virus impossible a suprimer [ RESOLU]
Dernière réponse : dans Sécurité
bordel je pe plus me connecter sauf exeption rare le virus me bloque de partout il y a ecrit a caute de lorloge en bas a droite virus alerte et des programe me bloque je c pa koi faire aidez moi svp Autres pages sur : virus impossible suprimer resolu
Lassé par la pub ? Créez un compte
Bonjour,
Fais un effort sur l'orthographe. Et un bonjour c'est pas mal.
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Fais un effort sur l'orthographe. Et un bonjour c'est pas mal.
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
alors voici le rapport j'espere que sa va nous aider il y a un programme antispyware 2008 qui me bloque tt il se met en milieu d'ecran et je pe rien faire ensuite en bas a gauche au menu demarrer
je n'ai plus la liste de tt les programme qui souvre a droite quand on se met sur la fleche et pour finir défois je fait rien je regarde la tele et j'enten mon ordi qui fait des bruit de clique comme si moi je voulait ouvrir une fenetre ou que j'aller si un lien enfin je sais que tu va m'aider merci et a bientot bis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:47: VIRUS ALERT!, on 27/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
c:\program files\avira\antivir personaledition classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ExpertEnhancer - {35069396-3567-9D8B-86E5-B3D3B89DD644} - C:\Program Files\ExpertEnhancer\ExpertEnhancer-2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: QXK Olive - {883E162E-56D8-4AB3-85BE-F69B9FC89082} - C:\WINDOWS\rodqgpvlndk.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Mirar - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB55.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB55.dll
O3 - Toolbar: qalkfxor - {47B4B5E7-18D6-47EB-AF00-DFF901A8EFF1} - C:\WINDOWS\qalkfxor.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\WINDOWS\system32\Setup_ver1.1431.0.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [s9201] "C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6374 bytes
je n'ai plus la liste de tt les programme qui souvre a droite quand on se met sur la fleche et pour finir défois je fait rien je regarde la tele et j'enten mon ordi qui fait des bruit de clique comme si moi je voulait ouvrir une fenetre ou que j'aller si un lien enfin je sais que tu va m'aider merci et a bientot bis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:47: VIRUS ALERT!, on 27/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
c:\program files\avira\antivir personaledition classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ExpertEnhancer - {35069396-3567-9D8B-86E5-B3D3B89DD644} - C:\Program Files\ExpertEnhancer\ExpertEnhancer-2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: QXK Olive - {883E162E-56D8-4AB3-85BE-F69B9FC89082} - C:\WINDOWS\rodqgpvlndk.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Mirar - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB55.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB55.dll
O3 - Toolbar: qalkfxor - {47B4B5E7-18D6-47EB-AF00-DFF901A8EFF1} - C:\WINDOWS\qalkfxor.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\WINDOWS\system32\Setup_ver1.1431.0.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [s9201] "C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6374 bytes
Re,
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
re, voici le rapport en tous cas je suis tres satisfaite de se site c'est rapide et efficace merci encore bis j'attent d'autre instructions. ![:)]( ":)")
et si possible pourriez vous m'expliquer bien sur si vous avait le temps ce que mon ordinateur à? merci
ComboFix 08-08-26.03 - Propriétaire 2008-08-27 15:44:32.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1566 [GMT 2:00]
Endroit: C:\Documents and Settings\Propriétaire\Bureau\combofix2.exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Propriétaire\Favoris\Error Cleaner.url
C:\Documents and Settings\Propriétaire\Favoris\Privacy Protector.url
C:\Documents and Settings\Propriétaire\Favoris\Spyware&Malware Protection.url
C:\Program Files\FBrowsingAdvisor
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt
C:\Program Files\FBrowsingAdvisor\Logo.png
C:\Program Files\FBrowsingAdvisor\main.db
C:\Program Files\FBrowsingAdvisor\unins000.dat
C:\Program Files\FBrowsingAdvisor\unins000.exe
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll
C:\WINDOWS\emwl.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-27 to 2008-08-27 ))))))))))))))))))))))))))))))))))))
.
2008-08-27 15:11 . 2008-08-27 15:11 <REP> d-------- C:\WINDOWS\LastGood
2008-08-27 11:47 . 2008-08-27 11:47 <REP> d-------- C:\Program Files\Trend Micro
2008-08-25 19:00 . 2008-08-25 19:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\services
2008-08-25 18:58 . 2008-08-25 18:13 380,928 --a------ C:\WINDOWS\rodqgpvlndk.dll
2008-08-25 18:58 . 2008-08-25 18:13 294,912 --a------ C:\WINDOWS\pdoskegl.dll
2008-08-25 18:58 . 2008-08-25 18:13 270,336 --a------ C:\WINDOWS\rqbmvpso.dll
2008-08-25 18:58 . 2008-08-25 18:13 192,512 --a------ C:\WINDOWS\qalkfxor.dll
2008-08-25 18:58 . 2008-08-25 18:13 86,016 --a------ C:\WINDOWS\rvoelbxt.exe
2008-08-20 02:24 . 2008-08-20 02:24 <REP> d-------- C:\Program Files\VirginMega
2008-08-20 02:23 . 2008-08-20 02:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-08-15 19:27 . 2008-04-11 20:51 683,520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-15 19:27 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-12 17:48 . 2008-08-12 17:49 <REP> d-------- C:\Program Files\TomTom HOME 2
2008-08-10 14:26 . 2008-08-10 14:26 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\TomTom
2008-08-10 14:26 . 2008-08-10 14:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TomTom
2008-08-10 14:24 . 2008-08-10 14:24 <REP> d-------- C:\Program Files\TomTom DesktopSuite
2008-08-09 20:58 . 2008-08-09 20:58 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-08-09 20:58 . 2006-10-04 16:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-08-09 20:58 . 2006-10-04 16:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-08-09 20:58 . 2006-10-04 16:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-08-09 20:57 . 2004-08-04 08:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-08-09 20:56 . 2008-08-09 20:56 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-08-09 20:56 . 2008-08-09 20:57 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-08-08 18:58 . 2008-08-08 19:00 <REP> d-------- C:\Program Files\GalaPlayer
2008-08-08 13:32 . 2008-08-15 19:25 <REP> d-------- C:\Program Files\Everest Poker
2008-08-05 17:13 . 2008-08-05 17:13 <REP> d-------- C:\Program Files\VideoLAN
2008-08-05 17:13 . 2008-08-05 17:13 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\vlc
2008-08-02 16:44 . 2008-08-02 16:44 <REP> d-------- C:\WINDOWS\Sun
2008-08-02 10:55 . 2008-08-27 15:35 <REP> d-------- C:\Program Files\ExpertEnhancer
2008-08-02 10:55 . 2006-04-14 23:05 9,952 --a------ C:\regxpcom.exe
2008-08-01 12:21 . 2004-08-20 01:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-31 21:05 . 2008-08-01 16:05 <REP> d-------- C:\Program Files\Google
2008-07-31 21:05 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-31 20:34 . 2008-08-01 15:20 <REP> d-------- C:\Documents and Settings\Propriétaire\Incomplete
2008-07-31 20:34 . 2008-08-01 15:20 <REP> d-------- C:\Documents and Settings\Propriétaire\Incomplete
2008-07-31 20:33 . 2008-08-12 16:39 <REP> dr------- C:\Documents and Settings\Propriétaire\Shared
2008-07-31 20:33 . 2008-08-12 16:39 <REP> dr------- C:\Documents and Settings\Propriétaire\Shared
2008-07-31 20:33 . 2008-08-01 06:10 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\LimeWire
2008-07-31 20:32 . 2008-07-31 21:05 <REP> d-------- C:\Program Files\Java
2008-07-31 20:32 . 2008-07-31 20:32 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-07-31 20:31 . 2008-07-31 20:33 <REP> d-------- C:\Program Files\360Share Pro
2008-07-30 19:10 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-07-30 19:07 . 2008-07-31 13:45 <REP> d-------- C:\WINDOWS\NV29243568.TMP
2008-07-30 19:07 . 2007-11-06 20:00 158,263 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-07-30 18:30 . 2008-08-22 23:12 <REP> d-------- C:\Program Files\PokerStars
2008-07-30 13:40 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-30 13:38 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-30 13:38 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-30 13:38 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-30 12:22 . 2008-07-30 12:22 <REP> d-------- C:\Program Files\uTorrent
2008-07-30 12:22 . 2008-08-26 19:42 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\uTorrent
2008-07-30 00:19 . 2008-08-27 11:37 248 --a------ C:\WINDOWS\system\hpsysdrv.dat
2008-07-30 00:18 . 2008-07-30 00:19 <REP> d-------- C:\i386
2008-07-30 00:13 . 2008-08-27 15:44 <REP> dra------ C:\Program Files
2008-07-30 00:13 . 2008-08-12 17:18 <REP> dra------ C:\Documents and Settings\Propriétaire\Mes documents
2008-07-30 00:13 . 2008-08-12 17:18 <REP> dra------ C:\Documents and Settings\Propriétaire\Mes documents
2008-07-30 00:13 . 2008-07-30 12:22 <REP> dra------ C:\Documents and Settings\Propriétaire\Menu Démarrer
2008-07-30 00:13 . 2008-07-30 12:22 <REP> dra------ C:\Documents and Settings\Propriétaire\Menu Démarrer
2008-07-30 00:13 . 2008-08-27 15:44 <REP> dra------ C:\Documents and Settings\Propriétaire\Favoris
2008-07-30 00:13 . 2008-08-27 15:44 <REP> dra------ C:\Documents and Settings\Propriétaire\Favoris
2008-07-30 00:13 . 2008-07-30 00:16 <REP> dra------ C:\Documents and Settings\Default User\Menu Démarrer
2008-07-30 00:13 . 2008-07-30 18:30 <REP> dra------ C:\Documents and Settings\All Users\Menu Démarrer
2008-07-30 00:13 . 2008-08-01 12:36 <REP> d-a------ C:\Documents and Settings\All Users\Documents
2008-07-30 00:12 . 2008-08-27 11:38 <REP> drahsc--- C:\WINDOWS\system32\dllcache
2008-07-30 00:12 . 2008-07-30 00:16 <REP> dra------ C:\WINDOWS\system32\config\systemprofile\Menu Démarrer
2008-07-29 19:46 . 2008-08-13 12:17 <REP> d-------- C:\Documents and Settings\Propriétaire\Contacts
2008-07-29 19:46 . 2008-08-13 12:17 <REP> d-------- C:\Documents and Settings\Propriétaire\Contacts
2008-07-29 19:30 . 2008-07-29 19:30 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-07-29 19:27 . 2008-07-29 19:30 <REP> d-------- C:\Program Files\Windows Live
2008-07-29 19:27 . 2008-07-29 19:29 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-07-29 19:26 . 2008-07-29 19:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-29 19:10 . 2008-07-29 19:10 <REP> d-------- C:\WINDOWS\system32\Lang
2008-07-29 19:10 . 2008-07-29 19:10 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-07-29 19:10 . 2008-07-29 19:10 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-07-29 19:07 . 2004-08-04 08:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-07-29 19:07 . 2004-08-04 08:07 6,400 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys
2008-07-29 19:05 . 2005-05-03 12:43 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2008-07-29 18:31 . 2008-07-29 18:31 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\MSN6
2008-07-29 18:31 . 2008-07-29 18:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-07-29 17:59 . 2008-08-05 22:12 <REP> d-------- C:\Program Files\Neuf
2008-07-29 17:31 . 2008-07-29 17:31 <REP> d-------- C:\Documents and Settings\LocalService\Menu Démarrer
2008-07-29 17:31 . 2008-08-09 20:57 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-07-29 17:08 . 2008-07-29 17:08 <REP> d-------- C:\WINDOWS\provisioning
2008-07-29 17:08 . 2008-07-29 17:08 <REP> d-------- C:\WINDOWS\peernet
2008-07-29 17:07 . 2008-07-29 17:07 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-07-29 17:04 . 2008-07-29 17:04 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\InterVideo
2008-07-29 17:03 . 2008-07-29 17:03 <REP> d-------- C:\WINDOWS\EHome
2008-07-29 16:47 . 2008-07-29 19:05 <REP> d-------- C:\Program Files\Realtek
2008-07-29 16:44 . 2008-07-29 16:44 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\InstallShield
2008-07-29 16:44 . 2007-03-09 12:37 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-07-29 16:44 . 2006-10-11 05:33 10,288 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-07-29 16:44 . 2008-07-29 19:05 4,738 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-07-29 16:35 . 2007-03-06 06:25 196,096 -ra------ C:\WINDOWS\system32\fdco1ins.dll
2008-07-29 16:35 . 2007-03-06 06:25 9,216 -ra------ C:\WINDOWS\system32\bdco1ins.dll
2008-07-29 16:35 . 2007-01-03 06:20 1,732 -ra------ C:\WINDOWS\system32\drivers\nvphy.bin
2008-07-29 16:34 . 2007-02-16 02:50 12,032 -ra------ C:\WINDOWS\system32\drivers\nvsmu.sys
2008-07-29 16:33 . 2008-07-30 19:07 146,832 --a------ C:\WINDOWS\system32\nvapps.xml
2008-07-29 16:32 . 2007-04-20 15:32 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-07-29 16:32 . 2007-11-06 20:00 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-07-29 16:28 . 2002-11-07 22:40 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-07-29 16:28 . 2005-10-21 00:25 1,097,728 --a------ C:\WINDOWS\system32\esent.dll
2008-07-29 16:28 . 2004-08-20 00:56 54,400 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2008-07-29 16:28 . 2004-08-20 01:00 25,216 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys
2008-07-29 16:28 . 2002-10-16 09:52 24,576 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2008-07-29 16:27 . 2002-11-07 22:40 <REP> d-------- C:\Documents and Settings\Default User\WINDOWS
2008-07-29 16:22 . 2004-08-04 08:10 61,056 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys
2008-07-29 16:22 . 2004-08-04 08:10 53,248 --a------ C:\WINDOWS\system32\drivers\1394bus.sys
2008-07-29 16:22 . 2004-08-04 08:08 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2008-07-29 16:22 . 2004-08-04 08:07 8,832 --a------ C:\WINDOWS\system32\drivers\wmiacpi.sys
2008-07-29 16:22 . 2001-08-17 21:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2008-07-29 16:21 . 2008-07-29 16:21 <REP> d---s---- C:\Documents and Settings\Propriétaire\UserData
2008-07-29 16:21 . 2008-07-29 16:21 <REP> d---s---- C:\Documents and Settings\Propriétaire\UserData
2008-07-29 16:12 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-07-29 16:12 . 2004-08-19 16:10 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2008-07-29 16:12 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-07-29 16:12 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-07-29 16:10 . 2008-07-29 16:10 12,744 --a------ C:\WINDOWS\system32\wpa.bak
2008-07-29 16:00 . 2008-07-29 16:00 <REP> d-------- C:\Program Files\Avira
2008-07-29 16:00 . 2008-07-29 16:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-29 15:57 . 2008-07-29 15:57 <REP> d-------- C:\WINDOWS\system32\bits
2008-07-29 15:56 . 2008-08-17 13:49 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-07-29 15:56 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-07-29 15:55 . 2004-08-20 01:09 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-07-29 15:55 . 2004-08-20 01:09 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-07-29 15:55 . 2004-08-20 01:09 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-24 15:11 --------- d-----w C:\Program Files\RecordNow
2008-08-24 14:32 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\VERITAS
2008-08-02 13:33 --------- d-----w C:\Program Files\Pinnacle
2008-07-30 17:11 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-07-29 14:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{883E162E-56D8-4AB3-85BE-F69B9FC89082}]
2008-08-25 18:13 380928 --a------ C:\WINDOWS\rodqgpvlndk.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{47B4B5E7-18D6-47EB-AF00-DFF901A8EFF1}"= "C:\WINDOWS\qalkfxor.dll" [2008-08-25 18:13 192512]
[HKEY_CLASSES_ROOT\clsid\{47b4b5e7-18d6-47eb-af00-dff901a8eff1}]
[HKEY_CLASSES_ROOT\qalkfxor.1]
[HKEY_CLASSES_ROOT\TypeLib\{AF018914-67DD-4B0E-B3D3-23BF4448732F}]
[HKEY_CLASSES_ROOT\qalkfxor]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-31 23:49 171448]
"Neuf Media Center"="C:\Program Files\Neuf\Media Center\MediaCenter.exe" [2007-10-15 17:57 1025264]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 10:42 202088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-09-09 08:05 114688]
"KYE_Showicon"="C:\Program Files\USB Storage RW\shwicon.exe" [2002-10-25 16:33 69632]
"KBD"="C:\HP\KBD\KBD.EXE" [2001-07-06 21:56 61440]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 09:01 155648]
"WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [2002-02-20 20:40 143360]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 22:42 212992]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-06 20:00 8523776]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-07-31 20:28 81920]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-11-06 20:00 81920]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"nwiz"="nwiz.exe" [2007-11-06 20:00 1626112 C:\WINDOWS\system32\nwiz.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 13:49 16269312 C:\WINDOWS\RTHDCPL.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= vdrcodec.dll
"VIDC.PIM1"= pclepim1.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\Program Files\Neuf\Media Center\httpd\httpd.exe"= C:\Program Files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)
R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\DRIVERS\avgntmgr.sys [2008-01-21 18:11]
R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2008-05-09 13:15]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c33a43c-66d7-11dd-8ddb-001966390bc8}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Microsoft WinUpdate - C:\WINDOWS\system32\Setup_ver1.1431.0.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.neufportail.fr/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O9 -: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-27 15:46:00
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-08-27 15:47:11
ComboFix-quarantined-files.txt 2008-08-27 13:47:06
Pre-Run: 39,630,045,184 octets libres
Post-Run: 41,915,879,424 octets libres
251 --- E O F --- 2008-08-17 11:49:43
et si possible pourriez vous m'expliquer bien sur si vous avait le temps ce que mon ordinateur à? merciComboFix 08-08-26.03 - Propriétaire 2008-08-27 15:44:32.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1566 [GMT 2:00]
Endroit: C:\Documents and Settings\Propriétaire\Bureau\combofix2.exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Propriétaire\Favoris\Error Cleaner.url
C:\Documents and Settings\Propriétaire\Favoris\Privacy Protector.url
C:\Documents and Settings\Propriétaire\Favoris\Spyware&Malware Protection.url
C:\Program Files\FBrowsingAdvisor
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt
C:\Program Files\FBrowsingAdvisor\Logo.png
C:\Program Files\FBrowsingAdvisor\main.db
C:\Program Files\FBrowsingAdvisor\unins000.dat
C:\Program Files\FBrowsingAdvisor\unins000.exe
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll
C:\WINDOWS\emwl.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-27 to 2008-08-27 ))))))))))))))))))))))))))))))))))))
.
