pubs (par dizaines), plus de gestionnaire de taches, plus de regedit!!
Forum Sécurité - Virus : pubs (par dizaines), plus de gestionnaire de taches, plus de regedit!!
Bonjour, j'ai attrapé un virus qui me bloque mon gestionnaire de taches (rien ne se passe quand je fais ctrl+alt+suppr), j'ai des fenêtres intempestives par dizaines qui me bloque complètement ma connexion et qui font tout ramer (casino, virus remover2008, new offer, servedby) et je n'est plus "regedit" quand je l'écris dans éxécuter... J'aimerais de l'aide si vous pouvez, j'ai déjà essayé beaucoup de choses rien ne change...Voici mon rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:56:35, on 02/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ffpsrv] c:\windows\ffpext\ffpsrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Printer Driver] C:\WINDOWS\system32\PRINTDRV.EXE
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [WindowFX] C:\PROGRA~1\Stardock\OBJECT~1\WindowFX\\wfxload.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [L08FXLRD_3281062] "C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
O4 - HKLM\..\Policies\Explorer\Run: [PrinterSecurityLayer] C:\WINDOWS\LSPRN.EXE
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 2867004093
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mi [...] 2879124906
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
--
End of file - 7024 bytes
bonsoir
Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport
\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"
viens sur le forum et édition "coller"
ajoute un nouveau rapport Hijackthis.
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
Merci de me répondre c'est très gentil!
Rapport combofix :
ComboFix 08-10-01.06 - Maxou 2008-10-02 19:33:16.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1000 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Maxou\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Maxou\Cookies\maxou@ad.yieldmanager[3].txt
C:\WINDOWS\system32\apibsc32.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-02 au 2008-10-02 ))))))))))))))))))))))))))))))))))))
.
2008-10-02 18:59 . 2008-10-02 18:59 <REP> d-------- C:\Program Files\Safer Networking
2008-10-02 18:55 . 2008-10-02 18:55 <REP> d-------- C:\Program Files\Trend Micro
2008-10-01 23:46 . 2008-10-01 23:47 4,566 --a------ C:\WINDOWS\imsins.BAK
2008-10-01 20:23 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-10-01 20:22 . 2008-10-01 20:22 <REP> d-------- C:\Program Files\Panda Security
2008-10-01 20:06 . 2008-10-01 15:35 541,934 --a------ C:\WINDOWS\system32\PRINTDRV.EXE
2008-10-01 19:53 . 2008-10-01 19:53 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-01 19:53 . 2008-10-01 19:53 <REP> d-------- C:\Documents and Settings\Maxou\Application Data\Malwarebytes
2008-10-01 19:53 . 2008-10-01 19:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-01 19:53 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-01 19:53 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-01 19:47 . 2008-10-01 19:52 <REP> d-------- C:\Program Files\Spyware Terminator
2008-10-01 19:47 . 2008-10-01 19:47 <REP> d-------- C:\Documents and Settings\Maxou\Application Data\Spyware Terminator
2008-10-01 19:47 . 2008-10-02 00:37 <REP> d-------- C:\Documents and Settings\All Users\Bureau
2008-10-01 19:47 . 2008-10-01 19:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-10-01 19:47 . 2008-10-01 19:47 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-10-01 15:59 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-10-01 15:59 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\o4Patch.exe
2008-10-01 15:59 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-10-01 15:59 . 2008-10-01 23:34 752 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-01 15:55 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-10-01 15:55 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-10-01 15:55 . 2008-09-02 16:51 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-10-01 15:55 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-10-01 15:55 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-10-01 15:55 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-10-01 15:55 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-10-01 15:38 . 2008-10-02 19:35 2,171 --a------ C:\WINDOWS\iexplore.html
2008-10-01 15:37 . 2008-10-02 18:25 2,208 --a------ C:\WINDOWS\system32\apisc32.dll
2008-10-01 15:35 . 2008-10-01 15:35 541,934 --a------ C:\WINDOWS\shapi32.dll
2008-10-01 15:35 . 2008-10-01 15:35 16,896 --a------ C:\WINDOWS\system32\divxdrv32.exe
2008-10-01 15:35 . 2008-10-01 15:35 16,896 --a------ C:\WINDOWS\LSPRN.EXE
2008-10-01 15:32 . 2008-10-01 15:32 <REP> d-------- C:\Program Files\NFO viewer
2008-10-01 01:25 . 2008-10-01 01:25 <REP> d-------- C:\Documents and Settings\Maxou\Application Data\InstallShield
