Virus qui ne veut pas se supprimer
Dernière réponse : dans Sécurité
Bonjour ! Depuis quelque jour j'ai un adware sur mon ordinateur ! J ai fai une analyse anti virus ac Advast et a-squared Anti-Malware mais il me signale rien de speciale ! pourtan a chaque fois que j allume mon PC avast se met en alerte ! J ai bo faire supprimer le virus sa ne marche pas ... ! Le virus me blok le fon d ecran ; ralenti mon PC , ... Je ne c'est pas trop quoi faire surtout que je sui un noob dc svp aidez moi
Autres pages sur : virus veut supprimer
Lassé par la pub ? Créez un compte
Emplacement du virus = C:\...
Merci de me donner la suite![:)]( ":)")
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Merci de me donner la suite
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Le Virus Est Dans :
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv3.tmp\euladlg.dll
Et le Rappor de hijackthis est :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:57:36, on 01/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qk...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {61166EBE-A296-4894-AE84-D9C18AEDA553} - C:\WINDOWS\system32\byXoomnL.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {E2039728-7F91-4EF5-B084-FACACBFAC017} - (no file)
O2 - BHO: (no name) - {ECAD7F43-31EB-4E49-8158-F33F829B3611} - C:\WINDOWS\system32\jkkJayYs.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [inrhc7l7j0er1g] C:\Documents and Settings\Administrateur\Local Settings\Temp\.tt1E.tmp.exe /CR=32BDDFA41AB960FB7FD33779695D38B44FE8E0ABF7E426138FBD9C73D1FB4928D8156548F93C086CF6964208984A019511D6B363DCA3AA6FA532F829F3CF6981FFCBA0F6A0781758A7391A16384442F071
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BMa33e3e73] Rundll32.exe "C:\WINDOWS\system32\eaaqqdku.dll",s
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [xoztqweao] c:\windows\system32\xoztqweao.exe xoztqweao
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S53.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [epaykz] c:\windows\system32\epaykz.exe epaykz
O4 - HKCU\..\Run: [bhckdww] c:\windows\system32\bhckdww.exe bhckdww
O4 - HKCU\..\Run: [actcmjp] c:\windows\system32\actcmjp.exe actcmjp
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
O4 - HKCU\..\Run: [sjtluerqt] c:\documents and settings\administrateur\local settings\application data\sjtluerqt.exe sjtluerqt
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O20 - Winlogon Notify: byXoomnL - byXoomnL.dll (file missing)
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 13001 bytes
Merci BCP de ton AIde !!
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv3.tmp\euladlg.dll
Et le Rappor de hijackthis est :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:57:36, on 01/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qk...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {61166EBE-A296-4894-AE84-D9C18AEDA553} - C:\WINDOWS\system32\byXoomnL.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {E2039728-7F91-4EF5-B084-FACACBFAC017} - (no file)
O2 - BHO: (no name) - {ECAD7F43-31EB-4E49-8158-F33F829B3611} - C:\WINDOWS\system32\jkkJayYs.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [inrhc7l7j0er1g] C:\Documents and Settings\Administrateur\Local Settings\Temp\.tt1E.tmp.exe /CR=32BDDFA41AB960FB7FD33779695D38B44FE8E0ABF7E426138FBD9C73D1FB4928D8156548F93C086CF6964208984A019511D6B363DCA3AA6FA532F829F3CF6981FFCBA0F6A0781758A7391A16384442F071
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BMa33e3e73] Rundll32.exe "C:\WINDOWS\system32\eaaqqdku.dll",s
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [xoztqweao] c:\windows\system32\xoztqweao.exe xoztqweao
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S53.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [epaykz] c:\windows\system32\epaykz.exe epaykz
O4 - HKCU\..\Run: [bhckdww] c:\windows\system32\bhckdww.exe bhckdww
O4 - HKCU\..\Run: [actcmjp] c:\windows\system32\actcmjp.exe actcmjp
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
O4 - HKCU\..\Run: [sjtluerqt] c:\documents and settings\administrateur\local settings\application data\sjtluerqt.exe sjtluerqt
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O20 - Winlogon Notify: byXoomnL - byXoomnL.dll (file missing)
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 13001 bytes
Merci BCP de ton AIde !!
Re,
[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Re , Encore merci de ton aide ! le rapport c est :
ComboFix 08-10-01.06 - Administrateur 2008-10-02 19:03:41.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.303 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrateur\Cookies\administrateur@clickintext[2].txt
C:\Documents and Settings\Administrateur\Local Settings\Application Data\sjtluerqt.dat
C:\Documents and Settings\Administrateur\Local Settings\Application Data\SJTLUERQT.EXE
C:\Documents and Settings\Administrateur\Local Settings\Application Data\sjtluerqt_nav.dat
C:\Documents and Settings\Administrateur\Local Settings\Application Data\sjtluerqt_navps.dat
C:\Documents and Settings\Administrateur\Local Settings\Application Data\yyiumco.dat
C:\Documents and Settings\Administrateur\Local Settings\Application Data\yyiumco.exe
C:\Documents and Settings\Administrateur\Local Settings\Application Data\yyiumco_nav.dat
C:\Documents and Settings\Administrateur\Local Settings\Application Data\yyiumco_navps.dat
C:\Program Files\winvi
C:\Program Files\winvi\dsktp\AC_RunActiveContent.js
C:\Program Files\winvi\dsktp\desktop.html
C:\Program Files\winvi\dsktp\internetDetection.swf
C:\Program Files\winvi\dsktp\settings.sol
C:\Program Files\winvi\version.ini
C:\Program Files\winvi\WUPDA.EXE
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\BMa33e3e73.txt
C:\WINDOWS\BMa33e3e73.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
c:\WINDOWS\system32\actcmjp.dat
C:\WINDOWS\system32\actcmjp_nav.dat
C:\WINDOWS\system32\actcmjp_navps.dat
C:\WINDOWS\system32\bhckdww.dat
C:\WINDOWS\system32\bhckdww_nav.dat
c:\WINDOWS\system32\bhckdww_navps.dat
C:\WINDOWS\system32\epaykz.dat
c:\WINDOWS\system32\epaykz_nav.dat
c:\WINDOWS\system32\epaykz_navps.dat
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\phc3l7j0er1g.bmp
C:\WINDOWS\system32\ryiehr.dat
C:\WINDOWS\system32\RYIEHR.EXE
C:\WINDOWS\system32\ryiehr_nav.dat
C:\WINDOWS\system32\ryiehr_navps.dat
C:\WINDOWS\system32\xoztqweao.dat
C:\WINDOWS\system32\xoztqweao_nav.dat
c:\WINDOWS\system32\xoztqweao_navps.dat
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MCHINJDRV
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-02 au 2008-10-02 ))))))))))))))))))))))))))))))))))))
.
