iRAayccf.ini2
C:\WINDOWS.2\system32\irvfpsmn.dll
C:\WINDOWS.2\system32\ismkvvhv.dll
C:\WINDOWS.2\system32\iuhmtobf.dll
C:\WINDOWS.2\system32\iuttomvi.dll
C:\WINDOWS.2\system32\iwqqpsak.ini
C:\WINDOWS.2\system32\iwrofrwo.dll
C:\WINDOWS.2\system32\jbiqioml.dll
C:\WINDOWS.2\system32\jchdflrf.dll
C:\WINDOWS.2\system32\JTDgfMoq.ini
C:\WINDOWS.2\system32\JTDgfMoq.ini2
C:\WINDOWS.2\system32\jvlctpot.dll
C:\WINDOWS.2\system32\jxhbpiql.dll
C:\WINDOWS.2\system32\kaekvqud.dll
C:\WINDOWS.2\system32\keigxtof.ini
C:\WINDOWS.2\system32\kfnawone.dll
C:\WINDOWS.2\system32\KRqtCJjl.ini
C:\WINDOWS.2\system32\KRqtCJjl.ini2
C:\WINDOWS.2\system32\kuyttbcw.dll
C:\WINDOWS.2\system32\laxbnmvc.ini
C:\WINDOWS.2\system32\lbyiwahp.dll
C:\WINDOWS.2\system32\lchsedqk.dll
C:\WINDOWS.2\system32\liqehldo.dll
C:\WINDOWS.2\system32\ljJBqpoN.dll
C:\WINDOWS.2\system32\lrkoxdtp.dll
C:\WINDOWS.2\system32\lsesfndq.dll
C:\WINDOWS.2\system32\mcrh.tmp
C:\WINDOWS.2\system32\mcsfdnts.dll
C:\WINDOWS.2\system32\mfttoneh.ini
C:\WINDOWS.2\system32\mihkwgnl.ini
C:\WINDOWS.2\system32\mkvbsonk.dll
C:\WINDOWS.2\system32\mncaetev.dll
C:\WINDOWS.2\system32\mohmyqsl.dll
C:\WINDOWS.2\system32\msftpsjq.dll
C:\WINDOWS.2\system32\mwayhetk.dll
C:\WINDOWS.2\system32\mydlggpb.dll
C:\WINDOWS.2\system32\nemyjcad.dll
C:\WINDOWS.2\system32\nhixetbv.ini
C:\WINDOWS.2\system32\nmhirimr.ini
C:\WINDOWS.2\system32\nnnnMGWq.dll
C:\WINDOWS.2\system32\nokjjweb.dll
C:\WINDOWS.2\system32\NopqBJjl.ini
C:\WINDOWS.2\system32\NopqBJjl.ini2
C:\WINDOWS.2\system32\nrkoxtns.dll
C:\WINDOWS.2\system32\nTtuvyxx.ini
C:\WINDOWS.2\system32\nTtuvyxx.ini2
C:\WINDOWS.2\system32\nvbweeip.dll
C:\WINDOWS.2\system32\nvvfptlt.ini
C:\WINDOWS.2\system32\nwmblouh.ini
C:\WINDOWS.2\system32\odwqqhlk.dll
C:\WINDOWS.2\system32\ofkuqttf.ini
C:\WINDOWS.2\system32\ontslymr.dll
C:\WINDOWS.2\system32\pbuxqyfe.dll
C:\WINDOWS.2\system32\pgjvougy.dll
C:\WINDOWS.2\system32\phupmews.dll
C:\WINDOWS.2\system32\pjnaggut.ini
C:\WINDOWS.2\system32\PpqsDfhk.ini2
C:\WINDOWS.2\system32\pqtDgfii.ini
C:\WINDOWS.2\system32\pqtDgfii.ini2
C:\WINDOWS.2\system32\psmvrnmd.dll
C:\WINDOWS.2\system32\pwebjyds.dll
C:\WINDOWS.2\system32\qepjyosf.dll
C:\WINDOWS.2\system32\qjwovrde.dll
C:\WINDOWS.2\system32\qlbdpquc.dll
C:\WINDOWS.2\system32\qqdiarox.dll
C:\WINDOWS.2\system32\qugmikep.dll
C:\WINDOWS.2\system32\qWGMnnnn.ini
C:\WINDOWS.2\system32\qWGMnnnn.ini2
C:\WINDOWS.2\system32\reaygqyu.ini
C:\WINDOWS.2\system32\regptagf.ini
C:\WINDOWS.2\system32\rfmsmpkh.dll
C:\WINDOWS.2\system32\rmirihmn.dll
C:\WINDOWS.2\system32\romwnjvy.ini
C:\WINDOWS.2\system32\rqcebrya.dll
C:\WINDOWS.2\system32\rrbcofwi.dll
C:\WINDOWS.2\system32\rstllder.dll
C:\WINDOWS.2\system32\rufovuna.dll
C:\WINDOWS.2\system32\rvkrtusy.dll
C:\WINDOWS.2\system32\RYcJkUvw.ini
C:\WINDOWS.2\system32\RYcJkUvw.ini2
C:\WINDOWS.2\system32\rysrvunt.dll
C:\WINDOWS.2\system32\siyqchrs.ini
C:\WINDOWS.2\system32\sjrvaxew.dll
C:\WINDOWS.2\system32\srCLRqss.ini
C:\WINDOWS.2\system32\srCLRqss.ini2
C:\WINDOWS.2\system32\srfyhogt.dll
C:\WINDOWS.2\system32\srmcrmuj.dll
C:\WINDOWS.2\system32\stdkhdrh.dll
C:\WINDOWS.2\system32\suFLRqss.ini
C:\WINDOWS.2\system32\suFLRqss.ini2
C:\WINDOWS.2\system32\tcuwfukm.ini
C:\WINDOWS.2\system32\tfaoxutn.ini
C:\WINDOWS.2\system32\tgohyfrs.ini
C:\WINDOWS.2\system32\tnfgfcwn.ini
C:\WINDOWS.2\system32\trxvhkqj.dll
C:\WINDOWS.2\system32\tsbalftw.dll
C:\WINDOWS.2\system32\ttocmfoa.dll
C:\WINDOWS.2\system32\tugganjp.dll
C:\WINDOWS.2\system32\twxEgfii.ini2
C:\WINDOWS.2\system32\uashqusk.dll
C:\WINDOWS.2\system32\uavxrgxr.dll
C:\WINDOWS.2\system32\UCdfPqss.ini2
C:\WINDOWS.2\system32\usdorxhk.dll
C:\WINDOWS.2\system32\uyqgyaer.dll
C:\WINDOWS.2\system32\vbwjysug.ini
C:\WINDOWS.2\system32\vCKTAcfe.ini2
C:\WINDOWS.2\system32\veblyjku.dll
C:\WINDOWS.2\system32\vfthuony.dll
C:\WINDOWS.2\system32\vgevgxui.dll
C:\WINDOWS.2\system32\viwkknyn.ini
C:\WINDOWS.2\system32\vjnamsae.dll
C:\WINDOWS.2\system32\vrkxcssb.dll
C:\WINDOWS.2\system32\vsearrdr.ini
C:\WINDOWS.2\system32\vuuphdpv.dll
C:\WINDOWS.2\system32\vwddwsrh.dll
C:\WINDOWS.2\system32\WaGhQXbc.ini
C:\WINDOWS.2\system32\WaGhQXbc.ini2
C:\WINDOWS.2\system32\wagvbydd.dll
C:\WINDOWS.2\system32\wcbttyuk.ini
C:\WINDOWS.2\system32\wedgrxjr.dll
C:\WINDOWS.2\system32\wpkchecq.dll
C:\WINDOWS.2\system32\wwskoadq.dll
C:\WINDOWS.2\system32\xayacccf.ini2
C:\WINDOWS.2\system32\xHOWayay.ini
C:\WINDOWS.2\system32\xHOWayay.ini2
C:\WINDOWS.2\system32\xhwweptj.dll
C:\WINDOWS.2\system32\xidmhjqb.dll
C:\WINDOWS.2\system32\xmkxhcbr.ini
C:\WINDOWS.2\system32\xoeylxxp.ini
C:\WINDOWS.2\system32\xrwvqmha.dll
C:\WINDOWS.2\system32\yayaWOHx.dll
C:\WINDOWS.2\system32\ybbefMoq.ini
C:\WINDOWS.2\system32\ybbefMoq.ini2
C:\WINDOWS.2\system32\yhgcvmrh.dll
C:\WINDOWS.2\system32\yqgsuqui.dll
C:\WINDOWS.2\system32\yrfypbtn.dll
C:\WINDOWS.2\system32\yulaiubl.dll
C:\WINDOWS.2\system32\yvjnwmor.dll
C:\WINDOWS.2\Tasks\ABC00328918BBFC0.job
C:\WindowsXP-KB939780-v2-x86-FRA.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NwSapAgent
-------\Legacy_NDISKIO
-------\Legacy_NVCFSR
-------\Legacy_NVCOAFL51
-------\Legacy_NVCOAFT51
-------\Legacy_NVCOARC51
-------\Legacy_NVCOAS
-------\Legacy_NVCSCHEDULER
-------\Legacy_SETUPNTGLM7X
-------\Service_Ndiskio
-------\Service_nvcfsr
-------\Service_nvcoafl51
-------\Service_nvcoaft51
-------\Service_nvcoarc51
-------\Service_nvcoas
-------\Service_NVCScheduler
-------\Service_SetupNTGLM7X
((((((((((((((((((((((((((((( Fichiers créés 2008-03-21 to 2008-04-21 ))))))))))))))))))))))))))))))))))))
.