2008-10-01 00:49 . 2008-10-01 00:49 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-10-01 00:35 . 2008-10-01 01:25 <REP> d-------- C:\Program Files\Avanquest update
2008-10-01 00:33 . 2008-10-01 09:46 <REP> d-------- C:\Program Files\Motorola Phone Tools
2008-10-01 00:28 . 2008-10-01 00:28 <REP> d-------- C:\Program Files\Common Files
2008-10-01 00:13 . 2008-10-01 00:13 56 --a------ C:\WINDOWS\system32\S-1-5-21-0094400A
2008-09-29 20:55 . 2008-10-01 01:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-09-29 20:07 . 2008-09-29 20:07 0 --a------ C:\WINDOWS\PanelExe.INI
2008-09-29 20:07 . 2008-09-29 20:07 0 --a------ C:\WINDOWS\EngineExe.INI
2008-09-29 20:00 . 2008-09-29 20:00 0 --a------ C:\WINDOWS\FileMgrExe.INI
2008-09-29 19:34 . 2007-02-02 16:57 49,377 --a------ C:\WINDOWS\system32\drivers\mamotou.sys
2008-09-29 19:33 . 2005-08-18 11:44 49,867 --a------ C:\WINDOWS\system32\drivers\mardp2k.sys
2008-09-29 19:33 . 2005-08-18 11:44 49,484 --a------ C:\WINDOWS\system32\drivers\MARDPNP.SYS
2008-09-29 19:33 . 2007-01-16 11:46 25,302 --a------ C:\WINDOWS\system32\drivers\MaVctrl.sys
2008-09-29 19:33 . 2007-01-16 11:44 11,986 --a------ C:\WINDOWS\system32\drivers\MaVc2K.sys
2008-09-29 19:32 . 2008-09-29 19:32 <REP> d-------- C:\WINDOWS\Application Data
2008-09-28 16:07 . 2008-10-01 00:32 24,192 --a------ C:\Documents and Settings\Maxou\usbsermptxp.sys
2008-09-28 16:07 . 2008-09-28 16:07 22,768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys
2008-09-28 16:07 . 2008-10-01 00:32 22,768 --a------ C:\Documents and Settings\Maxou\usbsermpt.sys
2008-09-28 13:36 . 2003-05-14 21:07 389,120 --a------ C:\WINDOWS\system32\actskn43.ocx
2008-09-28 13:20 . 2007-06-18 15:18 23,680 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2008-09-28 12:20 . 2006-10-04 16:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-09-28 12:20 . 2006-10-04 16:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-09-28 12:20 . 2006-10-04 16:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-09-28 12:19 . 2008-09-28 12:20 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-09-28 12:04 . 2008-09-28 12:04 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-09-28 12:04 . 2008-09-28 12:04 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-09-28 12:03 . 2006-11-13 14:45 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-09-28 02:21 . 2008-09-28 02:21 <REP> d-------- C:\Program Files\Fichiers communs\Motorola Shared
2008-09-23 00:30 . 2008-09-23 00:35 5,684 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-09-22 22:38 . 2008-09-22 22:40 <REP> d-------- C:\Program Files\Post-me
2008-09-22 22:38 . 1998-08-26 00:00 1,045,776 --a------ C:\WINDOWS\system32\MSJet35.dll
2008-09-22 22:38 . 1998-08-11 00:00 407,312 --a------ C:\WINDOWS\system32\MsRepl35.dll
2008-09-22 22:38 . 2002-02-13 12:27 252,176 --a------ C:\WINDOWS\system32\MSRD2x35.dll
2008-09-22 22:38 . 2002-02-13 12:27 149,776 --a------ C:\WINDOWS\system32\MSJInt35.dll
2008-09-22 22:38 . 1998-05-31 00:00 72,704 --a------ C:\WINDOWS\system32\ODBCTL32.dll
2008-09-22 22:38 . 1998-04-25 00:00 24,848 --a------ C:\WINDOWS\system32\MSJtEr35.dll
2008-09-22 22:29 . 2008-09-22 22:29 <REP> d-------- C:\Documents and Settings\Maxou\Application Data\3M
2008-09-14 13:44 . 2008-09-14 13:45 <REP> d-------- C:\Program Files\iTunes
2008-09-14 13:44 . 2008-09-14 13:44 <REP> d-------- C:\Program Files\iPod
2008-09-14 13:44 . 2008-09-14 13:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-14 13:41 . 2008-09-14 13:41 <REP> d-------- C:\Program Files\Bonjour
2008-09-14 13:39 . 2008-09-14 13:40 <REP> d-------- C:\Program Files\QuickTime
2008-09-10 19:39 . 2005-01-22 19:05 20,480 --a------ C:\WINDOWS\system32\wbload.dll
2008-09-10 18:15 . 2008-09-10 22:49 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-09-10 18:00 . 2008-09-10 22:47 84 --------- C:\WINDOWS\WB.ini
2008-09-10 17:53 . 2007-07-11 14:06 42,672 --------- C:\WINDOWS\system32\wbsys.dll
2008-09-10 16:48 . 2008-09-10 16:48 <REP> d-------- C:\Documents and Settings\Maxou\Application Data\Styler
2008-09-10 16:17 . 2008-06-08 01:15 216 -rahs---- C:\BOOT.BKK
2008-09-10 15:52 . 2008-09-10 15:52 <REP> d-------- C:\Program Files\TGTSoft
2008-09-10 15:30 . 2008-09-10 15:36 <REP> d-------- C:\Documents and Settings\Maxou\Application Data\Stardock
2008-09-10 15:28 . 2008-09-10 15:28 0 --a------ C:\WINDOWS\windowfx3.ini
2008-09-10 15:28 . 2008-09-10 15:28 0 --a------ C:\WINDOWS\windowfx2.ini
2008-09-10 15:02 . 2008-03-12 22:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Stardock
2008-09-08 12:21 . 2008-09-08 12:21 <REP> d-------- C:\Program Files\Apple Software Update
2008-09-07 20:35 . 2008-09-10 23:03 <REP> d-------- C:\Program Files\Stardock
2008-09-07 20:35 . 2008-09-22 23:52 <REP> d-------- C:\Program Files\Fichiers communs\Stardock
2008-09-07 19:36 . 2008-09-07 19:36 <REP> d-------- C:\Program Files\Plus!
