Tom's Guide > Forum > Sécurité - Virus > Virus malware et cftmon.exe ???

Virus malware et cftmon.exe ???

Forum Sécurité - Virus : Virus malware et cftmon.exe ???

TomsGuide.com : 800 000 inscrits répondent à toutes vos questions high-tech et informatique. Pour obtenir de l'aide, inscrivez-vous gratuitement !
Créer un nouveau sujet Répondre
Mot :    Pseudo :           
 
selor   04-02-2009 à 14:41:58

Slt :)

J'ai un problème qui traine depuis un moment et serieusement je n'en voit pas le bout ...

Cftmon.exe est un processus de windaube office j'ai fait scrupuleusement ce qui est dit ici :
http://support.microsoft.com/kb/282599

RIEN ne fonctionne le service est introuvable dans mon installation de office xp 2007 plus et office visio ..
pas de module complementaire comme ils disent donc je ne peut le desinstaller ou desactiver ... et qd j'essaie les truc unreg en base de registre pour les deux Dll ca me met un message erreur ...
Mon réel problème est qu'avira le detecte comme un trojan en boucle depuis deux mois et du coup je suis obliger de le desactiver du coup je ne suis plus proteger par Avira et depuis j'ai du chopper en plus .... quelques merdouilles ...

voici donc un rapport Hijackthis merci de vos aides je pete reellement un cable :)

