[Abandon] Fenêtres publicitaires intempestives
Dernière réponse : dans Sécurité
Bonjour toutes et tous,
Sur l'ordi d'un autre copain (décidément !), des fenêtres publicitaires intempestives apparaissent sans arrêt.
Dans le log ci-dessous, plusieurs lignes me paraissent suspectes. Toute aide sera cordialement appréciée. Merci pour vos lumières![:D]( ":D")
Scan saved at 14:21:04, on 07/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\twain_32\vivid\flatbed.exe
C:\WINDOWS\TWAIN_32\Vivid\VIVID.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=c:\windows\twain_32\vivid\flatbed.exe,C:\WINDOWS\TWAIN_32\Vivid\VIVID.EXE
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\system32\cgmopenbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HDbpt5] C:\WINDOWS\vhouv.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Checkers - http://origin.games.yahoo.net/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x...
O16 - DPF: {0E0D50BC-E086-4E3A-B07D-C5C5869C0FFF} (Abx Control) - http://real.gamehouse.com/games/adventureball/abx.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125B84} (CR64Loader Object) - http://real.gamehouse.com/games/waterbugs/r64loader.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://real.gamehouse.com/games/trijinx/TriJinx.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqemea/downloads/msxml4.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c11.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools....
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.reservoirfilms.com/codecs/nsvplayx_vp6_mp3.c...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab55200.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_d...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: SolidWorks SolidNetWork License Manager - Unknown owner - E:\SolidWorks 2005 SP0 crack (Ita-Eng-Fra)\Crack\lmgrd.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 13008 bytes
Sur l'ordi d'un autre copain (décidément !), des fenêtres publicitaires intempestives apparaissent sans arrêt.
Dans le log ci-dessous, plusieurs lignes me paraissent suspectes. Toute aide sera cordialement appréciée. Merci pour vos lumières
Citation :
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:21:04, on 07/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\twain_32\vivid\flatbed.exe
C:\WINDOWS\TWAIN_32\Vivid\VIVID.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=c:\windows\twain_32\vivid\flatbed.exe,C:\WINDOWS\TWAIN_32\Vivid\VIVID.EXE
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\system32\cgmopenbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HDbpt5] C:\WINDOWS\vhouv.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Checkers - http://origin.games.yahoo.net/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x...
O16 - DPF: {0E0D50BC-E086-4E3A-B07D-C5C5869C0FFF} (Abx Control) - http://real.gamehouse.com/games/adventureball/abx.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125B84} (CR64Loader Object) - http://real.gamehouse.com/games/waterbugs/r64loader.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://real.gamehouse.com/games/trijinx/TriJinx.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqemea/downloads/msxml4.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c11.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools....
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.reservoirfilms.com/codecs/nsvplayx_vp6_mp3.c...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab55200.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_d...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: SolidWorks SolidNetWork License Manager - Unknown owner - E:\SolidWorks 2005 SP0 crack (Ita-Eng-Fra)\Crack\lmgrd.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 13008 bytes
Autres pages sur : abandon fenetres publicitaires intempestives
Lassé par la pub ? Créez un compte
Bonjour vous,
Bon, dans l'interval et pour aider mon copain, un passage de Malwarebytes' Anti-Malware a été fait, je vous livre ici le rapport.
Je pense que cela n'est pas suffisant, aussi tout conseil sera vivement apprécié![:)]( ":)")
Version de la base de données: 1122
Windows 5.1.2600 Service Pack 2
07/09/2008 15:56:36
mbam-log-2008-09-07 (15-56-36).txt
Type de recherche: Examen rapide
Eléments examinés: 55254
Temps écoulé: 13 minute(s), 2 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 17
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 18
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{00ada225-ea6c-4fb3-82e8-68189201ccb9} (Adware.Winad) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{450b9e4d-4014-4de3-b34e-014a81468293} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dc341f1b-ec77-47be-8f58-96e83861cc5a} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7} (Adware.Winad) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c7f00a9a-f1bc-436e-82c7-e8cae6fd67f7} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8} (Adware.Winad) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\Fichiers communs\DriveCleaner 2006 Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\skins (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\updates (Adware.EGDAccess) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\WebMediaPlayer\sqlite3.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\WebMediaPlayer.url (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources\languages.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources\webmedias (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\skins\classic.skn (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winwim32.dll (Dialer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\agztchjoyg_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iycccaa_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oxmtoabaf_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sceaoqo_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vkpdfgvxl_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xwwsbkiyw_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\agztchjoyg_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iycccaa_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oxmtoabaf_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sceaoqo_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vkpdfgvxl_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xwwsbkiyw_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
Bon, dans l'interval et pour aider mon copain, un passage de Malwarebytes' Anti-Malware a été fait, je vous livre ici le rapport.