2008-09-07 19:22 . 2008-09-10 16:24 <REP> d-------- C:\Program Files\UberIcon
2008-09-07 18:22 . 2008-09-23 00:35 71,786 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-09-07 18:21 . 2008-09-23 00:35 3,932,214 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-09-07 18:18 . 2008-09-23 00:29 <REP> d-------- C:\WINDOWS\BricoPacks
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-09-02 23:21 . 2008-09-07 18:27 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2008-09-02 17:03 . 2008-09-02 17:03 <REP> d-------- C:\Documents and Settings\Maxou\Application Data\Nubs
2008-09-02 16:58 . 2008-09-10 17:43 <REP> d-------- C:\Documents and Settings\Maxou\Application Data\IconTweaker
2008-09-02 16:58 . 2008-09-10 17:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\IconTweaker
2008-09-02 16:45 . 2008-09-02 16:45 <REP> d-------- C:\WINDOWS\system32\inook2008 dir
2008-09-02 16:45 . 2008-09-02 16:45 201,728 --a------ C:\WINDOWS\system32\inook2008.scr
2008-09-02 14:36 . 2008-09-02 14:36 <REP> d-------- C:\WINDOWS\Downloaded Installations
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-01 23:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-01 17:09 --------- d-----w C:\Program Files\eMule
2008-09-30 23:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-25 20:02 --------- d-----w C:\Documents and Settings\Maxou\Application Data\U3
2008-09-22 22:45 --------- d-----w C:\Program Files\RocketDock
2008-09-14 11:40 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-09-10 23:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-08 16:21 --------- d-----w C:\Documents and Settings\Maxou\Application Data\Apple Computer
2008-09-07 11:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-09-02 15:45 --------- d-----w C:\Program Files\Winamp
2008-09-02 15:42 --------- d-----w C:\Documents and Settings\Maxou\Application Data\Winamp
2008-09-02 13:32 --------- d-----w C:\Documents and Settings\Maxou\Application Data\OtakuSoftware
2008-08-31 01:14 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-30 20:31 --------- d-----w C:\Program Files\Messenger Plus! Live
.
------- Sigcheck -------
2008-02-16 11:32 670208 dcb8a9f102663d962be60cde38a6c1d7 C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\wininet.dll
2008-04-21 08:57 670720 f2f343d7ed0223645ba773b840eb4993 C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\wininet.dll
2008-04-21 08:43 670208 7af7d7d178f2863e7e7c880b55c88b76 C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\wininet.dll
2008-04-21 08:30 670720 82b3264706b9921c67b196319fda51de C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\wininet.dll
2008-06-23 18:15 671232 8ca18fd7cccabff7e84702bc1bbf5dcb C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\wininet.dll
2008-06-23 17:10 670208 d2177655bc338a07b99913f6a4bed52d C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\wininet.dll
2008-06-23 16:56 670720 4e00327da458beffea8f4b222f466b20 C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\wininet.dll
2001-08-28 14:00 598016 ea72e6aab27289c10edce06f4af91557 C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
2004-08-19 16:09 660480 4e958b97efc3d801f49283d1820f48b7 C:\WINDOWS\$NtUninstallKB947864$\wininet.dll
2008-02-16 11:02 663552 c9218cd3cd93586ffe9ae789282cae63 C:\WINDOWS\$NtUninstallKB950759$\wininet.dll
2008-04-21 09:02 663552 355a69cc05045428ce6b9e6bfbd4b74b C:\WINDOWS\$NtUninstallKB953838$\wininet.dll
2008-06-23 17:40 697856 08478bc046ae9381d9eb4883dd48f93a C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2008-04-14 04:33 670208 4a6e04ea20f48d750d9bfed8600d516b C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\wininet.dll
2008-04-14 04:33 670208 4a6e04ea20f48d750d9bfed8600d516b C:\WINDOWS\SoftwareDistribution\Download\bba2f670a60f4e414c2e1208f91a7749\wininet.dll
2008-04-21 09:02 663552 355a69cc05045428ce6b9e6bfbd4b74b C:\WINDOWS\SoftwareDistribution\Download\f13b1130c899601342787d172211ab01\sp2gdr\wininet.dll
2008-04-21 08:57 670720 f2f343d7ed0223645ba773b840eb4993 C:\WINDOWS\SoftwareDistribution\Download\f13b1130c899601342787d172211ab01\sp2qfe\wininet.dll
2008-04-21 08:43 670208 7af7d7d178f2863e7e7c880b55c88b76 C:\WINDOWS\SoftwareDistribution\Download\f13b1130c899601342787d172211ab01\sp3gdr\wininet.dll
2008-04-21 08:30 670720 82b3264706b9921c67b196319fda51de C:\WINDOWS\SoftwareDistribution\Download\f13b1130c899601342787d172211ab01\sp3qfe\wininet.dll
2008-06-23 17:40 697856 08478bc046ae9381d9eb4883dd48f93a C:\WINDOWS\system32\wininet.dll
2008-06-23 17:40 663552 95d92788889b847309c63e2ec287d1c0 C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2001-08-28 14:00 1005056 9e20a8ef0ca524446afee29f4423cc8f C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\explorer.exe
2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\SoftwareDistribution\Download\bba2f670a60f4e414c2e1208f91a7749\explorer.exe
2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\system32\dllcache\explorer.exe
2002-08-29 20:45 142848 9882731639c71c93bf88e445add89aba C:\WINDOWS\$NtServicePackUninstall$\wuauclt.exe