2008-04-20 15:06 . 2008-04-20 15:06 <REP> d-------- C:\Documents and Settings\florent\Application Data\Malwarebytes
2008-04-18 16:32 . 2008-04-18 16:34 <REP> d-------- C:\Program Files\Panda Security
2008-04-17 00:24 . 2008-04-17 00:24 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Martau
2008-04-17 00:23 . 2008-04-17 00:23 <REP> d-------- C:\Program Files\Total Uninstall 4
2008-04-16 21:30 . 2008-04-16 21:30 <REP> d-------- C:\Program Files\AxBx
2008-04-16 00:55 . 2008-04-17 03:14 56 --a------ C:\WINDOWS.2\yesmessenger.ini
2008-04-16 00:54 . 2007-11-26 13:46 316 --a------ C:\WINDOWS.2\yes_messenger.ini
2008-04-16 00:53 . 2008-04-16 00:54 <REP> d-------- C:\Program Files\YesMessenger
2008-04-16 00:29 . 2008-04-16 00:55 1,603,177 ---hs---- C:\WINDOWS.2\system32\tvhngnev.ini
2008-04-15 19:56 . 2008-04-16 00:16 1,600,661 ---hs---- C:\WINDOWS.2\system32\bhggalxp.ini
2008-04-15 18:31 . 2008-04-15 19:53 1,600,429 ---hs---- C:\WINDOWS.2\system32\rpqxvjmq.ini
2008-04-13 23:03 . 2008-04-13 23:03 315,808 --a------ C:\WINDOWS.2\system32\tuvWqQjg.dll
2008-04-11 20:08 . 2008-04-11 20:21 1,374 --a------ C:\WINDOWS.2\imsins.BAK
2008-04-11 03:25 . 2008-04-11 03:26 <REP> d-------- C:\ComboFix[1]
2008-04-11 01:47 . 2008-04-11 01:47 <REP> d-------- C:\_OTMoveIt
2008-04-10 01:45 . 2008-04-10 01:45 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-10 01:45 . 2008-04-10 01:45 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Malwarebytes
2008-04-10 01:45 . 2008-04-10 01:45 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Malwarebytes
2008-04-09 00:46 . 2008-04-09 00:46 <REP> d-------- C:\Program Files\Trend Micro
2008-04-08 20:14 . 2008-04-08 20:14 <REP> d-------- C:\Program Files\jv16 PowerTools 2008
2008-04-08 18:29 . 2008-04-16 21:26 <REP> d-------- C:\Program Files\Registry Easy
2008-04-08 17:03 . 2008-04-08 17:03 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Grisoft
2008-04-07 22:47 . 2008-04-07 22:47 <REP> d-------- C:\Program Files\Uniblue
2008-04-07 22:47 . 2008-04-07 22:47 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Uniblue
2008-04-06 21:52 . 2008-04-06 21:52 3,097 --a------ C:\WINDOWS.2\system32\spupdsvc.inf
2008-04-06 21:49 . 2004-08-19 16:10 848,384 --------- C:\WINDOWS.2\system32\ir41_32.ax
2008-04-06 21:49 . 2004-08-19 16:09 755,200 --------- C:\WINDOWS.2\system32\ir50_32.dll
2008-04-06 21:49 . 2004-08-19 16:09 338,432 --------- C:\WINDOWS.2\system32\ir41_qcx.dll
2008-04-06 21:49 . 2004-08-19 16:09 200,192 --------- C:\WINDOWS.2\system32\ir50_qc.dll
2008-04-06 21:49 . 2004-08-19 16:10 199,680 --------- C:\WINDOWS.2\system32\iac25_32.ax
2008-04-06 21:49 . 2004-08-19 16:09 183,808 --------- C:\WINDOWS.2\system32\ir50_qcx.dll
2008-04-06 21:49 . 2004-08-19 16:09 120,320 --------- C:\WINDOWS.2\system32\ir41_qc.dll
2008-04-06 15:41 . 2008-04-06 15:41 <REP> d-------- C:\Program Files\CCleaner
2008-04-04 20:43 . 2008-04-04 20:43 <REP> d-------- C:\Program Files\Unlocker
2008-04-04 19:08 . 2008-04-04 19:08 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-04 00:36 . 2008-04-04 00:36 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Kaspersky Lab Setup Files
2008-04-03 21:26 . 1996-08-20 21:37 15,840 --a------ C:\WINDOWS.2\system32\Machnm1.exe
2008-04-03 21:26 . 2005-09-25 17:37 5,632 --a------ C:\WINDOWS.2\system32\Machnm64.sys
2008-04-03 21:26 . 2008-04-03 21:26 3,120 --a------ C:\WINDOWS.2\system32\118290.54
2008-04-03 21:26 . 2008-04-03 21:26 3,120 --a------ C:\WINDOWS.2\118294.78
2008-04-03 21:26 . 2003-08-13 01:27 2,304 --a------ C:\WINDOWS.2\system32\Machnm32.sys
2008-04-03 04:36 . 2008-04-03 04:36 54,156 --ah----- C:\WINDOWS.2\QTFont.qfn
2008-04-03 04:36 . 2008-04-03 04:36 1,409 --a------ C:\WINDOWS.2\QTFont.for
2008-04-03 03:23 . 2008-04-03 20:42 <REP> d-------- C:\Program Files\iGraal
2008-04-02 23:46 . 2008-04-04 18:41 <REP> d-------- C:\Program Files\RegCleaner
2008-04-02 13:59 . 2008-04-03 17:34 <REP> d-------- C:\WINDOWS.2\BDOSCAN8
2008-04-02 13:21 . 2008-04-02 15:18 4,114 --a------ C:\Documents and Settings\Propriétaire\Application Data\update.log
2008-04-01 01:48 . 2008-04-02 01:04 <REP> d-------- C:\Documents and Settings\Propriétaire\.housecall6.6
2008-04-01 01:48 . 2008-04-02 01:04 <REP> d-------- C:\Documents and Settings\Propriétaire\.housecall6.6
2008-04-01 00:46 . 2008-04-01 00:46 <REP> d-------- C:\Documents and Settings\PropriÚtaire\Bureau
2008-04-01 00:46 . 2008-04-01 00:46 <REP> d-------- C:\Documents and Settings\PropriÚtaire
2008-04-01 00:46 . 2005-08-22 14:41 316,416 --a------ C:\vx2cleaner.dlx
2008-04-01 00:46 . 2005-08-22 14:41 29,636 --a------ C:\vx2cleaner.chm
2008-04-01 00:42 . 2008-04-01 00:42 <REP> d-------- C:\Program Files\Lavasoft
2008-03-28 23:02 . 2001-08-02 18:36 151,552 -ra------ C:\WINDOWS.2\system32\ptsetup.dll
2008-03-28 23:02 . 2001-08-02 18:36 122,880 -ra------ C:\WINDOWS.2\system32\ptuninst.exe
2008-03-28 22:59 . 2001-08-17 16:31 117,503 --a------ C:\WINDOWS.2\system32\drivers\ptserial.sys
2008-03-28 22:38 . 2008-03-28 22:38 <REP> d-------- C:\Program Files\VIA
2008-03-28 22:38 . 2005-04-13 16:54 331,184 --------- C:\WINDOWS.2\system32\difxapi.dll
2008-03-28 22:36 . 2008-03-28 22:36 524,288 --a------ C:\via_pata_sata_+ide_v160a(20061101140444).zip
2008-03-28 22:11 . 2006-10-17 21:22 9,216 --a------ C:\WINDOWS.2\system32\drivers\videX32.sys
2008-03-28 21:17 . 2006-05-03 12:57 520,192 --------- C:\WINDOWS.2\system32\ati2sgag.exe
2008-03-28 21:13 . 2008-03-28 21:13 <REP> d-------- C:\ATI
2008-03-28 21:03 . 2008-03-28 21:03 199,066 --a------ C:\6A6LMM45.ZIP
2008-03-26 18:26 . 2008-03-26 18:27 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS.2\Application Data\MGS
2008-03-26 18:24 . 2008-03-26 18:24 <REP> d-------- C:\WINDOWS.2\system32\FlashAX
2008-03-25 02:40 . 2008-03-25 03:30 <REP> d-------- C:\Program Files\Call of Duty Single Player Demo
2008-03-24 15:58 . 2005-05-26 16:34 2,297,552 --a------ C:\WINDOWS.2\system32\d3dx9_26.dll
2008-03-24 15:56 . 2008-03-24 15:56 <REP> d-------- C:\Program Files\JoWooD
2008-03-24 03:20 . 2008-03-24 03:23 <REP> d-------- C:\Program Files\AMD
2008-03-24 03:19 . 2006-06-07 15:15 29,696 --a------ C:\WINDOWS.2\system32\drivers\AmdTools.sys
2008-03-24 03:14 . 2008-04-06 15:48 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-24 03:11 . 2008-03-24 03:11 <REP> d-------- C:\Program Files\AMDAGP
2008-03-24 02:59 . 2008-03-24 02:59 <REP> d-------- C:\Program Files\DIFX