Je pense que cela n'est pas suffisant, aussi tout conseil sera vivement apprécié
Citation :
Malwarebytes' Anti-Malware 1.26Version de la base de données: 1122
Windows 5.1.2600 Service Pack 2
07/09/2008 15:56:36
mbam-log-2008-09-07 (15-56-36).txt
Type de recherche: Examen rapide
Eléments examinés: 55254
Temps écoulé: 13 minute(s), 2 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 17
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 18
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{00ada225-ea6c-4fb3-82e8-68189201ccb9} (Adware.Winad) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{450b9e4d-4014-4de3-b34e-014a81468293} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dc341f1b-ec77-47be-8f58-96e83861cc5a} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7} (Adware.Winad) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c7f00a9a-f1bc-436e-82c7-e8cae6fd67f7} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8} (Adware.Winad) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\Fichiers communs\DriveCleaner 2006 Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\skins (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\updates (Adware.EGDAccess) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\WebMediaPlayer\sqlite3.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\WebMediaPlayer.url (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources\languages.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources\webmedias (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\skins\classic.skn (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winwim32.dll (Dialer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\agztchjoyg_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iycccaa_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oxmtoabaf_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sceaoqo_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vkpdfgvxl_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xwwsbkiyw_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\agztchjoyg_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iycccaa_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oxmtoabaf_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sceaoqo_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vkpdfgvxl_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xwwsbkiyw_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
Au temps pour moi ![:D]( ":D")
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Bonjour toutes et tous,
Bonjour Angeldark,
Le rapport Combofix. (Il est un peu long, alors je l'ai mis là)
Bonjour Angeldark,
Le rapport Combofix. (Il est un peu long, alors je l'ai mis là)
Re,
Pour mieux voir![;)]( ";)")
j'ai fait un rapport complet avec Karspesky
(désolé pour la conversion HTML vers TEXTE) :
Saturday, September 20, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2
(build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, September 20, 2008 10:20:41
Records in database: 1247167
*Scan settings*
Scan using the following database extended
Scan archives yes
Scan mail databases yes
*Scan area* My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
*Scan statistics*
Files scanned 110882
Threat name 4
Infected objects 5
Suspicious objects 0
Duration of the scan 01:59:25
*File name* *Threat name* *Threats count*
C:\Documents and Settings\Compaq_Propriétaire\Application
Data\Sun\Java\Deployment\cache\6.0\0\7d5e6700-5c0c07cb Infected:
Trojan-Downloader.Java.OpenStream.y 1
C:\Documents and Settings\Compaq_Propriétaire\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-36d0e9c1-11e4f8b0.class
Infected: Trojan-Downloader.Java.OpenStream.y 1
C:\Program Files\Common Files\Companion Wizard\compwiz.exe Infected:
not-a-virus:FraudTool.Win32.WinAntiVirus.2006 1
C:\Program Files\MSN Messenger\msimg32.dll Infected:
not-a-virus:AdTool.Win32.MyWebSearch.au 1
C:\Program Files\MSN Messenger\riched20.dll Infected:
not-a-virus:AdTool.Win32.MyWebSearch 1
* The selected area was scanned.*
Pour mieux voir
j'ai fait un rapport complet avec Karspesky(désolé pour la conversion HTML vers TEXTE) :
Citation :
*KASPERSKY ONLINE SCANNER 7 REPORT*Saturday, September 20, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2
(build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, September 20, 2008 10:20:41
Records in database: 1247167
*Scan settings*
Scan using the following database extended
Scan archives yes
Scan mail databases yes
*Scan area* My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
*Scan statistics*
Files scanned 110882
Threat name 4
Infected objects 5
Suspicious objects 0
Duration of the scan 01:59:25
*File name* *Threat name* *Threats count*
C:\Documents and Settings\Compaq_Propriétaire\Application
Data\Sun\Java\Deployment\cache\6.0\0\7d5e6700-5c0c07cb Infected:
Trojan-Downloader.Java.OpenStream.y 1
C:\Documents and Settings\Compaq_Propriétaire\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-36d0e9c1-11e4f8b0.class
Infected: Trojan-Downloader.Java.OpenStream.y 1
C:\Program Files\Common Files\Companion Wizard\compwiz.exe Infected:
not-a-virus:FraudTool.Win32.WinAntiVirus.2006 1
C:\Program Files\MSN Messenger\msimg32.dll Infected:
not-a-virus:AdTool.Win32.MyWebSearch.au 1
C:\Program Files\MSN Messenger\riched20.dll Infected:
not-a-virus:AdTool.Win32.MyWebSearch 1
* The selected area was scanned.*
Bonjour toutes et tous,
Bonjour Angeldark,
Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
Le rapport Combofix demandé :
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.530 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Compaq_Propri‚taire\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Compaq_Propriétaire\Menu Démarrer\Programmes\WebMediaPlayer\WebMediaPlayer.lnk
C:\Documents and Settings\Compaq_Propriétaire\Menu Démarrer\Programmes\WebMediaPlayer\Website.lnk
C:\WA6P
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\music\mainmenumusic.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\areabomb.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\beetlezap.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\bonusrow.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\bonustimer.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\bucketfilled.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\clearpyramid.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\cleartriangle1a.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\cleartriangle1b.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\cleartriangle1c.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\cleartriangle2a.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\cleartriangle2b.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\cleartriangle2c.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\colorchain.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\dialogbox.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\drumbeat.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\fillrow.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\gateopen.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\helptip.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\powerup.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\rotateboardleft.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\timerup.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\warning.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\warning2.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\artifacts-bb.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\bar.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\chamber0.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\chamber1.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\circledoor.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\full_screen_dialog.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\global-hs-bb_large.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\global-hs-bb_small.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\help-bb_large.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\help-bb_small.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\hexfield.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\hidden-artifact_icon.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\large_dialog.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\local-hs-bb.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\mainmenu.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\small_dialog.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\textfield.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\trifield.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\beetlehover1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\beetlehover2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\beetlehover3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\beetlehover4.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\beetleshock1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\beetleshock2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\beetleshock3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\beetleshock4.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\beetletatoo.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\dirt.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\scarabpost.