2008-07-18 22:10 68808 136896c2cdc3f689876e0d44485153ea C:\WINDOWS\ServicePackFiles\i386\wuauclt.exe
2008-04-14 04:34 112640 7e3defe771cb451b0ff630bfa435417e C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\wuauclt.exe
2008-04-14 04:34 112640 7e3defe771cb451b0ff630bfa435417e C:\WINDOWS\SoftwareDistribution\Download\bba2f670a60f4e414c2e1208f91a7749\wuauclt.exe
2008-07-18 22:10 68808 136896c2cdc3f689876e0d44485153ea C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10 53448 d316e28958873859b88d72cf47ad1ea5 C:\WINDOWS\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-07-17 122880]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"WindowFX"="C:\PROGRA~1\Stardock\OBJECT~1\WindowFX\\wfxload.exe" [2003-09-29 524288]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-11-07 3739672]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ffpsrv"="c:\windows\ffpext\ffpsrv.exe" [2006-04-11 82432]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-10 7286784]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-07-18 185896]
"Printer Driver"="C:\WINDOWS\system32\PRINTDRV.EXE" [2008-10-01 541934]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"PrinterSecurityLayer"="C:\WINDOWS\LSPRN.EXE" [2008-10-01 16896]
C:\Documents and Settings\Maxou\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regedit.exe]
"Debugger"=0
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe]
"Debugger"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FDCDNT.SYS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FileAndFolderProtector_S]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"D:\\JEUX\\jeux action\\Counter Strike\\hl.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"D:\\JEUX\\jeux strategie\\Warcraft III\\Frozen Throne.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"D:\\JEUX\\jeux strategie\\EE2\\EE2.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9868:TCP"= 9868:TCP:BitComet 9868 TCP
"9868:UDP"= 9868:UDP:BitComet 9868 UDP
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-31 97928]
R1 FDCDNT;FDCDNT;C:\WINDOWS\system32\drivers\FDCDNT.SYS [2005-06-02 47662]
R1 SSHDRV65;SSHDRV65;C:\WINDOWS\system32\drivers\SSHDRV65.sys [2008-06-08 120320]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-31 231704]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-06-29 147456]
R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [ ]
S3 mamotou;mamotou;C:\WINDOWS\system32\DRIVERS\mamotou.sys [2007-02-02 49377]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30f61572-54bd-11dd-b910-001c10e6445b}]
\Shell\AutoRun\command - I:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7289a458-34c6-11dd-b8e7-001c10e6445b}]
\Shell\AutoRun\command - setupSNK.exe
*Newly Created Service* - GTNDIS5
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-L08FXLRD_3281062 - C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Maxou\Application Data\Mozilla\Firefox\Profiles\26xrc4t4.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.fr
FF -: plugin - C:\Documents and Settings\Maxou\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-02 19:38:18
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
C:\Documents and Settings\Maxou\Local Settings\Application Data\Microsoft\Windows Live Contacts\{2e78404f-3c30-4217-997b-61469ea785b7}\DBStore\tempedb.edb 131072 bytes
C:\Documents and Settings\Maxou\Local Settings\Application Data\Microsoft\Windows Live Contacts\{d9d7cca6-417c-4c8a-9ae9-ae7ed7ca0ed7}\DBStore\tempedb.edb
Scan terminé avec succès
Fichiers cachés: 2
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: C:\WINDOWS\explorer.exe
-> C:\Program Files\RocketDock\RocketDock.dll
-> C:\Program Files\UberIcon\UberIcon.dll
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\PROGRA~1\Stardock\OBJECT~1\WindowFX\wfxload.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Heure de fin: 2008-10-02 19:47:27 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-02 17:47:15
Avant-CF: 18ÿ163ÿ982ÿ336 octets libres
Après-CF: 18,175,913,984 octets libres
295 --- E O F --- 2008-09-28 22:33:01
RAPPORT HIJACKTHIS :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:49:15, on 02/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\WINDOWS\LSPRN.EXE
C:\windows\ffpext\ffpsrv.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\PRINTDRV.EXE
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\PROGRA~1\Stardock\OBJECT~1\WindowFX\wfxload.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ffpsrv] c:\windows\ffpext\ffpsrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Printer Driver] C:\WINDOWS\system32\PRINTDRV.EXE
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [WindowFX] C:\PROGRA~1\Stardock\OBJECT~1\WindowFX\\wfxload.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [L08FXLRD_3281062] "C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
O4 - HKLM\..\Policies\Explorer\Run: [PrinterSecurityLayer] C:\WINDOWS\LSPRN.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 2867004093
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mi [...] 2879124906
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
--
End of file - 8682 bytes
Alors?
