[résolu] [Trojan] Probléme, il ne me lache pas
Dernière réponse : dans Sécurité
Bonjour à tous,
J'ai un Trojan qui me tiens depuis 1 semaine, je le supprime, 1 jours plus tard il est déjà revenue![:(]( ":(")
A cause de lui, je ne peux pas aller dans certain site, ou afficher une shoutbox "Shoutmix" etc..
Ni faire de recherche google.
Il me remplace les pubs google par des pubs de virus..
![]()
Merci de vos aides.
J'ai un Trojan qui me tiens depuis 1 semaine, je le supprime, 1 jours plus tard il est déjà revenue
A cause de lui, je ne peux pas aller dans certain site, ou afficher une shoutbox "Shoutmix" etc..
Ni faire de recherche google.
Il me remplace les pubs google par des pubs de virus..
Merci de vos aides.
Autres pages sur : resolu trojan probleme lache
Lassé par la pub ? Créez un compte
bonsoir
~Télécharge SmitfraudFix
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
~Dezippe la totalité de l'archive SmitfraudFix.zip
Recherche:
~Double clique sur SmitfraudFix.cmd
~Sélectionne 1 et presse Entrée dans le menu pour créer un rapport des fichiers responsables de l'infection. Le rapport se trouve à la racine du disque système C:\rapport.txt
~Poste ce rapport.
process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
~Télécharge SmitfraudFix
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
~Dezippe la totalité de l'archive SmitfraudFix.zip
Recherche:
~Double clique sur SmitfraudFix.cmd
~Sélectionne 1 et presse Entrée dans le menu pour créer un rapport des fichiers responsables de l'infection. Le rapport se trouve à la racine du disque système C:\rapport.txt
~Poste ce rapport.
process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Merci de ton aide,
Voilà :
SmitFraudFix v2.274
Rapport fait à 8:25:41,73, 20/12/2007
Executé à partir de C:\PROGRA~1\MOZILL~1\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
127.0.0.1 update.asdf.cn
127.0.0.1 msg.asdf.com
127.0.0.1 update.111222.cn
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix.exe by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Hercules Wireless G USB2 #6 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B25F046D-74DC-4BB4-BEDA-99F48C9A52EB}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B25F046D-74DC-4BB4-BEDA-99F48C9A52EB}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B25F046D-74DC-4BB4-BEDA-99F48C9A52EB}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Voilà :
SmitFraudFix v2.274
Rapport fait à 8:25:41,73, 20/12/2007
Executé à partir de C:\PROGRA~1\MOZILL~1\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
127.0.0.1 update.asdf.cn
127.0.0.1 msg.asdf.com
127.0.0.1 update.111222.cn
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix.exe by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Hercules Wireless G USB2 #6 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B25F046D-74DC-4BB4-BEDA-99F48C9A52EB}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B25F046D-74DC-4BB4-BEDA-99F48C9A52EB}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B25F046D-74DC-4BB4-BEDA-99F48C9A52EB}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
lol, voilà :
SmitFraudFix v2.328
Rapport fait à 22:21:10.98, 19.06.2008
Executé à partir de C:\Documents and Settings\Jeremy\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DynDNS Updater\DynDNS.exe
C:\Documents and Settings\Jeremy\Bureau\gbox et dvbdream pour jérem1\gbox et dvbdream pour jérem\gbox pour jérem\GBOXn\GboxControl.exe
C:\Documents and Settings\Jeremy\Bureau\gbox et dvbdream pour jérem1\gbox et dvbdream pour jérem\gbox pour jérem\GBOXn\gboxx86.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Sony\Vegas 7.0\vegas70.exe
C:\Program Files\Safari\Safari.exe
C:\dvbdream77\dvbdream.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
Fichier hosts corrompu !
127.0.0.1 legal-at-spybot.info
127.0.0.1 www.legal-at-spybot.info
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jeremy
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jeremy\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Jeremy\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\KASPER~1\\KASPER~1\\mzvkbd.dll,C:\\PROGRA~1\\KASPER~1\\KASPER~1\\adialhk.dll,C:\\PROGRA~1\\KASPER~1\\KASPER~1\\kloehk.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: D-Link Wireless G DWA-110 USB Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
Description: TechniSat DVB-PC TV Star PCI - Miniport d'ordonnancement de paquets
DNS Server Search Order: 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\..\{28AD64BC-BECF-4382-B741-B12827A3EDA9}: DhcpNameServer=0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DAE136DE-CED2-4ACE-B0D4-5F51F37E0F9B}: NameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{28AD64BC-BECF-4382-B741-B12827A3EDA9}: DhcpNameServer=0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DAE136DE-CED2-4ACE-B0D4-5F51F37E0F9B}: NameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{28AD64BC-BECF-4382-B741-B12827A3EDA9}: DhcpNameServer=0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DAE136DE-CED2-4ACE-B0D4-5F51F37E0F9B}: NameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=0.0.0.0
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
SmitFraudFix v2.328
Rapport fait à 22:21:10.98, 19.06.2008
Executé à partir de C:\Documents and Settings\Jeremy\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DynDNS Updater\DynDNS.exe
C:\Documents and Settings\Jeremy\Bureau\gbox et dvbdream pour jérem1\gbox et dvbdream pour jérem\gbox pour jérem\GBOXn\GboxControl.exe
C:\Documents and Settings\Jeremy\Bureau\gbox et dvbdream pour jérem1\gbox et dvbdream pour jérem\gbox pour jérem\GBOXn\gboxx86.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Sony\Vegas 7.0\vegas70.exe
C:\Program Files\Safari\Safari.exe
C:\dvbdream77\dvbdream.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
Fichier hosts corrompu !