2008-03-24 02:40 . 2008-03-24 02:40 23,600 --a------ C:\WINDOWS.2\system32\drivers\TVICHW32.SYS
2008-03-23 19:02 . 2008-04-21 14:52 13 --a------ C:\WINDOWS.2\system32\ANIWZCSUSERNAME{8D3DF001-96B2-4957-BF8A-EE4A008AA0B6}
2008-03-23 01:15 . 2008-03-23 01:15 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Downloaded Installations
2008-03-23 01:14 . 2006-10-04 16:06 1,197,294 -----c--- C:\WINDOWS.2\system32\dllcache\sysmain.sdb
2008-03-23 01:14 . 2006-10-04 16:06 764,868 -----c--- C:\WINDOWS.2\system32\dllcache\apph_sp.sdb
2008-03-23 01:14 . 2006-10-04 16:06 217,118 -----c--- C:\WINDOWS.2\system32\dllcache\apphelp.sdb
2008-03-23 01:12 . 2008-03-23 01:12 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-03-23 01:09 . 2008-03-23 01:09 <REP> d-------- C:\WINDOWS.2\system32\LogFiles
2008-03-23 01:09 . 2008-03-23 01:11 <REP> d-------- C:\WINDOWS.2\system32\drivers\UMDF
2008-03-23 00:58 . 2008-03-23 11:43 <REP> d-------- C:\Documents and Settings\florent\Contacts
2008-03-22 21:39 . 2008-03-22 21:39 1,180,160 --a------ C:\WINDOWS.2\system32\crashlog.tar
2008-03-22 19:47 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS.2\system32\mucltui.dll
2008-03-22 19:47 . 2007-07-30 20:19 207,736 --a------ C:\WINDOWS.2\system32\muweb.dll
2008-03-22 19:47 . 2007-07-30 20:18 30,072 --a------ C:\WINDOWS.2\system32\mucltui.dll.mui
2008-03-22 19:43 . 2008-03-22 20:04 <REP> d-------- C:\Documents and Settings\Propriétaire\Contacts
2008-03-22 19:43 . 2008-03-22 20:04 <REP> d-------- C:\Documents and Settings\Propriétaire\Contacts
2008-03-22 19:38 . 2008-03-22 19:38 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-22 19:36 . 2008-03-22 19:40 <REP> d-------- C:\Program Files\Windows Live
2008-03-22 19:35 . 2008-03-22 19:35 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS.2\Application Data\WLInstaller
2008-03-22 19:07 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS.2\system32\dllcache\ieframe.dll
2008-03-22 19:07 . 2007-07-01 05:31 2,455,488 -----c--- C:\WINDOWS.2\system32\dllcache\ieapfltr.dat
2008-03-22 19:07 . 2007-07-01 05:36 1,048,576 -----c--- C:\WINDOWS.2\system32\dllcache\ieframe.dll.mui
2008-03-22 19:07 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS.2\system32\dllcache\msfeeds.dll
2008-03-22 19:07 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS.2\system32\dllcache\ieapfltr.dll
2008-03-22 19:07 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS.2\system32\dllcache\iertutil.dll
2008-03-22 19:07 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS.2\system32\dllcache\icardie.dll
2008-03-22 19:07 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS.2\system32\dllcache\msfeedsbs.dll
2008-03-22 19:07 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS.2\system32\dllcache\ieudinit.exe
2008-03-22 19:05 . 2008-03-22 19:11 <REP> d-------- C:\WINDOWS.2\system32\fr-fr
2008-03-22 18:33 . 2008-03-22 18:33 <REP> d-------- C:\Program Files\MSXML 4.0
2008-03-22 18:11 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS.2\system32\dllcache\rpcrt4.dll
2008-03-22 17:55 . 2007-07-30 20:19 38,232 --a------ C:\WINDOWS.2\system32\wucltui.dll.mui
2008-03-22 17:55 . 2007-07-30 20:20 30,040 --a------ C:\WINDOWS.2\system32\wuaucpl.cpl.mui
2008-03-22 17:55 . 2007-07-30 20:19 30,040 --a------ C:\WINDOWS.2\system32\wuapi.dll.mui
2008-03-22 17:55 . 2007-07-30 20:18 21,336 --a------ C:\WINDOWS.2\system32\wuaueng.dll.mui
2008-03-22 00:41 . 2008-04-21 14:52 7 --a------ C:\WINDOWS.2\system32\ANIWZCSUSERNAME
2008-03-21 18:18 . 2008-03-23 18:06 8 --a------ C:\WINDOWS.2\system32\ANIWZCSUSERNAME{E012A9D7-CEEB-46D0-86C6-0F7BD121B36D}
2008-03-21 18:17 . 2005-10-19 19:19 1,327,189 --a------ C:\WINDOWS.2\system32\odSupp_M.dll
2008-03-21 18:17 . 2007-08-21 17:31 679,936 --a------ C:\WINDOWS.2\system32\ANIWZCS2.dll
2008-03-21 18:17 . 2007-08-14 14:26 262,144 --a------ C:\WINDOWS.2\system32\wnicapi.dll
2008-03-21 18:17 . 2007-08-20 18:41 233,472 --a------ C:\WINDOWS.2\system32\WlanApp.dll
2008-03-21 18:17 . 2007-05-12 14:33 217,088 --a------ C:\WINDOWS.2\system32\aIPH.dll
2008-03-21 18:17 . 2005-10-27 09:55 49,152 --a------ C:\WINDOWS.2\system32\JJAKEn.dll
2008-03-21 18:17 . 2005-10-19 19:19 49,152 --a------ C:\WINDOWS.2\system32\AQCKGen.dll
2008-03-21 18:17 . 2006-09-26 14:49 45,115 --a------ C:\WINDOWS.2\system32\ANICtl.dll
2008-03-21 18:16 . 2008-03-21 18:17 <REP> d-------- C:\Program Files\ANI
2008-03-21 18:16 . 2005-12-13 11:38 48,128 --a------ C:\WINDOWS.2\system32\ANIO64.sys
2008-03-21 18:16 . 2005-10-21 16:56 36,864 --a------ C:\WINDOWS.2\system32\ANIOApi.dll
2008-03-21 18:16 . 2005-12-11 12:55 28,195 --a------ C:\WINDOWS.2\system32\ANIO.sys
2008-03-21 18:16 . 2004-10-14 11:29 16,997 --a------ C:\WINDOWS.2\system32\ANIO.VXD
2008-03-21 18:16 . 2004-10-14 11:29 11,904 --a------ C:\WINDOWS.2\system32\anio4.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-20 21:04 --------- d-----w C:\Program Files\eMule
2008-04-18 17:29 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\AdobeUM
2008-04-18 10:32 428 ----a-w C:\WINDOWS.2\system32\drivers\fwdrv.err
2008-04-16 22:29 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-04-16 22:29 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Symantec
2008-04-13 16:20 --------- d-----w C:\Program Files\OpenOffice.org1.1.3
2008-04-09 23:44 --------- d-----w C:\Program Files\Common Files
2008-04-04 19:05 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Spybot - Search & Destroy
2008-04-03 22:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-03 21:45 --------- d-----w C:\Program Files\InterActual
2008-04-03 19:25 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-04-01 00:30 262,144 ----a-w C:\ntuser.dat
2008-03-28 21:54 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-23 12:16 --------- d-----w C:\Program Files\Norton AntiVirus
2008-03-23 11:29 --------- d-----w C:\Program Files\eFax Messenger Plus 3.2
2008-03-23 10:30 --------- d-----w C:\Program Files\ClockSync
2008-03-23 10:16 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Barb Sect Mapi
2008-03-23 10:10 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Morefirstproxyloud
2008-03-23 00:55 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Gluedeaddoes
2008-03-22 23:22 --------- d-----w C:\Program Files\Yahoo!
2008-03-21 17:24 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\MSN6
2008-03-03 20:46 --------- d-----w C:\Program Files\Fichiers communs\FotoWire
.