re
1
Copie (Ctrl+C) le texte ci-dessous :
File::
|
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
Sauvegarde ce fichier sous le nom de CFScript.txt
Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
- Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
- Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
- Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
- Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
2
~Fais une analyse antivirus en ligne sur le site de Kaspersky
http://www.kaspersky.com/kos/eng/p [...] bscan.html
* Clique sur Accept
* Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
* clique une nouvelle fois sur "Accept"
* Les bases de mises à jour vont s'installer, patiente un moment
* Clique sur Next.
* Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.
* Poste le rapport de scan.
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
déjà le rapport de combofix (kaspersky est en route) :
ComboFix 08-10-01.06 - Maxou 2008-10-02 21:55:26.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.988 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Maxou\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\Maxou\CFScript.txt
* Un nouveau point de restauration a été créé
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
FILE ::
C:\WINDOWS\iexplore.html
C:\WINDOWS\LSPRN.EXE
C:\WINDOWS\shapi32.dll
C:\WINDOWS\system32\apisc32.dll
C:\WINDOWS\system32\divxdrv32.exe
C:\WINDOWS\system32\PRINTDRV.EXE
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Maxou\Cookies\maxou@ad.yieldmanager[3].txt
C:\Documents and Settings\Maxou\Cookies\maxou@adsrevenue[2].txt
C:\WINDOWS\iexplore.html
C:\WINDOWS\LSPRN.EXE
C:\WINDOWS\shapi32.dll
C:\WINDOWS\system32\apisc32.dll
C:\WINDOWS\system32\divxdrv32.exe
C:\WINDOWS\system32\PRINTDRV.EXE
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-02 au 2008-10-02 ))))))))))))))))))))))))))))))))))))
.
2008-10-02 19:41 . 2008-10-02 19:41 2,208 --a------ C:\WINDOWS\system32\apibsc32.dll
2008-10-02 18:59 . 2008-10-02 18:59 <REP> d-------- C:\Program Files\Safer Networking
2008-10-02 18:55 . 2008-10-02 18:55 <REP> d-------- C:\Program Files\Trend Micro
2008-10-01 23:46 . 2008-10-01 23:47 4,566 --a------ C:\WINDOWS\imsins.BAK
2008-10-01 20:23 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-10-01 20:22 . 2008-10-01 20:22 <REP> d-------- C:\Program Files\Panda Security
2008-10-01 19:53 . 2008-10-01 19:53 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-01 19:53 . 2008-10-01 19:53 <REP> d-------- C:\Documents and Settings\Maxou\Application Data\Malwarebytes
2008-10-01 19:53 . 2008-10-01 19:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-01 19:53 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-01 19:53 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-01 19:47 . 2008-10-01 19:52 <REP> d-------- C:\Program Files\Spyware Terminator
2008-10-01 19:47 . 2008-10-01 19:47 <REP> d-------- C:\Documents and Settings\Maxou\Application Data\Spyware Terminator
2008-10-01 19:47 . 2008-10-02 00:37 <REP> d-------- C:\Documents and Settings\All Users\Bureau
2008-10-01 19:47 . 2008-10-01 19:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-10-01 19:47 . 2008-10-01 19:47 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-10-01 15:59 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-10-01 15:59 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\o4Patch.exe
2008-10-01 15:59 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-10-01 15:59 . 2008-10-01 23:34 752 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-01 15:55 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-10-01 15:55 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-10-01 15:55 . 2008-09-02 16:51 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-10-01 15:55 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-10-01 15:55 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-10-01 15:55 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-10-01 15:55 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-10-01 15:32 . 2008-10-01 15:32 <REP> d-------- C:\Program Files\NFO viewer
2008-10-01 01:25 . 2008-10-01 01:25 <REP> d-------- C:\Documents and Settings\Maxou\Application Data\InstallShield
2008-10-01 00:49 . 2008-10-01 00:49 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-10-01 00:35 . 2008-10-01 01:25 <REP> d-------- C:\Program Files\Avanquest update
2008-10-01 00:33 . 2008-10-01 09:46 <REP> d-------- C:\Program Files\Motorola Phone Tools
2008-10-01 00:28 . 2008-10-01 00:28 <REP> d-------- C:\Program Files\Common Files