127.0.0.1 legal-at-spybot.info
127.0.0.1 www.legal-at-spybot.info
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jeremy
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jeremy\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Jeremy\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\KASPER~1\\KASPER~1\\mzvkbd.dll,C:\\PROGRA~1\\KASPER~1\\KASPER~1\\adialhk.dll,C:\\PROGRA~1\\KASPER~1\\KASPER~1\\kloehk.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: D-Link Wireless G DWA-110 USB Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
Description: TechniSat DVB-PC TV Star PCI - Miniport d'ordonnancement de paquets
DNS Server Search Order: 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\..\{28AD64BC-BECF-4382-B741-B12827A3EDA9}: DhcpNameServer=0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DAE136DE-CED2-4ACE-B0D4-5F51F37E0F9B}: NameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{28AD64BC-BECF-4382-B741-B12827A3EDA9}: DhcpNameServer=0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DAE136DE-CED2-4ACE-B0D4-5F51F37E0F9B}: NameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{28AD64BC-BECF-4382-B741-B12827A3EDA9}: DhcpNameServer=0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DAE136DE-CED2-4ACE-B0D4-5F51F37E0F9B}: NameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=0.0.0.0
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
re
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Re
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:33:53, on 19.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DynDNS Updater\DynDNS.exe
C:\Documents and Settings\Jeremy\Bureau\gbox et dvbdream pour jérem1\gbox et dvbdream pour jérem\gbox pour jérem\GBOXn\GboxControl.exe
C:\Documents and Settings\Jeremy\Bureau\gbox et dvbdream pour jérem1\gbox et dvbdream pour jérem\gbox pour jérem\GBOXn\gboxx86.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Sony\Vegas 7.0\vegas70.exe
C:\Program Files\Safari\Safari.exe
C:\dvbdream77\dvbdream.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {082EE69E-73FB-41E0-9934-5776DA10D271} - C:\WINDOWS\system32\jkkkkkiG.dll
O2 - BHO: (no name) - {369F6A6D-6B5D-46C0-85DA-C70F8DA1DF64} - C:\WINDOWS\system32\gfbqqxsi.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {57A52E74-004C-464B-96CC-4DFE5366EA02} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8E29682E-97F2-40D1-B4EA-696CCDA4DB5F} - C:\Documents and Settings\Jeremy\Local Settings\Temporary Internet Files\Content.IE5\YQOATCGH\3077ahntdksr[1].dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless G DWA-110] C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [f016e484] rundll32.exe "C:\WINDOWS\system32\dtyrqjku.dll",b
O4 - HKLM\..\Run: [BMf325d718] Rundll32.exe "C:\WINDOWS\system32\wfphhhfj.dll",s
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DynDNS Updater] "C:\Program Files\DynDNS Updater\DynDNS.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab
O16 - DPF: {62BA437C-7712-48C6-9F0B-D251FA43192B} (SayaTV Control) - http://www.sayatv.com/download/SayaTV.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DAE136DE-CED2-4ACE-B0D4-5F51F37E0F9B}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: efcdcbyy - efcdcbyy.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 8846 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:33:53, on 19.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DynDNS Updater\DynDNS.exe
C:\Documents and Settings\Jeremy\Bureau\gbox et dvbdream pour jérem1\gbox et dvbdream pour jérem\gbox pour jérem\GBOXn\GboxControl.exe
C:\Documents and Settings\Jeremy\Bureau\gbox et dvbdream pour jérem1\gbox et dvbdream pour jérem\gbox pour jérem\GBOXn\gboxx86.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Sony\Vegas 7.0\vegas70.exe
C:\Program Files\Safari\Safari.exe
C:\dvbdream77\dvbdream.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {082EE69E-73FB-41E0-9934-5776DA10D271} - C:\WINDOWS\system32\jkkkkkiG.dll
O2 - BHO: (no name) - {369F6A6D-6B5D-46C0-85DA-C70F8DA1DF64} - C:\WINDOWS\system32\gfbqqxsi.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {57A52E74-004C-464B-96CC-4DFE5366EA02} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8E29682E-97F2-40D1-B4EA-696CCDA4DB5F} - C:\Documents and Settings\Jeremy\Local Settings\Temporary Internet Files\Content.IE5\YQOATCGH\3077ahntdksr[1].dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless G DWA-110] C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [f016e484] rundll32.exe "C:\WINDOWS\system32\dtyrqjku.dll",b
O4 - HKLM\..\Run: [BMf325d718] Rundll32.exe "C:\WINDOWS\system32\wfphhhfj.dll",s
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DynDNS Updater] "C:\Program Files\DynDNS Updater\DynDNS.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab
O16 - DPF: {62BA437C-7712-48C6-9F0B-D251FA43192B} (SayaTV Control) - http://www.sayatv.com/download/SayaTV.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DAE136DE-CED2-4ACE-B0D4-5F51F37E0F9B}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: efcdcbyy - efcdcbyy.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 8846 bytes
re
belle infection vundo
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
belle infection vundo
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Voilà le rapport :
Malwarebytes' Anti-Malware 1.17
Version de la base de données: 870
08:19:54 20.06.2008
mbam-log-6-20-2008 (08-19-54).txt
Type de recherche: Examen complet (C:\|D:\|F:\|)
Eléments examinés: 138886
Temps écoulé: 55 minute(s), 22 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 7
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 10
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\jkkkkkiG.dll (Trojan.Vundo) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62738969-738b-4d64-be99-7f6bb9dde343} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{62738969-738b-4d64-be99-7f6bb9dde343} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57a52e74-004c-464b-96cc-4dfe5366ea02} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f016e484 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{57a52e74-004c-464b-96cc-4dfe5366ea02} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMf325d718 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\jkkkkkig -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\jkkkkkig -> Delete on reboot.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\dtyrqjku.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ukjqrytd.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkkkkiG.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\Gikkkkkj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Gikkkkkj.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ywmwrcot.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tocrwmwy.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wfphhhfj.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.17
Version de la base de données: 870
08:19:54 20.06.2008
mbam-log-6-20-2008 (08-19-54).txt
Type de recherche: Examen complet (C:\|D:\|F:\|)
Eléments examinés: 138886
Temps écoulé: 55 minute(s), 22 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 7
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 10
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\jkkkkkiG.dll (Trojan.Vundo) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62738969-738b-4d64-be99-7f6bb9dde343} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{62738969-738b-4d64-be99-7f6bb9dde343} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57a52e74-004c-464b-96cc-4dfe5366ea02} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f016e484 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{57a52e74-004c-464b-96cc-4dfe5366ea02} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMf325d718 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\jkkkkkig -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\jkkkkkig -> Delete on reboot.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\dtyrqjku.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ukjqrytd.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkkkkiG.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\Gikkkkkj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Gikkkkkj.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ywmwrcot.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tocrwmwy.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wfphhhfj.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