2008-08-27 15:11 . 2008-08-27 15:11 <REP> d-------- C:\WINDOWS\LastGood
2008-08-27 11:47 . 2008-08-27 11:47 <REP> d-------- C:\Program Files\Trend Micro
2008-08-25 19:00 . 2008-08-25 19:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\services
2008-08-25 18:58 . 2008-08-25 18:13 380,928 --a------ C:\WINDOWS\rodqgpvlndk.dll
2008-08-25 18:58 . 2008-08-25 18:13 294,912 --a------ C:\WINDOWS\pdoskegl.dll
2008-08-25 18:58 . 2008-08-25 18:13 270,336 --a------ C:\WINDOWS\rqbmvpso.dll
2008-08-25 18:58 . 2008-08-25 18:13 192,512 --a------ C:\WINDOWS\qalkfxor.dll
2008-08-25 18:58 . 2008-08-25 18:13 86,016 --a------ C:\WINDOWS\rvoelbxt.exe
2008-08-20 02:24 . 2008-08-20 02:24 <REP> d-------- C:\Program Files\VirginMega
2008-08-20 02:23 . 2008-08-20 02:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-08-15 19:27 . 2008-04-11 20:51 683,520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-15 19:27 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-12 17:48 . 2008-08-12 17:49 <REP> d-------- C:\Program Files\TomTom HOME 2
2008-08-10 14:26 . 2008-08-10 14:26 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\TomTom
2008-08-10 14:26 . 2008-08-10 14:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TomTom
2008-08-10 14:24 . 2008-08-10 14:24 <REP> d-------- C:\Program Files\TomTom DesktopSuite
2008-08-09 20:58 . 2008-08-09 20:58 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-08-09 20:58 . 2006-10-04 16:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-08-09 20:58 . 2006-10-04 16:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-08-09 20:58 . 2006-10-04 16:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-08-09 20:57 . 2004-08-04 08:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-08-09 20:56 . 2008-08-09 20:56 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-08-09 20:56 . 2008-08-09 20:57 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-08-08 18:58 . 2008-08-08 19:00 <REP> d-------- C:\Program Files\GalaPlayer
2008-08-08 13:32 . 2008-08-15 19:25 <REP> d-------- C:\Program Files\Everest Poker
2008-08-05 17:13 . 2008-08-05 17:13 <REP> d-------- C:\Program Files\VideoLAN
2008-08-05 17:13 . 2008-08-05 17:13 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\vlc
2008-08-02 16:44 . 2008-08-02 16:44 <REP> d-------- C:\WINDOWS\Sun
2008-08-02 10:55 . 2008-08-27 15:35 <REP> d-------- C:\Program Files\ExpertEnhancer
2008-08-02 10:55 . 2006-04-14 23:05 9,952 --a------ C:\regxpcom.exe
2008-08-01 12:21 . 2004-08-20 01:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-31 21:05 . 2008-08-01 16:05 <REP> d-------- C:\Program Files\Google
2008-07-31 21:05 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-31 20:34 . 2008-08-01 15:20 <REP> d-------- C:\Documents and Settings\Propriétaire\Incomplete
2008-07-31 20:34 . 2008-08-01 15:20 <REP> d-------- C:\Documents and Settings\Propriétaire\Incomplete
2008-07-31 20:33 . 2008-08-12 16:39 <REP> dr------- C:\Documents and Settings\Propriétaire\Shared
2008-07-31 20:33 . 2008-08-12 16:39 <REP> dr------- C:\Documents and Settings\Propriétaire\Shared
2008-07-31 20:33 . 2008-08-01 06:10 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\LimeWire
2008-07-31 20:32 . 2008-07-31 21:05 <REP> d-------- C:\Program Files\Java
2008-07-31 20:32 . 2008-07-31 20:32 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-07-31 20:31 . 2008-07-31 20:33 <REP> d-------- C:\Program Files\360Share Pro
2008-07-30 19:10 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-07-30 19:07 . 2008-07-31 13:45 <REP> d-------- C:\WINDOWS\NV29243568.TMP
2008-07-30 19:07 . 2007-11-06 20:00 158,263 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-07-30 18:30 . 2008-08-22 23:12 <REP> d-------- C:\Program Files\PokerStars
2008-07-30 13:40 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-30 13:38 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-30 13:38 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-30 13:38 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-30 12:22 . 2008-07-30 12:22 <REP> d-------- C:\Program Files\uTorrent
2008-07-30 12:22 . 2008-08-26 19:42 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\uTorrent
2008-07-30 00:19 . 2008-08-27 11:37 248 --a------ C:\WINDOWS\system\hpsysdrv.dat
2008-07-30 00:18 . 2008-07-30 00:19 <REP> d-------- C:\i386
2008-07-30 00:13 . 2008-08-27 15:44 <REP> dra------ C:\Program Files
2008-07-30 00:13 . 2008-08-12 17:18 <REP> dra------ C:\Documents and Settings\Propriétaire\Mes documents
2008-07-30 00:13 . 2008-08-12 17:18 <REP> dra------ C:\Documents and Settings\Propriétaire\Mes documents
2008-07-30 00:13 . 2008-07-30 12:22 <REP> dra------ C:\Documents and Settings\Propriétaire\Menu Démarrer
2008-07-30 00:13 . 2008-07-30 12:22 <REP> dra------ C:\Documents and Settings\Propriétaire\Menu Démarrer
2008-07-30 00:13 . 2008-08-27 15:44 <REP> dra------ C:\Documents and Settings\Propriétaire\Favoris
2008-07-30 00:13 . 2008-08-27 15:44 <REP> dra------ C:\Documents and Settings\Propriétaire\Favoris
2008-07-30 00:13 . 2008-07-30 00:16 <REP> dra------ C:\Documents and Settings\Default User\Menu Démarrer
2008-07-30 00:13 . 2008-07-30 18:30 <REP> dra------ C:\Documents and Settings\All Users\Menu Démarrer
2008-07-30 00:13 . 2008-08-01 12:36 <REP> d-a------ C:\Documents and Settings\All Users\Documents
2008-07-30 00:12 . 2008-08-27 11:38 <REP> drahsc--- C:\WINDOWS\system32\dllcache
2008-07-30 00:12 . 2008-07-30 00:16 <REP> dra------ C:\WINDOWS\system32\config\systemprofile\Menu Démarrer
2008-07-29 19:46 . 2008-08-13 12:17 <REP> d-------- C:\Documents and Settings\Propriétaire\Contacts
2008-07-29 19:46 . 2008-08-13 12:17 <REP> d-------- C:\Documents and Settings\Propriétaire\Contacts
2008-07-29 19:30 . 2008-07-29 19:30 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-07-29 19:27 . 2008-07-29 19:30 <REP> d-------- C:\Program Files\Windows Live
2008-07-29 19:27 . 2008-07-29 19:29 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-07-29 19:26 . 2008-07-29 19:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-29 19:10 . 2008-07-29 19:10 <REP> d-------- C:\WINDOWS\system32\Lang
2008-07-29 19:10 . 2008-07-29 19:10 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-07-29 19:10 . 2008-07-29 19:10 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-07-29 19:07 . 2004-08-04 08:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-07-29 19:07 . 2004-08-04 08:07 6,400 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys
2008-07-29 19:05 . 2005-05-03 12:43 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2008-07-29 18:31 . 2008-07-29 18:31 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\MSN6
2008-07-29 18:31 . 2008-07-29 18:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-07-29 17:59 . 2008-08-05 22:12 <REP> d-------- C:\Program Files\Neuf
2008-07-29 17:31 . 2008-07-29 17:31 <REP> d-------- C:\Documents and Settings\LocalService\Menu Démarrer
2008-07-29 17:31 . 2008-08-09 20:57 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-07-29 17:08 . 2008-07-29 17:08 <REP> d-------- C:\WINDOWS\provisioning
2008-07-29 17:08 . 2008-07-29 17:08 <REP> d-------- C:\WINDOWS\peernet
2008-07-29 17:07 . 2008-07-29 17:07 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-07-29 17:04 . 2008-07-29 17:04 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\InterVideo
2008-07-29 17:03 . 2008-07-29 17:03 <REP> d-------- C:\WINDOWS\EHome
2008-07-29 16:47 . 2008-07-29 19:05 <REP> d-------- C:\Program Files\Realtek
2008-07-29 16:44 . 2008-07-29 16:44 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\InstallShield
2008-07-29 16:44 . 2007-03-09 12:37 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-07-29 16:44 . 2006-10-11 05:33 10,288 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-07-29 16:44 . 2008-07-29 19:05 4,738 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-07-29 16:35 . 2007-03-06 06:25 196,096 -ra------ C:\WINDOWS\system32\fdco1ins.dll
2008-07-29 16:35 . 2007-03-06 06:25 9,216 -ra------ C:\WINDOWS\system32\bdco1ins.dll
2008-07-29 16:35 . 2007-01-03 06:20 1,732 -ra------ C:\WINDOWS\system32\drivers\nvphy.bin
2008-07-29 16:34 . 2007-02-16 02:50 12,032 -ra------ C:\WINDOWS\system32\drivers\nvsmu.sys
2008-07-29 16:33 . 2008-07-30 19:07 146,832 --a------ C:\WINDOWS\system32\nvapps.xml
2008-07-29 16:32 . 2007-04-20 15:32 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-07-29 16:32 . 2007-11-06 20:00 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-07-29 16:28 . 2002-11-07 22:40 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-07-29 16:28 . 2005-10-21 00:25 1,097,728 --a------ C:\WINDOWS\system32\esent.dll
2008-07-29 16:28 . 2004-08-20 00:56 54,400 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2008-07-29 16:28 . 2004-08-20 01:00 25,216 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys
2008-07-29 16:28 . 2002-10-16 09:52 24,576 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2008-07-29 16:27 . 2002-11-07 22:40 <REP> d-------- C:\Documents and Settings\Default User\WINDOWS
2008-07-29 16:22 . 2004-08-04 08:10 61,056 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys
2008-07-29 16:22 . 2004-08-04 08:10 53,248 --a------ C:\WINDOWS\system32\drivers\1394bus.sys
2008-07-29 16:22 . 2004-08-04 08:08 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2008-07-29 16:22 . 2004-08-04 08:07 8,832 --a------ C:\WINDOWS\system32\drivers\wmiacpi.sys
2008-07-29 16:22 . 2001-08-17 21:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2008-07-29 16:21 . 2008-07-29 16:21 <REP> d---s---- C:\Documents and Settings\Propriétaire\UserData
2008-07-29 16:21 . 2008-07-29 16:21 <REP> d---s---- C:\Documents and Settings\Propriétaire\UserData
2008-07-29 16:12 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-07-29 16:12 . 2004-08-19 16:10 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2008-07-29 16:12 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-07-29 16:12 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-07-29 16:10 . 2008-07-29 16:10 12,744 --a------ C:\WINDOWS\system32\wpa.bak
2008-07-29 16:00 . 2008-07-29 16:00 <REP> d-------- C:\Program Files\Avira
2008-07-29 16:00 . 2008-07-29 16:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-29 15:57 . 2008-07-29 15:57 <REP> d-------- C:\WINDOWS\system32\bits
2008-07-29 15:56 . 2008-08-17 13:49 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-07-29 15:56 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-07-29 15:55 . 2004-08-20 01:09 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-07-29 15:55 . 2004-08-20 01:09 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-07-29 15:55 . 2004-08-20 01:09 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-24 15:11 --------- d-----w C:\Program Files\RecordNow
2008-08-24 14:32 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\VERITAS
2008-08-02 13:33 --------- d-----w C:\Program Files\Pinnacle
2008-07-30 17:11 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-07-29 14:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{883E162E-56D8-4AB3-85BE-F69B9FC89082}]
2008-08-25 18:13 380928 --a------ C:\WINDOWS\rodqgpvlndk.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{47B4B5E7-18D6-47EB-AF00-DFF901A8EFF1}"= "C:\WINDOWS\qalkfxor.dll" [2008-08-25 18:13 192512]
[HKEY_CLASSES_ROOT\clsid\{47b4b5e7-18d6-47eb-af00-dff901a8eff1}]
[HKEY_CLASSES_ROOT\qalkfxor.1]
[HKEY_CLASSES_ROOT\TypeLib\{AF018914-67DD-4B0E-B3D3-23BF4448732F}]
[HKEY_CLASSES_ROOT\qalkfxor]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-31 23:49 171448]
"Neuf Media Center"="C:\Program Files\Neuf\Media Center\MediaCenter.exe" [2007-10-15 17:57 1025264]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 10:42 202088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-09-09 08:05 114688]
"KYE_Showicon"="C:\Program Files\USB Storage RW\shwicon.exe" [2002-10-25 16:33 69632]
"KBD"="C:\HP\KBD\KBD.EXE" [2001-07-06 21:56 61440]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 09:01 155648]
"WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [2002-02-20 20:40 143360]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 22:42 212992]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-06 20:00 8523776]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-07-31 20:28 81920]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-11-06 20:00 81920]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"nwiz"="nwiz.exe" [2007-11-06 20:00 1626112 C:\WINDOWS\system32\nwiz.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 13:49 16269312 C:\WINDOWS\RTHDCPL.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= vdrcodec.dll
"VIDC.PIM1"= pclepim1.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\Program Files\Neuf\Media Center\httpd\httpd.exe"= C:\Program Files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)
R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\DRIVERS\avgntmgr.sys [2008-01-21 18:11]
R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2008-05-09 13:15]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c33a43c-66d7-11dd-8ddb-001966390bc8}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Microsoft WinUpdate - C:\WINDOWS\system32\Setup_ver1.1431.0.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.neufportail.fr/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O9 -: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-27 15:46:00
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-08-27 15:47:11
ComboFix-quarantined-files.txt 2008-08-27 13:47:06
Pre-Run: 39,630,045,184 octets libres
Post-Run: 41,915,879,424 octets libres
251 --- E O F --- 2008-08-17 11:49:43
re, voici un autre rapport HijackThis au cas ou t'en aurai besoin d'avance ... ![:)]( ":)")
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:39, on 27/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: QXK Olive - {883E162E-56D8-4AB3-85BE-F69B9FC89082} - C:\WINDOWS\rodqgpvlndk.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: qalkfxor - {47B4B5E7-18D6-47EB-AF00-DFF901A8EFF1} - C:\WINDOWS\qalkfxor.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5316 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:39, on 27/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: QXK Olive - {883E162E-56D8-4AB3-85BE-F69B9FC89082} - C:\WINDOWS\rodqgpvlndk.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: qalkfxor - {47B4B5E7-18D6-47EB-AF00-DFF901A8EFF1} - C:\WINDOWS\qalkfxor.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5316 bytes
Re,
Il y a des restes.