((((((((((((((((((((((((((((( snapshot_2008-04-14_18.28.14.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-14 16:09:56 2,048 --s-a-w C:\WINDOWS.2\bootstat.dat
+ 2008-04-21 12:51:36 2,048 --s-a-w C:\WINDOWS.2\bootstat.dat
+ 2008-03-25 16:13:04 124,208 ----a-w C:\WINDOWS.2\Downloaded Program Files\as2stubie.dll
+ 2007-07-18 11:49:56 12,592 ----a-w C:\WINDOWS.2\Downloaded Program Files\libcomm.dll
+ 2008-04-21 12:51:54 16,384 ----atw C:\WINDOWS.2\Temp\Perflib_Perfdata_648.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS.2\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [ ]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-25 01:20 401491]
"EPSON Stylus C40 Series"="C:\WINDOWS.2\System32\spool\DRIVERS\W32X86\3\E_A10IC2.exe" [2001-10-04 03:01 69632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 03:36 36975]
"ezShieldProtector for Px"="C:\WINDOWS.2\system32\ezSP_Px.exe" [2002-08-20 10:29 40960]
"D-Link Wireless G WUA-1340"="C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe" [2007-08-27 17:25 1662976]
"D-Link D-Link Wireless G DWA-110"="C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe" [2007-05-04 11:26 1662976]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2003-11-10 15:30 70816]
"AtiPTA"="atiptaxx.exe" [2001-09-14 19:15 245760 C:\WINDOWS.2\system32\atiptaxx.exe]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 12:49 49152]
"Motive SmartBridge"="C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe" [2005-02-24 15:01 397312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS.2\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
"Zone Alarm"="vsmon.exe" []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.2^Menu Démarrer^Programmes^Démarrage^Activer l'ensemble clavier et souris sans fil Labtec.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.2\Menu Démarrer\Programmes\Démarrage\Activer l'ensemble clavier et souris sans fil Labtec.lnk
backup=C:\WINDOWS.2\pss\Activer l'ensemble clavier et souris sans fil Labtec.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.2^Menu Démarrer^Programmes^Démarrage^eFax Menu Temps Réel 3.2.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.2\Menu Démarrer\Programmes\Démarrage\eFax Menu Temps Réel 3.2.lnk
backup=C:\WINDOWS.2\pss\eFax Menu Temps Réel 3.2.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.2^Menu Démarrer^Programmes^Démarrage^eFax Tray Menu 3.2.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.2\Menu Démarrer\Programmes\Démarrage\eFax Tray Menu 3.2.lnk
backup=C:\WINDOWS.2\pss\eFax Tray Menu 3.2.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.2^Menu Démarrer^Programmes^Démarrage^EPSON Status Monitor 3 Environment Check 2.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.2\Menu Démarrer\Programmes\Démarrage\EPSON Status Monitor 3 Environment Check 2.lnk
backup=C:\WINDOWS.2\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.2^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.2\Menu Démarrer\Programmes\Démarrage\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS.2\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.2^Menu Démarrer^Programmes^Démarrage^Mon Assistant Internet.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.2\Menu Démarrer\Programmes\Démarrage\Mon Assistant Internet.lnk
backup=C:\WINDOWS.2\pss\Mon Assistant Internet.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^dBpowerAMP.lnk]
path=C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\dBpowerAMP.lnk
backup=C:\WINDOWS.2\pss\dBpowerAMP.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 1.1.3.lnk]
path=C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 1.1.3.lnk
backup=C:\WINDOWS.2\pss\OpenOffice.org 1.1.3.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^YesMessenger.lnk]
path=C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\YesMessenger.lnk
backup=C:\WINDOWS.2\pss\YesMessenger.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\Program Files]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\Program Files\Communaute]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\Program Files\Communaute\Affection]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\Program Files\Communaute\Affection\allo.exe]
--a------ 2005-03-28 09:25 2373120 C:\Program Files\Communaute\Affection\allo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\Program Files\Gnetwork]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\Program Files\Gnetwork\P2P]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\Program Files\Gnetwork\P2P\wincg.exe]
--a------ 2005-03-28 09:26 2267648 C:\Program Files\Gnetwork\P2P\wincg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryBooster 2 d’Uniblue ]
--a------ 2007-11-21 17:07 1902592 C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryEasy.exe]
--a------ 2008-02-21 15:18 4057088 C:\Program Files\Registry Easy\RegistryEasy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2005-12-09 08:30 35328 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17564:TCP"= 17564:TCP:NortonAV
"12355:TCP"= 12355:TCP:NortonAV
"14038:TCP"= 14038:TCP:NortonAV
"17709:TCP"= 17709:TCP:NortonAV
"14384:TCP"= 14384:TCP:NortonAV
"14831:TCP"= 14831:TCP:NortonAV
R0 videX32;videX32;C:\WINDOWS.2\system32\DRIVERS\videX32.sys [2006-10-17 21:22]
R1 aswSP;avast! Self Protection;C:\WINDOWS.2\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 fwdrv;Firewall Driver;C:\WINDOWS.2\system32\drivers\fwdrv.sys [2004-09-01 14:08]
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS.2\system32\drivers\kbfilter.sys [2003-03-27 13:55]
R1 moufiltr;Mouse Filter Driver;C:\WINDOWS.2\system32\drivers\moufiltr.sys [2003-01-23 14:29]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS.2\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 CINEMSUP;Software Cinemaster NT4.0 Driver;C:\WINDOWS.2\system32\DRIVERS\CINEMSUP.SYS [1999-09-20 11:05]
R3 amdtools;AMD Special Tools Driver;C:\WINDOWS.2\system32\DRIVERS\amdtools.sys [2006-06-07 15:15]
S2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS.2\system32\pctspk.exe [2001-08-02 18:37]
S3 ATICDSDr;ATICDSDr;C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\ATICDSDr.sys []
S3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS.2\system32\DRIVERS\ptserlp.sys [2001-08-17 22:28]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-18 14:00:13 C:\WINDOWS.2\Tasks\{7D2635DE-C3C6-4B06-AD2C-509DA8E37C90}_TRISTANI-GRJVPJ_Propriétaire.job"
- C:\WINDOWS.2\SYSTEM32\mobsync.exeQ /Schedule=
"2008-04-03 07:00:00 C:\WINDOWS.2\Tasks\{8680E0F9-8CB6-44E1-A0B1-E569FD5F2D04}_TRISTANI-GRJVPJ_florent.job"
- C:\WINDOWS.2\SYSTEM32\mobsync.exeL /Schedule=
"2008-04-18 14:00:03 C:\WINDOWS.2\Tasks\{DE41B4BF-4BDB-4245-A1CF-A5F9FDC7F92F}_TRISTANI-GRJVPJ_florent.job"
- C:\WINDOWS.2\SYSTEM32\mobsync.exeL /Schedule=
"2008-04-18 14:00:03 C:\WINDOWS.2\Tasks\{E289EA24-4CDB-4C2D-BA2D-F5828F6B1DC6}_TRISTANI-GRJVPJ_florent.job"
- C:\WINDOWS.2\SYSTEM32\mobsync.exeL /Schedule=
"2008-04-18 14:00:13 C:\WINDOWS.2\Tasks\{EA8E2CED-7BC2-4169-A2DE-750573428EEC}_TRISTANI-GRJVPJ_Propriétaire.job"
- C:\WINDOWS.2\SYSTEM32\mobsync.exeQ /Schedule=
"2008-04-03 07:00:00 C:\WINDOWS.2\Tasks\{F7FB4BDC-AC00-4E83-9AAF-B8EBC7598E78}_TRISTANI-GRJVPJ_Propriétaire.job"
- C:\WINDOWS.2\SYSTEM32\mobsync.exeQ /Schedule=
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-21 15:23:06
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-04-21 15:30:22
ComboFix-quarantined-files.txt 2008-04-21 13:30:16
Pre-Run: 36,446,072,832 octets libres
Post-Run: 36,449,234,944 octets libres
872 --- E O F --- 2008-04-12 14:15:11
Re,
Copie le texte se situant dans le cadre ci-dessous :
Driver::
|
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt sur ton Bureau.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt.
S'il n'y a pas de rédémarrage, poste quand même le rapport.