bonsoir
Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"
viens sur le forum et édition "coller"
ajoute un nouveau rapport Hijackthis.
Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"
viens sur le forum et édition "coller"
ajoute un nouveau rapport Hijackthis.
Re,
Voilà
ComboFix 08-06-19.4 - Jeremy 2008-06-21 0:06:21.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2636 [GMT 2:00]
Endroit: C:\Documents and Settings\Jeremy\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Jeremy\Local Settings\Application Data\baidu
C:\WINDOWS\BMf325d718.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\gfbqqxsi.dll
C:\WINDOWS\system32\iexp_log.txt
C:\WINDOWS\system32\nuoaqyjd.ini
C:\WINDOWS\system32\otrguynw.ini
C:\WINDOWS\system32\pwbprxun.ini
C:\WINDOWS\system32\tjoukhcb.ini
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-20 to 2008-06-20 ))))))))))))))))))))))))))))))))))))
.
2008-06-20 08:39 . 2008-06-20 08:39 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-06-19 23:41 . 2004-08-19 16:10 160,768 --a--c--- C:\WINDOWS\system32\dllcache\msconfig.exe
2008-06-19 23:12 . 2008-06-19 23:12 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-19 23:12 . 2008-06-19 23:12 <REP> d-------- C:\Documents and Settings\Jeremy\Application Data\Malwarebytes
2008-06-19 23:12 . 2008-06-19 23:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-19 23:12 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-19 23:12 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-19 22:33 . 2008-06-19 22:33 <REP> d-------- C:\Program Files\Trend Micro
2008-06-19 22:20 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-19 22:20 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-19 22:20 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-06-19 22:20 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-19 22:20 . 2008-06-15 15:28 81,920 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-06-19 22:20 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-06-19 22:20 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-19 22:20 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-19 22:20 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-15 22:53 . 2008-06-15 23:01 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-15 22:53 . 2008-06-15 23:01 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-15 22:27 . 2008-06-18 08:46 <REP> d-------- C:\dvbdream77
2008-06-15 19:57 . 2008-06-15 19:57 <REP> d-------- C:\Program Files\VS Revo Group
2008-06-15 17:39 . 2008-06-21 00:11 3,284 --a------ C:\WINDOWS\system32\ANIWZCS{DAE136DE-CED2-4ACE-B0D4-5F51F37E0F9B}
2008-06-15 17:38 . 2005-10-19 18:19 1,327,189 --a------ C:\WINDOWS\system32\odSupp_M.dll
2008-06-15 17:38 . 2007-08-01 12:02 679,936 --a------ C:\WINDOWS\system32\ANIWZCS2.dll
2008-06-15 17:38 . 2007-07-14 17:07 262,144 --a------ C:\WINDOWS\system32\wnicapi.dll
2008-06-15 17:38 . 2007-07-05 09:49 229,376 --a------ C:\WINDOWS\system32\WlanApp.dll
2008-06-15 17:38 . 2007-05-12 13:33 217,088 --a------ C:\WINDOWS\system32\aIPH.dll
2008-06-15 17:38 . 2005-10-27 08:55 49,152 --a------ C:\WINDOWS\system32\JJAKEn.dll
2008-06-15 17:38 . 2005-10-19 18:19 49,152 --a------ C:\WINDOWS\system32\AQCKGen.dll
2008-06-15 17:38 . 2006-09-26 13:49 45,115 --a------ C:\WINDOWS\system32\ANICtl.dll
2008-06-15 17:38 . 2008-06-21 00:11 7 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{DAE136DE-CED2-4ACE-B0D4-5F51F37E0F9B}
2008-06-15 17:37 . 2008-06-15 17:37 <REP> d-------- C:\Program Files\D-Link
2008-06-15 17:37 . 2008-06-15 17:38 <REP> d-------- C:\Program Files\ANI
2008-06-15 17:37 . 2005-12-13 10:38 48,128 --a------ C:\WINDOWS\system32\ANIO64.sys
2008-06-15 17:37 . 2005-10-21 15:56 36,864 --a------ C:\WINDOWS\system32\ANIOApi.dll
2008-06-15 17:37 . 2005-12-11 11:55 28,195 --a------ C:\WINDOWS\system32\ANIO.sys
2008-06-15 17:37 . 2004-10-14 10:29 16,997 --a------ C:\WINDOWS\system32\ANIO.VXD
2008-06-15 17:37 . 2004-10-14 10:29 11,904 --a------ C:\WINDOWS\system32\anio4.sys
2008-06-15 16:58 . 2008-06-17 23:55 <REP> d-------- C:\Program Files\Hitman Pro
2008-06-15 16:02 . 2008-06-15 16:02 <REP> d-------- C:\Documents and Settings\Jeremy\Application Data\ESET
2008-06-15 09:49 . 2008-06-21 00:09 3,383,328 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-15 09:49 . 2008-06-21 00:10 647,200 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-15 09:49 . 2008-06-21 00:09 28,560 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-15 09:49 . 2008-06-21 00:10 4,340 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-15 09:24 . 2007-09-27 09:54 692,224 --a------ C:\WINDOWS\system32\~GLH0006.TMP
2008-06-15 01:56 . 2008-06-15 02:09 <REP> d-------- C:\Program Files\QuickTime
2008-06-15 01:56 . 2008-04-04 14:51 28,416 --a------ C:\WINDOWS\system32\uxt1C.tmp
2008-06-15 01:55 . 2008-06-15 02:30 <REP> d-------- C:\Program Files\Pointdev
2008-06-15 01:30 . 2008-06-15 01:30 <REP> d-------- C:\Program Files\AxBx
2008-06-14 22:22 . 2008-06-14 22:22 <REP> d-------- C:\Documents and Settings\Jeremy\Application Data\Digsby
2008-06-14 22:21 . 2008-06-14 22:22 <REP> d-------- C:\Program Files\Digsby
2008-06-12 18:50 . 2008-06-12 18:50 0 --a------ C:\WINDOWS\graphedit.INI
2008-06-11 21:01 . 2008-06-11 21:02 <REP> d-------- C:\Program Files\SLD Codec Pack
2008-06-11 21:01 . 2008-06-11 21:01 <REP> d-------- C:\Program Files\Combined Community Codec Pack
2008-06-11 20:40 . 2008-06-11 20:40 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-06-11 20:40 . 2004-01-25 18:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-06-11 20:40 . 2007-09-21 02:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-06-11 20:40 . 2008-05-26 21:33 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-06-11 16:29 . 2008-04-14 17:52 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 19:04 . 2008-06-09 19:04 <REP> d-------- C:\WINDOWS\system32\custom matrices
2008-06-09 19:04 . 2008-06-09 19:04 <REP> d-------- C:\Program Files\Fichiers communs\Elecard
2008-06-09 19:04 . 2008-06-09 19:04 <REP> d-------- C:\Program Files\Elecard
2008-06-09 19:02 . 2008-06-09 19:03 <REP> d-------- C:\Program Files\ACE Mega CoDecS Pack
2008-06-09 19:02 . 2001-10-31 10:14 1,650,688 --a------ C:\WINDOWS\system32\mplva6.dll
2008-06-09 19:02 . 2001-10-31 10:14 1,581,056 --a------ C:\WINDOWS\system32\mplvw7.dll
2008-06-09 19:02 . 2001-10-31 10:14 1,552,384 --a------ C:\WINDOWS\system32\mplvm6.dll
2008-06-09 19:02 . 2001-10-31 10:14 1,122,304 --a------ C:\WINDOWS\system32\mplvpx.dll
2008-06-09 19:02 . 2004-05-25 16:06 417,792 --a------ C:\WINDOWS\system32\ac3filter.cpl
2008-06-09 19:02 . 2001-10-31 10:14 77,824 --a------ C:\WINDOWS\system32\mplaw7.dll
2008-06-09 19:02 . 2001-10-31 10:14 77,824 --a------ C:\WINDOWS\system32\mplaa6.dll
2008-06-09 19:02 . 2001-10-31 10:14 65,536 --a------ C:\WINDOWS\system32\mplapx.dll
2008-06-09 19:02 . 2001-10-31 10:14 65,536 --a------ C:\WINDOWS\system32\mplam6.dll
2008-06-09 19:02 . 2001-09-17 12:20 19,968 --a------ C:\WINDOWS\system32\cpuinf32.dll
2008-06-08 19:36 . 2008-06-08 20:11 74 --a------ C:\WINDOWS\graphedt.INI
2008-06-08 19:17 . 2008-06-09 20:51 <REP> d-------- C:\WINDOWS\system32\C2MP
2008-06-08 19:04 . 2008-06-08 19:04 <REP> d--h----- C:\WINDOWS\PIF
2008-06-08 19:04 . 2003-03-25 06:49 135,168 -ra------ C:\WINDOWS\system32\L3CODECX.ACM
2008-06-08 19:04 . 2003-03-25 06:49 121,856 -ra------ C:\WINDOWS\system32\Mp3cnfg.cpl
2008-06-08 19:04 . 1999-09-10 12:06 45,056 --a------ C:\WINDOWS\system32\WNASPI2K.BAK
2008-06-08 19:04 . 1999-09-10 12:06 25,244 --a------ C:\WINDOWS\system32\drivers\ASPI2K.BAK
2008-06-08 19:04 . 2003-03-25 06:49 18,944 -ra------ C:\WINDOWS\system32\Mp3cnfg.exe
2008-06-08 19:04 . 1999-09-10 12:06 5,600 --a------ C:\WINDOWS\system\WINASPI.BAK
2008-06-08 19:04 . 1999-09-10 12:06 4,672 --a------ C:\WINDOWS\system\WOWPOST.BAK