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
![]()
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
Il y a des restes.
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
File::
C:\WINDOWS\rodqgpvlndk.dll
C:\WINDOWS\qalkfxor.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{883E162E-56D8-4AB3-85BE-F69B9FC89082}]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{47B4B5E7-18D6-47EB-AF00-DFF901A8EFF1}"=-
[-HKEY_CLASSES_ROOT\clsid\{47b4b5e7-18d6-47eb-af00-dff901a8eff1}]
[-HKEY_CLASSES_ROOT\qalkfxor.1]
[-HKEY_CLASSES_ROOT\TypeLib\{AF018914-67DD-4B0E-B3D3-23BF4448732F}]
[-HKEY_CLASSES_ROOT\qalkfxor]
C:\WINDOWS\rodqgpvlndk.dll
C:\WINDOWS\qalkfxor.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{883E162E-56D8-4AB3-85BE-F69B9FC89082}]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{47B4B5E7-18D6-47EB-AF00-DFF901A8EFF1}"=-
[-HKEY_CLASSES_ROOT\clsid\{47b4b5e7-18d6-47eb-af00-dff901a8eff1}]
[-HKEY_CLASSES_ROOT\qalkfxor.1]
[-HKEY_CLASSES_ROOT\TypeLib\{AF018914-67DD-4B0E-B3D3-23BF4448732F}]
[-HKEY_CLASSES_ROOT\qalkfxor]
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
alors j'espere ne pas avoir fait dérreure voici un rapport combofix mais il ne ma pas demander de taper1 et ni de valider il a fait tout tout seule enfin voici le rapport
ComboFix 08-08-28.04 - Propriétaire 2008-08-29 0:39:53.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1632 [GMT 2:00]
Endroit: C:\Documents and Settings\Propriétaire\Bureau\combofix2.exe
Command switches used :: C:\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@clickintext[1].txt
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-28 to 2008-08-28 ))))))))))))))))))))))))))))))))))))
.
2008-08-27 11:47 . 2008-08-27 11:47 <REP> d-------- C:\Program Files\Trend Micro
2008-08-25 19:00 . 2008-08-25 19:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\services
2008-08-25 18:58 . 2008-08-25 18:13 380,928 --a------ C:\WINDOWS\rodqgpvlndk.dll
2008-08-25 18:58 . 2008-08-25 18:13 294,912 --a------ C:\WINDOWS\pdoskegl.dll
2008-08-25 18:58 . 2008-08-25 18:13 270,336 --a------ C:\WINDOWS\rqbmvpso.dll
2008-08-25 18:58 . 2008-08-25 18:13 192,512 --a------ C:\WINDOWS\qalkfxor.dll
2008-08-25 18:58 . 2008-08-25 18:13 86,016 --a------ C:\WINDOWS\rvoelbxt.exe
2008-08-20 02:24 . 2008-08-20 02:24 <REP> d-------- C:\Program Files\VirginMega
2008-08-20 02:23 . 2008-08-20 02:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-08-15 19:27 . 2008-04-11 20:51 683,520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-15 19:27 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-12 17:48 . 2008-08-12 17:49 <REP> d-------- C:\Program Files\TomTom HOME 2
2008-08-10 14:26 . 2008-08-10 14:26 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\TomTom
2008-08-10 14:26 . 2008-08-10 14:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TomTom
2008-08-10 14:24 . 2008-08-10 14:24 <REP> d-------- C:\Program Files\TomTom DesktopSuite
2008-08-09 20:58 . 2008-08-09 20:58 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-08-09 20:58 . 2006-10-04 16:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-08-09 20:58 . 2006-10-04 16:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-08-09 20:58 . 2006-10-04 16:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-08-09 20:57 . 2004-08-04 08:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-08-09 20:56 . 2008-08-09 20:56 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-08-09 20:56 . 2008-08-09 20:57 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-08-08 18:58 . 2008-08-08 19:00 <REP> d-------- C:\Program Files\GalaPlayer
2008-08-08 13:32 . 2008-08-15 19:25 <REP> d-------- C:\Program Files\Everest Poker
2008-08-05 17:13 . 2008-08-05 17:13 <REP> d-------- C:\Program Files\VideoLAN
2008-08-05 17:13 . 2008-08-05 17:13 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\vlc
2008-08-02 16:44 . 2008-08-02 16:44 <REP> d-------- C:\WINDOWS\Sun
2008-08-02 10:55 . 2008-08-27 15:35 <REP> d-------- C:\Program Files\ExpertEnhancer
2008-08-02 10:55 . 2006-04-14 23:05 9,952 --a------ C:\regxpcom.exe
2008-08-01 12:21 . 2004-08-20 01:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-31 21:05 . 2008-08-01 16:05 <REP> d-------- C:\Program Files\Google
2008-07-31 21:05 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-31 20:34 . 2008-08-01 15:20 <REP> d-------- C:\Documents and Settings\Propriétaire\Incomplete
2008-07-31 20:34 . 2008-08-01 15:20 <REP> d-------- C:\Documents and Settings\Propriétaire\Incomplete
2008-07-31 20:33 . 2008-08-12 16:39 <REP> dr------- C:\Documents and Settings\Propriétaire\Shared
2008-07-31 20:33 . 2008-08-12 16:39 <REP> dr------- C:\Documents and Settings\Propriétaire\Shared
2008-07-31 20:33 . 2008-08-01 06:10 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\LimeWire
2008-07-31 20:32 . 2008-07-31 21:05 <REP> d-------- C:\Program Files\Java
2008-07-31 20:32 . 2008-07-31 20:32 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-07-31 20:31 . 2008-07-31 20:33 <REP> d-------- C:\Program Files\360Share Pro
2008-07-30 19:10 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-07-30 19:07 . 2008-07-31 13:45 <REP> d-------- C:\WINDOWS\NV29243568.TMP
2008-07-30 19:07 . 2007-11-06 20:00 158,263 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-07-30 18:30 . 2008-08-28 20:51 <REP> d-------- C:\Program Files\PokerStars
2008-07-30 13:40 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-30 13:38 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-30 13:38 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-30 13:38 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-30 12:22 . 2008-07-30 12:22 <REP> d-------- C:\Program Files\uTorrent
2008-07-30 12:22 . 2008-08-28 02:03 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\uTorrent
2008-07-30 00:19 . 2008-08-28 20:51 248 --a------ C:\WINDOWS\system\hpsysdrv.dat
2008-07-30 00:18 . 2008-07-30 00:19 <REP> d-------- C:\i386
2008-07-30 00:13 . 2008-08-27 15:44 <REP> dra------ C:\Program Files
2008-07-30 00:13 . 2008-08-27 23:42 <REP> dra------ C:\Documents and Settings\Propriétaire\Mes documents
2008-07-30 00:13 . 2008-08-27 23:42 <REP> dra------ C:\Documents and Settings\Propriétaire\Mes documents
2008-07-30 00:13 . 2008-07-30 12:22 <REP> dra------ C:\Documents and Settings\Propriétaire\Menu Démarrer
2008-07-30 00:13 . 2008-07-30 12:22 <REP> dra------ C:\Documents and Settings\Propriétaire\Menu Démarrer
2008-07-30 00:13 . 2008-08-27 17:05 <REP> dra------ C:\Documents and Settings\Propriétaire\Favoris
2008-07-30 00:13 . 2008-08-27 17:05 <REP> dra------ C:\Documents and Settings\Propriétaire\Favoris
2008-07-30 00:13 . 2008-07-30 00:16 <REP> dra------ C:\Documents and Settings\Default User\Menu Démarrer
2008-07-30 00:13 . 2008-07-30 18:30 <REP> dra------ C:\Documents and Settings\All Users\Menu Démarrer
2008-07-30 00:13 . 2008-08-01 12:36 <REP> d-a------ C:\Documents and Settings\All Users\Documents
2008-07-30 00:12 . 2008-08-27 11:38 <REP> drahsc--- C:\WINDOWS\system32\dllcache
2008-07-30 00:12 . 2008-07-30 00:16 <REP> dra------ C:\WINDOWS\system32\config\systemprofile\Menu Démarrer
2008-07-29 19:46 . 2008-08-13 12:17 <REP> d-------- C:\Documents and Settings\Propriétaire\Contacts
2008-07-29 19:46 . 2008-08-13 12:17 <REP> d-------- C:\Documents and Settings\Propriétaire\Contacts
2008-07-29 19:30 . 2008-07-29 19:30 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-07-29 19:27 . 2008-07-29 19:30 <REP> d-------- C:\Program Files\Windows Live
2008-07-29 19:27 . 2008-07-29 19:29 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-07-29 19:26 . 2008-07-29 19:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-29 19:10 . 2008-07-29 19:10 <REP> d-------- C:\WINDOWS\system32\Lang
2008-07-29 19:10 . 2008-07-29 19:10 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-07-29 19:10 . 2008-07-29 19:10 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-07-29 19:07 . 2004-08-04 08:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-07-29 19:07 . 2004-08-04 08:07 6,400 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys
2008-07-29 19:05 . 2005-05-03 12:43 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2008-07-29 18:31 . 2008-07-29 18:31 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\MSN6
2008-07-29 18:31 . 2008-07-29 18:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-07-29 17:59 . 2008-08-05 22:12 <REP> d-------- C:\Program Files\Neuf
2008-07-29 17:31 . 2008-07-29 17:31 <REP> d-------- C:\Documents and Settings\LocalService\Menu Démarrer
2008-07-29 17:31 . 2008-08-09 20:57 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-07-29 17:08 . 2008-07-29 17:08 <REP> d-------- C:\WINDOWS\provisioning
2008-07-29 17:08 . 2008-07-29 17:08 <REP> d-------- C:\WINDOWS\peernet
2008-07-29 17:07 . 2008-07-29 17:07 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-07-29 17:04 . 2008-07-29 17:04 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\InterVideo
2008-07-29 17:03 . 2008-07-29 17:03 <REP> d-------- C:\WINDOWS\EHome
2008-07-29 16:47 . 2008-07-29 19:05 <REP> d-------- C:\Program Files\Realtek
2008-07-29 16:44 . 2008-07-29 16:44 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\InstallShield
2008-07-29 16:44 . 2007-03-09 12:37 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-07-29 16:44 . 2006-10-11 05:33 10,288 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-07-29 16:44 . 2008-07-29 19:05 4,738 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-07-29 16:35 . 2007-03-06 06:25 196,096 -ra------ C:\WINDOWS\system32\fdco1ins.dll
2008-07-29 16:35 . 2007-03-06 06:25 9,216 -ra------ C:\WINDOWS\system32\bdco1ins.dll
2008-07-29 16:35 . 2007-01-03 06:20 1,732 -ra------ C:\WINDOWS\system32\drivers\nvphy.bin
2008-07-29 16:34 . 2007-02-16 02:50 12,032 -ra------ C:\WINDOWS\system32\drivers\nvsmu.sys
2008-07-29 16:33 . 2008-07-30 19:07 146,832 --a------ C:\WINDOWS\system32\nvapps.xml
2008-07-29 16:32 . 2007-04-20 15:32 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-07-29 16:32 . 2007-11-06 20:00 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-07-29 16:28 . 2002-11-07 22:40 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-07-29 16:28 . 2005-10-21 00:25 1,097,728 --a------ C:\WINDOWS\system32\esent.dll
2008-07-29 16:28 . 2004-08-20 00:56 54,400 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2008-07-29 16:28 . 2004-08-20 01:00 25,216 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys
2008-07-29 16:28 . 2002-10-16 09:52 24,576 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2008-07-29 16:27 . 2002-11-07 22:40 <REP> d-------- C:\Documents and Settings\Default User\WINDOWS
2008-07-29 16:22 . 2004-08-04 08:10 61,056 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys
2008-07-29 16:22 . 2004-08-04 08:10 53,248 --a------ C:\WINDOWS\system32\drivers\1394bus.sys
2008-07-29 16:22 . 2004-08-04 08:08 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2008-07-29 16:22 . 2004-08-04 08:07 8,832 --a------ C:\WINDOWS\system32\drivers\wmiacpi.sys
2008-07-29 16:22 . 2001-08-17 21:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2008-07-29 16:21 . 2008-07-29 16:21 <REP> d---s---- C:\Documents and Settings\Propriétaire\UserData
2008-07-29 16:21 . 2008-07-29 16:21 <REP> d---s---- C:\Documents and Settings\Propriétaire\UserData
2008-07-29 16:12 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-07-29 16:12 . 2004-08-19 16:10 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2008-07-29 16:12 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-07-29 16:12 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-07-29 16:10 . 2008-07-29 16:10 12,744 --a------ C:\WINDOWS\system32\wpa.bak
2008-07-29 16:00 . 2008-07-29 16:00 <REP> d-------- C:\Program Files\Avira
2008-07-29 16:00 . 2008-07-29 16:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-29 15:57 . 2008-07-29 15:57 <REP> d-------- C:\WINDOWS\system32\bits
2008-07-29 15:56 . 2008-08-17 13:49 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-07-29 15:56 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-07-29 15:55 . 2004-08-20 01:09 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-07-29 15:55 . 2004-08-20 01:09 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-07-29 15:55 . 2004-08-20 01:09 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-07-29 15:55 . 2004-08-20 01:09 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-24 15:11 --------- d-----w C:\Program Files\RecordNow
2008-08-24 14:32 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\VERITAS
2008-08-02 13:33 --------- d-----w C:\Program Files\Pinnacle
2008-07-30 17:11 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-07-29 14:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-31 23:49 171448]
"Neuf Media Center"="C:\Program Files\Neuf\Media Center\MediaCenter.exe" [2007-10-15 17:57 1025264]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 10:42 202088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-09-09 08:05 114688]
"KYE_Showicon"="C:\Program Files\USB Storage RW\shwicon.exe" [2002-10-25 16:33 69632]
"KBD"="C:\HP\KBD\KBD.EXE" [2001-07-06 21:56 61440]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 09:01 155648]
"WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [2002-02-20 20:40 143360]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 22:42 212992]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-06 20:00 8523776]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-07-31 20:28 81920]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-11-06 20:00 81920]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"nwiz"="nwiz.exe" [2007-11-06 20:00 1626112 C:\WINDOWS\system32\nwiz.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 13:49 16269312 C:\WINDOWS\RTHDCPL.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= vdrcodec.dll
"VIDC.PIM1"= pclepim1.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\Program Files\Neuf\Media Center\httpd\httpd.exe"= C:\Program Files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)
R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\DRIVERS\avgntmgr.sys [2008-01-21 18:11]
R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2008-05-09 13:15]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c33a43c-66d7-11dd-8ddb-001966390bc8}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-29 00:41:20
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-08-29 0:42:31
ComboFix-quarantined-files.txt 2008-08-28 22:42:28
ComboFix2.txt 2008-08-27 13:47:12
Pre-Run: 44,970,864,640 octets libres
Post-Run: 45,090,816,000 octets libres
219 --- E O F --- 2008-08-17 11:49:43
et voici hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:46, on 29/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5298 bytes
voila merci
ComboFix 08-08-28.04 - Propriétaire 2008-08-29 0:39:53.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1632 [GMT 2:00]
Endroit: C:\Documents and Settings\Propriétaire\Bureau\combofix2.exe
Command switches used :: C:\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@clickintext[1].txt
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-28 to 2008-08-28 ))))))))))))))))))))))))))))))))))))
.