2008-09-30 19:58 . 2008-09-30 19:58 <REP> d-------- C:\Program Files\Lavasoft
2008-09-30 19:57 . 2008-09-30 19:57 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-09-29 15:26 . 2008-09-29 18:32 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2008-09-29 14:06 . 2008-09-29 14:06 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-09-28 15:57 . 2008-09-28 15:57 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2008-09-28 09:14 . 2005-06-21 17:49 62,454 --a------ C:\WINDOWS\system32\igfx.hlp
2008-09-27 16:53 . 2008-09-27 16:58 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2008-09-27 16:31 . 2008-06-24 13:45 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-09-25 21:24 . 2008-09-25 21:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Nero
2008-09-25 21:19 . 2008-09-27 16:34 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-09-25 21:19 . 2008-09-27 16:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-09-25 18:53 . 2008-09-25 18:54 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InfraRecorder
2008-09-24 22:05 . 2008-09-26 20:36 <REP> d-------- C:\Program Files\AskTBar
2008-09-24 18:45 . 2006-12-28 13:39 176,128 --------- C:\WINDOWS\system32\BroSNMP.dll
2008-09-24 18:45 . 2007-01-18 13:51 163,840 --------- C:\WINDOWS\system32\NSSearch.dll
2008-09-24 18:45 . 2007-01-25 17:16 94,208 -r------- C:\WINDOWS\system32\BrDctF2.dll
2008-09-24 18:45 . 2007-01-15 21:54 12,288 -r------- C:\WINDOWS\system32\BrDctF2S.dll
2008-09-24 18:45 . 2007-01-15 16:09 12,288 -r------- C:\WINDOWS\system32\BrDctF2L.dll
2008-09-24 18:45 . 2001-11-15 01:00 6,224 --------- C:\WINDOWS\CVRPAGE.bmp
2008-09-24 18:44 . 2008-09-24 18:44 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InstallShield
2008-09-24 15:55 . 2008-09-24 15:55 <REP> dr------- C:\Documents and Settings\Administrateur\Application Data\Brother
2008-09-24 15:14 . 2008-09-24 15:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ScanSoft
2008-09-24 14:28 . 2008-09-24 18:49 434 --a------ C:\WINDOWS\BRWMARK.INI
2008-09-24 14:28 . 2008-09-24 18:49 27 --a------ C:\WINDOWS\BRPP2KA.INI
2008-09-24 14:27 . 2008-09-24 18:46 50 --a------ C:\WINDOWS\system32\bridf07a.dat
2008-09-24 14:26 . 2007-01-26 16:14 57,856 --a------ C:\WINDOWS\system32\brinsstr.dll
2008-09-24 14:25 . 2008-09-24 18:46 <REP> d-------- C:\Program Files\Brother
2008-09-24 14:25 . 2007-02-15 13:54 131,072 --------- C:\WINDOWS\brunin03.dll
2008-09-24 14:23 . 2008-09-24 14:23 <REP> d-------- C:\Program Files\Nuance
2008-09-24 14:23 . 2008-09-24 14:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-09-24 14:23 . 2006-10-24 15:35 31,831 --a------ C:\WINDOWS\maxlink.ini
2008-09-24 14:22 . 2008-09-24 14:22 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
2008-09-24 14:22 . 2008-09-24 15:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-09-24 14:21 . 2008-09-24 14:21 <REP> d-------- C:\Program Files\ScanSoft
2008-09-24 14:20 . 2008-09-24 14:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Brother
2008-09-16 15:54 . 2008-09-16 16:16 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-13 19:50 . 2008-09-13 19:57 <REP> d-------- C:\Program Files\Dictionnaire
2008-09-13 16:11 . 2008-09-13 16:11 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\EPSON
2008-09-13 16:07 . 2008-09-13 16:07 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-09-13 15:53 . 2008-09-13 15:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2008-09-13 15:53 . 2006-12-08 04:04 76,800 --a------ C:\WINDOWS\system32\E_FLBCAE.DLL
2008-09-13 15:53 . 2006-04-19 04:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BCAE.DLL
2008-09-13 15:53 . 2004-09-10 22:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2008-09-13 10:50 . 2008-09-16 16:48 <REP> d-------- C:\Program Files\epson
2008-09-13 10:50 . 2008-09-13 10:50 27 --a------ C:\WINDOWS\CDE DX4400DEFGIPS.ini
2008-09-12 15:19 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-09-12 15:19 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-09-12 15:18 . 2001-08-23 17:47 99,840 --a------ C:\WINDOWS\system32\srusd.dll
2008-09-12 15:18 . 2001-08-23 17:47 99,840 --a--c--- C:\WINDOWS\system32\dllcache\srusd.dll
2008-09-12 15:18 . 2001-08-23 17:47 72,192 --a------ C:\WINDOWS\system32\fnfilter.dll
2008-09-12 15:18 . 2001-08-23 17:47 72,192 --a--c--- C:\WINDOWS\system32\dllcache\fnfilter.dll
2008-09-12 15:18 . 2001-08-23 17:20 6,912 --a------ C:\WINDOWS\system32\drivers\serscan.sys
2008-09-12 15:18 . 2001-08-23 17:20 6,912 --a--c--- C:\WINDOWS\system32\dllcache\serscan.sys
2008-09-04 21:02 . 2008-09-04 21:02 268 --ah----- C:\sqmdata10.sqm
2008-09-04 21:02 . 2008-09-04 21:02 244 --ah----- C:\sqmnoopt09.sqm
2008-09-04 16:20 . 2008-09-30 20:34 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-09-04 14:33 . 2008-09-28 10:09 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Ahead
2008-09-04 14:32 . 2008-09-04 14:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-09-04 14:28 . 2008-09-25 21:19 <REP> d-------- C:\Program Files\Nero
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-02 17:11 --------- d-----w C:\Program Files\Wanadoo
2008-10-02 17:11 --------- d-----w C:\Program Files\SPAMfighter
2008-10-02 10:52 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-09-30 17:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-30 14:57 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org2
2008-09-28 12:21 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\LimeWire
2008-09-25 17:48 --------- d-----w C:\Program Files\Yahoo!
2008-09-25 17:47 --------- d--h--r C:\Documents and Settings\All Users\Application Data\yahoo!
2008-09-24 16:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-24 12:22 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-09-05 18:09 --------- d-----w C:\Program Files\McDonaldsDragons
2008-08-21 14:36 --------- d-----w C:\Program Files\LimeWire
2008-08-16 17:23 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-12 09:37 --------- d-----w C:\Program Files\ABBYY FineReader 6.0
2008-08-09 07:58 --------- d-----w C:\Program Files\Java
2008-08-05 19:41 921,632 ----a-w C:\PA7311.DAT
2008-08-03 09:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-08-03 09:04 --------- d-----w C:\Program Files\Ulead Systems
2008-08-03 09:02 --------- d-----w C:\Program Files\Samsung
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-05-13 11:24 513,951 --sha-w C:\WINDOWS\system32\rBcbLRqr.ini2
2008-05-19 20:26 659,372 --sha-w C:\WINDOWS\system32\sYyaJkkj.ini2
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-08-02 15360]
"EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPort11reminder"="C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 126976]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-07-14 321160]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"DrvLsnr"="C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-07-31 2131600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-08-02 15360]
"DWQueuedReporting"="c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=NVDESK32.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YUY2"= wb9967.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm
"msacm.divxa32"= divxa32.acm
"VIDC.WJPG"= wb9967.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 W9967CAM;%W9967CAM.Dev%;C:\WINDOWS\system32\DRIVERS\W9967STI.SYS [2001-10-30 10256]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 SPAMfighter Update Service;SPAMfighter Update Service;C:\Program Files\SPAMfighter\sfus.exe [2008-07-14 184968]
R3 PAC7311;PLEOMAX PWC-2000;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-09-16 150272]
S3 FileObjInfo;STFileDriver;C:\Documents and Settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys [ ]
S3 USBW9967;SAMSUNG DIGITAL CAMCORDER D5 II;C:\WINDOWS\system32\DRIVERS\2kw9967.sys [2002-07-03 113330]
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -
URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
BHO-{E2039728-7F91-4EF5-B084-FACACBFAC017} - (no file)
BHO-{ECAD7F43-31EB-4E49-8158-F33F829B3611} - C:\WINDOWS\system32\jkkJayYs.dll
HKCU-Run-yyiumco - c:\documents and settings\administrateur\local settings\application data\yyiumco.exe
HKLM-Run-inrhc7l7j0er1g - C:\Documents and Settings\Administrateur\Local Settings\Temp\.tt1E.tmp.exe
HKLM-Run-BMa33e3e73 - C:\WINDOWS\system32\eaaqqdku.dll
HKLM-Run-NBKeyScan - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
Notify-byXoomnL - byXoomnL.dll
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fqc8uv7u.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-02 19:08:51
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
C:\WINDOWS\system32\FTRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\WINDOWS\system32\PAStiSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ALERTM~1\ALERTM~1.EXE
.
**************************************************************************
.
Heure de fin: 2008-10-02 19:15:45 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-02 17:15:34
Avant-CF: 2ÿ914ÿ062ÿ336 octets libres
Après-CF: 6,227,181,568 octets libres
270 --- E O F --- 2008-10-01 19:05:56
A+
ComboFix 08-10-01.06 - Administrateur 2008-10-02 19:03:41.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.303 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrateur\Cookies\administrateur@clickintext[2].txt
C:\Documents and Settings\Administrateur\Local Settings\Application Data\sjtluerqt.dat
C:\Documents and Settings\Administrateur\Local Settings\Application Data\SJTLUERQT.EXE
C:\Documents and Settings\Administrateur\Local Settings\Application Data\sjtluerqt_nav.dat
C:\Documents and Settings\Administrateur\Local Settings\Application Data\sjtluerqt_navps.dat
C:\Documents and Settings\Administrateur\Local Settings\Application Data\yyiumco.dat
C:\Documents and Settings\Administrateur\Local Settings\Application Data\yyiumco.exe
C:\Documents and Settings\Administrateur\Local Settings\Application Data\yyiumco_nav.dat
C:\Documents and Settings\Administrateur\Local Settings\Application Data\yyiumco_navps.dat
C:\Program Files\winvi
C:\Program Files\winvi\dsktp\AC_RunActiveContent.js
C:\Program Files\winvi\dsktp\desktop.html
C:\Program Files\winvi\dsktp\internetDetection.swf
C:\Program Files\winvi\dsktp\settings.sol
C:\Program Files\winvi\version.ini
C:\Program Files\winvi\WUPDA.EXE
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\BMa33e3e73.txt
C:\WINDOWS\BMa33e3e73.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
c:\WINDOWS\system32\actcmjp.dat
C:\WINDOWS\system32\actcmjp_nav.dat
C:\WINDOWS\system32\actcmjp_navps.dat
C:\WINDOWS\system32\bhckdww.dat
C:\WINDOWS\system32\bhckdww_nav.dat
c:\WINDOWS\system32\bhckdww_navps.dat
C:\WINDOWS\system32\epaykz.dat
c:\WINDOWS\system32\epaykz_nav.dat
c:\WINDOWS\system32\epaykz_navps.dat
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\phc3l7j0er1g.bmp
C:\WINDOWS\system32\ryiehr.dat
C:\WINDOWS\system32\RYIEHR.EXE
C:\WINDOWS\system32\ryiehr_nav.dat
C:\WINDOWS\system32\ryiehr_navps.dat
C:\WINDOWS\system32\xoztqweao.dat
C:\WINDOWS\system32\xoztqweao_nav.dat
c:\WINDOWS\system32\xoztqweao_navps.dat
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MCHINJDRV
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-02 au 2008-10-02 ))))))))))))))))))))))))))))))))))))
.