2008-10-01 00:13 . 2008-10-01 00:13 56 --a------ C:\WINDOWS\system32\S-1-5-21-0094400A
2008-09-29 20:55 . 2008-10-01 01:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-09-29 20:07 . 2008-09-29 20:07 0 --a------ C:\WINDOWS\PanelExe.INI
2008-09-29 20:07 . 2008-09-29 20:07 0 --a------ C:\WINDOWS\EngineExe.INI
2008-09-29 20:00 . 2008-09-29 20:00 0 --a------ C:\WINDOWS\FileMgrExe.INI
2008-09-29 19:34 . 2007-02-02 16:57 49,377 --a------ C:\WINDOWS\system32\drivers\mamotou.sys
2008-09-29 19:33 . 2005-08-18 11:44 49,867 --a------ C:\WINDOWS\system32\drivers\mardp2k.sys
2008-09-29 19:33 . 2005-08-18 11:44 49,484 --a------ C:\WINDOWS\system32\drivers\MARDPNP.SYS
2008-09-29 19:33 . 2007-01-16 11:46 25,302 --a------ C:\WINDOWS\system32\drivers\MaVctrl.sys
2008-09-29 19:33 . 2007-01-16 11:44 11,986 --a------ C:\WINDOWS\system32\drivers\MaVc2K.sys
2008-09-29 19:32 . 2008-09-29 19:32 <REP> d-------- C:\WINDOWS\Application Data
2008-09-28 16:07 . 2008-10-01 00:32 24,192 --a------ C:\Documents and Settings\Maxou\usbsermptxp.sys
2008-09-28 16:07 . 2008-09-28 16:07 22,768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys
2008-09-28 16:07 . 2008-10-01 00:32 22,768 --a------ C:\Documents and Settings\Maxou\usbsermpt.sys
2008-09-28 13:36 . 2003-05-14 21:07 389,120 --a------ C:\WINDOWS\system32\actskn43.ocx
2008-09-28 13:20 . 2007-06-18 15:18 23,680 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2008-09-28 12:20 . 2006-10-04 16:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-09-28 12:20 . 2006-10-04 16:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-09-28 12:20 . 2006-10-04 16:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-09-28 12:19 . 2008-09-28 12:20 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-09-28 12:04 . 2008-09-28 12:04 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-09-28 12:04 . 2008-09-28 12:04 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-09-28 12:03 . 2006-11-13 14:45 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-09-28 02:21 . 2008-09-28 02:21 <REP> d-------- C:\Program Files\Fichiers communs\Motorola Shared
2008-09-23 00:30 . 2008-09-23 00:35 5,684 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-09-22 22:38 . 2008-09-22 22:40 <REP> d-------- C:\Program Files\Post-me
2008-09-22 22:38 . 1998-08-26 00:00 1,045,776 --a------ C:\WINDOWS\system32\MSJet35.dll
2008-09-22 22:38 . 1998-08-11 00:00 407,312 --a------ C:\WINDOWS\system32\MsRepl35.dll
2008-09-22 22:38 . 2002-02-13 12:27 252,176 --a------ C:\WINDOWS\system32\MSRD2x35.dll
2008-09-22 22:38 . 2002-02-13 12:27 149,776 --a------ C:\WINDOWS\system32\MSJInt35.dll
2008-09-22 22:38 . 1998-05-31 00:00 72,704 --a------ C:\WINDOWS\system32\ODBCTL32.dll
2008-09-22 22:38 . 1998-04-25 00:00 24,848 --a------ C:\WINDOWS\system32\MSJtEr35.dll
2008-09-22 22:29 . 2008-09-22 22:29 <REP> d-------- C:\Documents and Settings\Maxou\Application Data\3M
2008-09-14 13:44 . 2008-09-14 13:45 <REP> d-------- C:\Program Files\iTunes
2008-09-14 13:44 . 2008-09-14 13:44 <REP> d-------- C:\Program Files\iPod
2008-09-14 13:44 . 2008-09-14 13:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-14 13:41 . 2008-09-14 13:41 <REP> d-------- C:\Program Files\Bonjour
2008-09-14 13:39 . 2008-09-14 13:40 <REP> d-------- C:\Program Files\QuickTime
2008-09-10 19:39 . 2005-01-22 19:05 20,480 --a------ C:\WINDOWS\system32\wbload.dll
2008-09-10 18:15 . 2008-09-10 22:49 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-09-10 18:00 . 2008-09-10 22:47 84 --------- C:\WINDOWS\WB.ini
2008-09-10 17:53 . 2007-07-11 14:06 42,672 --------- C:\WINDOWS\system32\wbsys.dll
2008-09-10 16:48 . 2008-09-10 16:48 <REP> d-------- C:\Documents and Settings\Maxou\Application Data\Styler
2008-09-10 16:17 . 2008-06-08 01:15 216 -rahs---- C:\BOOT.BKK
2008-09-10 15:52 . 2008-09-10 15:52 <REP> d-------- C:\Program Files\TGTSoft
2008-09-10 15:30 . 2008-09-10 15:36 <REP> d-------- C:\Documents and Settings\Maxou\Application Data\Stardock
2008-09-10 15:28 . 2008-09-10 15:28 0 --a------ C:\WINDOWS\windowfx3.ini
2008-09-10 15:28 . 2008-09-10 15:28 0 --a------ C:\WINDOWS\windowfx2.ini
2008-09-10 15:02 . 2008-03-12 22:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Stardock
2008-09-08 12:21 . 2008-09-08 12:21 <REP> d-------- C:\Program Files\Apple Software Update
2008-09-07 20:35 . 2008-09-10 23:03 <REP> d-------- C:\Program Files\Stardock
2008-09-07 20:35 . 2008-09-22 23:52 <REP> d-------- C:\Program Files\Fichiers communs\Stardock
2008-09-07 19:36 . 2008-09-07 19:36 <REP> d-------- C:\Program Files\Plus!