2008-08-27 11:47 . 2008-08-27 11:47 <REP> d-------- C:\Program Files\Trend Micro
2008-08-25 19:00 . 2008-08-25 19:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\services
2008-08-25 18:58 . 2008-08-25 18:13 380,928 --a------ C:\WINDOWS\rodqgpvlndk.dll
2008-08-25 18:58 . 2008-08-25 18:13 294,912 --a------ C:\WINDOWS\pdoskegl.dll
2008-08-25 18:58 . 2008-08-25 18:13 270,336 --a------ C:\WINDOWS\rqbmvpso.dll
2008-08-25 18:58 . 2008-08-25 18:13 192,512 --a------ C:\WINDOWS\qalkfxor.dll
2008-08-25 18:58 . 2008-08-25 18:13 86,016 --a------ C:\WINDOWS\rvoelbxt.exe
2008-08-20 02:24 . 2008-08-20 02:24 <REP> d-------- C:\Program Files\VirginMega
2008-08-20 02:23 . 2008-08-20 02:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-08-15 19:27 . 2008-04-11 20:51 683,520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-15 19:27 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-12 17:48 . 2008-08-12 17:49 <REP> d-------- C:\Program Files\TomTom HOME 2
2008-08-10 14:26 . 2008-08-10 14:26 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\TomTom
2008-08-10 14:26 . 2008-08-10 14:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TomTom
2008-08-10 14:24 . 2008-08-10 14:24 <REP> d-------- C:\Program Files\TomTom DesktopSuite
2008-08-09 20:58 . 2008-08-09 20:58 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-08-09 20:58 . 2006-10-04 16:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-08-09 20:58 . 2006-10-04 16:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-08-09 20:58 . 2006-10-04 16:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-08-09 20:57 . 2004-08-04 08:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-08-09 20:56 . 2008-08-09 20:56 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-08-09 20:56 . 2008-08-09 20:57 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-08-08 18:58 . 2008-08-08 19:00 <REP> d-------- C:\Program Files\GalaPlayer
2008-08-08 13:32 . 2008-08-15 19:25 <REP> d-------- C:\Program Files\Everest Poker
2008-08-05 17:13 . 2008-08-05 17:13 <REP> d-------- C:\Program Files\VideoLAN
2008-08-05 17:13 . 2008-08-05 17:13 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\vlc
2008-08-02 16:44 . 2008-08-02 16:44 <REP> d-------- C:\WINDOWS\Sun
2008-08-02 10:55 . 2008-08-27 15:35 <REP> d-------- C:\Program Files\ExpertEnhancer
2008-08-02 10:55 . 2006-04-14 23:05 9,952 --a------ C:\regxpcom.exe
2008-08-01 12:21 . 2004-08-20 01:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-31 21:05 . 2008-08-01 16:05 <REP> d-------- C:\Program Files\Google
2008-07-31 21:05 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-31 20:34 . 2008-08-01 15:20 <REP> d-------- C:\Documents and Settings\Propriétaire\Incomplete
2008-07-31 20:34 . 2008-08-01 15:20 <REP> d-------- C:\Documents and Settings\Propriétaire\Incomplete
2008-07-31 20:33 . 2008-08-12 16:39 <REP> dr------- C:\Documents and Settings\Propriétaire\Shared
2008-07-31 20:33 . 2008-08-12 16:39 <REP> dr------- C:\Documents and Settings\Propriétaire\Shared
2008-07-31 20:33 . 2008-08-01 06:10 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\LimeWire
2008-07-31 20:32 . 2008-07-31 21:05 <REP> d-------- C:\Program Files\Java
2008-07-31 20:32 . 2008-07-31 20:32 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-07-31 20:31 . 2008-07-31 20:33 <REP> d-------- C:\Program Files\360Share Pro
2008-07-30 19:10 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-07-30 19:07 . 2008-07-31 13:45 <REP> d-------- C:\WINDOWS\NV29243568.TMP
2008-07-30 19:07 . 2007-11-06 20:00 158,263 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-07-30 18:30 . 2008-08-28 20:51 <REP> d-------- C:\Program Files\PokerStars
2008-07-30 13:40 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-30 13:38 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-30 13:38 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-30 13:38 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-30 12:22 . 2008-07-30 12:22 <REP> d-------- C:\Program Files\uTorrent
2008-07-30 12:22 . 2008-08-28 02:03 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\uTorrent
2008-07-30 00:19 . 2008-08-28 20:51 248 --a------ C:\WINDOWS\system\hpsysdrv.dat
2008-07-30 00:18 . 2008-07-30 00:19 <REP> d-------- C:\i386
2008-07-30 00:13 . 2008-08-27 15:44 <REP> dra------ C:\Program Files
2008-07-30 00:13 . 2008-08-27 23:42 <REP> dra------ C:\Documents and Settings\Propriétaire\Mes documents
2008-07-30 00:13 . 2008-08-27 23:42 <REP> dra------ C:\Documents and Settings\Propriétaire\Mes documents
2008-07-30 00:13 . 2008-07-30 12:22 <REP> dra------ C:\Documents and Settings\Propriétaire\Menu Démarrer
2008-07-30 00:13 . 2008-07-30 12:22 <REP> dra------ C:\Documents and Settings\Propriétaire\Menu Démarrer
2008-07-30 00:13 . 2008-08-27 17:05 <REP> dra------ C:\Documents and Settings\Propriétaire\Favoris
2008-07-30 00:13 . 2008-08-27 17:05 <REP> dra------ C:\Documents and Settings\Propriétaire\Favoris
2008-07-30 00:13 . 2008-07-30 00:16 <REP> dra------ C:\Documents and Settings\Default User\Menu Démarrer
2008-07-30 00:13 . 2008-07-30 18:30 <REP> dra------ C:\Documents and Settings\All Users\Menu Démarrer
2008-07-30 00:13 . 2008-08-01 12:36 <REP> d-a------ C:\Documents and Settings\All Users\Documents
2008-07-30 00:12 . 2008-08-27 11:38 <REP> drahsc--- C:\WINDOWS\system32\dllcache
2008-07-30 00:12 . 2008-07-30 00:16 <REP> dra------ C:\WINDOWS\system32\config\systemprofile\Menu Démarrer
2008-07-29 19:46 . 2008-08-13 12:17 <REP> d-------- C:\Documents and Settings\Propriétaire\Contacts
2008-07-29 19:46 . 2008-08-13 12:17 <REP> d-------- C:\Documents and Settings\Propriétaire\Contacts
2008-07-29 19:30 . 2008-07-29 19:30 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-07-29 19:27 . 2008-07-29 19:30 <REP> d-------- C:\Program Files\Windows Live
2008-07-29 19:27 . 2008-07-29 19:29 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-07-29 19:26 . 2008-07-29 19:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-29 19:10 . 2008-07-29 19:10 <REP> d-------- C:\WINDOWS\system32\Lang
2008-07-29 19:10 . 2008-07-29 19:10 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-07-29 19:10 . 2008-07-29 19:10 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-07-29 19:07 . 2004-08-04 08:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-07-29 19:07 . 2004-08-04 08:07 6,400 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys
2008-07-29 19:05 . 2005-05-03 12:43 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2008-07-29 18:31 . 2008-07-29 18:31 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\MSN6
2008-07-29 18:31 . 2008-07-29 18:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-07-29 17:59 . 2008-08-05 22:12 <REP> d-------- C:\Program Files\Neuf
2008-07-29 17:31 . 2008-07-29 17:31 <REP> d-------- C:\Documents and Settings\LocalService\Menu Démarrer
2008-07-29 17:31 . 2008-08-09 20:57 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-07-29 17:08 . 2008-07-29 17:08 <REP> d-------- C:\WINDOWS\provisioning
2008-07-29 17:08 . 2008-07-29 17:08 <REP> d-------- C:\WINDOWS\peernet
2008-07-29 17:07 . 2008-07-29 17:07 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-07-29 17:04 . 2008-07-29 17:04 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\InterVideo
2008-07-29 17:03 . 2008-07-29 17:03 <REP> d-------- C:\WINDOWS\EHome
2008-07-29 16:47 . 2008-07-29 19:05 <REP> d-------- C:\Program Files\Realtek
2008-07-29 16:44 . 2008-07-29 16:44 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\InstallShield
2008-07-29 16:44 . 2007-03-09 12:37 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-07-29 16:44 . 2006-10-11 05:33 10,288 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-07-29 16:44 . 2008-07-29 19:05 4,738 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-07-29 16:35 . 2007-03-06 06:25 196,096 -ra------ C:\WINDOWS\system32\fdco1ins.dll
2008-07-29 16:35 . 2007-03-06 06:25 9,216 -ra------ C:\WINDOWS\system32\bdco1ins.dll
2008-07-29 16:35 . 2007-01-03 06:20 1,732 -ra------ C:\WINDOWS\system32\drivers\nvphy.bin
2008-07-29 16:34 . 2007-02-16 02:50 12,032 -ra------ C:\WINDOWS\system32\drivers\nvsmu.sys
2008-07-29 16:33 . 2008-07-30 19:07 146,832 --a------ C:\WINDOWS\system32\nvapps.xml
2008-07-29 16:32 . 2007-04-20 15:32 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-07-29 16:32 . 2007-11-06 20:00 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-07-29 16:28 . 2002-11-07 22:40 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-07-29 16:28 . 2005-10-21 00:25 1,097,728 --a------ C:\WINDOWS\system32\esent.dll
2008-07-29 16:28 . 2004-08-20 00:56 54,400 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2008-07-29 16:28 . 2004-08-20 01:00 25,216 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys
2008-07-29 16:28 . 2002-10-16 09:52 24,576 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2008-07-29 16:27 . 2002-11-07 22:40 <REP> d-------- C:\Documents and Settings\Default User\WINDOWS
2008-07-29 16:22 . 2004-08-04 08:10 61,056 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys
2008-07-29 16:22 . 2004-08-04 08:10 53,248 --a------ C:\WINDOWS\system32\drivers\1394bus.sys
2008-07-29 16:22 . 2004-08-04 08:08 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2008-07-29 16:22 . 2004-08-04 08:07 8,832 --a------ C:\WINDOWS\system32\drivers\wmiacpi.sys
2008-07-29 16:22 . 2001-08-17 21:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2008-07-29 16:21 . 2008-07-29 16:21 <REP> d---s---- C:\Documents and Settings\Propriétaire\UserData
2008-07-29 16:21 . 2008-07-29 16:21 <REP> d---s---- C:\Documents and Settings\Propriétaire\UserData
2008-07-29 16:12 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-07-29 16:12 . 2004-08-19 16:10 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2008-07-29 16:12 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-07-29 16:12 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-07-29 16:10 . 2008-07-29 16:10 12,744 --a------ C:\WINDOWS\system32\wpa.bak
2008-07-29 16:00 . 2008-07-29 16:00 <REP> d-------- C:\Program Files\Avira
2008-07-29 16:00 . 2008-07-29 16:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-29 15:57 . 2008-07-29 15:57 <REP> d-------- C:\WINDOWS\system32\bits
2008-07-29 15:56 . 2008-08-17 13:49 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-07-29 15:56 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-07-29 15:55 . 2004-08-20 01:09 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-07-29 15:55 . 2004-08-20 01:09 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-07-29 15:55 . 2004-08-20 01:09 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-07-29 15:55 . 2004-08-20 01:09 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-24 15:11 --------- d-----w C:\Program Files\RecordNow
2008-08-24 14:32 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\VERITAS
2008-08-02 13:33 --------- d-----w C:\Program Files\Pinnacle
2008-07-30 17:11 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-07-29 14:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-31 23:49 171448]
"Neuf Media Center"="C:\Program Files\Neuf\Media Center\MediaCenter.exe" [2007-10-15 17:57 1025264]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 10:42 202088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-09-09 08:05 114688]
"KYE_Showicon"="C:\Program Files\USB Storage RW\shwicon.exe" [2002-10-25 16:33 69632]
"KBD"="C:\HP\KBD\KBD.EXE" [2001-07-06 21:56 61440]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 09:01 155648]
"WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [2002-02-20 20:40 143360]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 22:42 212992]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-06 20:00 8523776]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-07-31 20:28 81920]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-11-06 20:00 81920]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"nwiz"="nwiz.exe" [2007-11-06 20:00 1626112 C:\WINDOWS\system32\nwiz.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 13:49 16269312 C:\WINDOWS\RTHDCPL.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= vdrcodec.dll
"VIDC.PIM1"= pclepim1.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\Program Files\Neuf\Media Center\httpd\httpd.exe"= C:\Program Files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)
R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\DRIVERS\avgntmgr.sys [2008-01-21 18:11]
R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2008-05-09 13:15]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c33a43c-66d7-11dd-8ddb-001966390bc8}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-29 00:41:20
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-08-29 0:42:31
ComboFix-quarantined-files.txt 2008-08-28 22:42:28
ComboFix2.txt 2008-08-27 13:47:12
Pre-Run: 44,970,864,640 octets libres
Post-Run: 45,090,816,000 octets libres
219 --- E O F --- 2008-08-17 11:49:43
et voici hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:46, on 29/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5298 bytes
voila merci
j'ai finalement trouver le bloque note (pfff) j'ai recommencer mais pareil il ne ma pas demander de faire un choix et de valider et il n'a pas redemarrer non plus enfin je renvoi les rapports esperant avoir bien fait
ComboFix 08-08-28.04 - Propriétaire 2008-08-29 0:51:15.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1612 [GMT 2:00]
Endroit: C:\Documents and Settings\Propriétaire\Bureau\combofix2.exe
Command switches used :: C:\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
C:\WINDOWS\qalkfxor.dll
C:\WINDOWS\rodqgpvlndk.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\qalkfxor.dll
C:\WINDOWS\rodqgpvlndk.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-28 to 2008-08-28 ))))))))))))))))))))))))))))))))))))
.