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\scarabpostovr.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\tritop.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowdown_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowdown_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowdown_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowleft_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowleft_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowleft_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowright_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowright_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowright_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowup_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowup_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowup_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\bluearrowleft_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\bluearrowleft_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\bluearrowleft_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\bluearrowright_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\bluearrowright_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\bluearrowright_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\checkdown.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\checkup.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\long_button_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\long_button_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\long_button_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\orange-button_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\orange-button_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\orange-button_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\rotleft_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\rotleft_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\rotleft_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\rotright_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\rotright_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\rotright_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\simplebutton_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\simplebutton_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\simplebutton_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\sliderknob.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\sliderknobover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\sliderrail.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\characters\anwar\look\pl0001.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\characters\anwar\look\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\characters\bast\look\bl0001.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\characters\bast\look\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\characters\kristine\look\kl0001.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\characters\kristine\look\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\crackedstopper.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\cursor.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\doorlights.txt
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\fonts\jackarmstrong.mvec
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\fonts\lithos.mvec
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\greybomb.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\helptips\arrowkeys.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\helptips\helptip.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\helptips\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\levels\levels.dat
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\models\disk.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\models\equilateraltriangle.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\models\flattri.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\models\pyramid.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\models\quad.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\models\rotatingpyramid.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\models\scarabpanel.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\p1icon.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\scenes\page1-0.xml
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\scenes\page1-1.xml
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\scenes\panel1-0-1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\scenes\panel1-1-1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\scenes\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\scorecloud.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\setup.xml
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\areashockwave.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\bolt_1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\bolt_2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\bolt_3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\bolt_4.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\bolt_starter.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\bolt_tail.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\flash.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\rubble.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\smoke.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\smoke2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\smoke3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\splash\aol_logo.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\splash\playfirst_logo.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\splash\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\statues\statue0\snake_dirty.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\statues\statue0\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\statues\statue1\arm01_dirty.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\statues\statue1\mask01_1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\statues\statue1\statue01_dirty.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\statues\statue1\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\stopper.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\timer.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\timerglow.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\timericon.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\tm.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mouseblue1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mouseblue2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mouseblue3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mousegreen1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mousegreen2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mousegreen3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mousered1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mousered2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mousered3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mouseyellow1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mouseyellow2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mouseyellow3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\areabomb.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\areabombrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\blue.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\bluerollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\boardfill.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\brick.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\brick1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\brick2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\brick3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\bricktip.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\clearanim\cleared1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\clearanim\cleared2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\clearanim\cleared3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\clearanim\cleared4.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\clearanim\cleared5.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\clearanim\cleared6.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\clearanim\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\eye1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\eye2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\eye3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\eye4.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\green.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\greenrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\plain_tri-blue.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\plain_tri-bluerollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\plain_tri-green.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\plain_tri-greenrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\plain_tri-red.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\plain_tri-redrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\plain_tri-yellow.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\plain_tri-yellowrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\red.