2008-09-07 19:22 . 2008-09-10 16:24 <REP> d-------- C:\Program Files\UberIcon
2008-09-07 18:22 . 2008-09-23 00:35 71,786 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-09-07 18:21 . 2008-09-23 00:35 3,932,214 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-09-07 18:18 . 2008-09-23 00:29 <REP> d-------- C:\WINDOWS\BricoPacks
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-09-02 23:21 . 2008-09-07 18:27 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2008-09-02 17:03 . 2008-09-02 17:03 <REP> d-------- C:\Documents and Settings\Maxou\Application Data\Nubs
2008-09-02 16:58 . 2008-09-10 17:43 <REP> d-------- C:\Documents and Settings\Maxou\Application Data\IconTweaker
2008-09-02 16:58 . 2008-09-10 17:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\IconTweaker
2008-09-02 16:45 . 2008-09-02 16:45 <REP> d-------- C:\WINDOWS\system32\inook2008 dir
2008-09-02 16:45 . 2008-09-02 16:45 201,728 --a------ C:\WINDOWS\system32\inook2008.scr
2008-09-02 14:36 . 2008-09-02 14:36 <REP> d-------- C:\WINDOWS\Downloaded Installations
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-02 19:52 --------- d-----w C:\Program Files\eMule
2008-10-01 23:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-30 23:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-25 20:02 --------- d-----w C:\Documents and Settings\Maxou\Application Data\U3
2008-09-22 22:45 --------- d-----w C:\Program Files\RocketDock
2008-09-14 11:40 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-09-10 23:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-08 16:21 --------- d-----w C:\Documents and Settings\Maxou\Application Data\Apple Computer
2008-09-07 16:21 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-09-07 11:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-09-02 15:45 --------- d-----w C:\Program Files\Winamp
2008-09-02 15:42 --------- d-----w C:\Documents and Settings\Maxou\Application Data\Winamp
2008-09-02 13:32 --------- d-----w C:\Documents and Settings\Maxou\Application Data\OtakuSoftware
2008-08-31 01:14 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-30 20:31 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-29 08:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 68,808 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 11:47 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-07-18 11:47 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-05 08:40 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
.