2008-08-27 11:47 . 2008-08-27 11:47 <REP> d-------- C:\Program Files\Trend Micro
2008-08-25 19:00 . 2008-08-25 19:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\services
2008-08-25 18:58 . 2008-08-25 18:13 294,912 --a------ C:\WINDOWS\pdoskegl.dll
2008-08-25 18:58 . 2008-08-25 18:13 270,336 --a------ C:\WINDOWS\rqbmvpso.dll
2008-08-25 18:58 . 2008-08-25 18:13 86,016 --a------ C:\WINDOWS\rvoelbxt.exe
2008-08-20 02:24 . 2008-08-20 02:24 <REP> d-------- C:\Program Files\VirginMega
2008-08-20 02:23 . 2008-08-20 02:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-08-15 19:27 . 2008-04-11 20:51 683,520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-15 19:27 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-12 17:48 . 2008-08-12 17:49 <REP> d-------- C:\Program Files\TomTom HOME 2
2008-08-10 14:26 . 2008-08-10 14:26 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\TomTom
2008-08-10 14:26 . 2008-08-10 14:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TomTom
2008-08-10 14:24 . 2008-08-10 14:24 <REP> d-------- C:\Program Files\TomTom DesktopSuite
2008-08-09 20:58 . 2008-08-09 20:58 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-08-09 20:58 . 2006-10-04 16:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-08-09 20:58 . 2006-10-04 16:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-08-09 20:58 . 2006-10-04 16:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-08-09 20:57 . 2004-08-04 08:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-08-09 20:56 . 2008-08-09 20:56 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-08-09 20:56 . 2008-08-09 20:57 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-08-08 18:58 . 2008-08-08 19:00 <REP> d-------- C:\Program Files\GalaPlayer
2008-08-08 13:32 . 2008-08-15 19:25 <REP> d-------- C:\Program Files\Everest Poker
2008-08-05 17:13 . 2008-08-05 17:13 <REP> d-------- C:\Program Files\VideoLAN
2008-08-05 17:13 . 2008-08-05 17:13 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\vlc
2008-08-02 16:44 . 2008-08-02 16:44 <REP> d-------- C:\WINDOWS\Sun
2008-08-02 10:55 . 2008-08-27 15:35 <REP> d-------- C:\Program Files\ExpertEnhancer
2008-08-02 10:55 . 2006-04-14 23:05 9,952 --a------ C:\regxpcom.exe
2008-08-01 12:21 . 2004-08-20 01:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-31 21:05 . 2008-08-01 16:05 <REP> d-------- C:\Program Files\Google
2008-07-31 21:05 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-31 20:34 . 2008-08-01 15:20 <REP> d-------- C:\Documents and Settings\Propriétaire\Incomplete
2008-07-31 20:34 . 2008-08-01 15:20 <REP> d-------- C:\Documents and Settings\Propriétaire\Incomplete
2008-07-31 20:33 . 2008-08-12 16:39 <REP> dr------- C:\Documents and Settings\Propriétaire\Shared
2008-07-31 20:33 . 2008-08-12 16:39 <REP> dr------- C:\Documents and Settings\Propriétaire\Shared
2008-07-31 20:33 . 2008-08-01 06:10 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\LimeWire
2008-07-31 20:32 . 2008-07-31 21:05 <REP> d-------- C:\Program Files\Java
2008-07-31 20:32 . 2008-07-31 20:32 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-07-31 20:31 . 2008-07-31 20:33 <REP> d-------- C:\Program Files\360Share Pro
2008-07-30 19:10 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-07-30 19:07 . 2008-07-31 13:45 <REP> d-------- C:\WINDOWS\NV29243568.TMP
2008-07-30 19:07 . 2007-11-06 20:00 158,263 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-07-30 18:30 . 2008-08-28 20:51 <REP> d-------- C:\Program Files\PokerStars
2008-07-30 13:40 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-30 13:38 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-30 13:38 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-30 13:38 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-30 12:22 . 2008-07-30 12:22 <REP> d-------- C:\Program Files\uTorrent
2008-07-30 12:22 . 2008-08-28 02:03 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\uTorrent
2008-07-30 00:19 . 2008-08-28 20:51 248 --a------ C:\WINDOWS\system\hpsysdrv.dat
2008-07-30 00:18 . 2008-07-30 00:19 <REP> d-------- C:\i386
2008-07-30 00:13 . 2008-08-27 15:44 <REP> dra------ C:\Program Files
2008-07-30 00:13 . 2008-08-27 23:42 <REP> dra------ C:\Documents and Settings\Propriétaire\Mes documents
2008-07-30 00:13 . 2008-08-27 23:42 <REP> dra------ C:\Documents and Settings\Propriétaire\Mes documents
2008-07-30 00:13 . 2008-07-30 12:22 <REP> dra------ C:\Documents and Settings\Propriétaire\Menu Démarrer
2008-07-30 00:13 . 2008-07-30 12:22 <REP> dra------ C:\Documents and Settings\Propriétaire\Menu Démarrer
2008-07-30 00:13 . 2008-08-27 17:05 <REP> dra------ C:\Documents and Settings\Propriétaire\Favoris
2008-07-30 00:13 . 2008-08-27 17:05 <REP> dra------ C:\Documents and Settings\Propriétaire\Favoris
2008-07-30 00:13 . 2008-07-30 00:16 <REP> dra------ C:\Documents and Settings\Default User\Menu Démarrer
2008-07-30 00:13 . 2008-07-30 18:30 <REP> dra------ C:\Documents and Settings\All Users\Menu Démarrer
2008-07-30 00:13 . 2008-08-01 12:36 <REP> d-a------ C:\Documents and Settings\All Users\Documents
2008-07-30 00:12 . 2008-08-27 11:38 <REP> drahsc--- C:\WINDOWS\system32\dllcache
2008-07-30 00:12 . 2008-07-30 00:16 <REP> dra------ C:\WINDOWS\system32\config\systemprofile\Menu Démarrer
2008-07-29 19:46 . 2008-08-13 12:17 <REP> d-------- C:\Documents and Settings\Propriétaire\Contacts
2008-07-29 19:46 . 2008-08-13 12:17 <REP> d-------- C:\Documents and Settings\Propriétaire\Contacts
2008-07-29 19:30 . 2008-07-29 19:30 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-07-29 19:27 . 2008-07-29 19:30 <REP> d-------- C:\Program Files\Windows Live
2008-07-29 19:27 . 2008-07-29 19:29 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-07-29 19:26 . 2008-07-29 19:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-29 19:10 . 2008-07-29 19:10 <REP> d-------- C:\WINDOWS\system32\Lang
2008-07-29 19:10 . 2008-07-29 19:10 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-07-29 19:10 . 2008-07-29 19:10 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-07-29 19:07 . 2004-08-04 08:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-07-29 19:07 . 2004-08-04 08:07 6,400 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys
2008-07-29 19:05 . 2005-05-03 12:43 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2008-07-29 18:31 . 2008-07-29 18:31 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\MSN6
2008-07-29 18:31 . 2008-07-29 18:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-07-29 17:59 . 2008-08-05 22:12 <REP> d-------- C:\Program Files\Neuf
2008-07-29 17:31 . 2008-07-29 17:31 <REP> d-------- C:\Documents and Settings\LocalService\Menu Démarrer
2008-07-29 17:31 . 2008-08-09 20:57 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-07-29 17:08 . 2008-07-29 17:08 <REP> d-------- C:\WINDOWS\provisioning
2008-07-29 17:08 . 2008-07-29 17:08 <REP> d-------- C:\WINDOWS\peernet
2008-07-29 17:07 . 2008-07-29 17:07 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-07-29 17:04 . 2008-07-29 17:04 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\InterVideo
2008-07-29 17:03 . 2008-07-29 17:03 <REP> d-------- C:\WINDOWS\EHome
2008-07-29 16:47 . 2008-07-29 19:05 <REP> d-------- C:\Program Files\Realtek
2008-07-29 16:44 . 2008-07-29 16:44 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\InstallShield
2008-07-29 16:44 . 2007-03-09 12:37 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-07-29 16:44 . 2006-10-11 05:33 10,288 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-07-29 16:44 . 2008-07-29 19:05 4,738 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-07-29 16:35 . 2007-03-06 06:25 196,096 -ra------ C:\WINDOWS\system32\fdco1ins.dll
2008-07-29 16:35 . 2007-03-06 06:25 9,216 -ra------ C:\WINDOWS\system32\bdco1ins.dll
2008-07-29 16:35 . 2007-01-03 06:20 1,732 -ra------ C:\WINDOWS\system32\drivers\nvphy.bin
2008-07-29 16:34 . 2007-02-16 02:50 12,032 -ra------ C:\WINDOWS\system32\drivers\nvsmu.sys
2008-07-29 16:33 . 2008-07-30 19:07 146,832 --a------ C:\WINDOWS\system32\nvapps.xml
2008-07-29 16:32 . 2007-04-20 15:32 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-07-29 16:32 . 2007-11-06 20:00 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-07-29 16:28 . 2002-11-07 22:40 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-07-29 16:28 . 2005-10-21 00:25 1,097,728 --a------ C:\WINDOWS\system32\esent.dll
2008-07-29 16:28 . 2004-08-20 00:56 54,400 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2008-07-29 16:28 . 2004-08-20 01:00 25,216 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys
2008-07-29 16:28 . 2002-10-16 09:52 24,576 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2008-07-29 16:27 . 2002-11-07 22:40 <REP> d-------- C:\Documents and Settings\Default User\WINDOWS
2008-07-29 16:22 . 2004-08-04 08:10 61,056 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys
2008-07-29 16:22 . 2004-08-04 08:10 53,248 --a------ C:\WINDOWS\system32\drivers\1394bus.sys
2008-07-29 16:22 . 2004-08-04 08:08 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2008-07-29 16:22 . 2004-08-04 08:07 8,832 --a------ C:\WINDOWS\system32\drivers\wmiacpi.sys
2008-07-29 16:22 . 2001-08-17 21:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2008-07-29 16:21 . 2008-07-29 16:21 <REP> d---s---- C:\Documents and Settings\Propriétaire\UserData
2008-07-29 16:21 . 2008-07-29 16:21 <REP> d---s---- C:\Documents and Settings\Propriétaire\UserData
2008-07-29 16:12 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-07-29 16:12 . 2004-08-19 16:10 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2008-07-29 16:12 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-07-29 16:12 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-07-29 16:10 . 2008-07-29 16:10 12,744 --a------ C:\WINDOWS\system32\wpa.bak
2008-07-29 16:00 . 2008-07-29 16:00 <REP> d-------- C:\Program Files\Avira
2008-07-29 16:00 . 2008-07-29 16:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-29 15:57 . 2008-07-29 15:57 <REP> d-------- C:\WINDOWS\system32\bits
2008-07-29 15:56 . 2008-08-17 13:49 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-07-29 15:56 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-07-29 15:55 . 2004-08-20 01:09 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-07-29 15:55 . 2004-08-20 01:09 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-07-29 15:55 . 2004-08-20 01:09 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-07-29 15:55 . 2004-08-20 01:09 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-24 15:11 --------- d-----w C:\Program Files\RecordNow
2008-08-24 14:32 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\VERITAS
2008-08-02 13:33 --------- d-----w C:\Program Files\Pinnacle
2008-07-30 17:11 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-07-29 14:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-31 23:49 171448]
"Neuf Media Center"="C:\Program Files\Neuf\Media Center\MediaCenter.exe" [2007-10-15 17:57 1025264]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 10:42 202088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-09-09 08:05 114688]
"KYE_Showicon"="C:\Program Files\USB Storage RW\shwicon.exe" [2002-10-25 16:33 69632]
"KBD"="C:\HP\KBD\KBD.EXE" [2001-07-06 21:56 61440]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 09:01 155648]
"WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [2002-02-20 20:40 143360]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 22:42 212992]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-06 20:00 8523776]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-07-31 20:28 81920]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-11-06 20:00 81920]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"nwiz"="nwiz.exe" [2007-11-06 20:00 1626112 C:\WINDOWS\system32\nwiz.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 13:49 16269312 C:\WINDOWS\RTHDCPL.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= vdrcodec.dll
"VIDC.PIM1"= pclepim1.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\Program Files\Neuf\Media Center\httpd\httpd.exe"= C:\Program Files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)
R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\DRIVERS\avgntmgr.sys [2008-01-21 18:11]
R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2008-05-09 13:15]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c33a43c-66d7-11dd-8ddb-001966390bc8}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-29 00:51:59
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-08-29 0:52:46
ComboFix-quarantined-files.txt 2008-08-28 22:52:43
ComboFix2.txt 2008-08-28 22:42:32
ComboFix3.txt 2008-08-27 13:47:12
Pre-Run: 46,235,484,160 octets libres
Post-Run: 46,232,743,936 octets libres
221 --- E O F --- 2008-08-17 11:49:43
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:55, on 29/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5298 bytes
merci
ComboFix 08-08-28.04 - Propriétaire 2008-08-29 0:51:15.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1612 [GMT 2:00]
Endroit: C:\Documents and Settings\Propriétaire\Bureau\combofix2.exe
Command switches used :: C:\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
C:\WINDOWS\qalkfxor.dll
C:\WINDOWS\rodqgpvlndk.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\qalkfxor.dll
C:\WINDOWS\rodqgpvlndk.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-28 to 2008-08-28 ))))))))))))))))))))))))))))))))))))
.