2008-09-30 19:58 . 2008-09-30 19:58 <REP> d-------- C:\Program Files\Lavasoft
2008-09-30 19:57 . 2008-09-30 19:57 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-09-29 15:26 . 2008-09-29 18:32 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2008-09-29 14:06 . 2008-09-29 14:06 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-09-28 15:57 . 2008-09-28 15:57 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2008-09-28 09:14 . 2005-06-21 17:49 62,454 --a------ C:\WINDOWS\system32\igfx.hlp
2008-09-27 16:53 . 2008-09-27 16:58 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2008-09-27 16:31 . 2008-06-24 13:45 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-09-25 21:24 . 2008-09-25 21:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Nero
2008-09-25 21:19 . 2008-09-27 16:34 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-09-25 21:19 . 2008-09-27 16:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-09-25 18:53 . 2008-09-25 18:54 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InfraRecorder
2008-09-24 22:05 . 2008-09-26 20:36 <REP> d-------- C:\Program Files\AskTBar
2008-09-24 18:45 . 2006-12-28 13:39 176,128 --------- C:\WINDOWS\system32\BroSNMP.dll
2008-09-24 18:45 . 2007-01-18 13:51 163,840 --------- C:\WINDOWS\system32\NSSearch.dll
2008-09-24 18:45 . 2007-01-25 17:16 94,208 -r------- C:\WINDOWS\system32\BrDctF2.dll
2008-09-24 18:45 . 2007-01-15 21:54 12,288 -r------- C:\WINDOWS\system32\BrDctF2S.dll
2008-09-24 18:45 . 2007-01-15 16:09 12,288 -r------- C:\WINDOWS\system32\BrDctF2L.dll
2008-09-24 18:45 . 2001-11-15 01:00 6,224 --------- C:\WINDOWS\CVRPAGE.bmp
2008-09-24 18:44 . 2008-09-24 18:44 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InstallShield
2008-09-24 15:55 . 2008-09-24 15:55 <REP> dr------- C:\Documents and Settings\Administrateur\Application Data\Brother
2008-09-24 15:14 . 2008-09-24 15:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ScanSoft
2008-09-24 14:28 . 2008-09-24 18:49 434 --a------ C:\WINDOWS\BRWMARK.INI
2008-09-24 14:28 . 2008-09-24 18:49 27 --a------ C:\WINDOWS\BRPP2KA.INI
2008-09-24 14:27 . 2008-09-24 18:46 50 --a------ C:\WINDOWS\system32\bridf07a.dat
2008-09-24 14:26 . 2007-01-26 16:14 57,856 --a------ C:\WINDOWS\system32\brinsstr.dll
2008-09-24 14:25 . 2008-09-24 18:46 <REP> d-------- C:\Program Files\Brother
2008-09-24 14:25 . 2007-02-15 13:54 131,072 --------- C:\WINDOWS\brunin03.dll
2008-09-24 14:23 . 2008-09-24 14:23 <REP> d-------- C:\Program Files\Nuance
2008-09-24 14:23 . 2008-09-24 14:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-09-24 14:23 . 2006-10-24 15:35 31,831 --a------ C:\WINDOWS\maxlink.ini
2008-09-24 14:22 . 2008-09-24 14:22 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
2008-09-24 14:22 . 2008-09-24 15:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-09-24 14:21 . 2008-09-24 14:21 <REP> d-------- C:\Program Files\ScanSoft
2008-09-24 14:20 . 2008-09-24 14:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Brother
2008-09-16 15:54 . 2008-09-16 16:16 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-13 19:50 . 2008-09-13 19:57 <REP> d-------- C:\Program Files\Dictionnaire
2008-09-13 16:11 . 2008-09-13 16:11 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\EPSON
2008-09-13 16:07 . 2008-09-13 16:07 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-09-13 15:53 . 2008-09-13 15:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2008-09-13 15:53 . 2006-12-08 04:04 76,800 --a------ C:\WINDOWS\system32\E_FLBCAE.DLL
2008-09-13 15:53 . 2006-04-19 04:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BCAE.DLL
2008-09-13 15:53 . 2004-09-10 22:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2008-09-13 10:50 . 2008-09-16 16:48 <REP> d-------- C:\Program Files\epson
2008-09-13 10:50 . 2008-09-13 10:50 27 --a------ C:\WINDOWS\CDE DX4400DEFGIPS.ini
2008-09-12 15:19 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-09-12 15:19 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-09-12 15:18 . 2001-08-23 17:47 99,840 --a------ C:\WINDOWS\system32\srusd.dll
2008-09-12 15:18 . 2001-08-23 17:47 99,840 --a--c--- C:\WINDOWS\system32\dllcache\srusd.dll
2008-09-12 15:18 . 2001-08-23 17:47 72,192 --a------ C:\WINDOWS\system32\fnfilter.dll
2008-09-12 15:18 . 2001-08-23 17:47 72,192 --a--c--- C:\WINDOWS\system32\dllcache\fnfilter.dll
2008-09-12 15:18 . 2001-08-23 17:20 6,912 --a------ C:\WINDOWS\system32\drivers\serscan.sys
2008-09-12 15:18 . 2001-08-23 17:20 6,912 --a--c--- C:\WINDOWS\system32\dllcache\serscan.sys
2008-09-04 21:02 . 2008-09-04 21:02 268 --ah----- C:\sqmdata10.sqm
2008-09-04 21:02 . 2008-09-04 21:02 244 --ah----- C:\sqmnoopt09.sqm
2008-09-04 16:20 . 2008-09-30 20:34 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-09-04 14:33 . 2008-09-28 10:09 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Ahead
2008-09-04 14:32 . 2008-09-04 14:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-09-04 14:28 . 2008-09-25 21:19 <REP> d-------- C:\Program Files\Nero
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-02 17:11 --------- d-----w C:\Program Files\Wanadoo
2008-10-02 17:11 --------- d-----w C:\Program Files\SPAMfighter
2008-10-02 10:52 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-09-30 17:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-30 14:57 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org2
2008-09-28 12:21 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\LimeWire
2008-09-25 17:48 --------- d-----w C:\Program Files\Yahoo!
2008-09-25 17:47 --------- d--h--r C:\Documents and Settings\All Users\Application Data\yahoo!