Code :
  1. Logfile of HijackThis v1.99.1
  2. Scan saved at 14:41:12, on 04/02/2009
  3. Platform: Windows XP SP2 (WinNT 5.01.2600)
  4. MSIE: Internet Explorer v7.00 (7.00.6000.16762)
  6. Running processes:
  7. C:\WINDOWS\System32\smss.exe
  8. C:\WINDOWS\system32\csrss.exe
  9. C:\WINDOWS\system32\winlogon.exe
  10. C:\WINDOWS\system32\services.exe
  11. C:\WINDOWS\system32\lsass.exe
  12. C:\WINDOWS\system32\svchost.exe
  13. C:\WINDOWS\system32\svchost.exe
  14. C:\WINDOWS\System32\svchost.exe
  15. C:\WINDOWS\system32\svchost.exe
  16. C:\WINDOWS\system32\svchost.exe
  17. C:\WINDOWS\system32\spoolsv.exe
  18. C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
  19. C:\Program Files\AlienGUIse\wbload.exe
  20. C:\WINDOWS\Explorer.EXE
  21. C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
  22. C:\Program Files\AGI\common\win32\PythonService.exe
  23. C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
  24. C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
  25. C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
  26. C:\Program Files\Bonjour\mDNSResponder.exe
  27. C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
  28. C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
  29. C:\WINDOWS\system32\cisvc.exe
  30. C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
  31. C:\Program Files\Java\jre6\bin\jqs.exe
  32. C:\WINDOWS\AGRSMMSG.exe
  33. C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  34. C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
  35. C:\Program Files\Function Key Controller\FKC.exe
  36. C:\WINDOWS\BisonCam\BisonTrayIcon.exe
  37. C:\Program Files\LifeView DTV\RemoteControl.exe
  38. C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
  39. C:\Program Files\LogMeIn\x86\RaMaint.exe
  40. C:\Program Files\Java\jre6\bin\jusched.exe
  41. C:\Program Files\LogMeIn\x86\LogMeIn.exe
  42. C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
  43. C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
  44. C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
  45. C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
  46. C:\Program Files\LogMeIn\x86\LMIGuardian.exe
  47. C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
  48. C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
  49. E:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
  50. C:\WINDOWS\system32\MNSFramework.exe
  51. C:\WINDOWS\system32\nvsvc32.exe
  52. C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  53. C:\WINDOWS\system32\svchost.exe
  54. C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
  55. C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe
  56. C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe
  57. C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
  58. C:\WINDOWS\system32\wdfmgr.exe
  59. C:\Program Files\RealVNC\VNC4\WinVNC4.exe
  60. C:\Program Files\iTunes\iTunesHelper.exe
  61. C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
  62. C:\Program Files\LogMeIn\x86\LMIGuardian.exe
  63. C:\Program Files\DAEMON Tools\daemon.exe
  64. C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
  65. C:\Program Files\Skype\Phone\Skype.exe
  66. C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAME.EXE
  67. C:\Program Files\SuperCopier2\SuperCopier2.exe
  68. C:\Program Files\Mobile Net Switch\MNS.exe
  69. C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
  70. C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
  71. C:\Documents and Settings\SeLoR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
  72. C:\Program Files\Google\Google Talk\googletalk.exe
  73. C:\PROGRA~1\MI3AA1~1\rapimgr.exe
  74. C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
  75. C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
  76. C:\Program Files\iPod\bin\iPodService.exe
  77. C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
  78. C:\WINDOWS\system32\wbem\wmiapsrv.exe
  79. C:\WINDOWS\System32\alg.exe
  80. C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
  81. C:\Program Files\Skype\Plugin Manager\skypePM.exe
  82. C:\Documents and Settings\SeLoR\Menu Démarrer\Programmes\Démarrage\ctfmon.exe
  83. C:\Program Files\MagicDisc\MagicDisc.exe
  84. C:\WINDOWS\system32\wuauclt.exe
  85. C:\WINDOWS\system32\cidaemon.exe
  86. C:\WINDOWS\system32\cidaemon.exe
  87. C:\Documents and Settings\SeLoR\Bureau\hijackthis(2)\HijackThis.exe
  89. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr
  90. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  91. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  92. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  93. R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  94. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
  95. R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.201.253:3128
  96. R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
  97. R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll
  98. O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
  99. O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
  100. O2 - BHO: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll
  101. O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
  102. O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  103. O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  104. O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
  105. O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
  106. O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
  107. O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
  108. O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
  109. O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll
  110. O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
  111. O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  112. O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
  113. O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
  114. O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
  115. O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  116. O4 - HKLM\..\Run: [FunctionKeyCtrl] C:\Program Files\Function Key Controller\FKC.exe
  117. O4 - HKLM\..\Run: [BisonTrayIcon] C:\WINDOWS\BisonCam\BisonTrayIcon.exe
  118. O4 - HKLM\..\Run: [DTVRemote] "C:\Program Files\LifeView DTV\RemoteControl.exe"
  119. O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
  120. O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
  121. O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
  122. O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
  123. O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
  124. O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
  125. O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
  126. O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
  127. O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
  128. O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
  129. O4 - HKLM\..\Run: [{B179023B-6238-4499-8F26-CD73E9D90E0A}] "C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe"
  130. O4 - HKLM\..\Run: [MDGetStarted.exe] "C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" /auto
  131. O4 - HKLM\..\Run: [KiweeHook] "C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe"
  132. O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
  133. O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
  134. O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
  135. O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
  136. O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
  137. O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
  138. O4 - HKCU\..\Run: [\\192.168.1.100\EPSON Stylus Photo RX640 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAME.EXE /FU "C:\DOCUME~1\SeLoR\LOCALS~1\Temp\E_S17F.tmp" /EF "HKCU"
  139. O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
  140. O4 - HKCU\..\Run: [MNS] C:\Program Files\Mobile Net Switch\MNS.exe
  141. O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
  142. O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
  143. O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\SeLoR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
  144. O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
  145. O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
  146. O4 - HKCU\..\Run: [cbvcs] C:\WINDOWS\system32\urretnd.exe
  147. O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
  148. O4 - Startup: ctfmon.exe
  149. O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
  150. O4 - Global Startup: BTTray.lnk = ?
  151. O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
  152. O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
  153. O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
  154. O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
  155. O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
  156. O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
  157. O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
  158. O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
  159. O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
  160. O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
  161. O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
  162. O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
  163. O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
  164. O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
  165. O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
  166. O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
  167. O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  168. O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  169. O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  170. O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  171. O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
  172. O11 - Options group: [INTERNATIONAL] International*
  173. O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
  174. O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193762088078
  175. O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
  176. O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
  177. O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
  178. O17 - HKLM\System\CCS\Services\Tcpip\..\{08D9ACA1-BC11-4E23-B7C5-8D0F706E3BBE}: NameServer = 192.168.201.1
  179. O17 - HKLM\System\CS1\Services\Tcpip\..\{08D9ACA1-BC11-4E23-B7C5-8D0F706E3BBE}: NameServer = 192.168.201.1
  180. O17 - HKLM\System\CS2\Services\Tcpip\..\{08D9ACA1-BC11-4E23-B7C5-8D0F706E3BBE}: NameServer = 192.168.201.1
  181. O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
  182. O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
  183. O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
  184. O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
  185. O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
  186. O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
  187. O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
  188. O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
  189. O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
  190. O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
  191. O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
  192. O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
  193. O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
  194. O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
  195. O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
  196. O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
  197. O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
  198. O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
  199. O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
  200. O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
  201. O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
  202. O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
  203. O23 - Service: MacDriveService - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
  204. O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - E:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
  205. O23 - Service: MNS Framework (MNSFramework) - Unknown owner - C:\WINDOWS\system32\MNSFramework.exe
  206. O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
  207. O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  208. O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
  209. O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  210. O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
  211. O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

Répondre
Liens sponsorisés
Inscrivez-vous ou connectez-vous pour masquer ceci.
Angeldark   04-02-2009 à 19:21:22
- 0 +

Bonjour,

Télécharge ComboFix (de sUBs) sur ton Bureau.

  • Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
  • Double clique sur ComboFix.exe.
  • Accepte la licence en cliquant sur Oui.
  • Le programme va te demander si tu souhaites installer la Console de Récupération. C'est une précaution, au cas où l'ordinateur tomberait en panne. Je te conseille donc de l'installer, ça ne coûte rien, et ça pourrait potentiellement servir !
  • Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.