2008-08-27 11:47 . 2008-08-27 11:47 <REP> d-------- C:\Program Files\Trend Micro
2008-08-25 19:00 . 2008-08-25 19:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\services
2008-08-25 18:58 . 2008-08-25 18:13 294,912 --a------ C:\WINDOWS\pdoskegl.dll
2008-08-25 18:58 . 2008-08-25 18:13 270,336 --a------ C:\WINDOWS\rqbmvpso.dll
2008-08-25 18:58 . 2008-08-25 18:13 86,016 --a------ C:\WINDOWS\rvoelbxt.exe
2008-08-20 02:24 . 2008-08-20 02:24 <REP> d-------- C:\Program Files\VirginMega
2008-08-20 02:23 . 2008-08-20 02:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-08-15 19:27 . 2008-04-11 20:51 683,520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-15 19:27 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-12 17:48 . 2008-08-12 17:49 <REP> d-------- C:\Program Files\TomTom HOME 2
2008-08-10 14:26 . 2008-08-10 14:26 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\TomTom
2008-08-10 14:26 . 2008-08-10 14:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TomTom
2008-08-10 14:24 . 2008-08-10 14:24 <REP> d-------- C:\Program Files\TomTom DesktopSuite
2008-08-09 20:58 . 2008-08-09 20:58 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-08-09 20:58 . 2006-10-04 16:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-08-09 20:58 . 2006-10-04 16:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-08-09 20:58 . 2006-10-04 16:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-08-09 20:57 . 2004-08-04 08:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-08-09 20:56 . 2008-08-09 20:56 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-08-09 20:56 . 2008-08-09 20:57 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-08-08 18:58 . 2008-08-08 19:00 <REP> d-------- C:\Program Files\GalaPlayer
2008-08-08 13:32 . 2008-08-15 19:25 <REP> d-------- C:\Program Files\Everest Poker
2008-08-05 17:13 . 2008-08-05 17:13 <REP> d-------- C:\Program Files\VideoLAN
2008-08-05 17:13 . 2008-08-05 17:13 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\vlc
2008-08-02 16:44 . 2008-08-02 16:44 <REP> d-------- C:\WINDOWS\Sun
2008-08-02 10:55 . 2008-08-27 15:35 <REP> d-------- C:\Program Files\ExpertEnhancer
2008-08-02 10:55 . 2006-04-14 23:05 9,952 --a------ C:\regxpcom.exe
2008-08-01 12:21 . 2004-08-20 01:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-31 21:05 . 2008-08-01 16:05 <REP> d-------- C:\Program Files\Google
2008-07-31 21:05 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-31 20:34 . 2008-08-01 15:20 <REP> d-------- C:\Documents and Settings\Propriétaire\Incomplete
2008-07-31 20:34 . 2008-08-01 15:20 <REP> d-------- C:\Documents and Settings\Propriétaire\Incomplete
2008-07-31 20:33 . 2008-08-12 16:39 <REP> dr------- C:\Documents and Settings\Propriétaire\Shared
2008-07-31 20:33 . 2008-08-12 16:39 <REP> dr------- C:\Documents and Settings\Propriétaire\Shared
2008-07-31 20:33 . 2008-08-01 06:10 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\LimeWire
2008-07-31 20:32 . 2008-07-31 21:05 <REP> d-------- C:\Program Files\Java
2008-07-31 20:32 . 2008-07-31 20:32 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-07-31 20:31 . 2008-07-31 20:33 <REP> d-------- C:\Program Files\360Share Pro
2008-07-30 19:10 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-07-30 19:07 . 2008-07-31 13:45 <REP> d-------- C:\WINDOWS\NV29243568.TMP
2008-07-30 19:07 . 2007-11-06 20:00 158,263 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-07-30 18:30 . 2008-08-28 20:51 <REP> d-------- C:\Program Files\PokerStars
2008-07-30 13:40 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-30 13:38 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-30 13:38 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-30 13:38 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-30 12:22 . 2008-07-30 12:22 <REP> d-------- C:\Program Files\uTorrent
2008-07-30 12:22 . 2008-08-28 02:03 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\uTorrent
2008-07-30 00:19 . 2008-08-28 20:51 248 --a------ C:\WINDOWS\system\hpsysdrv.dat
2008-07-30 00:18 . 2008-07-30 00:19 <REP> d-------- C:\i386
2008-07-30 00:13 . 2008-08-27 15:44 <REP> dra------ C:\Program Files
2008-07-30 00:13 . 2008-08-27 23:42 <REP> dra------ C:\Documents and Settings\Propriétaire\Mes documents
2008-07-30 00:13 . 2008-08-27 23:42 <REP> dra------ C:\Documents and Settings\Propriétaire\Mes documents
2008-07-30 00:13 . 2008-07-30 12:22 <REP> dra------ C:\Documents and Settings\Propriétaire\Menu Démarrer
2008-07-30 00:13 . 2008-07-30 12:22 <REP> dra------ C:\Documents and Settings\Propriétaire\Menu Démarrer
2008-07-30 00:13 . 2008-08-27 17:05 <REP> dra------ C:\Documents and Settings\Propriétaire\Favoris
2008-07-30 00:13 . 2008-08-27 17:05 <REP> dra------ C:\Documents and Settings\Propriétaire\Favoris
2008-07-30 00:13 . 2008-07-30 00:16 <REP> dra------ C:\Documents and Settings\Default User\Menu Démarrer
2008-07-30 00:13 . 2008-07-30 18:30 <REP> dra------ C:\Documents and Settings\All Users\Menu Démarrer
2008-07-30 00:13 . 2008-08-01 12:36 <REP> d-a------ C:\Documents and Settings\All Users\Documents
2008-07-30 00:12 . 2008-08-27 11:38 <REP> drahsc--- C:\WINDOWS\system32\dllcache
2008-07-30 00:12 . 2008-07-30 00:16 <REP> dra------ C:\WINDOWS\system32\config\systemprofile\Menu Démarrer
2008-07-29 19:46 . 2008-08-13 12:17 <REP> d-------- C:\Documents and Settings\Propriétaire\Contacts
2008-07-29 19:46 . 2008-08-13 12:17 <REP> d-------- C:\Documents and Settings\Propriétaire\Contacts
2008-07-29 19:30 . 2008-07-29 19:30 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-07-29 19:27 . 2008-07-29 19:30 <REP> d-------- C:\Program Files\Windows Live
2008-07-29 19:27 . 2008-07-29 19:29 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-07-29 19:26 . 2008-07-29 19:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-29 19:10 . 2008-07-29 19:10 <REP> d-------- C:\WINDOWS\system32\Lang
2008-07-29 19:10 . 2008-07-29 19:10 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-07-29 19:10 . 2008-07-29 19:10 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-07-29 19:07 . 2004-08-04 08:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-07-29 19:07 . 2004-08-04 08:07 6,400 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys
2008-07-29 19:05 . 2005-05-03 12:43 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2008-07-29 18:31 . 2008-07-29 18:31 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\MSN6
2008-07-29 18:31 . 2008-07-29 18:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-07-29 17:59 . 2008-08-05 22:12 <REP> d-------- C:\Program Files\Neuf
2008-07-29 17:31 . 2008-07-29 17:31 <REP> d-------- C:\Documents and Settings\LocalService\Menu Démarrer
2008-07-29 17:31 . 2008-08-09 20:57 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-07-29 17:08 . 2008-07-29 17:08 <REP> d-------- C:\WINDOWS\provisioning
2008-07-29 17:08 . 2008-07-29 17:08 <REP> d-------- C:\WINDOWS\peernet
2008-07-29 17:07 . 2008-07-29 17:07 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-07-29 17:04 . 2008-07-29 17:04 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\InterVideo
2008-07-29 17:03 . 2008-07-29 17:03 <REP> d-------- C:\WINDOWS\EHome
2008-07-29 16:47 . 2008-07-29 19:05 <REP> d-------- C:\Program Files\Realtek
2008-07-29 16:44 . 2008-07-29 16:44 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\InstallShield
2008-07-29 16:44 . 2007-03-09 12:37 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-07-29 16:44 . 2006-10-11 05:33 10,288 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-07-29 16:44 . 2008-07-29 19:05 4,738 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-07-29 16:35 . 2007-03-06 06:25 196,096 -ra------ C:\WINDOWS\system32\fdco1ins.dll
2008-07-29 16:35 . 2007-03-06 06:25 9,216 -ra------ C:\WINDOWS\system32\bdco1ins.dll
2008-07-29 16:35 . 2007-01-03 06:20 1,732 -ra------ C:\WINDOWS\system32\drivers\nvphy.bin
2008-07-29 16:34 . 2007-02-16 02:50 12,032 -ra------ C:\WINDOWS\system32\drivers\nvsmu.sys
2008-07-29 16:33 . 2008-07-30 19:07 146,832 --a------ C:\WINDOWS\system32\nvapps.xml
2008-07-29 16:32 . 2007-04-20 15:32 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-07-29 16:32 . 2007-11-06 20:00 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-07-29 16:28 . 2002-11-07 22:40 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-07-29 16:28 . 2005-10-21 00:25 1,097,728 --a------ C:\WINDOWS\system32\esent.dll
2008-07-29 16:28 . 2004-08-20 00:56 54,400 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2008-07-29 16:28 . 2004-08-20 01:00 25,216 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys
2008-07-29 16:28 . 2002-10-16 09:52 24,576 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2008-07-29 16:27 . 2002-11-07 22:40 <REP> d-------- C:\Documents and Settings\Default User\WINDOWS
2008-07-29 16:22 . 2004-08-04 08:10 61,056 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys
2008-07-29 16:22 . 2004-08-04 08:10 53,248 --a------ C:\WINDOWS\system32\drivers\1394bus.sys
2008-07-29 16:22 . 2004-08-04 08:08 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2008-07-29 16:22 . 2004-08-04 08:07 8,832 --a------ C:\WINDOWS\system32\drivers\wmiacpi.sys
2008-07-29 16:22 . 2001-08-17 21:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2008-07-29 16:21 . 2008-07-29 16:21 <REP> d---s---- C:\Documents and Settings\Propriétaire\UserData
2008-07-29 16:21 . 2008-07-29 16:21 <REP> d---s---- C:\Documents and Settings\Propriétaire\UserData
2008-07-29 16:12 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-07-29 16:12 . 2004-08-19 16:10 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2008-07-29 16:12 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-07-29 16:12 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-07-29 16:10 . 2008-07-29 16:10 12,744 --a------ C:\WINDOWS\system32\wpa.bak
2008-07-29 16:00 . 2008-07-29 16:00 <REP> d-------- C:\Program Files\Avira
2008-07-29 16:00 . 2008-07-29 16:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-29 15:57 . 2008-07-29 15:57 <REP> d-------- C:\WINDOWS\system32\bits
2008-07-29 15:56 . 2008-08-17 13:49 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-07-29 15:56 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-07-29 15:55 . 2004-08-20 01:09 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-07-29 15:55 . 2004-08-20 01:09 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-07-29 15:55 . 2004-08-20 01:09 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-07-29 15:55 . 2004-08-20 01:09 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-24 15:11 --------- d-----w C:\Program Files\RecordNow
2008-08-24 14:32 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\VERITAS
2008-08-02 13:33 --------- d-----w C:\Program Files\Pinnacle
2008-07-30 17:11 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-07-29 14:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-31 23:49 171448]
"Neuf Media Center"="C:\Program Files\Neuf\Media Center\MediaCenter.exe" [2007-10-15 17:57 1025264]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 10:42 202088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-09-09 08:05 114688]
"KYE_Showicon"="C:\Program Files\USB Storage RW\shwicon.exe" [2002-10-25 16:33 69632]
"KBD"="C:\HP\KBD\KBD.EXE" [2001-07-06 21:56 61440]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 09:01 155648]
"WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [2002-02-20 20:40 143360]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 22:42 212992]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-06 20:00 8523776]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-07-31 20:28 81920]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-11-06 20:00 81920]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"nwiz"="nwiz.exe" [2007-11-06 20:00 1626112 C:\WINDOWS\system32\nwiz.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 13:49 16269312 C:\WINDOWS\RTHDCPL.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= vdrcodec.dll
"VIDC.PIM1"= pclepim1.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\Program Files\Neuf\Media Center\httpd\httpd.exe"= C:\Program Files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)
R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\DRIVERS\avgntmgr.sys [2008-01-21 18:11]
R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2008-05-09 13:15]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c33a43c-66d7-11dd-8ddb-001966390bc8}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-29 00:51:59
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-08-29 0:52:46
ComboFix-quarantined-files.txt 2008-08-28 22:52:43
ComboFix2.txt 2008-08-28 22:42:32
ComboFix3.txt 2008-08-27 13:47:12
Pre-Run: 46,235,484,160 octets libres
Post-Run: 46,232,743,936 octets libres
221 --- E O F --- 2008-08-17 11:49:43
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:55, on 29/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5298 bytes
merci
alors voici le rapport juste pour te dire aussi que mon ordi il rame completement alors peu etre que le fait d'avoir fait cette manip va changer quelque chose ...j'atten donc les instructions... merci chef!!
ComboFix 08-08-30.03 - Propriétaire 2008-08-31 17:52:55.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1627 [GMT 2:00]
Endroit: C:\Documents and Settings\Propriétaire\Bureau\combofix2.exe
Command switches used :: C:\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\pdoskegl.dll
C:\WINDOWS\rqbmvpso.dll
C:\WINDOWS\rvoelbxt.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-28 to 2008-08-31 ))))))))))))))))))))))))))))))))))))
.