2008-09-24 16:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-24 12:22 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-09-05 18:09 --------- d-----w C:\Program Files\McDonaldsDragons
2008-08-21 14:36 --------- d-----w C:\Program Files\LimeWire
2008-08-16 17:23 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-12 09:37 --------- d-----w C:\Program Files\ABBYY FineReader 6.0
2008-08-09 07:58 --------- d-----w C:\Program Files\Java
2008-08-05 19:41 921,632 ----a-w C:\PA7311.DAT
2008-08-03 09:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-08-03 09:04 --------- d-----w C:\Program Files\Ulead Systems
2008-08-03 09:02 --------- d-----w C:\Program Files\Samsung
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-05-13 11:24 513,951 --sha-w C:\WINDOWS\system32\rBcbLRqr.ini2
2008-05-19 20:26 659,372 --sha-w C:\WINDOWS\system32\sYyaJkkj.ini2
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-08-02 15360]
"EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPort11reminder"="C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 126976]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-07-14 321160]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"DrvLsnr"="C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-07-31 2131600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-08-02 15360]
"DWQueuedReporting"="c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=NVDESK32.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YUY2"= wb9967.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm
"msacm.divxa32"= divxa32.acm
"VIDC.WJPG"= wb9967.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 W9967CAM;%W9967CAM.Dev%;C:\WINDOWS\system32\DRIVERS\W9967STI.SYS [2001-10-30 10256]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 SPAMfighter Update Service;SPAMfighter Update Service;C:\Program Files\SPAMfighter\sfus.exe [2008-07-14 184968]
R3 PAC7311;PLEOMAX PWC-2000;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-09-16 150272]
S3 FileObjInfo;STFileDriver;C:\Documents and Settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys [ ]
S3 USBW9967;SAMSUNG DIGITAL CAMCORDER D5 II;C:\WINDOWS\system32\DRIVERS\2kw9967.sys [2002-07-03 113330]
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -
URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
BHO-{E2039728-7F91-4EF5-B084-FACACBFAC017} - (no file)
BHO-{ECAD7F43-31EB-4E49-8158-F33F829B3611} - C:\WINDOWS\system32\jkkJayYs.dll
HKCU-Run-yyiumco - c:\documents and settings\administrateur\local settings\application data\yyiumco.exe
HKLM-Run-inrhc7l7j0er1g - C:\Documents and Settings\Administrateur\Local Settings\Temp\.tt1E.tmp.exe
HKLM-Run-BMa33e3e73 - C:\WINDOWS\system32\eaaqqdku.dll
HKLM-Run-NBKeyScan - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
Notify-byXoomnL - byXoomnL.dll
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fqc8uv7u.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-02 19:08:51
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
C:\WINDOWS\system32\FTRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\WINDOWS\system32\PAStiSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ALERTM~1\ALERTM~1.EXE
.
**************************************************************************
.
Heure de fin: 2008-10-02 19:15:45 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-02 17:15:34
Avant-CF: 2ÿ914ÿ062ÿ336 octets libres
Après-CF: 6,227,181,568 octets libres
270 --- E O F --- 2008-10-01 19:05:56
A+
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:26:34, on 02/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S53.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 10671 bytes
Scan saved at 20:26:34, on 02/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S53.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 10671 bytes
Re,
Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir
Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic
Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir
Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic
Avira AntiVir Personal
Report file date: vendredi 3 octobre 2008 19:20
Scanning for 1657543 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: Administrateur
Computer name: UTILISAT-82BE9B
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.217 3773440 Bytes 26/09/2008 19:01:39
ANTIVIR3.VDF : 7.0.6.241 167936 Bytes 02/10/2008 19:01:40
Engineversion : 8.1.1.35
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.76 319867 Bytes 02/10/2008 19:01:46
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.1.2 438644 Bytes 02/10/2008 19:01:45
AEPACK.DLL : 8.1.2.3 364918 Bytes 02/10/2008 19:01:44
AEOFFICE.DLL : 8.1.0.25 196986 Bytes 02/10/2008 19:01:43
AEHEUR.DLL : 8.1.0.59 1438071 Bytes 02/10/2008 19:01:43
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 02/10/2008 19:01:41
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.11 172406 Bytes 02/10/2008 19:01:41
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 02/10/2008 19:01:40
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: vendredi 3 octobre 2008 19:20
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
12 processes with 12 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '59' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
End of the scan: vendredi 3 octobre 2008 20:04
Used time: 44:03 Minute(s)
The scan has been done completely.
4437 Scanning directories
225015 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
225014 Files not concerned
1972 Archives were scanned
1 Warnings
0 Notes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:37:55, on 03/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S53.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 10847 bytes
Scan saved at 21:37:55, on 03/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S53.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 10847 bytes
Re,
Fix les lignes dans le cadre ci-dessous avec HijackThis : AIDE EN IMAGES
Refais un scan Combofix.
Fix les lignes dans le cadre ci-dessous avec HijackThis : AIDE EN IMAGES
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
Refais un scan Combofix.
ComboFix 08-10-04.07 - Administrateur 2008-10-05 12:04:16.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.353 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MCHINJDRV
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-05 au 2008-10-05 ))))))))))))))))))))))))))))))))))))
.
2008-10-03 18:35 . 2008-10-03 18:35 268 --ah----- C:\sqmdata11.sqm
2008-10-03 18:35 . 2008-10-03 18:35 244 --ah----- C:\sqmnoopt10.sqm
2008-10-03 18:35 . 2008-10-03 18:35 148 --ah----- C:\sqmdata12.sqm
2008-10-03 18:35 . 2008-10-03 18:35 136 --ah----- C:\sqmnoopt11.sqm
2008-10-02 20:59 . 2008-10-02 20:59 <REP> d-------- C:\Program Files\Avira
2008-10-02 20:59 . 2008-10-02 20:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-30 19:58 . 2008-09-30 19:58 <REP> d-------- C:\Program Files\Lavasoft
2008-09-30 19:57 . 2008-09-30 19:57 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-09-29 15:26 . 2008-10-04 13:07 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2008-09-29 14:06 . 2008-09-29 14:06 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-09-28 15:57 . 2008-09-28 15:57 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2008-09-28 09:14 . 2005-06-21 17:49 62,454 --a------ C:\WINDOWS\system32\igfx.hlp
2008-09-27 16:53 . 2008-09-27 16:58 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2008-09-27 16:31 . 2008-06-24 13:45 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-09-25 21:24 . 2008-09-25 21:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Nero
2008-09-25 21:19 . 2008-09-27 16:34 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-09-25 21:19 . 2008-09-27 16:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-09-25 18:53 . 2008-09-25 18:54 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InfraRecorder
2008-09-24 22:05 . 2008-09-26 20:36 <REP> d-------- C:\Program Files\AskTBar
2008-09-24 18:45 . 2006-12-28 13:39 176,128 --------- C:\WINDOWS\system32\BroSNMP.dll
2008-09-24 18:45 . 2007-01-18 13:51 163,840 --------- C:\WINDOWS\system32\NSSearch.dll
2008-09-24 18:45 . 2007-01-25 17:16 94,208 -r------- C:\WINDOWS\system32\BrDctF2.dll
2008-09-24 18:45 . 2007-01-15 21:54 12,288 -r------- C:\WINDOWS\system32\BrDctF2S.dll
2008-09-24 18:45 . 2007-01-15 16:09 12,288 -r------- C:\WINDOWS\system32\BrDctF2L.dll
2008-09-24 18:45 . 2001-11-15 01:00 6,224 --------- C:\WINDOWS\CVRPAGE.bmp
2008-09-24 18:44 . 2008-09-24 18:44 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InstallShield
2008-09-24 15:55 . 2008-09-24 15:55 <REP> dr------- C:\Documents and Settings\Administrateur\Application Data\Brother
2008-09-24 15:14 . 2008-09-24 15:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ScanSoft
2008-09-24 14:28 . 2008-09-24 18:49 434 --a------ C:\WINDOWS\BRWMARK.INI
2008-09-24 14:28 . 2008-09-24 18:49 27 --a------ C:\WINDOWS\BRPP2KA.INI
2008-09-24 14:27 . 2008-09-24 18:46 50 --a------ C:\WINDOWS\system32\bridf07a.dat
2008-09-24 14:26 . 2007-01-26 16:14 57,856 --a------ C:\WINDOWS\system32\brinsstr.dll
2008-09-24 14:25 . 2008-09-24 18:46 <REP> d-------- C:\Program Files\Brother
2008-09-24 14:25 . 2007-02-15 13:54 131,072 --------- C:\WINDOWS\brunin03.dll
2008-09-24 14:23 . 2008-09-24 14:23 <REP> d-------- C:\Program Files\Nuance
2008-09-24 14:23 . 2008-09-24 14:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-09-24 14:23 . 2006-10-24 15:35 31,831 --a------ C:\WINDOWS\maxlink.ini
2008-09-24 14:22 . 2008-09-24 14:22 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
2008-09-24 14:22 . 2008-10-04 17:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-09-24 14:21 . 2008-09-24 14:21 <REP> d-------- C:\Program Files\ScanSoft
2008-09-24 14:20 . 2008-09-24 14:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Brother
2008-09-16 15:54 . 2008-09-16 16:16 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-13 19:50 . 2008-09-13 19:57 <REP> d-------- C:\Program Files\Dictionnaire
2008-09-13 16:11 . 2008-09-13 16:11 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\EPSON
2008-09-13 16:07 . 2008-09-13 16:07 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-09-13 15:53 . 2008-09-13 15:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2008-09-13 15:53 . 2006-12-08 04:04 76,800 --a------ C:\WINDOWS\system32\E_FLBCAE.DLL
2008-09-13 15:53 . 2006-04-19 04:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BCAE.DLL
2008-09-13 15:53 . 2004-09-10 22:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2008-09-13 10:50 . 2008-09-16 16:48 <REP> d-------- C:\Program Files\epson
2008-09-13 10:50 . 2008-09-13 10:50 27 --a------ C:\WINDOWS\CDE DX4400DEFGIPS.ini
2008-09-12 15:19 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-09-12 15:19 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-09-12 15:18 . 2001-08-23 17:47 99,840 --a------ C:\WINDOWS\system32\srusd.dll
2008-09-12 15:18 . 2001-08-23 17:47 99,840 --a--c--- C:\WINDOWS\system32\dllcache\srusd.dll
2008-09-12 15:18 . 2001-08-23 17:47 72,192 --a------ C:\WINDOWS\system32\fnfilter.dll
2008-09-12 15:18 . 2001-08-23 17:47 72,192 --a--c--- C:\WINDOWS\system32\dllcache\fnfilter.dll
2008-09-12 15:18 . 2001-08-23 17:20 6,912 --a------ C:\WINDOWS\system32\drivers\serscan.sys
2008-09-12 15:18 . 2001-08-23 17:20 6,912 --a--c--- C:\WINDOWS\system32\dllcache\serscan.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-05 10:10 --------- d-----w C:\Program Files\Wanadoo
2008-10-05 10:09 --------- d-----w C:\Program Files\SPAMfighter
2008-10-05 08:47 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org2
2008-10-04 11:26 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\LimeWire
2008-10-02 10:52 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-09-30 17:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-28 08:09 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Ahead
2008-09-25 19:19 --------- d-----w C:\Program Files\Nero
2008-09-25 17:48 --------- d-----w C:\Program Files\Yahoo!