Le rapport se trouve ici : %SystemDrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

Aide : Comment utiliser ComboFix.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
selor   06-02-2009 à 11:40:41
- 0 +

Code :
  1. ComboFix 09-02-05.02 - SeLoR 2009-02-06 10:58:50.1 - NTFSx86
  2. Microsoft Windows XP Professionnel  5.1.2600.2.1252.1.1036.18.2047.1344 [GMT 1:00]
  3. Lancé depuis: c:\documents and settings\SeLoR\Bureau\ComboFix.exe
  4. AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
  5. * Un nouveau point de restauration a été créé
  7. AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
  8. .
  9. [color=purple]Les fichiers ci-dessous ont été désactivés pendant l'exécution:[/color]
  10. c:\program files\SuperCopier2\SC2Hook.dll
  13. ((((((((((((((((((((((((((((((((((((  Autres suppressions  ))))))))))))))))))))))))))))))))))))))))))))))))
  14. .
  16. C:\Autorun.inf
  17. c:\documents and settings\SeLoR\Menu Démarrer\Programmes\Démarrage\ctfmon.exe
  18. c:\recycled\Recycled
  19. c:\recycled\Recycled\ctfmon.exe
  20. c:\windows\system32\amvo0.dll
  21. E:\Autorun.inf
  22. H:\Autorun.inf
  24. .
  25. (((((((((((((((((((((((((((((  Fichiers créés du 2009-01-06 au 2009-02-06  ))))))))))))))))))))))))))))))))))))
  26. .
  28. 2009-02-06 11:09 . 2009-02-06 11:10    113    -r-hs----    C:\autorun.inf
  29. 2009-02-04 13:44 . 2009-02-06 10:45    89,600    -r-hs----    c:\windows\system32\optyhww1.dll
  30. 2009-02-04 13:39 . 2009-02-04 13:39    268    --ah-----    C:\sqmdata15.sqm
  31. 2009-02-04 13:39 . 2009-02-04 13:39    244    --ah-----    C:\sqmnoopt15.sqm
  32. 2009-02-04 12:57 . 2009-02-06 10:45    106,827    -r-hs----    C:\ft96s.exe
  33. 2009-02-04 12:56 . 2009-02-06 10:45    106,827    -r-hs----    c:\windows\system32\urretnd.exe
  34. 2009-02-04 12:56 . 2009-02-06 11:08    89,600    -r-hs----    c:\windows\system32\optyhww0.dll
  35. 2009-02-03 17:44 . 2009-02-03 17:44    268    --ah-----    C:\sqmdata14.sqm
  36. 2009-02-03 17:44 . 2009-02-03 17:44    244    --ah-----    C:\sqmnoopt14.sqm
  37. 2009-02-03 17:37 . 2009-02-03 17:37    <REP>    d--------    c:\program files\Sun
  38. 2009-02-03 17:37 . 2009-02-03 17:37    410,984    --a------    c:\windows\system32\deploytk.dll
  39. 2009-02-02 23:39 . 2009-02-02 23:39    268    --ah-----    C:\sqmdata13.sqm
  40. 2009-02-02 23:39 . 2009-02-02 23:39    244    --ah-----    C:\sqmnoopt13.sqm
  41. 2009-01-30 17:13 . 2009-01-30 17:13    268    --ah-----    C:\sqmdata12.sqm
  42. 2009-01-30 17:13 . 2009-01-30 17:13    244    --ah-----    C:\sqmnoopt12.sqm
  43. 2009-01-30 15:59 . 2009-02-03 16:31    <REP>    d--------    c:\documents and settings\SeLoR\workspace
  44. 2009-01-26 18:41 . 2009-01-26 18:41    268    --ah-----    C:\sqmdata11.sqm
  45. 2009-01-26 18:41 . 2009-01-26 18:41    244    --ah-----    C:\sqmnoopt11.sqm
  46. 2009-01-26 11:23 . 2008-12-27 16:16    100,808    --a------    C:\IMG_1459.JPG
  47. 2009-01-25 23:17 . 2009-01-25 23:17    268    --ah-----    C:\sqmdata10.sqm
  48. 2009-01-25 23:17 . 2009-01-25 23:17    244    --ah-----    C:\sqmnoopt10.sqm
  49. 2009-01-25 15:45 . 2009-01-25 15:45    268    --ah-----    C:\sqmdata09.sqm
  50. 2009-01-25 15:45 . 2009-01-25 15:45    244    --ah-----    C:\sqmnoopt09.sqm
  51. 2009-01-19 00:00 . 2009-01-19 00:00    268    --ah-----    C:\sqmdata08.sqm
  52. 2009-01-19 00:00 . 2009-01-19 00:00    244    --ah-----    C:\sqmnoopt08.sqm
  53. 2009-01-15 22:09 . 2009-01-15 22:09    268    --ah-----    C:\sqmdata07.sqm
  54. 2009-01-15 22:09 . 2009-01-15 22:09    244    --ah-----    C:\sqmnoopt07.sqm
  55. 2009-01-15 21:44 . 2004-08-04 00:54    159,232    --a------    c:\windows\system32\ptpusd.dll
  56. 2009-01-15 21:44 . 2004-08-03 22:58    15,104    --a------    c:\windows\system32\drivers\usbscan.sys
  57. 2009-01-15 21:44 . 2004-08-03 22:58    15,104    --a--c---    c:\windows\system32\dllcache\usbscan.sys
  58. 2009-01-15 21:44 . 2001-08-23 17:47    5,632    --a------    c:\windows\system32\ptpusb.dll
  59. 2009-01-15 17:46 . 2008-04-17 13:12    107,368    --a------    c:\windows\system32\GEARAspi.dll
  60. 2009-01-15 17:46 . 2008-04-17 13:12    15,464    --a------    c:\windows\system32\drivers\GEARAspiWDM.sys
  61. 2009-01-15 17:45 . 2009-01-15 17:46    <REP>    d--------    c:\program files\iTunes
  62. 2009-01-15 17:45 . 2009-01-15 17:45    <REP>    d--------    c:\program files\iPod
  63. 2009-01-15 17:45 . 2009-01-15 17:46    <REP>    d--------    c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
  64. 2009-01-15 17:42 . 2009-01-15 17:45    <REP>    d--------    c:\program files\Fichiers communs\Apple
  65. 2009-01-15 17:42 . 2009-01-15 17:42    <REP>    d--------    c:\program files\Apple Software Update
  66. 2009-01-15 17:42 . 2008-11-07 14:23    32,000    --a------    c:\windows\system32\drivers\usbaapl.sys