2008-08-29 01:29 . 2008-08-29 01:29 <REP> d---s---- C:\WINDOWS\Cookies
2008-08-27 11:47 . 2008-08-27 11:47 <REP> d-------- C:\Program Files\Trend Micro
2008-08-25 19:00 . 2008-08-25 19:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\services
2008-08-20 02:24 . 2008-08-20 02:24 <REP> d-------- C:\Program Files\VirginMega
2008-08-20 02:23 . 2008-08-20 02:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-08-15 19:27 . 2008-04-11 20:51 683,520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-15 19:27 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-12 17:48 . 2008-08-12 17:49 <REP> d-------- C:\Program Files\TomTom HOME 2
2008-08-10 14:26 . 2008-08-10 14:26 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\TomTom
2008-08-10 14:26 . 2008-08-10 14:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TomTom
2008-08-10 14:24 . 2008-08-10 14:24 <REP> d-------- C:\Program Files\TomTom DesktopSuite
2008-08-09 20:58 . 2008-08-09 20:58 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-08-09 20:58 . 2006-10-04 16:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-08-09 20:58 . 2006-10-04 16:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-08-09 20:58 . 2006-10-04 16:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-08-09 20:57 . 2004-08-04 08:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-08-09 20:56 . 2008-08-09 20:56 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-08-09 20:56 . 2008-08-09 20:57 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-08-08 18:58 . 2008-08-08 19:00 <REP> d-------- C:\Program Files\GalaPlayer
2008-08-08 13:32 . 2008-08-15 19:25 <REP> d-------- C:\Program Files\Everest Poker
2008-08-05 17:13 . 2008-08-05 17:13 <REP> d-------- C:\Program Files\VideoLAN
2008-08-05 17:13 . 2008-08-05 17:13 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\vlc
2008-08-02 16:44 . 2008-08-02 16:44 <REP> d-------- C:\WINDOWS\Sun
2008-08-02 10:55 . 2008-08-27 15:35 <REP> d-------- C:\Program Files\ExpertEnhancer
2008-08-02 10:55 . 2006-04-14 23:05 9,952 --a------ C:\regxpcom.exe
2008-08-01 12:21 . 2004-08-20 01:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-31 21:05 . 2008-08-01 16:05 <REP> d-------- C:\Program Files\Google
2008-07-31 21:05 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-31 20:34 . 2008-08-01 15:20 <REP> d-------- C:\Documents and Settings\Propriétaire\Incomplete
2008-07-31 20:34 . 2008-08-01 15:20 <REP> d-------- C:\Documents and Settings\Propriétaire\Incomplete
2008-07-31 20:33 . 2008-08-12 16:39 <REP> dr------- C:\Documents and Settings\Propriétaire\Shared
2008-07-31 20:33 . 2008-08-12 16:39 <REP> dr------- C:\Documents and Settings\Propriétaire\Shared
2008-07-31 20:33 . 2008-08-01 06:10 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\LimeWire
2008-07-31 20:32 . 2008-07-31 21:05 <REP> d-------- C:\Program Files\Java
2008-07-31 20:32 . 2008-07-31 20:32 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-07-31 20:31 . 2008-07-31 20:33 <REP> d-------- C:\Program Files\360Share Pro
2008-07-30 19:10 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-07-30 19:07 . 2008-07-31 13:45 <REP> d-------- C:\WINDOWS\NV29243568.TMP
2008-07-30 19:07 . 2007-11-06 20:00 158,263 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-07-30 18:30 . 2008-08-30 20:35 <REP> d-------- C:\Program Files\PokerStars
2008-07-30 13:40 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-30 13:38 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-30 13:38 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-30 13:38 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-30 12:22 . 2008-07-30 12:22 <REP> d-------- C:\Program Files\uTorrent
2008-07-30 12:22 . 2008-08-30 23:13 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\uTorrent
2008-07-30 00:19 . 2008-08-31 14:37 248 --a------ C:\WINDOWS\system\hpsysdrv.dat
2008-07-30 00:18 . 2008-07-30 00:19 <REP> d-------- C:\i386
2008-07-30 00:13 . 2008-08-27 15:44 <REP> dra------ C:\Program Files
2008-07-30 00:13 . 2008-08-30 20:24 <REP> dra------ C:\Documents and Settings\Propriétaire\Mes documents
2008-07-30 00:13 . 2008-08-30 20:24 <REP> dra------ C:\Documents and Settings\Propriétaire\Mes documents
2008-07-30 00:13 . 2008-07-30 12:22 <REP> dra------ C:\Documents and Settings\Propriétaire\Menu Démarrer
2008-07-30 00:13 . 2008-07-30 12:22 <REP> dra------ C:\Documents and Settings\Propriétaire\Menu Démarrer
2008-07-30 00:13 . 2008-08-31 11:00 <REP> dra------ C:\Documents and Settings\Propriétaire\Favoris
2008-07-30 00:13 . 2008-08-31 11:00 <REP> dra------ C:\Documents and Settings\Propriétaire\Favoris
2008-07-30 00:13 . 2008-07-30 00:16 <REP> dra------ C:\Documents and Settings\Default User\Menu Démarrer
2008-07-30 00:13 . 2008-07-30 18:30 <REP> dra------ C:\Documents and Settings\All Users\Menu Démarrer
2008-07-30 00:13 . 2008-08-01 12:36 <REP> d-a------ C:\Documents and Settings\All Users\Documents
2008-07-30 00:12 . 2008-08-27 11:38 <REP> drahsc--- C:\WINDOWS\system32\dllcache
2008-07-30 00:12 . 2008-07-30 00:16 <REP> dra------ C:\WINDOWS\system32\config\systemprofile\Menu Démarrer
2008-07-29 19:46 . 2008-08-13 12:17 <REP> d-------- C:\Documents and Settings\Propriétaire\Contacts
2008-07-29 19:46 . 2008-08-13 12:17 <REP> d-------- C:\Documents and Settings\Propriétaire\Contacts
2008-07-29 19:30 . 2008-07-29 19:30 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-07-29 19:27 . 2008-07-29 19:30 <REP> d-------- C:\Program Files\Windows Live
2008-07-29 19:27 . 2008-07-29 19:29 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-07-29 19:26 . 2008-07-29 19:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-29 19:10 . 2008-07-29 19:10 <REP> d-------- C:\WINDOWS\system32\Lang
2008-07-29 19:10 . 2008-07-29 19:10 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-07-29 19:10 . 2008-07-29 19:10 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-07-29 19:07 . 2004-08-04 08:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-07-29 19:07 . 2004-08-04 08:07 6,400 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys
2008-07-29 19:05 . 2005-05-03 12:43 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2008-07-29 18:31 . 2008-07-29 18:31 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\MSN6
2008-07-29 18:31 . 2008-07-29 18:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-07-29 17:59 . 2008-08-05 22:12 <REP> d-------- C:\Program Files\Neuf
2008-07-29 17:31 . 2008-07-29 17:31 <REP> d-------- C:\Documents and Settings\LocalService\Menu Démarrer
2008-07-29 17:31 . 2008-08-09 20:57 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-07-29 17:08 . 2008-07-29 17:08 <REP> d-------- C:\WINDOWS\provisioning
2008-07-29 17:08 . 2008-07-29 17:08 <REP> d-------- C:\WINDOWS\peernet
2008-07-29 17:07 . 2008-07-29 17:07 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-07-29 17:04 . 2008-07-29 17:04 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\InterVideo
2008-07-29 17:03 . 2008-07-29 17:03 <REP> d-------- C:\WINDOWS\EHome
2008-07-29 16:47 . 2008-07-29 19:05 <REP> d-------- C:\Program Files\Realtek
2008-07-29 16:44 . 2008-07-29 16:44 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\InstallShield
2008-07-29 16:44 . 2007-03-09 12:37 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-07-29 16:44 . 2006-10-11 05:33 10,288 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-07-29 16:44 . 2008-07-29 19:05 4,738 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-07-29 16:35 . 2007-03-06 06:25 196,096 -ra------ C:\WINDOWS\system32\fdco1ins.dll
2008-07-29 16:35 . 2007-03-06 06:25 9,216 -ra------ C:\WINDOWS\system32\bdco1ins.dll
2008-07-29 16:35 . 2007-01-03 06:20 1,732 -ra------ C:\WINDOWS\system32\drivers\nvphy.bin
2008-07-29 16:34 . 2007-02-16 02:50 12,032 -ra------ C:\WINDOWS\system32\drivers\nvsmu.sys
2008-07-29 16:33 . 2008-07-30 19:07 146,832 --a------ C:\WINDOWS\system32\nvapps.xml
2008-07-29 16:32 . 2007-04-20 15:32 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-07-29 16:32 . 2007-11-06 20:00 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-07-29 16:28 . 2002-11-07 22:40 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-07-29 16:28 . 2005-10-21 00:25 1,097,728 --a------ C:\WINDOWS\system32\esent.dll
2008-07-29 16:28 . 2004-08-20 00:56 54,400 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2008-07-29 16:28 . 2004-08-20 01:00 25,216 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys
2008-07-29 16:28 . 2002-10-16 09:52 24,576 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2008-07-29 16:27 . 2002-11-07 22:40 <REP> d-------- C:\Documents and Settings\Default User\WINDOWS
2008-07-29 16:22 . 2004-08-04 08:10 61,056 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys
2008-07-29 16:22 . 2004-08-04 08:10 53,248 --a------ C:\WINDOWS\system32\drivers\1394bus.sys
2008-07-29 16:22 . 2004-08-04 08:08 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2008-07-29 16:22 . 2004-08-04 08:07 8,832 --a------ C:\WINDOWS\system32\drivers\wmiacpi.sys
2008-07-29 16:22 . 2001-08-17 21:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2008-07-29 16:21 . 2008-07-29 16:21 <REP> d---s---- C:\Documents and Settings\Propriétaire\UserData
2008-07-29 16:21 . 2008-07-29 16:21 <REP> d---s---- C:\Documents and Settings\Propriétaire\UserData
2008-07-29 16:12 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-07-29 16:12 . 2004-08-19 16:10 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2008-07-29 16:12 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-07-29 16:12 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-07-29 16:10 . 2008-07-29 16:10 12,744 --a------ C:\WINDOWS\system32\wpa.bak
2008-07-29 16:00 . 2008-07-29 16:00 <REP> d-------- C:\Program Files\Avira
2008-07-29 16:00 . 2008-07-29 16:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-29 15:57 . 2008-07-29 15:57 <REP> d-------- C:\WINDOWS\system32\bits
2008-07-29 15:56 . 2008-08-17 13:49 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-07-29 15:56 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-07-29 15:55 . 2004-08-20 01:09 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-07-29 15:55 . 2004-08-20 01:09 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-07-29 15:55 . 2004-08-20 01:09 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-07-29 15:55 . 2004-08-20 01:09 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-07-07 22:31 . 2008-07-07 22:31 253,952 -----c--- C:\WINDOWS\system32\dllcache\es.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-24 15:11 --------- d-----w C:\Program Files\RecordNow
2008-08-24 14:32 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\VERITAS
2008-08-02 13:33 --------- d-----w C:\Program Files\Pinnacle
2008-07-30 17:11 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-07-29 14:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
.
((((((((((((((((((((((((((((( snapshot@2008-08-27_15.46.49.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-28 18:51:15 16,384 ----a-w C:\WINDOWS\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-31 23:49 171448]
"Neuf Media Center"="C:\Program Files\Neuf\Media Center\MediaCenter.exe" [2007-10-15 17:57 1025264]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 10:42 202088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-09-09 08:05 114688]
"KYE_Showicon"="C:\Program Files\USB Storage RW\shwicon.exe" [2002-10-25 16:33 69632]
"KBD"="C:\HP\KBD\KBD.EXE" [2001-07-06 21:56 61440]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 09:01 155648]
"WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [2002-02-20 20:40 143360]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 22:42 212992]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-06 20:00 8523776]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-07-31 20:28 81920]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-11-06 20:00 81920]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"nwiz"="nwiz.exe" [2007-11-06 20:00 1626112 C:\WINDOWS\system32\nwiz.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 13:49 16269312 C:\WINDOWS\RTHDCPL.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= vdrcodec.dll
"VIDC.PIM1"= pclepim1.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\Program Files\Neuf\Media Center\httpd\httpd.exe"= C:\Program Files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)
R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\DRIVERS\avgntmgr.sys [2008-01-21 18:11]
R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2008-05-09 13:15]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c33a43c-66d7-11dd-8ddb-001966390bc8}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-31 17:54:32
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-08-31 17:55:38
ComboFix-quarantined-files.txt 2008-08-31 15:55:36
ComboFix2.txt 2008-08-28 22:52:47
ComboFix3.txt 2008-08-28 22:42:32
ComboFix4.txt 2008-08-27 13:47:12
Pre-Run: 44,885,602,304 octets libres
Post-Run: 45,011,419,136 octets libres
225 --- E O F --- 2008-08-17 11:49:43
ComboFix 08-08-30.03 - Propriétaire 2008-08-31 17:52:55.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1627 [GMT 2:00]
Endroit: C:\Documents and Settings\Propriétaire\Bureau\combofix2.exe
Command switches used :: C:\CFScript.txt
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\pdoskegl.dll
C:\WINDOWS\rqbmvpso.dll
C:\WINDOWS\rvoelbxt.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-28 to 2008-08-31 ))))))))))))))))))))))))))))))))))))
.
2008-08-29 01:29 . 2008-08-29 01:29 <REP> d---s---- C:\WINDOWS\Cookies
2008-08-27 11:47 . 2008-08-27 11:47 <REP> d-------- C:\Program Files\Trend Micro
2008-08-25 19:00 . 2008-08-25 19:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\services
2008-08-20 02:24 . 2008-08-20 02:24 <REP> d-------- C:\Program Files\VirginMega
2008-08-20 02:23 . 2008-08-20 02:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-08-15 19:27 . 2008-04-11 20:51 683,520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-15 19:27 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-12 17:48 . 2008-08-12 17:49 <REP> d-------- C:\Program Files\TomTom HOME 2
2008-08-10 14:26 . 2008-08-10 14:26 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\TomTom
2008-08-10 14:26 . 2008-08-10 14:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TomTom
2008-08-10 14:24 . 2008-08-10 14:24 <REP> d-------- C:\Program Files\TomTom DesktopSuite
2008-08-09 20:58 . 2008-08-09 20:58 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-08-09 20:58 . 2006-10-04 16:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-08-09 20:58 . 2006-10-04 16:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-08-09 20:58 . 2006-10-04 16:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-08-09 20:57 . 2004-08-04 08:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-08-09 20:56 . 2008-08-09 20:56 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-08-09 20:56 . 2008-08-09 20:57 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-08-08 18:58 . 2008-08-08 19:00 <REP> d-------- C:\Program Files\GalaPlayer
2008-08-08 13:32 . 2008-08-15 19:25 <REP> d-------- C:\Program Files\Everest Poker
2008-08-05 17:13 . 2008-08-05 17:13 <REP> d-------- C:\Program Files\VideoLAN
2008-08-05 17:13 . 2008-08-05 17:13 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\vlc
2008-08-02 16:44 . 2008-08-02 16:44 <REP> d-------- C:\WINDOWS\Sun
2008-08-02 10:55 . 2008-08-27 15:35 <REP> d-------- C:\Program Files\ExpertEnhancer
2008-08-02 10:55 . 2006-04-14 23:05 9,952 --a------ C:\regxpcom.exe
2008-08-01 12:21 . 2004-08-20 01:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-31 21:05 . 2008-08-01 16:05 <REP> d-------- C:\Program Files\Google
2008-07-31 21:05 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-31 20:34 . 2008-08-01 15:20 <REP> d-------- C:\Documents and Settings\Propriétaire\Incomplete
2008-07-31 20:34 . 2008-08-01 15:20 <REP> d-------- C:\Documents and Settings\Propriétaire\Incomplete
2008-07-31 20:33 . 2008-08-12 16:39 <REP> dr------- C:\Documents and Settings\Propriétaire\Shared
2008-07-31 20:33 . 2008-08-12 16:39 <REP> dr------- C:\Documents and Settings\Propriétaire\Shared
2008-07-31 20:33 . 2008-08-01 06:10 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\LimeWire
2008-07-31 20:32 . 2008-07-31 21:05 <REP> d-------- C:\Program Files\Java
2008-07-31 20:32 . 2008-07-31 20:32 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-07-31 20:31 . 2008-07-31 20:33 <REP> d-------- C:\Program Files\360Share Pro
2008-07-30 19:10 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-07-30 19:07 . 2008-07-31 13:45 <REP> d-------- C:\WINDOWS\NV29243568.TMP
2008-07-30 19:07 . 2007-11-06 20:00 158,263 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-07-30 18:30 . 2008-08-30 20:35 <REP> d-------- C:\Program Files\PokerStars
2008-07-30 13:40 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-30 13:38 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-30 13:38 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-30 13:38 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-30 12:22 . 2008-07-30 12:22 <REP> d-------- C:\Program Files\uTorrent
2008-07-30 12:22 . 2008-08-30 23:13 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\uTorrent
2008-07-30 00:19 . 2008-08-31 14:37 248 --a------ C:\WINDOWS\system\hpsysdrv.dat
2008-07-30 00:18 . 2008-07-30 00:19 <REP> d-------- C:\i386
2008-07-30 00:13 . 2008-08-27 15:44 <REP> dra------ C:\Program Files
2008-07-30 00:13 . 2008-08-30 20:24 <REP> dra------ C:\Documents and Settings\Propriétaire\Mes documents
2008-07-30 00:13 . 2008-08-30 20:24 <REP> dra------ C:\Documents and Settings\Propriétaire\Mes documents
2008-07-30 00:13 . 2008-07-30 12:22 <REP> dra------ C:\Documents and Settings\Propriétaire\Menu Démarrer
2008-07-30 00:13 . 2008-07-30 12:22 <REP> dra------ C:\Documents and Settings\Propriétaire\Menu Démarrer
2008-07-30 00:13 . 2008-08-31 11:00 <REP> dra------ C:\Documents and Settings\Propriétaire\Favoris
2008-07-30 00:13 . 2008-08-31 11:00 <REP> dra------ C:\Documents and Settings\Propriétaire\Favoris
2008-07-30 00:13 . 2008-07-30 00:16 <REP> dra------ C:\Documents and Settings\Default User\Menu Démarrer
2008-07-30 00:13 . 2008-07-30 18:30 <REP> dra------ C:\Documents and Settings\All Users\Menu Démarrer