2008-06-08 18:41 . 2008-06-08 18:41 <REP> d-------- C:\Program Files\MPEG2_Decoders
2008-06-01 16:06 . 2008-06-08 18:55 <REP> d-------- C:\Program Files\Octoshape Streaming Services
2008-05-29 21:33 . 2008-06-15 02:11 <REP> d-------- C:\Program Files\Azureus
2008-05-28 16:47 . 2008-05-28 17:30 <REP> d-------- C:\WINDOWS\system32\NtmsData
2008-05-28 16:22 . 2008-05-28 16:22 <REP> d-------- C:\Documents and Settings\Jeremy\Application Data\VoipBuster
2008-05-28 15:47 . 2008-05-28 15:47 <REP> d-------- C:\Documents and Settings\Jeremy\iWizz
2008-05-28 15:45 . 2008-05-28 15:48 <REP> d-------- C:\Documents and Settings\Jeremy\.bitrock
2008-05-27 21:44 . 2008-06-20 20:35 156 --a------ C:\WINDOWS\Twunk001.MTX
2008-05-27 21:44 . 2008-06-20 20:35 4 --a------ C:\WINDOWS\Twain001.Mtx
2008-05-27 21:44 . 2008-05-27 21:44 0 --a------ C:\WINDOWS\Twunk002.MTX
2008-05-27 19:04 . 2008-05-27 19:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-27 09:17 . 2008-05-27 09:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-05-21 18:33 . 2008-05-21 18:34 <REP> d-------- C:\Documents and Settings\Jeremy\.homeplayer
2008-05-20 07:03 . 2008-05-20 07:03 268 --ah----- C:\sqmdata09.sqm
2008-05-20 07:03 . 2008-05-20 07:03 244 --ah----- C:\sqmnoopt09.sqm
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-20 22:11 --------- d-----w C:\Program Files\Steam
2008-06-20 22:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-20 22:04 --------- d-----w C:\Program Files\DynDNS Updater
2008-06-18 06:37 --------- d-----w C:\Program Files\MSN Messenger
2008-06-18 06:37 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-18 06:32 --------- d-----w C:\Program Files\Windows Live
2008-06-17 22:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-17 22:00 --------- d-----w C:\Program Files\Opera
2008-06-15 20:52 --------- d-----w C:\Program Files\Kaspersky Lab
2008-06-15 20:25 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-15 19:46 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-06-15 16:34 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-06-15 16:34 15,648 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2008-06-15 16:34 12,960 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2008-06-15 15:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-15 15:10 --------- d-----w C:\Program Files\ESET
2008-06-15 15:07 --------- d-----w C:\Program Files\Lavasoft
2008-06-15 15:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-15 14:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-06-15 07:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-15 07:31 --------- d-----w C:\Documents and Settings\Jeremy\Application Data\MAGIX
2008-06-15 07:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\MAGIX
2008-06-15 07:26 --------- d-----w C:\Program Files\MAGIX
2008-06-15 00:11 --------- d-----w C:\Documents and Settings\Jeremy\Application Data\Azureus
2008-06-10 17:31 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-06-09 18:57 --------- d-----w C:\Documents and Settings\Jeremy\Application Data\DivX
2008-06-08 23:46 --------- d-----w C:\Program Files\EsetOnlineScanner
2008-06-01 14:05 --------- d-----w C:\Program Files\Java
2008-05-28 09:53 --------- d-----w C:\Program Files\eMule
2008-05-27 07:19 --------- d-----w C:\Documents and Settings\Jeremy\Application Data\uTorrent
2008-05-24 12:36 --------- d-----w C:\Documents and Settings\Jeremy\Application Data\teamspeak2
2008-05-19 15:08 --------- d-----w C:\Program Files\Winamp
2008-05-19 15:07 --------- d-----w C:\Program Files\MacBoX_v.2
2008-05-19 15:05 --------- d-----w C:\Program Files\DVBViewerTE
2008-05-17 17:15 --------- d-----w C:\Program Files\Fichiers communs\Xstream
2008-05-15 00:22 --------- d-----w C:\Program Files\uTorrent
2008-05-12 00:55 --------- d-----w C:\Program Files\Safari
2008-05-12 00:55 --------- d-----w C:\Documents and Settings\Jeremy\Application Data\Apple Computer
2008-05-09 17:18 --------- d-----w C:\Program Files\SopCast
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-03 23:42 --------- d-----w C:\Program Files\ProgDVB
2008-04-30 17:53 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-04-30 17:53 290,816 ------w C:\WINDOWS\Setup1.exe
2008-04-30 14:50 --------- d-----w C:\Documents and Settings\Jeremy\Application Data\TeamViewer Manager
2008-04-30 13:38 --------- d-----w C:\Documents and Settings\Jeremy\Application Data\Kana Solution
2008-04-30 12:04 --------- d-----w C:\Program Files\TechniSat DVB
2008-04-30 12:04 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
2008-04-29 18:46 9,685 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-04-28 13:53 --------- d-----w C:\Program Files\Sunbelt Software
2008-04-28 13:18 --------- d-----w C:\Program Files\Veoh Networks
2008-04-28 13:05 --------- d-----w C:\Program Files\Maxthon2
2008-04-28 13:04 --------- d-----w C:\Program Files\Avira
2008-04-28 13:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-04-28 13:03 --------- d-----w C:\Program Files\Morgan
2008-04-27 22:15 --------- d-----w C:\Program Files\Fichiers communs\Macromedia
2008-04-27 22:14 --------- d-----w C:\Program Files\Macromedia
2008-04-27 12:28 --------- d-----w C:\Program Files\FlashGet
2008-04-25 16:21 26,964 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2008-04-21 20:25 --------- d-----w C:\Program Files\Fichiers communs\NSV
2008-04-21 14:53 --------- d-----w C:\Program Files\DMV
2008-04-21 00:12 --------- d-----w C:\Program Files\i-Media
2008-04-21 00:12 --------- d-----w C:\Program Files\Goto
2008-02-13 07:47 281 ----a-w C:\Program Files\Raccourci vers Disque local (C).lnk
2007-11-22 19:07 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
2007-11-22 19:07 3,928,264 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
.
------- Sigcheck -------
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2001-08-28 14:00 327168 e7774698bb0d14b0710a9a31e209f9b6 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS
2008-05-01 00:31 360064 01307b76a916a8f6d1f1452744ba7ad6 C:\WINDOWS\system32\backup\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 19:20 360064 34a663e7f74ae8b2c992c2513343477e C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7905B418-9FFE-46AC-A324-7275463E56C1}]
C:\Documents and Settings\Jeremy\Local Settings\Temporary Internet Files\Content.IE5\YQOATCGH\3077ahntdksr[1].dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2008-04-03 14:12 1271032]
"DynDNS Updater"="C:\Program Files\DynDNS Updater\DynDNS.exe" [2006-09-17 10:32 1352704]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-06-18 08:44 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 11:33 16132608 C:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 18:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 18:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 18:14 81920]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 11:49 49152]
"D-Link D-Link Wireless G DWA-110"="C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe" [2007-08-02 13:35 1667072]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcdcbyy]
efcdcbyy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-15 19:46 87352 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"vidc.yv12"= yv12vfw.dll
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm
"msacm.l3acm"= l3codecp.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Firefox Preloader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Firefox Preloader.lnk
backup=C:\WINDOWS\pss\Firefox Preloader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Server4PC.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Server4PC.lnk
backup=C:\WINDOWS\pss\Server4PC.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WiFi Station.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WiFi Station.lnk
backup=C:\WINDOWS\pss\WiFi Station.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Jeremy^Menu Démarrer^Programmes^Démarrage^Banshee Screamer Alarm.lnk]
path=C:\Documents and Settings\Jeremy\Menu Démarrer\Programmes\Démarrage\Banshee Screamer Alarm.lnk
backup=C:\WINDOWS\pss\Banshee Screamer Alarm.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Jeremy^Menu Démarrer^Programmes^Démarrage^MaxTV Radio.lnk]