  67. 2009-01-15 17:41 . 2009-01-15 17:41    <REP>    d--------    c:\documents and settings\All Users\Application Data\Apple
  68. 2009-01-14 22:45 . 2009-01-14 22:45    268    --ah-----    C:\sqmdata06.sqm
  69. 2009-01-14 22:45 . 2009-01-14 22:45    244    --ah-----    C:\sqmnoopt06.sqm
  70. 2009-01-11 23:10 . 2009-01-11 23:10    268    --ah-----    C:\sqmdata05.sqm
  71. 2009-01-11 23:10 . 2009-01-11 23:10    244    --ah-----    C:\sqmnoopt05.sqm
  72. 2009-01-09 10:39 . 2009-01-09 10:39    268    --ah-----    C:\sqmdata04.sqm
  73. 2009-01-09 10:39 . 2009-01-09 10:39    244    --ah-----    C:\sqmnoopt04.sqm
  74. 2009-01-08 23:56 . 2009-01-08 23:56    80    -r-hs----    c:\windows\3DXCT.BIN
  75. 2009-01-08 23:54 . 2009-01-08 23:54    <REP>    d--------    c:\windows\Logs
  76. 2009-01-08 22:37 . 2009-01-08 22:37    268    --ah-----    C:\sqmdata03.sqm
  77. 2009-01-08 22:37 . 2009-01-08 22:37    244    --ah-----    C:\sqmnoopt03.sqm
  78. 2009-01-08 19:00 . 2009-01-08 19:00    268    --ah-----    C:\sqmdata02.sqm
  79. 2009-01-08 19:00 . 2009-01-08 19:00    244    --ah-----    C:\sqmnoopt02.sqm
  80. 2009-01-08 16:51 . 2009-01-08 16:51    <REP>    d--------    c:\documents and settings\SeLoR\Application Data\Reallusion
  81. 2009-01-08 16:24 . 2009-02-04 15:13    <REP>    d--------    c:\program files\Reallusion
  82. 2009-01-08 16:24 . 2009-01-08 23:56    <REP>    d--------    c:\program files\Fichiers communs\Reallusion
  83. 2009-01-08 16:24 . 2009-01-09 10:31    <REP>    d--------    c:\documents and settings\All Users\Application Data\Reallusion
  84. 2009-01-08 16:24 . 2009-01-08 16:24    80    -r-hs----    c:\windows\CT5STET.BIN
  85. 2009-01-08 16:23 . 2009-01-08 16:23    <REP>    d--------    c:\documents and settings\SeLoR\Application Data\InstallShield
  86. 2009-01-06 01:13 . 2009-01-06 01:13    268    --ah-----    C:\sqmdata01.sqm
  87. 2009-01-06 01:13 . 2009-01-06 01:13    244    --ah-----    C:\sqmnoopt01.sqm
  89. .
  90. ((((((((((((((((((((((((((((((((((  Compte-rendu de Find3M  ))))))))))))))))))))))))))))))))))))))))))))))))
  91. .
  92. 2009-02-06 10:09    ---------    d-----w    c:\documents and settings\SeLoR\Application Data\Skype
  93. 2009-02-06 10:06    ---------    d-----w    c:\program files\SuperCopier2
  94. 2009-02-06 09:41    ---------    d-----w    c:\program files\LogMeIn
  95. 2009-02-04 14:14    ---------    d--h--w    c:\program files\InstallShield Installation Information
  96. 2009-02-04 14:07    ---------    d-----w    c:\documents and settings\SeLoR\Application Data\Gesloc
  97. 2009-02-04 11:18    ---------    d-----w    c:\documents and settings\All Users\Application Data\AntiVir PersonalEdition Classic
  98. 2009-02-03 16:37    ---------    d-----w    c:\program files\Java
  99. 2009-01-15 20:45    ---------    d-----w    c:\documents and settings\SeLoR\Application Data\Apple Computer
  100. 2009-01-15 16:45    ---------    d-----w    c:\program files\Bonjour
  101. 2009-01-15 16:44    ---------    d-----w    c:\program files\QuickTime
  102. 2009-01-14 21:48    ---------    d-----w    c:\documents and settings\All Users\Application Data\Microsoft Help
  103. 2009-01-02 17:44    ---------    d-----w    c:\program files\Microsoft Money 2005
  104. 2008-12-18 14:16    ---------    d-----w    c:\program files\trucparticleIllusion 3.0
  105. 2008-12-18 08:41    ---------    d-----w    c:\program files\nLite
  106. 2008-12-18 08:26    ---------    d-----w    c:\program files\Windows Updates Downloader
  107. 2008-12-18 08:17    ---------    d-----w    c:\program files\My Drivers
  108. 2008-12-16 21:46    ---------    d-----w    c:\program files\LogMeIn Ignition
  109. 2008-12-13 19:12    ---------    d-----w    c:\program files\FlashFXP
  110. 2008-12-11 11:57    333,184    ----a-w    c:\windows\system32\drivers\srv.sys
  111. 2008-12-10 08:27    ---------    d-----w    c:\program files\wLite
  112. 2008-12-10 08:27    ---------    d-----w    c:\documents and settings\All Users\Application Data\webcamXP5
  113. 2008-12-09 18:58    ---------    d-----w    c:\program files\Ant Renamer
  114. 2008-12-09 14:58    ---------    d-----w    c:\documents and settings\All Users\Application Data\LogMeIn
  115. 2008-12-05 12:56    12    ----a-w    c:\documents and settings\SeLoR\TV.dat
  116. 2008-11-30 20:55    339,968    ----a-w    c:\windows\system32\pythoncom25.dll
  117. 2008-11-30 20:55    2,117,632    ----a-w    c:\windows\system32\python25.dll
  118. 2008-11-30 20:55    114,688    ----a-w    c:\windows\system32\pywintypes25.dll
  119. 2007-11-22 17:11    12    ----a-w    c:\documents and settings\SeLoR\recsche.dat
  120. .
  122. (((((((((((((((((((((((((((((((((  Points de chargement Reg  ))))))))))))))))))))))))))))))))))))))))))))))))
  123. .
  124. .
  125. *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
  126. REGEDIT4
  128. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  129. "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