2008-09-25 17:47 --------- d--h--r C:\Documents and Settings\All Users\Application Data\yahoo!
2008-09-24 16:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-24 12:22 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-09-05 18:09 --------- d-----w C:\Program Files\McDonaldsDragons
2008-09-04 12:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-08-21 14:36 --------- d-----w C:\Program Files\LimeWire
2008-08-16 17:23 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-12 09:37 --------- d-----w C:\Program Files\ABBYY FineReader 6.0
2008-08-09 07:58 --------- d-----w C:\Program Files\Java
2008-08-05 19:41 921,632 ----a-w C:\PA7311.DAT
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-05-13 11:24 513,951 --sha-w C:\WINDOWS\system32\rBcbLRqr.ini2
2008-05-19 20:26 659,372 --sha-w C:\WINDOWS\system32\sYyaJkkj.ini2
.
((((((((((((((((((((((((((((( snapshot@2008-10-02_19.15.01.68 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-11 16:22:23 237,568 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2008-10-02 18:44:05 237,568 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2008-05-09 11:15:51 45,376 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-06-27 13:03:55 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-08-02 15360]
"EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPort11reminder"="C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 126976]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-07-14 321160]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"DrvLsnr"="C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-07-31 2131600]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-08-02 15360]
"DWQueuedReporting"="c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Contr“leur de calendrier Ulead.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe [2008-08-03 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=NVDESK32.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YUY2"= wb9967.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm
"msacm.divxa32"= divxa32.acm
"VIDC.WJPG"= wb9967.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 W9967CAM;%W9967CAM.Dev%;C:\WINDOWS\system32\DRIVERS\W9967STI.SYS [2001-10-30 10256]
R2 SPAMfighter Update Service;SPAMfighter Update Service;C:\Program Files\SPAMfighter\sfus.exe [2008-07-14 184968]
R3 PAC7311;PLEOMAX PWC-2000;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-09-16 150272]
S3 FileObjInfo;STFileDriver;C:\Documents and Settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys [ ]
S3 USBW9967;SAMSUNG DIGITAL CAMCORDER D5 II;C:\WINDOWS\system32\DRIVERS\2kw9967.sys [2002-07-03 113330]
.
Contenu du dossier 'Tâches planifiées'
2008-10-05 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fqc8uv7u.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-05 12:08:50
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\FTRTSVC.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\PAStiSvc.exe
C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Heure de fin: 2008-10-05 12:14:38 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-05 10:14:32
ComboFix2.txt 2008-10-04 21:35:38
ComboFix3.txt 2008-10-02 17:15:46
Avant-CF: 5 814 890 496 octets libres
Après-CF: 5,819,531,264 octets libres
228 --- E O F --- 2008-10-05 09:00:24
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.353 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MCHINJDRV
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-05 au 2008-10-05 ))))))))))))))))))))))))))))))))))))
.
2008-10-03 18:35 . 2008-10-03 18:35 268 --ah----- C:\sqmdata11.sqm
2008-10-03 18:35 . 2008-10-03 18:35 244 --ah----- C:\sqmnoopt10.sqm
2008-10-03 18:35 . 2008-10-03 18:35 148 --ah----- C:\sqmdata12.sqm
2008-10-03 18:35 . 2008-10-03 18:35 136 --ah----- C:\sqmnoopt11.sqm
2008-10-02 20:59 . 2008-10-02 20:59 <REP> d-------- C:\Program Files\Avira
2008-10-02 20:59 . 2008-10-02 20:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-30 19:58 . 2008-09-30 19:58 <REP> d-------- C:\Program Files\Lavasoft
2008-09-30 19:57 . 2008-09-30 19:57 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-09-29 15:26 . 2008-10-04 13:07 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2008-09-29 14:06 . 2008-09-29 14:06 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-09-28 15:57 . 2008-09-28 15:57 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2008-09-28 09:14 . 2005-06-21 17:49 62,454 --a------ C:\WINDOWS\system32\igfx.hlp
2008-09-27 16:53 . 2008-09-27 16:58 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2008-09-27 16:31 . 2008-06-24 13:45 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-09-25 21:24 . 2008-09-25 21:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Nero
2008-09-25 21:19 . 2008-09-27 16:34 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-09-25 21:19 . 2008-09-27 16:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-09-25 18:53 . 2008-09-25 18:54 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InfraRecorder
2008-09-24 22:05 . 2008-09-26 20:36 <REP> d-------- C:\Program Files\AskTBar
2008-09-24 18:45 . 2006-12-28 13:39 176,128 --------- C:\WINDOWS\system32\BroSNMP.dll
2008-09-24 18:45 . 2007-01-18 13:51 163,840 --------- C:\WINDOWS\system32\NSSearch.dll
2008-09-24 18:45 . 2007-01-25 17:16 94,208 -r------- C:\WINDOWS\system32\BrDctF2.dll
2008-09-24 18:45 . 2007-01-15 21:54 12,288 -r------- C:\WINDOWS\system32\BrDctF2S.dll
2008-09-24 18:45 . 2007-01-15 16:09 12,288 -r------- C:\WINDOWS\system32\BrDctF2L.dll
2008-09-24 18:45 . 2001-11-15 01:00 6,224 --------- C:\WINDOWS\CVRPAGE.bmp
2008-09-24 18:44 . 2008-09-24 18:44 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InstallShield
2008-09-24 15:55 . 2008-09-24 15:55 <REP> dr------- C:\Documents and Settings\Administrateur\Application Data\Brother
2008-09-24 15:14 . 2008-09-24 15:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ScanSoft
2008-09-24 14:28 . 2008-09-24 18:49 434 --a------ C:\WINDOWS\BRWMARK.INI
2008-09-24 14:28 . 2008-09-24 18:49 27 --a------ C:\WINDOWS\BRPP2KA.INI
2008-09-24 14:27 . 2008-09-24 18:46 50 --a------ C:\WINDOWS\system32\bridf07a.dat
2008-09-24 14:26 . 2007-01-26 16:14 57,856 --a------ C:\WINDOWS\system32\brinsstr.dll
2008-09-24 14:25 . 2008-09-24 18:46 <REP> d-------- C:\Program Files\Brother
2008-09-24 14:25 . 2007-02-15 13:54 131,072 --------- C:\WINDOWS\brunin03.dll
2008-09-24 14:23 . 2008-09-24 14:23 <REP> d-------- C:\Program Files\Nuance
2008-09-24 14:23 . 2008-09-24 14:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-09-24 14:23 . 2006-10-24 15:35 31,831 --a------ C:\WINDOWS\maxlink.ini
2008-09-24 14:22 . 2008-09-24 14:22 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
2008-09-24 14:22 . 2008-10-04 17:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-09-24 14:21 . 2008-09-24 14:21 <REP> d-------- C:\Program Files\ScanSoft
2008-09-24 14:20 . 2008-09-24 14:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Brother
2008-09-16 15:54 . 2008-09-16 16:16 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-13 19:50 . 2008-09-13 19:57 <REP> d-------- C:\Program Files\Dictionnaire
2008-09-13 16:11 . 2008-09-13 16:11 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\EPSON
2008-09-13 16:07 . 2008-09-13 16:07 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-09-13 15:53 . 2008-09-13 15:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2008-09-13 15:53 . 2006-12-08 04:04 76,800 --a------ C:\WINDOWS\system32\E_FLBCAE.DLL
2008-09-13 15:53 . 2006-04-19 04:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BCAE.DLL
2008-09-13 15:53 . 2004-09-10 22:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2008-09-13 10:50 . 2008-09-16 16:48 <REP> d-------- C:\Program Files\epson
2008-09-13 10:50 . 2008-09-13 10:50 27 --a------ C:\WINDOWS\CDE DX4400DEFGIPS.ini
2008-09-12 15:19 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-09-12 15:19 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-09-12 15:18 . 2001-08-23 17:47 99,840 --a------ C:\WINDOWS\system32\srusd.dll
2008-09-12 15:18 . 2001-08-23 17:47 99,840 --a--c--- C:\WINDOWS\system32\dllcache\srusd.dll
2008-09-12 15:18 . 2001-08-23 17:47 72,192 --a------ C:\WINDOWS\system32\fnfilter.dll
2008-09-12 15:18 . 2001-08-23 17:47 72,192 --a--c--- C:\WINDOWS\system32\dllcache\fnfilter.dll
2008-09-12 15:18 . 2001-08-23 17:20 6,912 --a------ C:\WINDOWS\system32\drivers\serscan.sys
2008-09-12 15:18 . 2001-08-23 17:20 6,912 --a--c--- C:\WINDOWS\system32\dllcache\serscan.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-05 10:10 --------- d-----w C:\Program Files\Wanadoo
2008-10-05 10:09 --------- d-----w C:\Program Files\SPAMfighter
2008-10-05 08:47 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org2
2008-10-04 11:26 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\LimeWire
2008-10-02 10:52 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-09-30 17:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-28 08:09 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Ahead
2008-09-25 19:19 --------- d-----w C:\Program Files\Nero
2008-09-25 17:48 --------- d-----w C:\Program Files\Yahoo!