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\redrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\wild.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\wildrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\yellow.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\yellowrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\upsell\image0.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\upsell\image1.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\upsell\image2.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\upsell\image3.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\upsell\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\bluebucket.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\buckettriangle.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\chainlink.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\chaintip.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\genericbucket.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\greenbucket.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\redbucket.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\smallblue.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\smallgreen.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\smallred.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\smallyellow.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\urnglow.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\urnplatform.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\yellowbucket.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\warning.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\error.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\game.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\gameover.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\hiscore.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\hiscoreinfo.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\hiscoresubmit.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\instructions.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\leveldesign.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\levelover.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\mainarcade.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\mainconfirm.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\maincontinue.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\maingames.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\mainpuzzle.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\maphelptip.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\options.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\pause.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\quitconfirm.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\start.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\storyplayer.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\style.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\upsell.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\strings.xml
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\TriJinx.exe
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\igmmu.dat
C:\WINDOWS\system32\igmmu.exe
C:\WINDOWS\system32\igmmu_navps.dat
C:\WINDOWS\system32\rtl60.bpl
C:\WINDOWS\system32\sjnltqe_navtmp.dat
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FOPN
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-20 au 2008-09-20 ))))))))))))))))))))))))))))))))))))
.
2008-09-07 15:01 . 2005-03-31 02:50 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EB85C523610\WINDOWS
2008-09-07 15:01 . 2004-11-24 03:37 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EB85C523610\Voisinage r‚seau
2008-09-07 15:01 . 2004-11-24 03:37 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EB85C523610\Voisinage d'impression
2008-09-07 15:01 . 2005-10-19 03:52 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EB85C523610\ModŠles
2008-09-07 15:01 . 2004-11-25 05:26 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EB85C523610\Mes documents
2008-09-07 15:01 . 2004-11-25 05:26 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EB85C523610\Menu D‚marrer
2008-09-07 15:01 . 2005-10-18 19:01 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EB85C523610\Favoris
2008-09-07 15:01 . 2005-03-31 02:55 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EB85C523610\Bureau
2008-09-07 15:01 . 2005-03-31 03:07 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EB85C523610\Application Data\Symantec
2008-09-07 15:01 . 2005-03-31 03:00 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EB85C523610\Application Data\SampleView
2008-09-07 15:01 . 2005-03-31 02:49 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EB85C523610\Application Data\Apple Computer
2008-09-07 15:01 . 2008-09-07 15:01 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EB85C523610
2008-09-07 14:45 . 2008-09-07 14:45 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-07 14:45 . <REP> C:\Documents and Settings\Compaq_Propriétaire\Application Data\Malwarebytes
2008-09-07 14:45 . 2008-09-07 14:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-07 14:45 . 2008-09-02 00:26 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-07 14:45 . 2008-09-02 00:25 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-07 14:12 . 2008-09-07 14:12 <REP> d-------- C:\Program Files\Trend Micro
2008-09-06 12:26 . 2008-09-06 12:51 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-06 12:23 . 2008-09-06 12:25 <REP> d-------- C:\Documents and Settings\Administrateur\ModŠles
2008-09-06 12:23 . 2008-09-06 12:25 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-09-06 12:23 . 2008-09-06 12:25 <REP> d---s---- C:\Documents and Settings\Administrateur
2008-09-06 12:11 . 2008-09-06 12:11 <REP> d-------- C:\WINDOWS\l2schemas
2008-08-31 19:34 . 2008-08-31 19:34 0 --a------ C:\WINDOWS\hpqEmlSz.INI
2008-08-23 22:15 . 2008-08-23 22:15 <REP> d-------- C:\Program Files\Smallvideosoft
2008-08-23 22:15 . 2007-03-07 00:45 3,086,336 --a------ C:\WINDOWS\system32\NCMedia.dll
2008-08-23 22:15 . 2008-08-28 19:51 3,086,336 --a------ C:\WINDOWS\system32\flvvideo.dll
2008-08-23 22:15 . 2007-02-25 15:36 383,238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll
2008-08-23 21:57 . 2008-08-23 21:57 <REP> d-------- C:\tmpDownload
2008-08-23 21:54 . 2008-08-23 21:54 <REP> d-------- C:\tmp
2008-08-23 21:09 . 2008-08-23 21:10 <REP> d-------- C:\Program Files\MP3 Player Utilities 4.19
2008-08-23 19:25 . <REP> C:\Documents and Settings\Compaq_Propriétaire\Application Data\MP-Manager
2008-08-23 19:24 . 2008-08-23 19:24 <REP> d-------- C:\Program Files\MPMAN
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-20 09:51 8,056,864 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-20 09:49 2,707,749 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-09-20 09:48 95,396 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-19 11:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-09-17 11:25 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\U3
2008-09-11 09:04 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\SolidWorks
2008-09-06 15:40 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\skypePM
2008-09-06 15:40 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Skype
2008-09-06 08:04 --------- d-----w C:\Program Files\Java
2008-08-31 17:26 --------- d-----w C:\Program Files\Recognita Standard OCR 3.2
2008-08-18 09:19 --------- d-----w C:\Program Files\DivX
2008-08-18 09:17 --------- d-----w C:\Program Files\Winamp
2008-07-19 11:57 2,670,080 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-07-19 11:57 1,683,456 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-04-30 17:19 50,840 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
2008-03-05 20:28 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-20 19:06 15,397 ----a-w C:\Program Files\settings.dat
2006-03-05 17:56 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.PIM1"= pclepim1.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 11264]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 ppsio2;PPDevice;C:\WINDOWS\system32\drivers\ppsio2.sys [1999-04-02 22400]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S2 SolidWorks SolidNetWork License Manager;SolidWorks SolidNetWork License Manager;E:\SolidWorks 2005 SP0 crack (Ita-Eng-Fra)\Crack\lmgrd.exe [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{104d827d-77c2-11db-9429-0011d8b8c118}]
\Shell\1\Command - RunDll32.exe .\SysInfo2.Dll,MyFun
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RunDll32.exe .\SysInfo2.Dll,MyFun
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af5e9eb8-03c7-11dd-8c39-0011d8b8c118}]
\Shell\1\Command - RunDll32.exe .\SysInfo2.Dll,MyFun
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RunDll32.exe .\SysInfo2.Dll,MyFun
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cbab124a-712c-11dd-8d1d-0011d8b8c118}]
\Shell\Auto\command - cmd /C launch.bat
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-HDbpt5 - C:\WINDOWS\vhouv.exe
HKLM-Run-Media Gateway - C:\Program Files\Media Gateway\MediaGateway.exe
HKLM-Run-igmmu - c:\windows\system32\igmmu.exe
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-SearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
O8 -: &Search
O8 -: E&xporter vers Microsoft Excel