  130. "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
  131. "Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-09-13 22880040]
  132. "\\192.168.1.100\EPSON Stylus Photo RX640 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAME.EXE" [2007-01-16 177664]
  133. "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
  134. "MNS"="c:\program files\Mobile Net Switch\MNS.exe" [2007-10-05 905720]
  135. "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
  136. "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
  137. "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-11-21 3297280]
  138. "cbvcs"="c:\windows\system32\urretnd.exe" [2009-02-06 106827]
  140. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  141. "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7573504]
  142. "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
  143. "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-03 761946]
  144. "FunctionKeyCtrl"="c:\program files\Function Key Controller\FKC.exe" [2006-05-25 49152]
  145. "BisonTrayIcon"="c:\windows\BisonCam\BisonTrayIcon.exe" [2005-10-06 40960]
  146. "DTVRemote"="c:\program files\LifeView DTV\RemoteControl.exe" [2006-04-26 57344]
  147. "ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
  148. "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
  149. "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
  150. "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
  151. "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-03 148888]
  152. "avgnt"="c:\program files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-25 266497]
  153. "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-03-29 624248]
  154. "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-09-14 2595480]
  155. "AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-09-14 905056]
  156. "Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2007-09-14 140568]
  157. "{B179023B-6238-4499-8F26-CD73E9D90E0A}"="c:\program files\Mediafour\MacDrive 7\MacDrive.exe" [2007-07-12 179288]
  158. "MDGetStarted.exe"="c:\program files\Mediafour\MacDrive 7\MDGetStarted.exe" [2007-06-13 139264]
  159. "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
  160. "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
  161. "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
  162. "nwiz"="nwiz.exe" [2006-05-09 c:\windows\system32\nwiz.exe]
  163. "AGRSMMSG"="AGRSMMSG.exe" [2006-02-15 c:\windows\AGRSMMSG.exe]
  165. [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  166. "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
  168. c:\documents and settings\SeLoR\Menu D‚marrer\Programmes\D‚marrage\
  169. Alienware Dock.lnk - c:\program files\AlienGUIse\AlienwareDock\ObjectDock.exe [2007-10-30 2074360]
  170. MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2007-10-31 557568]
  172. c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
  173. BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-03-14 622653]
  175. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
  176. 2001-12-20 23:34 24576 c:\program files\AlienGUIse\fastload.dll
  178. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
  179. 2008-10-16 20:35 87352 c:\windows\system32\LMIinit.dll
  181. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
  182. "AppInit_DLLs"=wbsys.dll
  184. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
  185. "msacm.ac3filter"= ac3filter.acm
  186. "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
  187. "vidc.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll
  188. "VIDC.HFYU"= huffyuv.dll
  189. "VIDC.LAGS"= lagarith.dll
  191. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\se32.sys]
  192. @="Driver"
  194. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
  195. "EnableFirewall"= 0 (0x0)
  197. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  198. "%windir%\\system32\\sessmgr.exe"=
  199. "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  200. "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
  201. "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
  202. "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
  203. "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
  204. "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
  205. "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
  206. "c:\\Program Files\\uTorrent\\uTorrent.exe"=
  207. "e:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
  208. "e:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
  209. "e:\\Program Files\\Autodesk\\Backburner\\server.exe"=
  210. "e:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
  211. "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
  212. "c:\\Program Files\\iTunes\\iTunes.exe"=
  213. "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