------- Sigcheck -------
2008-02-16 11:32 670208 dcb8a9f102663d962be60cde38a6c1d7 C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\wininet.dll
2008-04-21 08:57 670720 f2f343d7ed0223645ba773b840eb4993 C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\wininet.dll
2008-04-21 08:43 670208 7af7d7d178f2863e7e7c880b55c88b76 C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\wininet.dll
2008-04-21 08:30 670720 82b3264706b9921c67b196319fda51de C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\wininet.dll
2008-06-23 18:15 671232 8ca18fd7cccabff7e84702bc1bbf5dcb C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\wininet.dll
2008-06-23 17:10 670208 d2177655bc338a07b99913f6a4bed52d C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\wininet.dll
2008-06-23 16:56 670720 4e00327da458beffea8f4b222f466b20 C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\wininet.dll
2001-08-28 14:00 598016 ea72e6aab27289c10edce06f4af91557 C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
2004-08-19 16:09 660480 4e958b97efc3d801f49283d1820f48b7 C:\WINDOWS\$NtUninstallKB947864$\wininet.dll
2008-02-16 11:02 663552 c9218cd3cd93586ffe9ae789282cae63 C:\WINDOWS\$NtUninstallKB950759$\wininet.dll
2008-04-21 09:02 663552 355a69cc05045428ce6b9e6bfbd4b74b C:\WINDOWS\$NtUninstallKB953838$\wininet.dll
2008-06-23 17:40 697856 08478bc046ae9381d9eb4883dd48f93a C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2008-04-14 04:33 670208 4a6e04ea20f48d750d9bfed8600d516b C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\wininet.dll
2008-04-14 04:33 670208 4a6e04ea20f48d750d9bfed8600d516b C:\WINDOWS\SoftwareDistribution\Download\bba2f670a60f4e414c2e1208f91a7749\wininet.dll
2008-04-21 09:02 663552 355a69cc05045428ce6b9e6bfbd4b74b C:\WINDOWS\SoftwareDistribution\Download\f13b1130c899601342787d172211ab01\sp2gdr\wininet.dll
2008-04-21 08:57 670720 f2f343d7ed0223645ba773b840eb4993 C:\WINDOWS\SoftwareDistribution\Download\f13b1130c899601342787d172211ab01\sp2qfe\wininet.dll
2008-04-21 08:43 670208 7af7d7d178f2863e7e7c880b55c88b76 C:\WINDOWS\SoftwareDistribution\Download\f13b1130c899601342787d172211ab01\sp3gdr\wininet.dll
2008-04-21 08:30 670720 82b3264706b9921c67b196319fda51de C:\WINDOWS\SoftwareDistribution\Download\f13b1130c899601342787d172211ab01\sp3qfe\wininet.dll
2008-06-23 17:40 697856 08478bc046ae9381d9eb4883dd48f93a C:\WINDOWS\system32\wininet.dll
2008-06-23 17:40 663552 95d92788889b847309c63e2ec287d1c0 C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2001-08-28 14:00 1005056 9e20a8ef0ca524446afee29f4423cc8f C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\explorer.exe
2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\SoftwareDistribution\Download\bba2f670a60f4e414c2e1208f91a7749\explorer.exe
2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\system32\dllcache\explorer.exe
2002-08-29 20:45 142848 9882731639c71c93bf88e445add89aba C:\WINDOWS\$NtServicePackUninstall$\wuauclt.exe
2008-07-18 22:10 68808 136896c2cdc3f689876e0d44485153ea C:\WINDOWS\ServicePackFiles\i386\wuauclt.exe
2008-04-14 04:34 112640 7e3defe771cb451b0ff630bfa435417e C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\wuauclt.exe
2008-04-14 04:34 112640 7e3defe771cb451b0ff630bfa435417e C:\WINDOWS\SoftwareDistribution\Download\bba2f670a60f4e414c2e1208f91a7749\wuauclt.exe
2008-07-18 22:10 68808 136896c2cdc3f689876e0d44485153ea C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10 53448 d316e28958873859b88d72cf47ad1ea5 C:\WINDOWS\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-07-17 122880]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"WindowFX"="C:\PROGRA~1\Stardock\OBJECT~1\WindowFX\\wfxload.exe" [2003-09-29 524288]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-11-07 3739672]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"L08FXLRD_3281062"="C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" [BU]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ffpsrv"="c:\windows\ffpext\ffpsrv.exe" [2006-04-11 82432]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-10 7286784]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-07-18 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15360]
C:\Documents and Settings\Maxou\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FDCDNT.SYS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FileAndFolderProtector_S]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"D:\\JEUX\\jeux action\\Counter Strike\\hl.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"D:\\JEUX\\jeux strategie\\Warcraft III\\Frozen Throne.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"D:\\JEUX\\jeux strategie\\EE2\\EE2.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9868:TCP"= 9868:TCP:BitComet 9868 TCP
"9868:UDP"= 9868:UDP:BitComet 9868 UDP
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-31 97928]
R1 FDCDNT;FDCDNT;C:\WINDOWS\system32\drivers\FDCDNT.SYS [2005-06-02 47662]
R1 SSHDRV65;SSHDRV65;C:\WINDOWS\system32\drivers\SSHDRV65.sys [2008-06-08 120320]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-31 231704]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-06-29 147456]
R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [ ]
S3 mamotou;mamotou;C:\WINDOWS\system32\DRIVERS\mamotou.sys [2007-02-02 49377]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30f61572-54bd-11dd-b910-001c10e6445b}]
\Shell\AutoRun\command - I:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7289a458-34c6-11dd-b8e7-001c10e6445b}]
\Shell\AutoRun\command - setupSNK.exe
*Newly Created Service* - GTNDIS5
.
Contenu du dossier 'Tâches planifiées'
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-02 21:57:45
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
Heure de fin: 2008-10-02 22:00:57
ComboFix-quarantined-files.txt 2008-10-02 20:00:18
Avant-CF: 18ÿ138ÿ480ÿ640 octets libres
Après-CF: 18,143,449,088 octets libres
277 --- E O F --- 2008-09-28 22:33:01
Il y a l'air de n'avoir plus de pubs et j'ai retrouvé mon gestionnaire de tâches 
j'attends le rapport de kaspersky.
| maxbiloute a écrit : Il y a l'air de n'avoir plus de pubs et j'ai retrouvé mon gestionnaire de tâches |
moi aussi
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
Il y a 392 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