O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
O16 -: Yahoo! Checkers - hxxp://origin.games.yahoo.net/games/clients/y/kt4_x.cab
C:\WINDOWS\Downloaded Program Files\Yahoo! Checkers.osd
O16 -: {0E0D50BC-E086-4E3A-B07D-C5C5869C0FFF} - hxxp://real.gamehouse.com/games/adventureball/abx.cab
C:\WINDOWS\Downloaded Program Files\abx.inf
C:\WINDOWS\Downloaded Program Files\abx.ocx
O16 -: {288C5F13-7E52-4ADA-A32E-F5BF9D125B84} - hxxp://real.gamehouse.com/games/waterbugs/r64loader.cab
C:\WINDOWS\Downloaded Program Files\r64loader.inf
C:\WINDOWS\Downloaded Program Files\r64loader.dll
O16 -: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} - hxxp://real.gamehouse.com/games/trijinx/TriJinx.cab
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60.inf
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60.dll
O16 -: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}
O16 -: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} - hxxp://www.reservoirfilms.com/codecs/nsvplayx_vp6_mp3.cab
C:\WINDOWS\Downloaded Program Files\nsvplayx_vp6_mp3.inf
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-20 11:50:04
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\sessmgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\hp\KBD\kbd.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Heure de fin: 2008-09-20 11:54:51 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-09-20 09:54:43
Avant-CF: 133ÿ119ÿ307ÿ776 octets libres
Après-CF: 134,878,224,384 octets libres
458 --- E O F --- 2008-08-28 09:38:08
Bonjour Angeldark,
Angeldark a dit :
Le rapport Combofix demandé :
Citation :
ComboFix 08-09-19.09 - Compaq_Propri‚taire 2008-09-20 11:41:57.1 - NTFSx86Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.530 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Compaq_Propri‚taire\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Compaq_Propriétaire\Menu Démarrer\Programmes\WebMediaPlayer\WebMediaPlayer.lnk
C:\Documents and Settings\Compaq_Propriétaire\Menu Démarrer\Programmes\WebMediaPlayer\Website.lnk
C:\WA6P
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\music\mainmenumusic.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\areabomb.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\beetlezap.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\bonusrow.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\bonustimer.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\bucketfilled.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\clearpyramid.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\cleartriangle1a.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\cleartriangle1b.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\cleartriangle1c.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\cleartriangle2a.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\cleartriangle2b.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\cleartriangle2c.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\colorchain.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\dialogbox.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\drumbeat.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\fillrow.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\gateopen.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\helptip.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\powerup.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\rotateboardleft.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\timerup.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\warning.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\audio\sfx\warning2.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\artifacts-bb.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\bar.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\chamber0.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\chamber1.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\circledoor.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\full_screen_dialog.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\global-hs-bb_large.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\global-hs-bb_small.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\help-bb_large.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\help-bb_small.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\hexfield.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\hidden-artifact_icon.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\large_dialog.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\local-hs-bb.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\mainmenu.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\small_dialog.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\textfield.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\backgrounds\trifield.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\beetlehover1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\beetlehover2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\beetlehover3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\beetlehover4.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\beetleshock1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\beetleshock2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\beetleshock3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\beetleshock4.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\beetletatoo.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\dirt.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\scarabpost.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\scarabpostovr.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\beetles\tritop.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowdown_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowdown_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowdown_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowleft_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowleft_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowleft_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowright_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowright_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowright_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowup_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowup_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\arrowup_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\bluearrowleft_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\bluearrowleft_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\bluearrowleft_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\bluearrowright_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\bluearrowright_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\bluearrowright_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\checkdown.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\checkup.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\long_button_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\long_button_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\long_button_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\orange-button_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\orange-button_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\orange-button_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\rotleft_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\rotleft_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\rotleft_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\rotright_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\rotright_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\rotright_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\simplebutton_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\simplebutton_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\simplebutton_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\sliderknob.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\sliderknobover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\sliderrail.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\buttons\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\characters\anwar\look\pl0001.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\characters\anwar\look\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\characters\bast\look\bl0001.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\characters\bast\look\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\characters\kristine\look\kl0001.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\characters\kristine\look\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\crackedstopper.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\cursor.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\doorlights.txt
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\fonts\jackarmstrong.mvec
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\fonts\lithos.mvec
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\greybomb.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\helptips\arrowkeys.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\helptips\helptip.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\helptips\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\levels\levels.dat