Répondre à XmichouX
re,
voilà le rapport je viens de le faire ,
merci :
ComboFix 08-04-20.2 - Propriétaire 2008-04-22 21:01:04.7 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.61 [GMT 2:00]
Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Propriétaire\Bureau\CFScript.txt..txt
* Création d'un nouveau point de restauration
FILE ::
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\ATICDSDr.sys
C:\WINDOWS.2\system32\bhggalxp.ini
C:\WINDOWS.2\system32\rpqxvjmq.ini
C:\WINDOWS.2\system32\tuvWqQjg.dll
C:\WINDOWS.2\system32\tvhngnev.ini
C:\WINDOWS.2\yes_messenger.ini
C:\WINDOWS.2\yesmessenger.ini
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Morefirstproxyloud
C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Morefirstproxyloud\Mode free seek
C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Morefirstproxyloud\Part 64 Window
C:\Documents and Settings\Propriétaire\Application Data\Barb Sect Mapi
C:\Documents and Settings\Propriétaire\Application Data\Barb Sect Mapi\0
C:\Documents and Settings\Propriétaire\Application Data\Barb Sect Mapi\DogModePokePlay.exe
C:\Documents and Settings\Propriétaire\Application Data\Barb Sect Mapi\ehwotkal.exe
C:\Documents and Settings\Propriétaire\Application Data\Barb Sect Mapi\site wipe coal.exe
C:\Documents and Settings\Propriétaire\Application Data\Gluedeaddoes
C:\Program Files\YesMessenger
C:\Program Files\YesMessenger\conditions.txt
C:\Program Files\YesMessenger\mfc42d.dll
C:\Program Files\YesMessenger\MFCO42D.DLL
C:\Program Files\YesMessenger\Msvcp60d.dll
C:\Program Files\YesMessenger\MSVCRTD.DLL
C:\Program Files\YesMessenger\unins000.dat
C:\Program Files\YesMessenger\unins000.exe
C:\Program Files\YesMessenger\UpdateRes.exe
C:\Program Files\YesMessenger\YesMessenger.exe
C:\Program Files\YesMessenger\Yesuninstall.exe
C:\WINDOWS.2\system32\ANIWZCSUSERNAME\
C:\WINDOWS.2\system32\ANIWZCSUSERNAME{8D3DF001-96B2-4957-BF8A-EE4A008AA0B6}\
C:\WINDOWS.2\system32\ANIWZCSUSERNAME{E012A9D7-CEEB-46D0-86C6-0F7BD121B36D}\
C:\WINDOWS.2\system32\bhggalxp.ini
C:\WINDOWS.2\system32\rpqxvjmq.ini
C:\WINDOWS.2\system32\tuvWqQjg.dll
C:\WINDOWS.2\system32\tvhngnev.ini
C:\WINDOWS.2\yes_messenger.ini
C:\WINDOWS.2\yesmessenger.ini
.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-22 to 2008-04-22 ))))))))))))))))))))))))))))))))))))
.
2008-04-20 15:06 . 2008-04-20 15:06 <REP> d-------- C:\Documents and Settings\florent\Application Data\Malwarebytes
2008-04-18 16:32 . 2008-04-18 16:34 <REP> d-------- C:\Program Files\Panda Security
2008-04-17 00:24 . 2008-04-17 00:24 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Martau
2008-04-17 00:23 . 2008-04-21 16:32 <REP> d-------- C:\Program Files\Total Uninstall 4
2008-04-16 21:30 . 2008-04-16 21:30 <REP> d-------- C:\Program Files\AxBx
2008-04-11 20:08 . 2008-04-11 20:21 1,374 --a------ C:\WINDOWS.2\imsins.BAK
2008-04-11 03:25 . 2008-04-11 03:26 <REP> d-------- C:\ComboFix[1]
2008-04-11 01:47 . 2008-04-11 01:47 <REP> d-------- C:\_OTMoveIt
2008-04-10 01:45 . 2008-04-10 01:45 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-10 01:45 . 2008-04-10 01:45 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Malwarebytes
2008-04-10 01:45 . 2008-04-10 01:45 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Malwarebytes
2008-04-09 00:46 . 2008-04-09 00:46 <REP> d-------- C:\Program Files\Trend Micro
2008-04-08 20:14 . 2008-04-08 20:14 <REP> d-------- C:\Program Files\jv16 PowerTools 2008
2008-04-08 18:29 . 2008-04-16 21:26 <REP> d-------- C:\Program Files\Registry Easy
2008-04-08 17:03 . 2008-04-08 17:03 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Grisoft
2008-04-07 22:47 . 2008-04-07 22:47 <REP> d-------- C:\Program Files\Uniblue
2008-04-07 22:47 . 2008-04-07 22:47 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Uniblue
2008-04-06 21:52 . 2008-04-06 21:52 3,097 --a------ C:\WINDOWS.2\system32\spupdsvc.inf
2008-04-06 21:49 . 2004-08-19 16:10 848,384 --------- C:\WINDOWS.2\system32\ir41_32.ax
2008-04-06 21:49 . 2004-08-19 16:09 755,200 --------- C:\WINDOWS.2\system32\ir50_32.dll
2008-04-06 21:49 . 2004-08-19 16:09 338,432 --------- C:\WINDOWS.2\system32\ir41_qcx.dll
2008-04-06 21:49 . 2004-08-19 16:09 200,192 --------- C:\WINDOWS.2\system32\ir50_qc.dll
2008-04-06 21:49 . 2004-08-19 16:10 199,680 --------- C:\WINDOWS.2\system32\iac25_32.ax
2008-04-06 21:49 . 2004-08-19 16:09 183,808 --------- C:\WINDOWS.2\system32\ir50_qcx.dll
2008-04-06 21:49 . 2004-08-19 16:09 120,320 --------- C:\WINDOWS.2\system32\ir41_qc.dll
2008-04-06 15:41 . 2008-04-06 15:41 <REP> d-------- C:\Program Files\CCleaner
2008-04-04 20:43 . 2008-04-04 20:43 <REP> d-------- C:\Program Files\Unlocker
2008-04-04 19:08 . 2008-04-04 19:08 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-04 00:36 . 2008-04-04 00:36 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Kaspersky Lab Setup Files
2008-04-03 21:26 . 1996-08-20 21:37 15,840 --a------ C:\WINDOWS.2\system32\Machnm1.exe
2008-04-03 21:26 . 2005-09-25 17:37 5,632 --a------ C:\WINDOWS.2\system32\Machnm64.sys
2008-04-03 21:26 . 2008-04-03 21:26 3,120 --a------ C:\WINDOWS.2\system32\118290.54
2008-04-03 21:26 . 2008-04-03 21:26 3,120 --a------ C:\WINDOWS.2\118294.78
2008-04-03 21:26 . 2003-08-13 01:27 2,304 --a------ C:\WINDOWS.2\system32\Machnm32.sys
2008-04-03 03:23 . 2008-04-03 20:42 <REP> d-------- C:\Program Files\iGraal
2008-04-02 23:46 . 2008-04-04 18:41 <REP> d-------- C:\Program Files\RegCleaner
2008-04-02 13:59 . 2008-04-03 17:34 <REP> d-------- C:\WINDOWS.2\BDOSCAN8
2008-04-02 13:21 . 2008-04-02 15:18 4,114 --a------ C:\Documents and Settings\Propriétaire\Application Data\update.log
2008-04-01 01:48 . 2008-04-02 01:04 <REP> d-------- C:\Documents and Settings\Propriétaire\.housecall6.6
2008-04-01 01:48 . 2008-04-02 01:04 <REP> d-------- C:\Documents and Settings\Propriétaire\.housecall6.6
2008-04-01 00:46 . 2008-04-01 00:46 <REP> d-------- C:\Documents and Settings\PropriÚtaire\Bureau
2008-04-01 00:46 . 2008-04-01 00:46 <REP> d-------- C:\Documents and Settings\PropriÚtaire
2008-04-01 00:46 . 2005-08-22 14:41 316,416 --a------ C:\vx2cleaner.dlx
2008-04-01 00:46 . 2005-08-22 14:41 29,636 --a------ C:\vx2cleaner.chm
2008-04-01 00:42 . 2008-04-01 00:42 <REP> d-------- C:\Program Files\Lavasoft
2008-03-28 23:02 . 2001-08-02 18:36 151,552 -ra------ C:\WINDOWS.2\system32\ptsetup.dll
2008-03-28 23:02 . 2001-08-02 18:36 122,880 -ra------ C:\WINDOWS.2\system32\ptuninst.exe
2008-03-28 22:59 . 2001-08-17 16:31 117,503 --a------ C:\WINDOWS.2\system32\drivers\ptserial.sys