  215. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  216. "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
  218. R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2007-09-05 277888]
  219. R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.sys [2007-02-28 19072]
  220. R1 se32;EnTech softEngine;c:\windows\system32\drivers\se32.sys [2007-05-03 12112]
  221. R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-07-24 12856]
  222. R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-12-09 47640]
  223. R2 MacDriveService;MacDriveService;c:\program files\Mediafour\MacDrive 7\MacDriveService.exe [2007-05-01 143360]
  224. R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;e:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]
  225. S1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [2007-11-08 16695]
  226. S2 aecpcitc;aecpcitc;c:\windows\system32\drivers\aecpcitc.sys [2007-11-08 31520]
  227. S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-06-29 42512]
  228. S3 Wibukey2;Wibukey2;c:\windows\system32\drivers\Wibukey2.sys [2007-11-09 16384]
  229. S4 LMIRfsClientNP;LMIRfsClientNP; [x]
  231. --- Autres Services/Pilotes en mémoire ---
  233. *Deregistered* - mchInjDrv
  235. [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29257f68-eaf9-11dd-8fca-001641b32978}]
  236. \Shell\AutoRun\command - F:\[u]0[/u]0hoeav.com
  237. \Shell\explore\Command - F:\[u]0[/u]0hoeav.com
  238. \Shell\open\Command - F:\[u]0[/u]0hoeav.com
  240. [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63d5d5dc-0099-11dd-8f2c-001641b32978}]
  241. \Shell\AutoRun\command - F:\[u]0[/u]0hoeav.com
  242. \Shell\explore\Command - F:\[u]0[/u]0hoeav.com
  243. \Shell\open\Command - F:\[u]0[/u]0hoeav.com
  245. [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78b12273-dd98-11dd-8fc0-001641b32978}]
  246. \Shell\AutoRun\command - b.com
  247. \Shell\explore\Command - b.com
  248. \Shell\open\Command - b.com
  250. [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{930fb87c-9132-11dd-8f75-001641b32978}]
  251. \Shell\AutoRun\command - I:\[u]0[/u]0hoeav.com
  252. \Shell\explore\Command - I:\[u]0[/u]0hoeav.com
  253. \Shell\open\Command - I:\[u]0[/u]0hoeav.com
  255. [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd47912f-9752-11dc-8ede-001641b32978}]
  256. \Shell\AutoRun\command - F:\LaunchU3.exe -a
  258. [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6f955e2-eb8b-11dd-8fcb-001641b32978}]
  259. \Shell\AutoRun\command - I:\[u]0[/u]0hoeav.com
  260. \Shell\explore\Command - I:\[u]0[/u]0hoeav.com
  261. \Shell\open\Command - I:\[u]0[/u]0hoeav.com
  262. .
  263. Contenu du dossier 'Tâches planifiées'
  265. 2009-01-15 c:\windows\Tasks\AppleSoftwareUpdate.job
  266. - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
  267. .
  268. - - - - ORPHELINS SUPPRIMES - - - -
  270. ShellIconOverlayIdentifiers-MacDrive Volume Icons - (no file)
  273. .
  274. ------- Examen supplémentaire -------
  275. .
  276. uStart Page = hxxp://www.google.fr/ig?hl=fr
  277. uInternet Settings,ProxyServer = 192.168.201.253:3128
  278. uInternet Settings,ProxyOverride = <local> 127.0.0.1
  279. IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
  280. IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
  281. IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
  282. IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
  283. IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
  284. IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
  285. IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
  286. IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
  287. IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
  288. IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
  289. TCP: {08D9ACA1-BC11-4E23-B7C5-8D0F706E3BBE} = 192.168.201.1
  290. DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
  291. FF - ProfilePath - c:\documents and settings\SeLoR\Application Data\Mozilla\Firefox\Profiles\ug2v0vey.default\
  292. FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig?hl=fr
  293. FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=
  294. FF - prefs.js: network.proxy.ftp - 192.168.201.253
  295. FF - prefs.js: network.proxy.ftp_port - 3128
  296. FF - prefs.js: network.proxy.gopher - 192.168.201.253
  297. FF - prefs.js: network.proxy.gopher_port - 3128
  298. FF - prefs.js: network.proxy.socks - 192.168.201.253
  299. FF - prefs.js: network.proxy.socks_port - 3128
  300. FF - prefs.js: network.proxy.ssl - 192.168.201.253
  301. FF - prefs.js: network.proxy.ssl_port - 3128
  302. FF - prefs.js: network.proxy.type - 4
  303. FF - component: c:\documents and settings\SeLoR\Application Data\Mozilla\Firefox\Profiles\ug2v0vey.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
  304. FF - plugin: c:\documents and settings\SeLoR\Application Data\Mozilla\Firefox\Profiles\ug2v0vey.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