2008-09-25 17:47 --------- d--h--r C:\Documents and Settings\All Users\Application Data\yahoo!
2008-09-24 16:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-24 12:22 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-09-05 18:09 --------- d-----w C:\Program Files\McDonaldsDragons
2008-09-04 12:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-08-21 14:36 --------- d-----w C:\Program Files\LimeWire
2008-08-16 17:23 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-12 09:37 --------- d-----w C:\Program Files\ABBYY FineReader 6.0
2008-08-09 07:58 --------- d-----w C:\Program Files\Java
2008-08-05 19:41 921,632 ----a-w C:\PA7311.DAT
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-05-13 11:24 513,951 --sha-w C:\WINDOWS\system32\rBcbLRqr.ini2
2008-05-19 20:26 659,372 --sha-w C:\WINDOWS\system32\sYyaJkkj.ini2
.
((((((((((((((((((((((((((((( snapshot@2008-10-02_19.15.01.68 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-11 16:22:23 237,568 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2008-10-02 18:44:05 237,568 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2008-05-09 11:15:51 45,376 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-06-27 13:03:55 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-08-02 15360]
"EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPort11reminder"="C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 126976]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-07-14 321160]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"DrvLsnr"="C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-07-31 2131600]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-08-02 15360]
"DWQueuedReporting"="c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Contr“leur de calendrier Ulead.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe [2008-08-03 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=NVDESK32.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YUY2"= wb9967.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm
"msacm.divxa32"= divxa32.acm
"VIDC.WJPG"= wb9967.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 W9967CAM;%W9967CAM.Dev%;C:\WINDOWS\system32\DRIVERS\W9967STI.SYS [2001-10-30 10256]
R2 SPAMfighter Update Service;SPAMfighter Update Service;C:\Program Files\SPAMfighter\sfus.exe [2008-07-14 184968]
R3 PAC7311;PLEOMAX PWC-2000;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-09-16 150272]
S3 FileObjInfo;STFileDriver;C:\Documents and Settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys [ ]
S3 USBW9967;SAMSUNG DIGITAL CAMCORDER D5 II;C:\WINDOWS\system32\DRIVERS\2kw9967.sys [2002-07-03 113330]
.
Contenu du dossier 'Tâches planifiées'
2008-10-05 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fqc8uv7u.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-05 12:08:50
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\FTRTSVC.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\PAStiSvc.exe
C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Heure de fin: 2008-10-05 12:14:38 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-05 10:14:32
ComboFix2.txt 2008-10-04 21:35:38
ComboFix3.txt 2008-10-02 17:15:46
Avant-CF: 5 814 890 496 octets libres
Après-CF: 5,819,531,264 octets libres
228 --- E O F --- 2008-10-05 09:00:24
Re,
[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
Sauvegarde ce fichier sous le nom de "CFScript.txt" [#ff0000](les guillemets sont importantes)[/#f].
Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme dans l'image ci-dessous :
![]()
Cela va relancer ComboFix. Après redémarrage, poste le contenu du rapport (C:\combofix.txt*) accompagné d'un rapport HijackThis.
[#ff0000]NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.[/#f]
* le nom de la partition peut changer
[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
File::
C:\WINDOWS\system32\rBcbLRqr.ini2
C:\WINDOWS\system32\sYyaJkkj.ini2
C:\WINDOWS\system32\rBcbLRqr.ini2
C:\WINDOWS\system32\sYyaJkkj.ini2
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
Sauvegarde ce fichier sous le nom de "CFScript.txt" [#ff0000](les guillemets sont importantes)[/#f].
Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme dans l'image ci-dessous :
Cela va relancer ComboFix. Après redémarrage, poste le contenu du rapport (C:\combofix.txt*) accompagné d'un rapport HijackThis.
[#ff0000]NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.[/#f]
* le nom de la partition peut changer
ComboFix 08-10-04.07 - Administrateur 2008-10-05 17:42:39.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.329 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\Administrateur\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
C:\WINDOWS\system32\rBcbLRqr.ini2
C:\WINDOWS\system32\sYyaJkkj.ini2
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\rBcbLRqr.ini2
C:\WINDOWS\system32\sYyaJkkj.ini2
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MCHINJDRV
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-05 au 2008-10-05 ))))))))))))))))))))))))))))))))))))
.