path=C:\Documents and Settings\Jeremy\Menu Démarrer\Programmes\Démarrage\MaxTV Radio.lnk
backup=C:\WINDOWS\pss\MaxTV Radio.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Jeremy^Menu Démarrer^Programmes^Démarrage^MaxTV.lnk]
path=C:\Documents and Settings\Jeremy\Menu Démarrer\Programmes\Démarrage\MaxTV.lnk
backup=C:\WINDOWS\pss\MaxTV.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Jeremy^Menu Démarrer^Programmes^Démarrage^Sonic CinePlayer Quick Launch.lnk]
path=C:\Documents and Settings\Jeremy\Menu Démarrer\Programmes\Démarrage\Sonic CinePlayer Quick Launch.lnk
backup=C:\WINDOWS\pss\Sonic CinePlayer Quick Launch.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Jeremy^Menu Démarrer^Programmes^Démarrage^TribalWeb.lnk]
path=C:\Documents and Settings\Jeremy\Menu Démarrer\Programmes\Démarrage\TribalWeb.lnk
backup=C:\WINDOWS\pss\TribalWeb.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Jeremy^Menu Démarrer^Programmes^Démarrage^Xfire.lnk]
path=C:\Documents and Settings\Jeremy\Menu Démarrer\Programmes\Démarrage\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup
C:\Program Files\ECBarre\EC-Barre.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-02-28 23:06 2321600 C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2007-12-22 09:20 222080 C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-09-20 15:35 202024 C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
--a------ 2007-09-10 16:03 701680 C:\Program Files\CCleaner\ccleaner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvIcon]
C:\Program Files\Vista Drive Icon\DrvIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fdvnghfwog]
c:\documents and settings\jeremy\local settings\application data\fdvnghfwog.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
C:\Program Files\FlashGet\FlashGet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
C:\Program Files\Free Download Manager\fdm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Upload Manager]
C:\Program Files\Free Download Manager\fum\fum.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Uploader Oe Integration]
C:\Program Files\Free Download Manager\FUM\fumoei.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
C:\Program Files\Internet Download Manager\IDMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07FXLRD_2049296]
C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07FXLRD_40389187]
C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07FXLRD_4747437]
C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07FXLRD_62937]
C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 15:44 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 16:24 458752 C:\Program Files\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 16:14 217088 C:\Program Files\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Matchlock Scheduling]
--------- 2005-06-09 16:49 45056 C:\Program Files\Ulead Systems\Ulead InstaMedia 2.1\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2008-06-18 08:44 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 09:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ppmate]
C:\Program Files\PPMate\PPMate\ppmate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-06-15 01:56 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RayV]
C:\Program Files\RayV\RayV\RayV.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Simp]
C:\Program Files\Secway\SimpLite-MSN 2.2\SimpLite-MSN.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a------ 2007-08-31 17:46 1460560 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer]
C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Remote Control Center]
--------- 2005-05-28 18:54 49152 C:\Program Files\Ulead Systems\Ulead InstaMedia 2.1\RMC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=C:\Documents and Settings\Jeremy\Bureau\GBOXn\GboxControl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"Detect"=C:\Program Files\iNTERNET Turbo\iDetect.exe /auto
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2002-07-19 08:10]
R1 cpuidlep;CpuIdle Pro System Driver;C:\WINDOWS\system32\drivers\cpuidlep.sys [2007-12-13 17:29]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 16:09]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [2006-03-14 03:22]
S2 ioperm;ioperm support for Cygwin driver;C:\Documents and Settings\Jeremy\Bureau\gbox et dvbdream pour jérem1\gbox et dvbdream pour jérem\gbox pour jérem\GBOXn\ioperm.sys []
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 Cinergy_HT_PCI_MKII;Cinergy HT PCI (MKII) service;C:\WINDOWS\system32\DRIVERS\Cinergy_HT_PCI_MKII.sys [2007-05-11 16:17]
S3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\system32\drivers\HCWBT8XX.sys [2004-10-08 21:04]
S3 hitmanpro2;Hitman Pro 2 Driver;C:\Program Files\Hitman Pro\hitmanpro2.sys [2006-11-03 13:02]
S3 PEEK5;PEEK5 Protocol Driver;C:\DOCUME~1\Jeremy\LOCALS~1\Temp\Rar$EX87.032\WINAIR~1\PEEK5.SYS []
S3 PTV337;Mini DigitalTV USB;C:\WINDOWS\system32\DRIVERS\PTV337.SYS [2005-10-24 13:28]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys []
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S4 SandBox;Outpost Firewall Sandbox Driver;C:\Program Files\Agnitum\Outpost Firewall\kernel\Sandbox.SYS []
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-20 22:10:46 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-21 00:11:27
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-21 0:18:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-20 22:18:10
Pre-Run: 27,365,703,680 octets libres
Post-Run: 27,437,359,104 octets libres
406 --- E O F --- 2008-06-20 22:17:20
Voilà
ComboFix 08-06-19.4 - Jeremy 2008-06-21 0:06:21.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2636 [GMT 2:00]
Endroit: C:\Documents and Settings\Jeremy\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Jeremy\Local Settings\Application Data\baidu
C:\WINDOWS\BMf325d718.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\gfbqqxsi.dll
C:\WINDOWS\system32\iexp_log.txt
C:\WINDOWS\system32\nuoaqyjd.ini
C:\WINDOWS\system32\otrguynw.ini
C:\WINDOWS\system32\pwbprxun.ini
C:\WINDOWS\system32\tjoukhcb.ini
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-20 to 2008-06-20 ))))))))))))))))))))))))))))))))))))
.
2008-06-20 08:39 . 2008-06-20 08:39 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-06-19 23:41 . 2004-08-19 16:10 160,768 --a--c--- C:\WINDOWS\system32\dllcache\msconfig.exe
2008-06-19 23:12 . 2008-06-19 23:12 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-19 23:12 . 2008-06-19 23:12 <REP> d-------- C:\Documents and Settings\Jeremy\Application Data\Malwarebytes
2008-06-19 23:12 . 2008-06-19 23:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-19 23:12 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-19 23:12 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-19 22:33 . 2008-06-19 22:33 <REP> d-------- C:\Program Files\Trend Micro
2008-06-19 22:20 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-19 22:20 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-19 22:20 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-06-19 22:20 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-19 22:20 . 2008-06-15 15:28 81,920 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-06-19 22:20 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-06-19 22:20 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-19 22:20 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-19 22:20 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-15 22:53 . 2008-06-15 23:01 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-15 22:53 . 2008-06-15 23:01 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-15 22:27 . 2008-06-18 08:46 <REP> d-------- C:\dvbdream77
2008-06-15 19:57 . 2008-06-15 19:57 <REP> d-------- C:\Program Files\VS Revo Group
2008-06-15 17:39 . 2008-06-21 00:11 3,284 --a------ C:\WINDOWS\system32\ANIWZCS{DAE136DE-CED2-4ACE-B0D4-5F51F37E0F9B}
2008-06-15 17:38 . 2005-10-19 18:19 1,327,189 --a------ C:\WINDOWS\system32\odSupp_M.dll
2008-06-15 17:38 . 2007-08-01 12:02 679,936 --a------ C:\WINDOWS\system32\ANIWZCS2.dll