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\models\disk.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\models\equilateraltriangle.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\models\flattri.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\models\pyramid.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\models\quad.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\models\rotatingpyramid.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\models\scarabpanel.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\p1icon.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\scenes\page1-0.xml
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\scenes\page1-1.xml
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\scenes\panel1-0-1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\scenes\panel1-1-1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\scenes\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\scorecloud.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\setup.xml
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\areashockwave.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\bolt_1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\bolt_2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\bolt_3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\bolt_4.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\bolt_starter.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\bolt_tail.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\flash.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\rubble.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\smoke.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\smoke2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\smoke3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\sfx\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\splash\aol_logo.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\splash\playfirst_logo.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\splash\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\statues\statue0\snake_dirty.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\statues\statue0\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\statues\statue1\arm01_dirty.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\statues\statue1\mask01_1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\statues\statue1\statue01_dirty.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\statues\statue1\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\stopper.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\timer.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\timerglow.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\timericon.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\tm.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mouseblue1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mouseblue2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mouseblue3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mousegreen1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mousegreen2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mousegreen3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mousered1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mousered2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mousered3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mouseyellow1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mouseyellow2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\mouseyellow3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\trails\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\areabomb.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\areabombrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\blue.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\bluerollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\boardfill.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\brick.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\brick1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\brick2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\brick3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\bricktip.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\clearanim\cleared1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\clearanim\cleared2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\clearanim\cleared3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\clearanim\cleared4.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\clearanim\cleared5.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\clearanim\cleared6.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\clearanim\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\eye1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\eye2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\eye3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\eye4.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\green.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\greenrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\plain_tri-blue.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\plain_tri-bluerollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\plain_tri-green.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\plain_tri-greenrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\plain_tri-red.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\plain_tri-redrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\plain_tri-yellow.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\plain_tri-yellowrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\red.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\redrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\wild.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\wildrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\yellow.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\triangles\yellowrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\upsell\image0.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\upsell\image1.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\upsell\image2.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\upsell\image3.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\upsell\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\bluebucket.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\buckettriangle.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\chainlink.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\chaintip.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\genericbucket.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\greenbucket.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\redbucket.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\smallblue.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\smallgreen.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\smallred.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\smallyellow.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\Thumbs.db
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\urnglow.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\urnplatform.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\urns\yellowbucket.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\assets\warning.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\error.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\game.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\gameover.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\hiscore.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\hiscoreinfo.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\hiscoresubmit.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\instructions.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\leveldesign.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\levelover.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\mainarcade.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\mainconfirm.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\maincontinue.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\maingames.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\mainpuzzle.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\maphelptip.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\options.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\pause.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\quitconfirm.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\start.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\storyplayer.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\style.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\screens\upsell.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\strings.xml
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60\TriJinx.exe
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\igmmu.dat
C:\WINDOWS\system32\igmmu.exe
C:\WINDOWS\system32\igmmu_navps.dat
C:\WINDOWS\system32\rtl60.bpl
C:\WINDOWS\system32\sjnltqe_navtmp.dat
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FOPN
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-20 au 2008-09-20 ))))))))))))))))))))))))))))))))))))
.