  305. FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
  306. FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
  307. FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
  308. FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
  309. .
  311. **************************************************************************
  313. catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  314. Rootkit scan 2009-02-06 11:08:14
  315. Windows 5.1.2600 Service Pack 2 NTFS
  317. Recherche de processus cachés ...
  319. Recherche d'éléments en démarrage automatique cachés ...
  321. Recherche de fichiers cachés ...
  323. Scan terminé avec succès
  324. Fichiers cachés: 0
  326. **************************************************************************
  328. [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
  329. "ImagePath"="\??\c:\docume~1\SeLoR\LOCALS~1\Temp\mc21.tmp"
  330. .
  331. --------------------- CLES DE REGISTRE BLOQUEES ---------------------
  333. [HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
  334. @Denied: (Full) (LocalSystem)
  336. [HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync]
  337. "Name"="ActiveSync"
  338. "DisplayName"="Microsoft ActiveSync"
  339. "Param1"="ActiveSync"
  340. "Type"="wellknown"
  341. "Order"=dword:00000001
  342. "State"=dword:0000000b
  344. [HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings]
  345. "Name"="IESettings"
  346. "Type"="IESettings"
  347. "Order"=dword:00000004
  348. "State"=dword:0000000b
  350. [HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles]
  351. "Name"="MediaFiles"
  352. "Type"="MediaFiles"
  353. "Order"=dword:00000003
  354. "State"=dword:0000000b
  356. [HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW]
  357. "Name"="NPW"
  358. "Param1"="NPW"
  359. "Type"="wellknown"
  360. "Order"=dword:00000002
  361. "State"=dword:0000000b
  363. [HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook]
  364. "Name"="Outlook"
  365. "DisplayName"="Microsoft Outlook"
  366. "Param1"="Outlook"
  367. "Type"="wellknown"
  368. "Order"=dword:00000000
  369. "State"=dword:00000020
  371. [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
  372. "Version"=hex:4e,8d,2b,48,9d,d4,5e,09,53,0d,e8,fb,e6,cd,96,e9,ff,cd,39,af,68,
  373.   dd,e3,bc,57,a8,0f,b5,43,e7,ca,99,48,e3,80,45,90,fe,45,dd,f5,ef,05,0f,b9,c8,\
  375. [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
  376. "Version"=hex:4e,8d,2b,48,9d,d4,5e,09,53,0d,e8,fb,e6,cd,96,e9,ff,cd,39,af,68,
  377.   dd,e3,bc,57,a8,0f,b5,43,e7,ca,99,48,e3,80,45,90,fe,45,dd,f5,ef,05,0f,b9,c8,\
  378. .
  379. --------------------- DLLs chargées dans les processus actifs ---------------------
  381. - - - - - - - > 'winlogon.exe'(1068)
  382. c:\windows\system32\LMIinit.dll
  383. c:\program files\AlienGUIse\fastload.dll
  384. c:\windows\system32\LMIRfsClientNP.dll
  386. - - - - - - - > 'lsass.exe'(1128)
  387. c:\windows\system32\relog_ap.dll
  388. .
  389. ------------------------ Autres processus actifs ------------------------
  390. .
  391. c:\program files\AntiVir PersonalEdition Classic\avguard.exe
  392. c:\program files\Fichiers communs\Acronis\Schedule2\schedul2.exe
  393. c:\program files\AntiVir PersonalEdition Classic\sched.exe
  394. c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
  395. c:\program files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
  396. c:\program files\Bonjour\mDNSResponder.exe
  397. c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
  398. c:\program files\Java\jre6\bin\jqs.exe
  399. c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
  400. c:\program files\LogMeIn\x86\ramaint.exe
  401. c:\program files\LogMeIn\x86\LogMeIn.exe
  402. c:\program files\LogMeIn\x86\LMIGuardian.exe
  403. c:\windows\system32\MNSFramework.exe
  404. c:\windows\system32\nvsvc32.exe
  405. c:\program files\Analog Devices\SoundMAX\SMAgent.exe
  406. c:\program files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
  407. c:\windows\system32\wdfmgr.exe
  408. c:\program files\LogMeIn\x86\LMIGuardian.exe
  409. c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
  410. c:\progra~1\MI3AA1~1\rapimgr.exe
  411. c:\windows\system32\wbem\wmiapsrv.exe
  412. c:\program files\iPod\bin\iPodService.exe
  413. c:\program files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
  414. c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
  415. c:\program files\Skype\Plugin Manager\skypePM.exe
  416. c:\windows\system32\wscntfy.exe
  417. .
  418. **************************************************************************
  419. .
  420. Heure de fin: 2009-02-06 11:14:48 - La machine a redémarré
  421. ComboFix-quarantined-files.txt  2009-02-06 10:14:41
  423. Avant-CF: 8 641 306 624 octets libres
  424. Après-CF: 10,367,275,008 octets libres
  426. 371    --- E O F ---    2009-01-14 21:48:30