2008-06-15 17:38 . 2007-07-14 17:07 262,144 --a------ C:\WINDOWS\system32\wnicapi.dll
2008-06-15 17:38 . 2007-07-05 09:49 229,376 --a------ C:\WINDOWS\system32\WlanApp.dll
2008-06-15 17:38 . 2007-05-12 13:33 217,088 --a------ C:\WINDOWS\system32\aIPH.dll
2008-06-15 17:38 . 2005-10-27 08:55 49,152 --a------ C:\WINDOWS\system32\JJAKEn.dll
2008-06-15 17:38 . 2005-10-19 18:19 49,152 --a------ C:\WINDOWS\system32\AQCKGen.dll
2008-06-15 17:38 . 2006-09-26 13:49 45,115 --a------ C:\WINDOWS\system32\ANICtl.dll
2008-06-15 17:38 . 2008-06-21 00:11 7 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{DAE136DE-CED2-4ACE-B0D4-5F51F37E0F9B}
2008-06-15 17:37 . 2008-06-15 17:37 <REP> d-------- C:\Program Files\D-Link
2008-06-15 17:37 . 2008-06-15 17:38 <REP> d-------- C:\Program Files\ANI
2008-06-15 17:37 . 2005-12-13 10:38 48,128 --a------ C:\WINDOWS\system32\ANIO64.sys
2008-06-15 17:37 . 2005-10-21 15:56 36,864 --a------ C:\WINDOWS\system32\ANIOApi.dll
2008-06-15 17:37 . 2005-12-11 11:55 28,195 --a------ C:\WINDOWS\system32\ANIO.sys
2008-06-15 17:37 . 2004-10-14 10:29 16,997 --a------ C:\WINDOWS\system32\ANIO.VXD
2008-06-15 17:37 . 2004-10-14 10:29 11,904 --a------ C:\WINDOWS\system32\anio4.sys
2008-06-15 16:58 . 2008-06-17 23:55 <REP> d-------- C:\Program Files\Hitman Pro
2008-06-15 16:02 . 2008-06-15 16:02 <REP> d-------- C:\Documents and Settings\Jeremy\Application Data\ESET
2008-06-15 09:49 . 2008-06-21 00:09 3,383,328 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-15 09:49 . 2008-06-21 00:10 647,200 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-15 09:49 . 2008-06-21 00:09 28,560 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-15 09:49 . 2008-06-21 00:10 4,340 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-15 09:24 . 2007-09-27 09:54 692,224 --a------ C:\WINDOWS\system32\~GLH0006.TMP
2008-06-15 01:56 . 2008-06-15 02:09 <REP> d-------- C:\Program Files\QuickTime
2008-06-15 01:56 . 2008-04-04 14:51 28,416 --a------ C:\WINDOWS\system32\uxt1C.tmp
2008-06-15 01:55 . 2008-06-15 02:30 <REP> d-------- C:\Program Files\Pointdev
2008-06-15 01:30 . 2008-06-15 01:30 <REP> d-------- C:\Program Files\AxBx
2008-06-14 22:22 . 2008-06-14 22:22 <REP> d-------- C:\Documents and Settings\Jeremy\Application Data\Digsby
2008-06-14 22:21 . 2008-06-14 22:22 <REP> d-------- C:\Program Files\Digsby
2008-06-12 18:50 . 2008-06-12 18:50 0 --a------ C:\WINDOWS\graphedit.INI
2008-06-11 21:01 . 2008-06-11 21:02 <REP> d-------- C:\Program Files\SLD Codec Pack
2008-06-11 21:01 . 2008-06-11 21:01 <REP> d-------- C:\Program Files\Combined Community Codec Pack
2008-06-11 20:40 . 2008-06-11 20:40 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-06-11 20:40 . 2004-01-25 18:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-06-11 20:40 . 2007-09-21 02:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-06-11 20:40 . 2008-05-26 21:33 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-06-11 16:29 . 2008-04-14 17:52 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 19:04 . 2008-06-09 19:04 <REP> d-------- C:\WINDOWS\system32\custom matrices
2008-06-09 19:04 . 2008-06-09 19:04 <REP> d-------- C:\Program Files\Fichiers communs\Elecard
2008-06-09 19:04 . 2008-06-09 19:04 <REP> d-------- C:\Program Files\Elecard
2008-06-09 19:02 . 2008-06-09 19:03 <REP> d-------- C:\Program Files\ACE Mega CoDecS Pack
2008-06-09 19:02 . 2001-10-31 10:14 1,650,688 --a------ C:\WINDOWS\system32\mplva6.dll
2008-06-09 19:02 . 2001-10-31 10:14 1,581,056 --a------ C:\WINDOWS\system32\mplvw7.dll
2008-06-09 19:02 . 2001-10-31 10:14 1,552,384 --a------ C:\WINDOWS\system32\mplvm6.dll
2008-06-09 19:02 . 2001-10-31 10:14 1,122,304 --a------ C:\WINDOWS\system32\mplvpx.dll
2008-06-09 19:02 . 2004-05-25 16:06 417,792 --a------ C:\WINDOWS\system32\ac3filter.cpl
2008-06-09 19:02 . 2001-10-31 10:14 77,824 --a------ C:\WINDOWS\system32\mplaw7.dll
2008-06-09 19:02 . 2001-10-31 10:14 77,824 --a------ C:\WINDOWS\system32\mplaa6.dll
2008-06-09 19:02 . 2001-10-31 10:14 65,536 --a------ C:\WINDOWS\system32\mplapx.dll
2008-06-09 19:02 . 2001-10-31 10:14 65,536 --a------ C:\WINDOWS\system32\mplam6.dll
2008-06-09 19:02 . 2001-09-17 12:20 19,968 --a------ C:\WINDOWS\system32\cpuinf32.dll
2008-06-08 19:36 . 2008-06-08 20:11 74 --a------ C:\WINDOWS\graphedt.INI
2008-06-08 19:17 . 2008-06-09 20:51 <REP> d-------- C:\WINDOWS\system32\C2MP
2008-06-08 19:04 . 2008-06-08 19:04 <REP> d--h----- C:\WINDOWS\PIF
2008-06-08 19:04 . 2003-03-25 06:49 135,168 -ra------ C:\WINDOWS\system32\L3CODECX.ACM
2008-06-08 19:04 . 2003-03-25 06:49 121,856 -ra------ C:\WINDOWS\system32\Mp3cnfg.cpl
2008-06-08 19:04 . 1999-09-10 12:06 45,056 --a------ C:\WINDOWS\system32\WNASPI2K.BAK
2008-06-08 19:04 . 1999-09-10 12:06 25,244 --a------ C:\WINDOWS\system32\drivers\ASPI2K.BAK
2008-06-08 19:04 . 2003-03-25 06:49 18,944 -ra------ C:\WINDOWS\system32\Mp3cnfg.exe
2008-06-08 19:04 . 1999-09-10 12:06 5,600 --a------ C:\WINDOWS\system\WINASPI.BAK
2008-06-08 19:04 . 1999-09-10 12:06 4,672 --a------ C:\WINDOWS\system\WOWPOST.BAK
2008-06-08 18:41 . 2008-06-08 18:41 <REP> d-------- C:\Program Files\MPEG2_Decoders
2008-06-01 16:06 . 2008-06-08 18:55 <REP> d-------- C:\Program Files\Octoshape Streaming Services
2008-05-29 21:33 . 2008-06-15 02:11 <REP> d-------- C:\Program Files\Azureus
2008-05-28 16:47 . 2008-05-28 17:30 <REP> d-------- C:\WINDOWS\system32\NtmsData
2008-05-28 16:22 . 2008-05-28 16:22 <REP> d-------- C:\Documents and Settings\Jeremy\Application Data\VoipBuster
2008-05-28 15:47 . 2008-05-28 15:47 <REP> d-------- C:\Documents and Settings\Jeremy\iWizz
2008-05-28 15:45 . 2008-05-28 15:48 <REP> d-------- C:\Documents and Settings\Jeremy\.bitrock
2008-05-27 21:44 . 2008-06-20 20:35 156 --a------ C:\WINDOWS\Twunk001.MTX
2008-05-27 21:44 . 2008-06-20 20:35 4 --a------ C:\WINDOWS\Twain001.Mtx
2008-05-27 21:44 . 2008-05-27 21:44 0 --a------ C:\WINDOWS\Twunk002.MTX
2008-05-27 19:04 . 2008-05-27 19:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-27 09:17 . 2008-05-27 09:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-05-21 18:33 . 2008-05-21 18:34 <REP> d-------- C:\Documents and Settings\Jeremy\.homeplayer
2008-05-20 07:03 . 2008-05-20 07:03 268 --ah----- C:\sqmdata09.sqm
2008-05-20 07:03 . 2008-05-20 07:03 244 --ah----- C:\sqmnoopt09.sqm
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-20 22:11 --------- d-----w C:\Program Files\Steam
2008-06-20 22:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-20 22:04 --------- d-----w C:\Program Files\DynDNS Updater
2008-06-18 06:37 --------- d-----w C:\Program Files\MSN Messenger
2008-06-18 06:37 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-18 06:32 --------- d-----w C:\Program Files\Windows Live
2008-06-17 22:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-17 22:00 --------- d-----w C:\Program Files\Opera
2008-06-15 20:52 --------- d-----w C:\Program Files\Kaspersky Lab
2008-06-15 20:25 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-15 19:46 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-06-15 16:34 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-06-15 16:34 15,648 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2008-06-15 16:34 12,960 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2008-06-15 15:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-15 15:10 --------- d-----w C:\Program Files\ESET
2008-06-15 15:07 --------- d-----w C:\Program Files\Lavasoft
2008-06-15 15:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-15 14:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-06-15 07:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-15 07:31 --------- d-----w C:\Documents and Settings\Jeremy\Application Data\MAGIX
2008-06-15 07:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\MAGIX
2008-06-15 07:26 --------- d-----w C:\Program Files\MAGIX
2008-06-15 00:11 --------- d-----w C:\Documents and Settings\Jeremy\Application Data\Azureus
2008-06-10 17:31 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-06-09 18:57 --------- d-----w C:\Documents and Settings\Jeremy\Application Data\DivX
2008-06-08 23:46 --------- d-----w C:\Program Files\EsetOnlineScanner