2008-07-30 00:13 . 2008-08-01 12:36 <REP> d-a------ C:\Documents and Settings\All Users\Documents
2008-07-30 00:12 . 2008-08-27 11:38 <REP> drahsc--- C:\WINDOWS\system32\dllcache
2008-07-30 00:12 . 2008-07-30 00:16 <REP> dra------ C:\WINDOWS\system32\config\systemprofile\Menu Démarrer
2008-07-29 19:46 . 2008-08-13 12:17 <REP> d-------- C:\Documents and Settings\Propriétaire\Contacts
2008-07-29 19:46 . 2008-08-13 12:17 <REP> d-------- C:\Documents and Settings\Propriétaire\Contacts
2008-07-29 19:30 . 2008-07-29 19:30 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-07-29 19:27 . 2008-07-29 19:30 <REP> d-------- C:\Program Files\Windows Live
2008-07-29 19:27 . 2008-07-29 19:29 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-07-29 19:26 . 2008-07-29 19:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-29 19:10 . 2008-07-29 19:10 <REP> d-------- C:\WINDOWS\system32\Lang
2008-07-29 19:10 . 2008-07-29 19:10 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-07-29 19:10 . 2008-07-29 19:10 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-07-29 19:07 . 2004-08-04 08:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-07-29 19:07 . 2004-08-04 08:07 6,400 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys
2008-07-29 19:05 . 2005-05-03 12:43 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2008-07-29 18:31 . 2008-07-29 18:31 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\MSN6
2008-07-29 18:31 . 2008-07-29 18:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-07-29 17:59 . 2008-08-05 22:12 <REP> d-------- C:\Program Files\Neuf
2008-07-29 17:31 . 2008-07-29 17:31 <REP> d-------- C:\Documents and Settings\LocalService\Menu Démarrer
2008-07-29 17:31 . 2008-08-09 20:57 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-07-29 17:08 . 2008-07-29 17:08 <REP> d-------- C:\WINDOWS\provisioning
2008-07-29 17:08 . 2008-07-29 17:08 <REP> d-------- C:\WINDOWS\peernet
2008-07-29 17:07 . 2008-07-29 17:07 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-07-29 17:04 . 2008-07-29 17:04 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\InterVideo
2008-07-29 17:03 . 2008-07-29 17:03 <REP> d-------- C:\WINDOWS\EHome
2008-07-29 16:47 . 2008-07-29 19:05 <REP> d-------- C:\Program Files\Realtek
2008-07-29 16:44 . 2008-07-29 16:44 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\InstallShield
2008-07-29 16:44 . 2007-03-09 12:37 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-07-29 16:44 . 2006-10-11 05:33 10,288 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-07-29 16:44 . 2008-07-29 19:05 4,738 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-07-29 16:35 . 2007-03-06 06:25 196,096 -ra------ C:\WINDOWS\system32\fdco1ins.dll
2008-07-29 16:35 . 2007-03-06 06:25 9,216 -ra------ C:\WINDOWS\system32\bdco1ins.dll
2008-07-29 16:35 . 2007-01-03 06:20 1,732 -ra------ C:\WINDOWS\system32\drivers\nvphy.bin
2008-07-29 16:34 . 2007-02-16 02:50 12,032 -ra------ C:\WINDOWS\system32\drivers\nvsmu.sys
2008-07-29 16:33 . 2008-07-30 19:07 146,832 --a------ C:\WINDOWS\system32\nvapps.xml
2008-07-29 16:32 . 2007-04-20 15:32 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-07-29 16:32 . 2007-11-06 20:00 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-07-29 16:28 . 2002-11-07 22:40 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-07-29 16:28 . 2005-10-21 00:25 1,097,728 --a------ C:\WINDOWS\system32\esent.dll
2008-07-29 16:28 . 2004-08-20 00:56 54,400 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2008-07-29 16:28 . 2004-08-20 01:00 25,216 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys
2008-07-29 16:28 . 2002-10-16 09:52 24,576 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2008-07-29 16:27 . 2002-11-07 22:40 <REP> d-------- C:\Documents and Settings\Default User\WINDOWS
2008-07-29 16:22 . 2004-08-04 08:10 61,056 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys
2008-07-29 16:22 . 2004-08-04 08:10 53,248 --a------ C:\WINDOWS\system32\drivers\1394bus.sys
2008-07-29 16:22 . 2004-08-04 08:08 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2008-07-29 16:22 . 2004-08-04 08:07 8,832 --a------ C:\WINDOWS\system32\drivers\wmiacpi.sys
2008-07-29 16:22 . 2001-08-17 21:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2008-07-29 16:21 . 2008-07-29 16:21 <REP> d---s---- C:\Documents and Settings\Propriétaire\UserData
2008-07-29 16:21 . 2008-07-29 16:21 <REP> d---s---- C:\Documents and Settings\Propriétaire\UserData
2008-07-29 16:12 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-07-29 16:12 . 2004-08-19 16:10 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2008-07-29 16:12 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-07-29 16:12 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-07-29 16:10 . 2008-07-29 16:10 12,744 --a------ C:\WINDOWS\system32\wpa.bak
2008-07-29 16:00 . 2008-07-29 16:00 <REP> d-------- C:\Program Files\Avira
2008-07-29 16:00 . 2008-07-29 16:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-29 15:57 . 2008-07-29 15:57 <REP> d-------- C:\WINDOWS\system32\bits
2008-07-29 15:56 . 2008-08-17 13:49 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-07-29 15:56 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-07-29 15:55 . 2004-08-20 01:09 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-07-29 15:55 . 2004-08-20 01:09 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-07-29 15:55 . 2004-08-20 01:09 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-07-29 15:55 . 2004-08-20 01:09 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-07-07 22:31 . 2008-07-07 22:31 253,952 -----c--- C:\WINDOWS\system32\dllcache\es.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-24 15:11 --------- d-----w C:\Program Files\RecordNow
2008-08-24 14:32 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\VERITAS
2008-08-02 13:33 --------- d-----w C:\Program Files\Pinnacle
2008-07-30 17:11 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-07-29 14:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
.
((((((((((((((((((((((((((((( snapshot@2008-08-27_15.46.49.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-28 18:51:15 16,384 ----a-w C:\WINDOWS\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-31 23:49 171448]
"Neuf Media Center"="C:\Program Files\Neuf\Media Center\MediaCenter.exe" [2007-10-15 17:57 1025264]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 10:42 202088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-09-09 08:05 114688]
"KYE_Showicon"="C:\Program Files\USB Storage RW\shwicon.exe" [2002-10-25 16:33 69632]
"KBD"="C:\HP\KBD\KBD.EXE" [2001-07-06 21:56 61440]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 09:01 155648]
"WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [2002-02-20 20:40 143360]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 22:42 212992]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-06 20:00 8523776]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-07-31 20:28 81920]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-11-06 20:00 81920]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"nwiz"="nwiz.exe" [2007-11-06 20:00 1626112 C:\WINDOWS\system32\nwiz.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 13:49 16269312 C:\WINDOWS\RTHDCPL.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= vdrcodec.dll
"VIDC.PIM1"= pclepim1.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\Program Files\Neuf\Media Center\httpd\httpd.exe"= C:\Program Files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)
R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\DRIVERS\avgntmgr.sys [2008-01-21 18:11]
R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2008-05-09 13:15]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c33a43c-66d7-11dd-8ddb-001966390bc8}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-31 17:54:32
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-08-31 17:55:38
ComboFix-quarantined-files.txt 2008-08-31 15:55:36
ComboFix2.txt 2008-08-28 22:52:47
ComboFix3.txt 2008-08-28 22:42:32
ComboFix4.txt 2008-08-27 13:47:12
Pre-Run: 44,885,602,304 octets libres
Post-Run: 45,011,419,136 octets libres
225 --- E O F --- 2008-08-17 11:49:43
salut alors voici le rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:21, on 01/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:21, on 01/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
en tous cas merci pour ton aide
ok je te laisse un rapport au cas ou voila bis et merci me tarde de marquer resolu!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:20, on 06/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5852 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:20, on 06/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5852 bytes
salut ok je vais le desinstaller mais j'ai rencontrer des souci se soir ma belle soeur et aller regarder des clips video et elle a apparament choper des virus alors voici un rapport et je posterai le rapport antivir des quil sera fini...![:)]( ":)")
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:00, on 08/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5992 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:00, on 08/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5992 bytes
re, j'ai desinstaller se que tu ma demander et je te donne un morceau du rapport de antivir et demain je te donnerai le rapport en entier parceque la je sui fatiguer faut que je me repose...
Avira AntiVir Personal
Report file date: dimanche 7 septembre 2008 23:57
Scanning for 1599979 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: NOM-DACQ0TCL8OY
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.94 2998784 Bytes 31/08/2008 08:56:10
ANTIVIR3.VDF : 7.0.6.124 202240 Bytes 05/09/2008 16:03:54
Engineversion : 8.1.1.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.70 319866 Bytes 04/09/2008 11:37:51
AESCN.DLL : 8.1.0.23 119156 Bytes 30/07/2008 09:55:16
AERDL.DLL : 8.1.1.1 397683 Bytes 04/09/2008 11:37:51
AEPACK.DLL : 8.1.2.1 364917 Bytes 30/07/2008 09:55:15
AEOFFICE.DLL : 8.1.0.23 196987 Bytes 04/09/2008 11:37:50
AEHEUR.DLL : 8.1.0.51 1397111 Bytes 04/09/2008 11:37:49
AEHELP.DLL : 8.1.0.15 115063 Bytes 09/07/2008 08:46:50
AEGEN.DLL : 8.1.0.36 315764 Bytes 19/08/2008 20:54:33
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 14:37:51
AECORE.DLL : 8.1.1.11 172406 Bytes 04/09/2008 11:37:47
AEBB.DLL : 8.1.0.1 53617 Bytes 24/04/2008 08:50:42
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 14:37:50
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: dimanche 7 septembre 2008 23:57
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'uTorrent.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'wmplayer.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'httpd.exe' - '1' Module(s) have been scanned
Scan process 'httpd.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'HOMERunner.exe' - '1' Module(s) have been scanned
Scan process 'MediaCenter.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'SweetIM.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'kbd.exe' - '1' Module(s) have been scanned
Scan process 'shwicon.exe' - '1' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
39 processes with 39 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '58' files ).
Starting the file scan:
Begin scan in 'C:\' <PRESARIO>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\E15ABAHO\x593a2_memoire-dabraham_music[1]
[0] Archive type: GZ
--> unkwn
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The file was moved to '48fd4f0b.qua'!
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\ETWJ2LA5\x2iku7_poussiere-detoile-compo[1]
[0] Archive type: GZ
--> unkwn
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The file was moved to '492d4f14.qua'!
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\F6CFNTGH\x476pd_celine-damour-ou-damitier_music[1]
[0] Archive type: GZ
--> unkwn
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The file was moved to '48fb4f30.qua'!
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\K163OT2Z\x2tpwk_marie-mai-la-memoire-dabraham-celin_music[1]
[0] Archive type: GZ
--> unkwn
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The file was moved to '49384fa3.qua'!
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\KLQ3O1EN\x369q2_kenza-farah-damour-ou-damitie_music[1]
[0] Archive type: GZ
--> unkwn
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The file was moved to '48fa4fb4.qua'!
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\XCXLNTTF\xzitg_segara-loin-du-froid-de-decembre_music[1]
[0] Archive type: GZ
--> unkwn
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The file was moved to '492d5057.qua'!
End of the scan: lundi 8 septembre 2008 00:19
Used time: 21:59 Minute(s)
The scan has been canceled!
2169 Scanning directories
133319 Files were scanned
0 viruses and/or unwanted programs were found
6 Files were classified as suspicious:
0 files were deleted
0 files were repaired
6 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
133312 Files not concerned
6167 Archives were scanned
1 Warnings
6 Notes
Avira AntiVir Personal
Report file date: dimanche 7 septembre 2008 23:57
Scanning for 1599979 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: NOM-DACQ0TCL8OY
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.94 2998784 Bytes 31/08/2008 08:56:10
ANTIVIR3.VDF : 7.0.6.124 202240 Bytes 05/09/2008 16:03:54
Engineversion : 8.1.1.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.70 319866 Bytes 04/09/2008 11:37:51
AESCN.DLL : 8.1.0.23 119156 Bytes 30/07/2008 09:55:16
AERDL.DLL : 8.1.1.1 397683 Bytes 04/09/2008 11:37:51
AEPACK.DLL : 8.1.2.1 364917 Bytes 30/07/2008 09:55:15
AEOFFICE.DLL : 8.1.0.23 196987 Bytes 04/09/2008 11:37:50
AEHEUR.DLL : 8.1.0.51 1397111 Bytes 04/09/2008 11:37:49
AEHELP.DLL : 8.1.0.15 115063 Bytes 09/07/2008 08:46:50
AEGEN.DLL : 8.1.0.36 315764 Bytes 19/08/2008 20:54:33
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 14:37:51
AECORE.DLL : 8.1.1.11 172406 Bytes 04/09/2008 11:37:47
AEBB.DLL : 8.1.0.1 53617 Bytes 24/04/2008 08:50:42
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 14:37:50
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: dimanche 7 septembre 2008 23:57
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'uTorrent.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'wmplayer.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'httpd.exe' - '1' Module(s) have been scanned
Scan process 'httpd.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'HOMERunner.exe' - '1' Module(s) have been scanned
Scan process 'MediaCenter.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'SweetIM.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'kbd.exe' - '1' Module(s) have been scanned
Scan process 'shwicon.exe' - '1' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
39 processes with 39 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '58' files ).
Starting the file scan:
Begin scan in 'C:\' <PRESARIO>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\E15ABAHO\x593a2_memoire-dabraham_music[1]
[0] Archive type: GZ
--> unkwn
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The file was moved to '48fd4f0b.qua'!
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\ETWJ2LA5\x2iku7_poussiere-detoile-compo[1]
[0] Archive type: GZ
--> unkwn
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The file was moved to '492d4f14.qua'!
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\F6CFNTGH\x476pd_celine-damour-ou-damitier_music[1]
[0] Archive type: GZ
--> unkwn
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The file was moved to '48fb4f30.qua'!
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\K163OT2Z\x2tpwk_marie-mai-la-memoire-dabraham-celin_music[1]
[0] Archive type: GZ
--> unkwn
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The file was moved to '49384fa3.qua'!
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\KLQ3O1EN\x369q2_kenza-farah-damour-ou-damitie_music[1]
[0] Archive type: GZ
--> unkwn
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The file was moved to '48fa4fb4.qua'!
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\XCXLNTTF\xzitg_segara-loin-du-froid-de-decembre_music[1]
[0] Archive type: GZ
--> unkwn
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The file was moved to '492d5057.qua'!
End of the scan: lundi 8 septembre 2008 00:19
Used time: 21:59 Minute(s)
The scan has been canceled!
2169 Scanning directories
133319 Files were scanned
0 viruses and/or unwanted programs were found
6 Files were classified as suspicious:
0 files were deleted
0 files were repaired
6 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
133312 Files not concerned
6167 Archives were scanned
1 Warnings
6 Notes
bonjour je c'est pa se que c'est galaplayer pe etre que mon compagnon la installer ou autre en tous je sui deranger tous le temps par des fenetre intempestive des pub etc... et il rame c'est bizard parceque on la formater il y a pa lontem et tout aller super bien . je poste un rapport merci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:52, on 18/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Popsicle - {A67B8FE1-8E6D-44D6-8D74-9C28E7BFF35C} - C:\Documents and Settings\All Users\Documents\Popsicle\ADVPro.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6053 bytes
merci a bientot. desoler demon absence mais quand bebe est malade sa me pren mon temps.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:52, on 18/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Popsicle - {A67B8FE1-8E6D-44D6-8D74-9C28E7BFF35C} - C:\Documents and Settings\All Users\Documents\Popsicle\ADVPro.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6053 bytes
merci a bientot. desoler demon absence mais quand bebe est malade sa me pren mon temps.
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumComment suprimer les virus
- ForumSuprimer virus avast
- ForumSuprimer un virus avec avast
- ForumSuprimer les virus de mon pc
- ForumSuprimer le virus log.exe
- ForumSuprimer un virus avec avg
- ForumComment suprimer les virus avec avast
- ForumVirus - resolu
- ForumComment suprimer un virus sur avast
- ForumSuprimer les virus sur mon flash disk
- Voir plus