2008-09-07 15:01 . 2005-03-31 02:50 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EB85C523610\WINDOWS
2008-09-07 15:01 . 2004-11-24 03:37 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EB85C523610\Voisinage r‚seau
2008-09-07 15:01 . 2004-11-24 03:37 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EB85C523610\Voisinage d'impression
2008-09-07 15:01 . 2005-10-19 03:52 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EB85C523610\ModŠles
2008-09-07 15:01 . 2004-11-25 05:26 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EB85C523610\Mes documents
2008-09-07 15:01 . 2004-11-25 05:26 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EB85C523610\Menu D‚marrer
2008-09-07 15:01 . 2005-10-18 19:01 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EB85C523610\Favoris
2008-09-07 15:01 . 2005-03-31 02:55 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EB85C523610\Bureau
2008-09-07 15:01 . 2005-03-31 03:07 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EB85C523610\Application Data\Symantec
2008-09-07 15:01 . 2005-03-31 03:00 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EB85C523610\Application Data\SampleView
2008-09-07 15:01 . 2005-03-31 02:49 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EB85C523610\Application Data\Apple Computer
2008-09-07 15:01 . 2008-09-07 15:01 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-EB85C523610
2008-09-07 14:45 . 2008-09-07 14:45 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-07 14:45 . <REP> C:\Documents and Settings\Compaq_Propriétaire\Application Data\Malwarebytes
2008-09-07 14:45 . 2008-09-07 14:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-07 14:45 . 2008-09-02 00:26 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-07 14:45 . 2008-09-02 00:25 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-07 14:12 . 2008-09-07 14:12 <REP> d-------- C:\Program Files\Trend Micro
2008-09-06 12:26 . 2008-09-06 12:51 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-06 12:23 . 2008-09-06 12:25 <REP> d-------- C:\Documents and Settings\Administrateur\ModŠles
2008-09-06 12:23 . 2008-09-06 12:25 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-09-06 12:23 . 2008-09-06 12:25 <REP> d---s---- C:\Documents and Settings\Administrateur
2008-09-06 12:11 . 2008-09-06 12:11 <REP> d-------- C:\WINDOWS\l2schemas
2008-08-31 19:34 . 2008-08-31 19:34 0 --a------ C:\WINDOWS\hpqEmlSz.INI
2008-08-23 22:15 . 2008-08-23 22:15 <REP> d-------- C:\Program Files\Smallvideosoft
2008-08-23 22:15 . 2007-03-07 00:45 3,086,336 --a------ C:\WINDOWS\system32\NCMedia.dll
2008-08-23 22:15 . 2008-08-28 19:51 3,086,336 --a------ C:\WINDOWS\system32\flvvideo.dll
2008-08-23 22:15 . 2007-02-25 15:36 383,238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll
2008-08-23 21:57 . 2008-08-23 21:57 <REP> d-------- C:\tmpDownload
2008-08-23 21:54 . 2008-08-23 21:54 <REP> d-------- C:\tmp
2008-08-23 21:09 . 2008-08-23 21:10 <REP> d-------- C:\Program Files\MP3 Player Utilities 4.19
2008-08-23 19:25 . <REP> C:\Documents and Settings\Compaq_Propriétaire\Application Data\MP-Manager
2008-08-23 19:24 . 2008-08-23 19:24 <REP> d-------- C:\Program Files\MPMAN
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-20 09:51 8,056,864 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-20 09:49 2,707,749 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-09-20 09:48 95,396 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-19 11:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-09-17 11:25 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\U3
2008-09-11 09:04 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\SolidWorks
2008-09-06 15:40 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\skypePM
2008-09-06 15:40 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Skype
2008-09-06 08:04 --------- d-----w C:\Program Files\Java
2008-08-31 17:26 --------- d-----w C:\Program Files\Recognita Standard OCR 3.2