2008-06-01 14:05 --------- d-----w C:\Program Files\Java
2008-05-28 09:53 --------- d-----w C:\Program Files\eMule
2008-05-27 07:19 --------- d-----w C:\Documents and Settings\Jeremy\Application Data\uTorrent
2008-05-24 12:36 --------- d-----w C:\Documents and Settings\Jeremy\Application Data\teamspeak2
2008-05-19 15:08 --------- d-----w C:\Program Files\Winamp
2008-05-19 15:07 --------- d-----w C:\Program Files\MacBoX_v.2
2008-05-19 15:05 --------- d-----w C:\Program Files\DVBViewerTE
2008-05-17 17:15 --------- d-----w C:\Program Files\Fichiers communs\Xstream
2008-05-15 00:22 --------- d-----w C:\Program Files\uTorrent
2008-05-12 00:55 --------- d-----w C:\Program Files\Safari
2008-05-12 00:55 --------- d-----w C:\Documents and Settings\Jeremy\Application Data\Apple Computer
2008-05-09 17:18 --------- d-----w C:\Program Files\SopCast
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-03 23:42 --------- d-----w C:\Program Files\ProgDVB
2008-04-30 17:53 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-04-30 17:53 290,816 ------w C:\WINDOWS\Setup1.exe
2008-04-30 14:50 --------- d-----w C:\Documents and Settings\Jeremy\Application Data\TeamViewer Manager
2008-04-30 13:38 --------- d-----w C:\Documents and Settings\Jeremy\Application Data\Kana Solution
2008-04-30 12:04 --------- d-----w C:\Program Files\TechniSat DVB
2008-04-30 12:04 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
2008-04-29 18:46 9,685 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-04-28 13:53 --------- d-----w C:\Program Files\Sunbelt Software
2008-04-28 13:18 --------- d-----w C:\Program Files\Veoh Networks
2008-04-28 13:05 --------- d-----w C:\Program Files\Maxthon2
2008-04-28 13:04 --------- d-----w C:\Program Files\Avira
2008-04-28 13:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-04-28 13:03 --------- d-----w C:\Program Files\Morgan
2008-04-27 22:15 --------- d-----w C:\Program Files\Fichiers communs\Macromedia
2008-04-27 22:14 --------- d-----w C:\Program Files\Macromedia
2008-04-27 12:28 --------- d-----w C:\Program Files\FlashGet
2008-04-25 16:21 26,964 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2008-04-21 20:25 --------- d-----w C:\Program Files\Fichiers communs\NSV
2008-04-21 14:53 --------- d-----w C:\Program Files\DMV
2008-04-21 00:12 --------- d-----w C:\Program Files\i-Media
2008-04-21 00:12 --------- d-----w C:\Program Files\Goto
2008-02-13 07:47 281 ----a-w C:\Program Files\Raccourci vers Disque local (C).lnk
2007-11-22 19:07 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
2007-11-22 19:07 3,928,264 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
.
------- Sigcheck -------
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2001-08-28 14:00 327168 e7774698bb0d14b0710a9a31e209f9b6 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS
2008-05-01 00:31 360064 01307b76a916a8f6d1f1452744ba7ad6 C:\WINDOWS\system32\backup\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 19:20 360064 34a663e7f74ae8b2c992c2513343477e C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7905B418-9FFE-46AC-A324-7275463E56C1}]
C:\Documents and Settings\Jeremy\Local Settings\Temporary Internet Files\Content.IE5\YQOATCGH\3077ahntdksr[1].dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2008-04-03 14:12 1271032]
"DynDNS Updater"="C:\Program Files\DynDNS Updater\DynDNS.exe" [2006-09-17 10:32 1352704]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-06-18 08:44 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 11:33 16132608 C:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 18:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 18:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 18:14 81920]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 11:49 49152]
"D-Link D-Link Wireless G DWA-110"="C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe" [2007-08-02 13:35 1667072]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcdcbyy]
efcdcbyy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-15 19:46 87352 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"vidc.yv12"= yv12vfw.dll
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm
"msacm.l3acm"= l3codecp.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Firefox Preloader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Firefox Preloader.lnk
backup=C:\WINDOWS\pss\Firefox Preloader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Server4PC.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Server4PC.lnk
backup=C:\WINDOWS\pss\Server4PC.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WiFi Station.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WiFi Station.lnk
backup=C:\WINDOWS\pss\WiFi Station.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Jeremy^Menu Démarrer^Programmes^Démarrage^Banshee Screamer Alarm.lnk]
path=C:\Documents and Settings\Jeremy\Menu Démarrer\Programmes\Démarrage\Banshee Screamer Alarm.lnk
backup=C:\WINDOWS\pss\Banshee Screamer Alarm.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Jeremy^Menu Démarrer^Programmes^Démarrage^MaxTV Radio.lnk]
path=C:\Documents and Settings\Jeremy\Menu Démarrer\Programmes\Démarrage\MaxTV Radio.lnk
backup=C:\WINDOWS\pss\MaxTV Radio.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Jeremy^Menu Démarrer^Programmes^Démarrage^MaxTV.lnk]
path=C:\Documents and Settings\Jeremy\Menu Démarrer\Programmes\Démarrage\MaxTV.lnk
backup=C:\WINDOWS\pss\MaxTV.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Jeremy^Menu Démarrer^Programmes^Démarrage^Sonic CinePlayer Quick Launch.lnk]
path=C:\Documents and Settings\Jeremy\Menu Démarrer\Programmes\Démarrage\Sonic CinePlayer Quick Launch.lnk
backup=C:\WINDOWS\pss\Sonic CinePlayer Quick Launch.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Jeremy^Menu Démarrer^Programmes^Démarrage^TribalWeb.lnk]
path=C:\Documents and Settings\Jeremy\Menu Démarrer\Programmes\Démarrage\TribalWeb.lnk
backup=C:\WINDOWS\pss\TribalWeb.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Jeremy^Menu Démarrer^Programmes^Démarrage^Xfire.lnk]
path=C:\Documents and Settings\Jeremy\Menu Démarrer\Programmes\Démarrage\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup
C:\Program Files\ECBarre\EC-Barre.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-02-28 23:06 2321600 C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2007-12-22 09:20 222080 C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-09-20 15:35 202024 C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
--a------ 2007-09-10 16:03 701680 C:\Program Files\CCleaner\ccleaner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvIcon]
C:\Program Files\Vista Drive Icon\DrvIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fdvnghfwog]
c:\documents and settings\jeremy\local settings\application data\fdvnghfwog.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
C:\Program Files\FlashGet\FlashGet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
C:\Program Files\Free Download Manager\fdm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Upload Manager]
C:\Program Files\Free Download Manager\fum\fum.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Uploader Oe Integration]
C:\Program Files\Free Download Manager\FUM\fumoei.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
C:\Program Files\Internet Download Manager\IDMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07FXLRD_2049296]
C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07FXLRD_40389187]
C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07FXLRD_4747437]
C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07FXLRD_62937]
C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 15:44 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 16:24 458752 C:\Program Files\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 16:14 217088 C:\Program Files\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Matchlock Scheduling]
--------- 2005-06-09 16:49 45056 C:\Program Files\Ulead Systems\Ulead InstaMedia 2.1\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2008-06-18 08:44 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 09:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ppmate]