2008-03-28 22:38 . 2008-03-28 22:38 <REP> d-------- C:\Program Files\VIA
2008-03-28 22:38 . 2005-04-13 16:54 331,184 --------- C:\WINDOWS.2\system32\difxapi.dll
2008-03-28 22:36 . 2008-03-28 22:36 524,288 --a------ C:\via_pata_sata_+ide_v160a(20061101140444).zip
2008-03-28 22:11 . 2006-10-17 21:22 9,216 --a------ C:\WINDOWS.2\system32\drivers\videX32.sys
2008-03-28 21:17 . 2006-05-03 12:57 520,192 --------- C:\WINDOWS.2\system32\ati2sgag.exe
2008-03-28 21:13 . 2008-03-28 21:13 <REP> d-------- C:\ATI
2008-03-28 21:03 . 2008-03-28 21:03 199,066 --a------ C:\6A6LMM45.ZIP
2008-03-26 18:26 . 2008-03-26 18:27 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS.2\Application Data\MGS
2008-03-26 18:24 . 2008-03-26 18:24 <REP> d-------- C:\WINDOWS.2\system32\FlashAX
2008-03-25 02:40 . 2008-03-25 03:30 <REP> d-------- C:\Program Files\Call of Duty Single Player Demo
2008-03-24 15:58 . 2005-05-26 16:34 2,297,552 --a------ C:\WINDOWS.2\system32\d3dx9_26.dll
2008-03-24 15:56 . 2008-03-24 15:56 <REP> d-------- C:\Program Files\JoWooD
2008-03-24 03:20 . 2008-03-24 03:23 <REP> d-------- C:\Program Files\AMD
2008-03-24 03:19 . 2006-06-07 15:15 29,696 --a------ C:\WINDOWS.2\system32\drivers\AmdTools.sys
2008-03-24 03:14 . 2008-04-06 15:48 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-24 03:11 . 2008-03-24 03:11 <REP> d-------- C:\Program Files\AMDAGP
2008-03-24 02:59 . 2008-03-24 02:59 <REP> d-------- C:\Program Files\DIFX
2008-03-24 02:40 . 2008-03-24 02:40 23,600 --a------ C:\WINDOWS.2\system32\drivers\TVICHW32.SYS
2008-03-23 19:02 . 2008-04-22 20:38 13 --a------ C:\WINDOWS.2\system32\ANIWZCSUSERNAME{8D3DF001-96B2-4957-BF8A-EE4A008AA0B6}
2008-03-23 01:15 . 2008-03-23 01:15 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Downloaded Installations
2008-03-23 01:14 . 2006-10-04 16:06 1,197,294 -----c--- C:\WINDOWS.2\system32\dllcache\sysmain.sdb
2008-03-23 01:14 . 2006-10-04 16:06 764,868 -----c--- C:\WINDOWS.2\system32\dllcache\apph_sp.sdb
2008-03-23 01:14 . 2006-10-04 16:06 217,118 -----c--- C:\WINDOWS.2\system32\dllcache\apphelp.sdb
2008-03-23 01:12 . 2008-03-23 01:12 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-03-23 01:09 . 2008-03-23 01:09 <REP> d-------- C:\WINDOWS.2\system32\LogFiles
2008-03-23 01:09 . 2008-03-23 01:11 <REP> d-------- C:\WINDOWS.2\system32\drivers\UMDF
2008-03-23 00:58 . 2008-03-23 11:43 <REP> d-------- C:\Documents and Settings\florent\Contacts
2008-03-22 21:39 . 2008-03-22 21:39 1,180,160 --a------ C:\WINDOWS.2\system32\crashlog.tar
2008-03-22 19:47 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS.2\system32\mucltui.dll
2008-03-22 19:47 . 2007-07-30 20:19 207,736 --a------ C:\WINDOWS.2\system32\muweb.dll
2008-03-22 19:47 . 2007-07-30 20:18 30,072 --a------ C:\WINDOWS.2\system32\mucltui.dll.mui
2008-03-22 19:43 . 2008-03-22 20:04 <REP> d-------- C:\Documents and Settings\Propriétaire\Contacts
2008-03-22 19:43 . 2008-03-22 20:04 <REP> d-------- C:\Documents and Settings\Propriétaire\Contacts
2008-03-22 19:38 . 2008-03-22 19:38 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-22 19:36 . 2008-03-22 19:40 <REP> d-------- C:\Program Files\Windows Live
2008-03-22 19:35 . 2008-03-22 19:35 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS.2\Application Data\WLInstaller
2008-03-22 19:07 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS.2\system32\dllcache\ieframe.dll
2008-03-22 19:07 . 2007-07-01 05:31 2,455,488 -----c--- C:\WINDOWS.2\system32\dllcache\ieapfltr.dat
2008-03-22 19:07 . 2007-07-01 05:36 1,048,576 -----c--- C:\WINDOWS.2\system32\dllcache\ieframe.dll.mui
2008-03-22 19:07 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS.2\system32\dllcache\msfeeds.dll
2008-03-22 19:07 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS.2\system32\dllcache\ieapfltr.dll
2008-03-22 19:07 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS.2\system32\dllcache\iertutil.dll
2008-03-22 19:07 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS.2\system32\dllcache\icardie.dll
2008-03-22 19:07 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS.2\system32\dllcache\msfeedsbs.dll
2008-03-22 19:07 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS.2\system32\dllcache\ieudinit.exe
2008-03-22 19:05 . 2008-03-22 19:11 <REP> d-------- C:\WINDOWS.2\system32\fr-fr
2008-03-22 18:33 . 2008-03-22 18:33 <REP> d-------- C:\Program Files\MSXML 4.0
2008-03-22 18:11 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS.2\system32\dllcache\rpcrt4.dll
2008-03-22 17:55 . 2007-07-30 20:19 38,232 --a------ C:\WINDOWS.2\system32\wucltui.dll.mui
2008-03-22 17:55 . 2007-07-30 20:20 30,040 --a------ C:\WINDOWS.2\system32\wuaucpl.cpl.mui
2008-03-22 17:55 . 2007-07-30 20:19 30,040 --a------ C:\WINDOWS.2\system32\wuapi.dll.mui
2008-03-22 17:55 . 2007-07-30 20:18 21,336 --a------ C:\WINDOWS.2\system32\wuaueng.dll.mui
2008-03-22 00:41 . 2008-04-22 20:38 7 --a------ C:\WINDOWS.2\system32\ANIWZCSUSERNAME
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-21 22:45 --------- d-----w C:\Program Files\eMule
2008-04-18 17:29 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\AdobeUM
2008-04-18 10:32 428 ----a-w C:\WINDOWS.2\system32\drivers\fwdrv.err
2008-04-16 22:29 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-04-16 22:29 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Symantec
2008-04-13 16:20 --------- d-----w C:\Program Files\OpenOffice.org1.1.3
2008-04-09 23:44 --------- d-----w C:\Program Files\Common Files
2008-04-04 19:05 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.2\Application Data\Spybot - Search & Destroy
2008-04-03 22:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-03 21:45 --------- d-----w C:\Program Files\InterActual
2008-04-03 19:25 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-04-01 00:30 262,144 ----a-w C:\ntuser.dat
2008-03-28 21:54 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-28 20:23 --------- d-----w C:\Program Files\D-Link
2008-03-23 12:16 --------- d-----w C:\Program Files\Norton AntiVirus
2008-03-23 11:29 --------- d-----w C:\Program Files\eFax Messenger Plus 3.2
2008-03-23 10:30 --------- d-----w C:\Program Files\ClockSync
2008-03-22 23:22 --------- d-----w C:\Program Files\Yahoo!
2008-03-21 17:24 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\MSN6
2008-03-21 16:17 --------- d-----w C:\Program Files\ANI
2008-03-21 16:14 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\InstallShield
2008-03-03 20:46 --------- d-----w C:\Program Files\Fichiers communs\FotoWire
.