2008-10-03 18:35 . 2008-10-03 18:35 268 --ah----- C:\sqmdata11.sqm
2008-10-03 18:35 . 2008-10-03 18:35 244 --ah----- C:\sqmnoopt10.sqm
2008-10-03 18:35 . 2008-10-03 18:35 148 --ah----- C:\sqmdata12.sqm
2008-10-03 18:35 . 2008-10-03 18:35 136 --ah----- C:\sqmnoopt11.sqm
2008-10-02 20:59 . 2008-10-02 20:59 <REP> d-------- C:\Program Files\Avira
2008-10-02 20:59 . 2008-10-02 20:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-30 19:58 . 2008-09-30 19:58 <REP> d-------- C:\Program Files\Lavasoft
2008-09-30 19:57 . 2008-09-30 19:57 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-09-29 15:26 . 2008-10-04 13:07 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2008-09-29 14:06 . 2008-09-29 14:06 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-09-28 15:57 . 2008-09-28 15:57 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2008-09-28 09:14 . 2005-06-21 17:49 62,454 --a------ C:\WINDOWS\system32\igfx.hlp
2008-09-27 16:53 . 2008-09-27 16:58 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2008-09-27 16:31 . 2008-06-24 13:45 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-09-25 21:24 . 2008-09-25 21:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Nero
2008-09-25 21:19 . 2008-09-27 16:34 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-09-25 21:19 . 2008-09-27 16:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-09-25 18:53 . 2008-09-25 18:54 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InfraRecorder
2008-09-24 22:05 . 2008-09-26 20:36 <REP> d-------- C:\Program Files\AskTBar
2008-09-24 18:45 . 2006-12-28 13:39 176,128 --------- C:\WINDOWS\system32\BroSNMP.dll
2008-09-24 18:45 . 2007-01-18 13:51 163,840 --------- C:\WINDOWS\system32\NSSearch.dll
2008-09-24 18:45 . 2007-01-25 17:16 94,208 -r------- C:\WINDOWS\system32\BrDctF2.dll
2008-09-24 18:45 . 2007-01-15 21:54 12,288 -r------- C:\WINDOWS\system32\BrDctF2S.dll
2008-09-24 18:45 . 2007-01-15 16:09 12,288 -r------- C:\WINDOWS\system32\BrDctF2L.dll
2008-09-24 18:45 . 2001-11-15 01:00 6,224 --------- C:\WINDOWS\CVRPAGE.bmp
2008-09-24 18:44 . 2008-09-24 18:44 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InstallShield
2008-09-24 15:55 . 2008-09-24 15:55 <REP> dr------- C:\Documents and Settings\Administrateur\Application Data\Brother
2008-09-24 15:14 . 2008-09-24 15:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ScanSoft
2008-09-24 14:28 . 2008-09-24 18:49 434 --a------ C:\WINDOWS\BRWMARK.INI
2008-09-24 14:28 . 2008-09-24 18:49 27 --a------ C:\WINDOWS\BRPP2KA.INI
2008-09-24 14:27 . 2008-09-24 18:46 50 --a------ C:\WINDOWS\system32\bridf07a.dat
2008-09-24 14:26 . 2007-01-26 16:14 57,856 --a------ C:\WINDOWS\system32\brinsstr.dll
2008-09-24 14:25 . 2008-09-24 18:46 <REP> d-------- C:\Program Files\Brother
2008-09-24 14:25 . 2007-02-15 13:54 131,072 --------- C:\WINDOWS\brunin03.dll
2008-09-24 14:23 . 2008-09-24 14:23 <REP> d-------- C:\Program Files\Nuance
2008-09-24 14:23 . 2008-09-24 14:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-09-24 14:23 . 2006-10-24 15:35 31,831 --a------ C:\WINDOWS\maxlink.ini
2008-09-24 14:22 . 2008-09-24 14:22 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
2008-09-24 14:22 . 2008-10-04 17:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-09-24 14:21 . 2008-09-24 14:21 <REP> d-------- C:\Program Files\ScanSoft
2008-09-24 14:20 . 2008-09-24 14:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Brother
2008-09-16 15:54 . 2008-09-16 16:16 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-13 19:50 . 2008-09-13 19:57 <REP> d-------- C:\Program Files\Dictionnaire
2008-09-13 16:11 . 2008-09-13 16:11 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\EPSON
2008-09-13 16:07 . 2008-09-13 16:07 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-09-13 15:53 . 2008-09-13 15:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2008-09-13 15:53 . 2006-12-08 04:04 76,800 --a------ C:\WINDOWS\system32\E_FLBCAE.DLL
2008-09-13 15:53 . 2006-04-19 04:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BCAE.DLL
2008-09-13 15:53 . 2004-09-10 22:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2008-09-13 10:50 . 2008-09-16 16:48 <REP> d-------- C:\Program Files\epson
2008-09-13 10:50 . 2008-09-13 10:50 27 --a------ C:\WINDOWS\CDE DX4400DEFGIPS.ini
2008-09-12 15:19 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-09-12 15:19 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-09-12 15:18 . 2001-08-23 17:47 99,840 --a------ C:\WINDOWS\system32\srusd.dll
2008-09-12 15:18 . 2001-08-23 17:47 99,840 --a--c--- C:\WINDOWS\system32\dllcache\srusd.dll
2008-09-12 15:18 . 2001-08-23 17:47 72,192 --a------ C:\WINDOWS\system32\fnfilter.dll
2008-09-12 15:18 . 2001-08-23 17:47 72,192 --a--c--- C:\WINDOWS\system32\dllcache\fnfilter.dll
2008-09-12 15:18 . 2001-08-23 17:20 6,912 --a------ C:\WINDOWS\system32\drivers\serscan.sys
2008-09-12 15:18 . 2001-08-23 17:20 6,912 --a--c--- C:\WINDOWS\system32\dllcache\serscan.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-05 15:49 --------- d-----w C:\Program Files\Wanadoo
2008-10-05 15:47 --------- d-----w C:\Program Files\SPAMfighter
2008-10-05 13:26 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org2
2008-10-04 11:26 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\LimeWire
2008-10-02 10:52 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-09-30 17:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-28 08:09 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Ahead
2008-09-25 19:19 --------- d-----w C:\Program Files\Nero
2008-09-25 17:48 --------- d-----w C:\Program Files\Yahoo!
2008-09-25 17:47 --------- d--h--r C:\Documents and Settings\All Users\Application Data\yahoo!
2008-09-24 16:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-24 12:22 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-09-05 18:09 --------- d-----w C:\Program Files\McDonaldsDragons
2008-09-04 12:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-08-21 14:36 --------- d-----w C:\Program Files\LimeWire
2008-08-16 17:23 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-12 09:37 --------- d-----w C:\Program Files\ABBYY FineReader 6.0
2008-08-09 07:58 --------- d-----w C:\Program Files\Java
2008-08-05 19:41 921,632 ----a-w C:\PA7311.DAT
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
.
((((((((((((((((((((((((((((( snapshot@2008-10-02_19.15.01.68 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-11 16:22:23 237,568 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2008-10-02 18:44:05 237,568 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2008-05-09 11:15:51 45,376 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-06-27 13:03:55 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-08-02 15360]
"EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPort11reminder"="C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 126976]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-07-14 321160]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"DrvLsnr"="C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-07-31 2131600]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-08-02 15360]
"DWQueuedReporting"="c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Contr“leur de calendrier Ulead.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe [2008-08-03 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=NVDESK32.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YUY2"= wb9967.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm
"msacm.divxa32"= divxa32.acm
"VIDC.WJPG"= wb9967.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 W9967CAM;%W9967CAM.Dev%;C:\WINDOWS\system32\DRIVERS\W9967STI.SYS [2001-10-30 10256]
R2 SPAMfighter Update Service;SPAMfighter Update Service;C:\Program Files\SPAMfighter\sfus.exe [2008-07-14 184968]
R3 PAC7311;PLEOMAX PWC-2000;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-09-16 150272]
S3 FileObjInfo;STFileDriver;C:\Documents and Settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys [ ]
S3 USBW9967;SAMSUNG DIGITAL CAMCORDER D5 II;C:\WINDOWS\system32\DRIVERS\2kw9967.sys [2002-07-03 113330]
*Newly Created Service* - MCHINJDRV
.
Contenu du dossier 'Tâches planifiées'
2008-10-05 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-05 17:47:23
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\FTRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\PAStiSvc.exe
C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Heure de fin: 2008-10-05 17:58:56 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-05 15:58:46
ComboFix2.txt 2008-10-05 10:14:39
ComboFix3.txt 2008-10-04 21:35:38
ComboFix4.txt 2008-10-02 17:15:46
Avant-CF: 5 765 566 464 octets libres
Après-CF: 5,754,613,760 octets libres
226 --- E O F --- 2008-10-05 13:30:09
rapport hijakthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:06:51, on 05/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S53.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 10122 bytes
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.329 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\Administrateur\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
C:\WINDOWS\system32\rBcbLRqr.ini2
C:\WINDOWS\system32\sYyaJkkj.ini2
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\rBcbLRqr.ini2
C:\WINDOWS\system32\sYyaJkkj.ini2
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MCHINJDRV
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-05 au 2008-10-05 ))))))))))))))))))))))))))))))))))))
.