C:\Program Files\PPMate\PPMate\ppmate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-06-15 01:56 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RayV]
C:\Program Files\RayV\RayV\RayV.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Simp]
C:\Program Files\Secway\SimpLite-MSN 2.2\SimpLite-MSN.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a------ 2007-08-31 17:46 1460560 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer]
C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Remote Control Center]
--------- 2005-05-28 18:54 49152 C:\Program Files\Ulead Systems\Ulead InstaMedia 2.1\RMC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=C:\Documents and Settings\Jeremy\Bureau\GBOXn\GboxControl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"Detect"=C:\Program Files\iNTERNET Turbo\iDetect.exe /auto
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2002-07-19 08:10]
R1 cpuidlep;CpuIdle Pro System Driver;C:\WINDOWS\system32\drivers\cpuidlep.sys [2007-12-13 17:29]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 16:09]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [2006-03-14 03:22]
S2 ioperm;ioperm support for Cygwin driver;C:\Documents and Settings\Jeremy\Bureau\gbox et dvbdream pour jérem1\gbox et dvbdream pour jérem\gbox pour jérem\GBOXn\ioperm.sys []
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 Cinergy_HT_PCI_MKII;Cinergy HT PCI (MKII) service;C:\WINDOWS\system32\DRIVERS\Cinergy_HT_PCI_MKII.sys [2007-05-11 16:17]
S3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\system32\drivers\HCWBT8XX.sys [2004-10-08 21:04]
S3 hitmanpro2;Hitman Pro 2 Driver;C:\Program Files\Hitman Pro\hitmanpro2.sys [2006-11-03 13:02]
S3 PEEK5;PEEK5 Protocol Driver;C:\DOCUME~1\Jeremy\LOCALS~1\Temp\Rar$EX87.032\WINAIR~1\PEEK5.SYS []
S3 PTV337;Mini DigitalTV USB;C:\WINDOWS\system32\DRIVERS\PTV337.SYS [2005-10-24 13:28]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys []
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S4 SandBox;Outpost Firewall Sandbox Driver;C:\Program Files\Agnitum\Outpost Firewall\kernel\Sandbox.SYS []
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-20 22:10:46 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-21 00:11:27
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-21 0:18:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-20 22:18:10
Pre-Run: 27,365,703,680 octets libres
Post-Run: 27,437,359,104 octets libres
406 --- E O F --- 2008-06-20 22:17:20
Re,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:28:26, on 22.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
C:\program files\steam\steam.exe
C:\Program Files\DynDNS Updater\DynDNS.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jeremy\Bureau\gbox et dvbdream pour jérem1\gbox et dvbdream pour jérem\gbox pour jérem\GBOXn\GboxControl.exe
C:\Documents and Settings\Jeremy\Bureau\gbox et dvbdream pour jérem1\gbox et dvbdream pour jérem\gbox pour jérem\GBOXn\gboxx86.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe
C:\dvbdream77\dvbdream.exe
C:\Program Files\FileZilla\FileZilla.exe
C:\Program Files\SopCast\SopCast.exe
C:\Program Files\SopCast\adv\SopAdver.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7905B418-9FFE-46AC-A324-7275463E56C1} - C:\Documents and Settings\Jeremy\Local Settings\Temporary Internet Files\Content.IE5\YQOATCGH\3077ahntdksr[1].dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless G DWA-110] C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DynDNS Updater] "C:\Program Files\DynDNS Updater\DynDNS.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} - http://download.ppstream.com/bin/powerplayer.cab
O16 - DPF: {62BA437C-7712-48C6-9F0B-D251FA43192B} (SayaTV Control) - http://www.sayatv.com/download/SayaTV.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DAE136DE-CED2-4ACE-B0D4-5F51F37E0F9B}: NameServer = 192.168.1.1
O20 - Winlogon Notify: efcdcbyy - efcdcbyy.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 8519 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:28:26, on 22.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
C:\program files\steam\steam.exe
C:\Program Files\DynDNS Updater\DynDNS.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jeremy\Bureau\gbox et dvbdream pour jérem1\gbox et dvbdream pour jérem\gbox pour jérem\GBOXn\GboxControl.exe
C:\Documents and Settings\Jeremy\Bureau\gbox et dvbdream pour jérem1\gbox et dvbdream pour jérem\gbox pour jérem\GBOXn\gboxx86.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe
C:\dvbdream77\dvbdream.exe
C:\Program Files\FileZilla\FileZilla.exe
C:\Program Files\SopCast\SopCast.exe
C:\Program Files\SopCast\adv\SopAdver.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7905B418-9FFE-46AC-A324-7275463E56C1} - C:\Documents and Settings\Jeremy\Local Settings\Temporary Internet Files\Content.IE5\YQOATCGH\3077ahntdksr[1].dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless G DWA-110] C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DynDNS Updater] "C:\Program Files\DynDNS Updater\DynDNS.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} - http://download.ppstream.com/bin/powerplayer.cab
O16 - DPF: {62BA437C-7712-48C6-9F0B-D251FA43192B} (SayaTV Control) - http://www.sayatv.com/download/SayaTV.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DAE136DE-CED2-4ACE-B0D4-5F51F37E0F9B}: NameServer = 192.168.1.1
O20 - Winlogon Notify: efcdcbyy - efcdcbyy.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 8519 bytes
re
désinstalle Ad-Aware
Conséquences de la multi-protection
~Lance Hijackthis “Do a system scan only”.
Coche les lignes qui suivent si encore présentes et uniquement celles-là.
O2 - BHO: (no name) - {7905B418-9FFE-46AC-A324-7275463E56C1} - C:\Documents and Settings\Jeremy\Local Settings\Temporary Internet Files\Content.IE5\YQOATCGH\3077ahntdksr[1].dll (file missing)
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} - http://download.ppstream.com/bin/powerplayer.cab
O16 - DPF: {62BA437C-7712-48C6-9F0B-D251FA43192B} (SayaTV Control) - http://www.sayatv.com/download/SayaTV.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O20 - Winlogon Notify: efcdcbyy - efcdcbyy.dll (file missing)
Clique sur Fix checked (en bas à gauche)
D'autres soucis?
désinstalle Ad-Aware
Conséquences de la multi-protection
~Lance Hijackthis “Do a system scan only”.
Coche les lignes qui suivent si encore présentes et uniquement celles-là.
O2 - BHO: (no name) - {7905B418-9FFE-46AC-A324-7275463E56C1} - C:\Documents and Settings\Jeremy\Local Settings\Temporary Internet Files\Content.IE5\YQOATCGH\3077ahntdksr[1].dll (file missing)
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} - http://download.ppstream.com/bin/powerplayer.cab
O16 - DPF: {62BA437C-7712-48C6-9F0B-D251FA43192B} (SayaTV Control) - http://www.sayatv.com/download/SayaTV.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O20 - Winlogon Notify: efcdcbyy - efcdcbyy.dll (file missing)
Clique sur Fix checked (en bas à gauche)
D'autres soucis?
bien
Supprime tous les programmes installés pour la désinfection.
Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.
![]()
Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.
~Edite ton premier message (en cliquant sur la gomme) et marque [résolu] dans le titre.
![:hello:]( ":hello:")
Supprime tous les programmes installés pour la désinfection.
Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.
Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.
~Edite ton premier message (en cliquant sur la gomme) et marque [résolu] dans le titre.
Lassé par la pub ? Créez un compte
- Contenus similaires :
- Forumproblème winlogon.exe Trojan/Worm résolu
- ForumWin32:Trojan-RE [Trj] ( probleme résolu )
- Forumproblème de suppression d'un trojan [résolu] merci
- Forum[RESOLU] Trojan impossible à réparer
- Forummon pc est infecté:trojan RÉSOLU
- ForumTrojan-Downloader.Win32.Agent!IK détecté par Web Malware Scan *Résolu*
- ForumProblème: Win32.Trojan.gen (Avast)
- ForumTrojan Alureon (Résolu)
- ForumTrojan Eorezo (Malwarebytes Anti-Malware) [Résolu]
- Voir plus