((((((((((((((((((((((((((((( snapshot_2008-04-14_18.28.14.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-14 16:09:56 2,048 --s-a-w C:\WINDOWS.2\bootstat.dat
+ 2008-04-22 18:36:45 2,048 --s-a-w C:\WINDOWS.2\bootstat.dat
+ 2008-03-25 16:13:04 124,208 ----a-w C:\WINDOWS.2\Downloaded Program Files\as2stubie.dll
+ 2007-07-18 11:49:56 12,592 ----a-w C:\WINDOWS.2\Downloaded Program Files\libcomm.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS.2\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [ ]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-25 01:20 401491]
"EPSON Stylus C40 Series"="C:\WINDOWS.2\System32\spool\DRIVERS\W32X86\3\E_A10IC2.exe" [2001-10-04 03:01 69632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 03:36 36975]
"ezShieldProtector for Px"="C:\WINDOWS.2\system32\ezSP_Px.exe" [2002-08-20 10:29 40960]
"D-Link Wireless G WUA-1340"="C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe" [2007-08-27 17:25 1662976]
"D-Link D-Link Wireless G DWA-110"="C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe" [2007-05-04 11:26 1662976]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2003-11-10 15:30 70816]
"AtiPTA"="atiptaxx.exe" [2001-09-14 19:15 245760 C:\WINDOWS.2\system32\atiptaxx.exe]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 12:49 49152]
"Motive SmartBridge"="C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe" [2005-02-24 15:01 397312]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-01-04 23:53 282624]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS.2\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
"Zone Alarm"="vsmon.exe" []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.2^Menu Démarrer^Programmes^Démarrage^Activer l'ensemble clavier et souris sans fil Labtec.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.2\Menu Démarrer\Programmes\Démarrage\Activer l'ensemble clavier et souris sans fil Labtec.lnk
backup=C:\WINDOWS.2\pss\Activer l'ensemble clavier et souris sans fil Labtec.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.2^Menu Démarrer^Programmes^Démarrage^eFax Menu Temps Réel 3.2.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.2\Menu Démarrer\Programmes\Démarrage\eFax Menu Temps Réel 3.2.lnk
backup=C:\WINDOWS.2\pss\eFax Menu Temps Réel 3.2.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.2^Menu Démarrer^Programmes^Démarrage^eFax Tray Menu 3.2.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.2\Menu Démarrer\Programmes\Démarrage\eFax Tray Menu 3.2.lnk
backup=C:\WINDOWS.2\pss\eFax Tray Menu 3.2.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.2^Menu Démarrer^Programmes^Démarrage^EPSON Status Monitor 3 Environment Check 2.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.2\Menu Démarrer\Programmes\Démarrage\EPSON Status Monitor 3 Environment Check 2.lnk
backup=C:\WINDOWS.2\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.2^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.2\Menu Démarrer\Programmes\Démarrage\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS.2\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.2^Menu Démarrer^Programmes^Démarrage^Mon Assistant Internet.lnk]
path=C:\Documents and Settings\All Users.WINDOWS.2\Menu Démarrer\Programmes\Démarrage\Mon Assistant Internet.lnk
backup=C:\WINDOWS.2\pss\Mon Assistant Internet.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^dBpowerAMP.lnk]
path=C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\dBpowerAMP.lnk
backup=C:\WINDOWS.2\pss\dBpowerAMP.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 1.1.3.lnk]
path=C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 1.1.3.lnk
backup=C:\WINDOWS.2\pss\OpenOffice.org 1.1.3.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^YesMessenger.lnk]
path=C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\YesMessenger.lnk
backup=C:\WINDOWS.2\pss\YesMessenger.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\Program Files]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\Program Files\Communaute]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\Program Files\Communaute\Affection]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\Program Files\Communaute\Affection\allo.exe]
--a------ 2005-03-28 09:25 2373120 C:\Program Files\Communaute\Affection\allo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\Program Files\Gnetwork]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\Program Files\Gnetwork\P2P]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\Program Files\Gnetwork\P2P\wincg.exe]
--a------ 2005-03-28 09:26 2267648 C:\Program Files\Gnetwork\P2P\wincg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryBooster 2 d’Uniblue ]
--a------ 2007-11-21 17:07 1902592 C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryEasy.exe]
--a------ 2008-02-21 15:18 4057088 C:\Program Files\Registry Easy\RegistryEasy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2005-12-09 08:30 35328 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17564:TCP"= 17564:TCP:NortonAV
"12355:TCP"= 12355:TCP:NortonAV
"14038:TCP"= 14038:TCP:NortonAV
"17709:TCP"= 17709:TCP:NortonAV
"14384:TCP"= 14384:TCP:NortonAV
"14831:TCP"= 14831:TCP:NortonAV
R0 videX32;videX32;C:\WINDOWS.2\system32\DRIVERS\videX32.sys [2006-10-17 21:22]
R1 aswSP;avast! Self Protection;C:\WINDOWS.2\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 fwdrv;Firewall Driver;C:\WINDOWS.2\system32\drivers\fwdrv.sys [2004-09-01 14:08]
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS.2\system32\drivers\kbfilter.sys [2003-03-27 13:55]
R1 moufiltr;Mouse Filter Driver;C:\WINDOWS.2\system32\drivers\moufiltr.sys [2003-01-23 14:29]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS.2\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 CINEMSUP;Software Cinemaster NT4.0 Driver;C:\WINDOWS.2\system32\DRIVERS\CINEMSUP.SYS [1999-09-20 11:05]
R3 amdtools;AMD Special Tools Driver;C:\WINDOWS.2\system32\DRIVERS\amdtools.sys [2006-06-07 15:15]
S2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS.2\system32\pctspk.exe [2001-08-02 18:37]
S3 ATICDSDr;ATICDSDr;C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\ATICDSDr.sys []
S3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS.2\system32\DRIVERS\ptserlp.sys [2001-08-17 22:28]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-21 14:00:02 C:\WINDOWS.2\Tasks\{7D2635DE-C3C6-4B06-AD2C-509DA8E37C90}_TRISTANI-GRJVPJ_Propriétaire.job"
- C:\WINDOWS.2\SYSTEM32\mobsync.exeQ /Schedule=
"2008-04-03 07:00:00 C:\WINDOWS.2\Tasks\{8680E0F9-8CB6-44E1-A0B1-E569FD5F2D04}_TRISTANI-GRJVPJ_florent.job"
- C:\WINDOWS.2\SYSTEM32\mobsync.exeL /Schedule=
"2008-04-18 14:00:03 C:\WINDOWS.2\Tasks\{DE41B4BF-4BDB-4245-A1CF-A5F9FDC7F92F}_TRISTANI-GRJVPJ_florent.job"
- C:\WINDOWS.2\SYSTEM32\mobsync.exeL /Schedule=
"2008-04-21 14:00:00 C:\WINDOWS.2\Tasks\{E289EA24-4CDB-4C2D-BA2D-F5828F6B1DC6}_TRISTANI-GRJVPJ_florent.job"
- C:\WINDOWS.2\SYSTEM32\mobsync.exeL /Schedule=
"2008-04-18 14:00:13 C:\WINDOWS.2\Tasks\{EA8E2CED-7BC2-4169-A2DE-750573428EEC}_TRISTANI-GRJVPJ_Propriétaire.job"
- C:\WINDOWS.2\SYSTEM32\mobsync.exeQ /Schedule=
"2008-04-03 07:00:00 C:\WINDOWS.2\Tasks\{F7FB4BDC-AC00-4E83-9AAF-B8EBC7598E78}_TRISTANI-GRJVPJ_Propriétaire.job"
- C:\WINDOWS.2\SYSTEM32\mobsync.exeQ /Schedule=
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 21:07:32
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-04-22 21:13:43
ComboFix-quarantined-files.txt 2008-04-22 19:13:39
ComboFix2.txt 2008-04-21 13:30:24
Pre-Run: 36,126,732,288 octets libres
Post-Run: 36,289,118,208 octets libres
315 --- E O F --- 2008-04-12 14:15:11
Toujours des dysfonctionnements ?
Reposte un HijackThis.
Répondre à XmichouX
Re,je ne sais pas je viens de faire un HitjackThis voila le rapport,merci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:37:40, on 22/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS.2\System32\smss.exe
C:\WINDOWS.2\system32\winlogon.exe
C:\WINDOWS.2\system32\services.exe
C:\WINDOWS.2\system32\lsass.exe
C:\WINDOWS.2\system32\Ati2evxx.exe
C:\WINDOWS.2\system32\svchost.exe
C:\WINDOWS.2\System32\svchost.exe
C:\WINDOWS.2\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS.2\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS.2\system32\Ati2evxx.exe
C:\WINDOWS.2\Explorer.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS.2\system32\ezSP_Px.exe
C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS.2\system32\atiptaxx.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS.2\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS.2\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS.2\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [D-Link Wireless G WUA-1340] C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless G DWA-110] C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.2\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [EPSON Stylus C40 Series] C:\WINDOWS.2\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE /P23 "EPSON Stylus C40 Series" /O6 "USB001" /M "Stylus C40"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.2\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.2\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.2\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.2\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS.2\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS.2\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.2\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.2\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows.2\system32\nwprovau.dll
O16 - DPF: Interface Chat Voila - http://chat15.x-echo.com/version5/Applet/vchatsign.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.f [...] r_cert.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activ [...] stubie.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/024678 [...] xIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 6201160101
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b32846.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Reg [...] lashax.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.2\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS.2\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Norman NJeeves - Unknown owner - C:\NORMAN\Nvc\BIN\NJEEVES.EXE (file missing)
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Nvc\BIN\Zanda.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS.2\system32\pctspk.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 11752 bytes
Re
Symantec est ton Antivirus ?
Tu y tiens ?
Télécharge sur ton bureau : Clean (de Malekal) >Tuto<
Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
Double-clic sur clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé.
Poste le rapport se trouve ici : C:\rapport_clean.txt
Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.
Répondre à XmichouX
re,
non c'est pas symantec en fait j'essaye de le désinstaller depuis longtemps mais apparemment il reste des fichiers que je n'arrive pas à supprimer alors ça doit rentrer en conflit,car lors de chaque démarrage il y a une fenetre qui s'ouvre à chaque fois qui me dis qui manque qqchose de symantec pour fonctionner et qui m'invite à aller sur le site de symantec...??? j'ai seulement que kerio en ce moment.