2008-10-03 18:35 . 2008-10-03 18:35 268 --ah----- C:\sqmdata11.sqm
2008-10-03 18:35 . 2008-10-03 18:35 244 --ah----- C:\sqmnoopt10.sqm
2008-10-03 18:35 . 2008-10-03 18:35 148 --ah----- C:\sqmdata12.sqm
2008-10-03 18:35 . 2008-10-03 18:35 136 --ah----- C:\sqmnoopt11.sqm
2008-10-02 20:59 . 2008-10-02 20:59 <REP> d-------- C:\Program Files\Avira
2008-10-02 20:59 . 2008-10-02 20:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-30 19:58 . 2008-09-30 19:58 <REP> d-------- C:\Program Files\Lavasoft
2008-09-30 19:57 . 2008-09-30 19:57 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-09-29 15:26 . 2008-10-04 13:07 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2008-09-29 14:06 . 2008-09-29 14:06 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-09-28 15:57 . 2008-09-28 15:57 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2008-09-28 09:14 . 2005-06-21 17:49 62,454 --a------ C:\WINDOWS\system32\igfx.hlp
2008-09-27 16:53 . 2008-09-27 16:58 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2008-09-27 16:31 . 2008-06-24 13:45 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-09-25 21:24 . 2008-09-25 21:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Nero
2008-09-25 21:19 . 2008-09-27 16:34 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-09-25 21:19 . 2008-09-27 16:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-09-25 18:53 . 2008-09-25 18:54 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InfraRecorder
2008-09-24 22:05 . 2008-09-26 20:36 <REP> d-------- C:\Program Files\AskTBar
2008-09-24 18:45 . 2006-12-28 13:39 176,128 --------- C:\WINDOWS\system32\BroSNMP.dll
2008-09-24 18:45 . 2007-01-18 13:51 163,840 --------- C:\WINDOWS\system32\NSSearch.dll
2008-09-24 18:45 . 2007-01-25 17:16 94,208 -r------- C:\WINDOWS\system32\BrDctF2.dll
2008-09-24 18:45 . 2007-01-15 21:54 12,288 -r------- C:\WINDOWS\system32\BrDctF2S.dll
2008-09-24 18:45 . 2007-01-15 16:09 12,288 -r------- C:\WINDOWS\system32\BrDctF2L.dll
2008-09-24 18:45 . 2001-11-15 01:00 6,224 --------- C:\WINDOWS\CVRPAGE.bmp
2008-09-24 18:44 . 2008-09-24 18:44 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InstallShield
2008-09-24 15:55 . 2008-09-24 15:55 <REP> dr------- C:\Documents and Settings\Administrateur\Application Data\Brother
2008-09-24 15:14 . 2008-09-24 15:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ScanSoft
2008-09-24 14:28 . 2008-09-24 18:49 434 --a------ C:\WINDOWS\BRWMARK.INI
2008-09-24 14:28 . 2008-09-24 18:49 27 --a------ C:\WINDOWS\BRPP2KA.INI
2008-09-24 14:27 . 2008-09-24 18:46 50 --a------ C:\WINDOWS\system32\bridf07a.dat
2008-09-24 14:26 . 2007-01-26 16:14 57,856 --a------ C:\WINDOWS\system32\brinsstr.dll
2008-09-24 14:25 . 2008-09-24 18:46 <REP> d-------- C:\Program Files\Brother
2008-09-24 14:25 . 2007-02-15 13:54 131,072 --------- C:\WINDOWS\brunin03.dll
2008-09-24 14:23 . 2008-09-24 14:23 <REP> d-------- C:\Program Files\Nuance
2008-09-24 14:23 . 2008-09-24 14:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-09-24 14:23 . 2006-10-24 15:35 31,831 --a------ C:\WINDOWS\maxlink.ini
2008-09-24 14:22 . 2008-09-24 14:22 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
2008-09-24 14:22 . 2008-10-04 17:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-09-24 14:21 . 2008-09-24 14:21 <REP> d-------- C:\Program Files\ScanSoft
2008-09-24 14:20 . 2008-09-24 14:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Brother
2008-09-16 15:54 . 2008-09-16 16:16 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-13 19:50 . 2008-09-13 19:57 <REP> d-------- C:\Program Files\Dictionnaire
2008-09-13 16:11 . 2008-09-13 16:11 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\EPSON
2008-09-13 16:07 . 2008-09-13 16:07 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-09-13 15:53 . 2008-09-13 15:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2008-09-13 15:53 . 2006-12-08 04:04 76,800 --a------ C:\WINDOWS\system32\E_FLBCAE.DLL
2008-09-13 15:53 . 2006-04-19 04:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BCAE.DLL
2008-09-13 15:53 . 2004-09-10 22:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2008-09-13 10:50 . 2008-09-16 16:48 <REP> d-------- C:\Program Files\epson
2008-09-13 10:50 . 2008-09-13 10:50 27 --a------ C:\WINDOWS\CDE DX4400DEFGIPS.ini
2008-09-12 15:19 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-09-12 15:19 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-09-12 15:18 . 2001-08-23 17:47 99,840 --a------ C:\WINDOWS\system32\srusd.dll
2008-09-12 15:18 . 2001-08-23 17:47 99,840 --a--c--- C:\WINDOWS\system32\dllcache\srusd.dll
2008-09-12 15:18 . 2001-08-23 17:47 72,192 --a------ C:\WINDOWS\system32\fnfilter.dll
2008-09-12 15:18 . 2001-08-23 17:47 72,192 --a--c--- C:\WINDOWS\system32\dllcache\fnfilter.dll
2008-09-12 15:18 . 2001-08-23 17:20 6,912 --a------ C:\WINDOWS\system32\drivers\serscan.sys
2008-09-12 15:18 . 2001-08-23 17:20 6,912 --a--c--- C:\WINDOWS\system32\dllcache\serscan.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-05 15:49 --------- d-----w C:\Program Files\Wanadoo
2008-10-05 15:47 --------- d-----w C:\Program Files\SPAMfighter
2008-10-05 13:26 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org2
2008-10-04 11:26 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\LimeWire
2008-10-02 10:52 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-09-30 17:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-28 08:09 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Ahead
2008-09-25 19:19 --------- d-----w C:\Program Files\Nero
2008-09-25 17:48 --------- d-----w C:\Program Files\Yahoo!
2008-09-25 17:47 --------- d--h--r C:\Documents and Settings\All Users\Application Data\yahoo!
2008-09-24 16:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-24 12:22 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-09-05 18:09 --------- d-----w C:\Program Files\McDonaldsDragons
2008-09-04 12:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-08-21 14:36 --------- d-----w C:\Program Files\LimeWire
2008-08-16 17:23 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-12 09:37 --------- d-----w C:\Program Files\ABBYY FineReader 6.0
2008-08-09 07:58 --------- d-----w C:\Program Files\Java
2008-08-05 19:41 921,632 ----a-w C:\PA7311.DAT
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
.
((((((((((((((((((((((((((((( snapshot@2008-10-02_19.15.01.68 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-11 16:22:23 237,568 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2008-10-02 18:44:05 237,568 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2008-05-09 11:15:51 45,376 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-06-27 13:03:55 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-08-02 15360]
"EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPort11reminder"="C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 126976]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-07-14 321160]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"DrvLsnr"="C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-07-31 2131600]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-08-02 15360]
"DWQueuedReporting"="c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Contr“leur de calendrier Ulead.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe [2008-08-03 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=NVDESK32.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YUY2"= wb9967.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm
"msacm.divxa32"= divxa32.acm
"VIDC.WJPG"= wb9967.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 W9967CAM;%W9967CAM.Dev%;C:\WINDOWS\system32\DRIVERS\W9967STI.SYS [2001-10-30 10256]
R2 SPAMfighter Update Service;SPAMfighter Update Service;C:\Program Files\SPAMfighter\sfus.exe [2008-07-14 184968]
R3 PAC7311;PLEOMAX PWC-2000;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-09-16 150272]
S3 FileObjInfo;STFileDriver;C:\Documents and Settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys [ ]
S3 USBW9967;SAMSUNG DIGITAL CAMCORDER D5 II;C:\WINDOWS\system32\DRIVERS\2kw9967.sys [2002-07-03 113330]
*Newly Created Service* - MCHINJDRV
.
Contenu du dossier 'Tâches planifiées'
2008-10-05 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-05 17:47:23
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\FTRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\PAStiSvc.exe
C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Heure de fin: 2008-10-05 17:58:56 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-05 15:58:46
ComboFix2.txt 2008-10-05 10:14:39
ComboFix3.txt 2008-10-04 21:35:38
ComboFix4.txt 2008-10-02 17:15:46
Avant-CF: 5 765 566 464 octets libres
Après-CF: 5,754,613,760 octets libres
226 --- E O F --- 2008-10-05 13:30:09
rapport hijakthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:06:51, on 05/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S53.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 10122 bytes
bon jour
j'ai un tres grand probleme et j'espere que vous m'aider a le resourdre
voila a chaque fois que je demarre mon ordi il ya une fenetre qui saffiche "arret du systeme dans une heure" il ya un message dans la fenetre qui dit "wassim joke with you ........ and you can't do anything!!!"
voila je ne sais pas quoi faire![:??:]( ":??:")
aidez moi s'il vous plait![:cry:]( ":cry:")
j'ai un tres grand probleme et j'espere que vous m'aider a le resourdre
voila a chaque fois que je demarre mon ordi il ya une fenetre qui saffiche "arret du systeme dans une heure" il ya un message dans la fenetre qui dit "wassim joke with you ........ and you can't do anything!!!"
voila je ne sais pas quoi faire
aidez moi s'il vous plait
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumVirus sur cle usb veut pas supprimer
- ForumVirus supprimer recycler.exe virus 0xffd12566.exe
- ForumSupprimer des virus
- ForumSupprimer le virus security tool
- ForumVirus supprimer un fichier virus
- ForumVirus non supprimer par anti virus
- ForumSupprimer virus
- ForumComment supprimer un virus sans antivirus
- ForumVirus les supprimer
- ForumVirus a supprimer
- Voir plus