2008-08-18 09:19 --------- d-----w C:\Program Files\DivX
2008-08-18 09:17 --------- d-----w C:\Program Files\Winamp
2008-07-19 11:57 2,670,080 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-07-19 11:57 1,683,456 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-04-30 17:19 50,840 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
2008-03-05 20:28 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-20 19:06 15,397 ----a-w C:\Program Files\settings.dat
2006-03-05 17:56 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.PIM1"= pclepim1.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 11264]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 ppsio2;PPDevice;C:\WINDOWS\system32\drivers\ppsio2.sys [1999-04-02 22400]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S2 SolidWorks SolidNetWork License Manager;SolidWorks SolidNetWork License Manager;E:\SolidWorks 2005 SP0 crack (Ita-Eng-Fra)\Crack\lmgrd.exe [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{104d827d-77c2-11db-9429-0011d8b8c118}]
\Shell\1\Command - RunDll32.exe .\SysInfo2.Dll,MyFun
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RunDll32.exe .\SysInfo2.Dll,MyFun
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af5e9eb8-03c7-11dd-8c39-0011d8b8c118}]
\Shell\1\Command - RunDll32.exe .\SysInfo2.Dll,MyFun
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RunDll32.exe .\SysInfo2.Dll,MyFun
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cbab124a-712c-11dd-8d1d-0011d8b8c118}]
\Shell\Auto\command - cmd /C launch.bat
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-HDbpt5 - C:\WINDOWS\vhouv.exe
HKLM-Run-Media Gateway - C:\Program Files\Media Gateway\MediaGateway.exe
HKLM-Run-igmmu - c:\windows\system32\igmmu.exe
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-SearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
O8 -: &Search
O8 -: E&xporter vers Microsoft Excel
O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
O16 -: Yahoo! Checkers - hxxp://origin.games.yahoo.net/games/clients/y/kt4_x.cab
C:\WINDOWS\Downloaded Program Files\Yahoo! Checkers.osd
O16 -: {0E0D50BC-E086-4E3A-B07D-C5C5869C0FFF} - hxxp://real.gamehouse.com/games/adventureball/abx.cab
C:\WINDOWS\Downloaded Program Files\abx.inf
C:\WINDOWS\Downloaded Program Files\abx.ocx
O16 -: {288C5F13-7E52-4ADA-A32E-F5BF9D125B84} - hxxp://real.gamehouse.com/games/waterbugs/r64loader.cab
C:\WINDOWS\Downloaded Program Files\r64loader.inf
C:\WINDOWS\Downloaded Program Files\r64loader.dll
O16 -: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} - hxxp://real.gamehouse.com/games/trijinx/TriJinx.cab
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60.inf
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.60.dll
O16 -: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}
O16 -: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} - hxxp://www.reservoirfilms.com/codecs/nsvplayx_vp6_mp3.cab
C:\WINDOWS\Downloaded Program Files\nsvplayx_vp6_mp3.inf
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-20 11:50:04
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\sessmgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\hp\KBD\kbd.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Heure de fin: 2008-09-20 11:54:51 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-09-20 09:54:43
Avant-CF: 133ÿ119ÿ307ÿ776 octets libres
Après-CF: 134,878,224,384 octets libres
458 --- E O F --- 2008-08-28 09:38:08
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumBloquer les fenêtres publicitaires
- ForumFenêtres publicitaires qui s'ouvrent
- ForumComment arrêter les fenêtres publicitaires
- ForumFenêtres publicitaires
- ForumBloquer les fenêtres publicitaires sur firefox
- ForumOuverture intempestive de fenêtres publicitaires
- ForumBloqueur de fenêtres publicitaires
- ForumComment bloquer les fenêtres publicitaires
- ForumDes fenêtres publicitaires s'ouvrent
- ForumFenêtres intempestives internet explorer
- Voir plus