23/04/2008 a 2:20:20,20
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS.2\
*** Recherche des fichiers dans C:\WINDOWS.2\system32
C:\WINDOWS.2\system32\SpoonUninstall.exe FOUND
"C:\WINDOWS.2\Downloaded Program Files\CONFLICT.1" FOUND
*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\Fichiers communs\Totem Shared\" FOUND
"C:\Program Files\ClockSync\" FOUND
et puis j'ai ça aussi :
23/04/2008 a 2:20:20,20
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS.2\
*** Recherche des fichiers dans C:\WINDOWS.2\system32
C:\WINDOWS.2\system32\SpoonUninstall.exe FOUND
"C:\WINDOWS.2\Downloaded Program Files\CONFLICT.1" FOUND
*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\Fichiers communs\Totem Shared\" FOUND
"C:\Program Files\ClockSync\" FOUND
sinon il m'a demandé d'envoyer un fichier upload à malekal ce que je suis en train de faire mais bon c'est hyper long j'attends ....
Re,
Laisse tomber pou l'Upload.
Télécharge et exécute : http://service1.symantec.com/SUPPO [...] 4110429924
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées :
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
- Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
- Afin de lancer la recherche, clic sur"Rechercher".
- Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
AIDE : Tuto en images sur MBAM
Toujours en mode sans échec, relance clean et fais l'option 2, poste le rapport.
Répondre à XmichouX
Re bonjour,
voila le rapport et pour clean que dois je faire exactement ?merci
Malwarebytes' Anti-Malware 1.11
Version de la base de données: 672
Type de recherche: Examen complet (A:\|C:\|D:\|E:\|)
Eléments examinés: 124593
Temps écoulé: 2 hour(s), 22 minute(s), 43 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 103
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\QooBox\Quarantine\C\WINDOWS.2\system32\ajjqcucc.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS.2\system32\cblnekfg.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS.2\system32\csltuqqs.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS.2\system32\cyexiver.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS.2\system32\dlopnxuc.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS.2\system32\eogqswkj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS.2\system32\epgvneuj.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS.2\system32\hbxgjnyq.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS.2\system32\iggftock.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS.2\system32\iuhmtobf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS.2\system32\iuttomvi.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS.2\system32\iwrofrwo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS.2\system32\jvlctpot.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS.2\system32\jxhbpiql.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS.2\system32\lbyiwahp.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS.2\system32\liqehldo.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS.2\system32\mcsfdnts.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS.2\system32\mkvbsonk.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS.2\system32\mncaetev.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS.2\system32\odwqqhlk.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS.2\system32\phupmews.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS.2\system32\qugmikep.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS.2\system32\rqcebrya.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS.2\system32\rvkrtusy.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS.2\system32\rysrvunt.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS.2\system32\stdkhdrh.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS.2\system32\trxvhkqj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS.2\system32\tsbalftw.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS.2\system32\usdorxhk.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS.2\system32\vgevgxui.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS.2\system32\vjnamsae.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS.2\system32\wedgrxjr.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS.2\system32\wwskoadq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS.2\system32\yhgcvmrh.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS.2\system32\yulaiubl.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP201\A0299676.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP202\A0301686.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP202\A0309948.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0327061.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0327089.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0327101.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0327133.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0327135.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0327139.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0327155.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0333220.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0333225.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0333227.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP203\A0333237.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP204\A0334368.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP207\A0335592.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP207\A0335616.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP207\A0335647.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP209\A0338820.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP209\A0338824.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP210\A0341903.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP211\A0343903.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP211\A0343929.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP211\A0343936.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP211\A0348964.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP211\A0348972.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP217\A0354138.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP217\A0358166.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP217\A0362235.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP219\A0368374.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP219\A0368375.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP219\A0368376.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP219\A0368377.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP219\A0368378.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP219\A0368379.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP219\A0368380.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP219\A0368381.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP219\A0368382.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP219\A0368383.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP219\A0368384.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP219\A0368385.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP219\A0368386.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP219\A0368387.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP219\A0368388.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP219\A0368389.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP219\A0368390.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP219\A0368391.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP219\A0368392.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP219\A0368393.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP219\A0368394.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP219\A0368395.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP219\A0368396.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP219\A0368397.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP219\A0368398.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP219\A0368406.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP219\A0368407.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5466A367-2FC9-4757-AFA5-1EC88A3D4F54}\RP219\A0368417.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\04112008_014748\WINDOWS.2\system32\ehkuwaba.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\04112008_014748\WINDOWS.2\system32\hebtukal.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\04112008_014748\WINDOWS.2\system32\iqamxemo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\04112008_014748\WINDOWS.2\system32\opstidul.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\04112008_014748\WINDOWS.2\system32\psbxauds.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\04112008_014748\WINDOWS.2\system32\sgslaprg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\04112008_014748\WINDOWS.2\system32\tjqabgkt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\04112008_014748\WINDOWS.2\system32\uyawypte.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\04112008_014748\WINDOWS.2\system32\vqawtnbe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\04112008_014748\WINDOWS.2\system32\xlsuxuwg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\04112008_014748\WINDOWS.2\system32\ybyufxse.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
Rapport clean maintenant
Répondre à XmichouX
re,
c'est fait mais le pc a redémarré tout seul je sais pas ou est le rapport...
C:\rapport_clean.txt
Répondre à XmichouX
bonsoir,j'ai l'impression que le pc est un peu ralenti..
ça doit etre ça alors :
Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 23/04/2008 a 18:34:36,80
Microsoft Windows XP [version 5.1.2600]
*** Suppression des fichiers dans C:
*** Suppression des fichiers dans C:\WINDOWS.2\
*** Suppression des fichiers dans C:\WINDOWS.2\system32
tentative de suppression de C:\WINDOWS.2\system32\SpoonUninstall.exe
tentative de suppression de "C:\WINDOWS.2\Downloaded Program Files\CONFLICT.1"
*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\Fichiers communs\Totem Shared\"
tentative de suppression de "C:\Program Files\ClockSync\"
*** Suppression des clefs du registre effectuee..
ou ça ja sais pas :
Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 23/04/2008 a 18:34:36,80
Microsoft Windows XP [version 5.1.2600]
*** Suppression des fichiers dans C:
*** Suppression des fichiers dans C:\WINDOWS.2\
*** Suppression des fichiers dans C:\WINDOWS.2\system32
tentative de suppression de C:\WINDOWS.2\system32\SpoonUninstall.exe
tentative de suppression de "C:\WINDOWS.2\Downloaded Program Files\CONFLICT.1"
*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\Fichiers communs\Totem Shared\"
tentative de suppression de "C:\Program Files\ClockSync\"
*** Suppression des clefs du registre effectuee..
Bien, reposte un HijackTHis.
Répondre à XmichouX
voilà :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:50:29, on 23/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS.2\System32\smss.exe
C:\WINDOWS.2\system32\winlogon.exe
C:\WINDOWS.2\system32\services.exe
C:\WINDOWS.2\system32\lsass.exe
C:\WINDOWS.2\system32\Ati2evxx.exe
C:\WINDOWS.2\system32\svchost.exe
C:\WINDOWS.2\System32\svchost.exe
C:\WINDOWS.2\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS.2\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS.2\system32\Ati2evxx.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS.2\Explorer.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS.2\system32\ezSP_Px.exe
C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
C:\WINDOWS.2\system32\atiptaxx.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS.2\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS.2\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS.2\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [D-Link Wireless G WUA-1340] C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless G DWA-110] C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.2\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [EPSON Stylus C40 Series] C:\WINDOWS.2\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE /P23 "EPSON Stylus C40 Series" /O6 "USB001" /M "Stylus C40"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.2\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.2\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.2\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.2\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS.2\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS.2\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.2\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.2\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows.2\system32\nwprovau.dll
O16 - DPF: Interface Chat Voila - http://chat15.x-echo.com/version5/Applet/vchatsign.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.f [...] r_cert.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activ [...] stubie.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/024678 [...] xIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 6201160101
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b32846.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Reg [...] lashax.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.2\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS.2\system32\ati2sgag.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Norman NJeeves - Unknown owner - C:\NORMAN\Nvc\BIN\NJEEVES.EXE (file missing)
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Nvc\BIN\Zanda.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS.2\system32\pctspk.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 11161 bytes
au fait j'ai mis anti vir sur le pc ...
Plus de problèmes ?
Télécharge et exécute : http://service1.symantec.com/SUPPO [...] 4110429924
Relance HiJackThis (clique droit -> lancer en tant qu'adminstrateur sous Vista), do a system scan only, coche ces lignes (si toujours présentes) :
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 |
Ferme toutes les applications en cours (particulièrement ton navigateur Internet).
Puis Fix Checked!
**********
Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.
Supprime : C:\Qoobox.
Ouvre Antivir, Vérifie qu%u2019il soit bien à jour ! ; va dans l'onglet Scanner, active la recherche de rootkits via le + de rootkit search, puis dans manual selection, coche tout (tes partitions de disque dur), lance le scan. Poste moi le rapport généré (qui se trouve dans l'onglet reports).
Message édité par XmichouX le 24-04-2008 à 11:15:21
Répondre à XmichouX
Il y a 1929 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