Répondre à selor
Egwene   07-02-2009 à 13:23:29
- 0 +

:hello: Bonjour,

AngelDark s'absente, je vais prendre la suite.

Tu peux poster le rapport normalement sans balises stp ?

;)

------------------------------ Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
Répondre à Egwene
selor   09-02-2009 à 11:09:34
- 0 +

Bonjour et merci de reprendre la suite :)

j'ai eut deux nouvelles alertes ce matin de avira

Virus or unwanted program 'TR/Crypt.CFI.Gen [trojan]'
detected in file 'C:\Documents and Settings\SeLoR\Local Settings\Temp\help.exe.
Action performed: Move file to quarantine

et celle ci :

Virus or unwanted program 'RKIT/Agent.4160 [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\klif.sys.
Action performed: Deny access


et je reposte le rapport de combofix ainsi d'avant le week end et je refait un nouveau log hijackthis ce matin derriere :

ComboFix 09-02-05.02 - SeLoR 2009-02-06 10:58:50.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2047.1344 [GMT 1:00]
Lancé depuis: c:\documents and settings\SeLoR\Bureau\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
[color=purple]Les fichiers ci-dessous ont été désactivés pendant l'exécution:[/color]
c:\program files\SuperCopier2\SC2Hook.dll


(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\documents and settings\SeLoR\Menu Démarrer\Programmes\Démarrage\ctfmon.exe
c:\recycled\Recycled
c:\recycled\Recycled\ctfmon.exe
c:\windows\system32\amvo0.dll
E:\Autorun.inf
H:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-06 au 2009-02-06 ))))))))))))))))))))))))))))))))))))
.

2009-02-06 11:09 . 2009-02-06 11:10 113 -r-hs---- C:\autorun.inf
2009-02-04 13:44 . 2009-02-06 10:45 89,600 -r-hs---- c:\windows\system32\optyhww1.dll
2009-02-04 13:39 . 2009-02-04 13:39 268 --ah----- C:\sqmdata15.sqm
2009-02-04 13:39 . 2009-02-04 13:39 244 --ah----- C:\sqmnoopt15.sqm
2009-02-04 12:57 . 2009-02-06 10:45 106,827 -r-hs---- C:\ft96s.exe
2009-02-04 12:56 . 2009-02-06 10:45 106,827 -r-hs---- c:\windows\system32\urretnd.exe
2009-02-04 12:56 . 2009-02-06 11:08 89,600 -r-hs---- c:\windows\system32\optyhww0.dll
2009-02-03 17:44 . 2009-02-03 17:44 268 --ah----- C:\sqmdata14.sqm
2009-02-03 17:44 . 2009-02-03 17:44 244 --ah----- C:\sqmnoopt14.sqm
2009-02-03 17:37 . 2009-02-03 17:37 <REP> d-------- c:\program files\Sun
2009-02-03 17:37 . 2009-02-03 17:37 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-02 23:39 . 2009-02-02 23:39 268 --ah----- C:\sqmdata13.sqm
2009-02-02 23:39 . 2009-02-02 23:39 244 --ah----- C:\sqmnoopt13.sqm
2009-01-30 17:13 . 2009-01-30 17:13 268 --ah----- C:\sqmdata12.sqm
2009-01-30 17:13 . 2009-01-30 17:13 244 --ah----- C:\sqmnoopt12.sqm
2009-01-30 15:59 . 2009-02-03 16:31 <REP> d-------- c:\documents and settings\SeLoR\workspace
2009-01-26 18:41 . 2009-01-26 18:41 268 --ah----- C:\sqmdata11.sqm
2009-01-26 18:41 . 2009-01-26 18:41 244 --ah----- C:\sqmnoopt11.sqm
2009-01-26 11:23 . 2008-12-27 16:16 100,808 --a------ C:\IMG_1459.JPG
2009-01-25 23:17 . 2009-01-25 23:17 268 --ah----- C:\sqmdata10.sqm
2009-01-25 23:17 . 2009-01-25 23:17 244 --ah----- C:\sqmnoopt10.sqm
2009-01-25 15:45 . 2009-01-25 15:45 268 --ah----- C:\sqmdata09.sqm
2009-01-25 15:45 . 2009-01-25 15:45 244 --ah----- C:\sqmnoopt09.sqm
2009-01-19 00:00 . 2009-01-19 00:00 268 --ah----- C:\sqmdata08.sqm
2009-01-19 00:00 . 2009-01-19 00:00 244 --ah----- C:\sqmnoopt08.sqm
2009-01-15 22:09 . 2009-01-15 22:09 268 --ah----- C:\sqmdata07.sqm
2009-01-15 22:09 . 2009-01-15 22:09 244 --ah----- C:\sqmnoopt07.sqm
2009-01-15 21:44 . 2004-08-04 00:54 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-01-15 21:44 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-01-15 21:44 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-01-15 21:44 . 2001-08-23 17:47 5,632 --a------ c:\windows\system32\ptpusb.dll
2009-01-15 17:46 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2009-01-15 17:46 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2009-01-15 17:45 . 2009-01-15 17:46 <REP> d-------- c:\program files\iTunes
2009-01-15 17:45 . 2009-01-15 17:45 <REP> d-------- c:\program files\iPod
2009-01-15 17:45 . 2009-01-15 17:46 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-15 17:42 . 2009-01-15 17:45 <REP> d-------- c:\program files\Fichiers communs\Apple
2009-01-15 17:42 . 2009-01-15 17:42 <REP> d-------- c:\program files\Apple Software Update
2009-01-15 17:42 . 2008-11-07 14:23 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
2009-01-15 17:41 . 2009-01-15 17:41 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-01-14 22:45 . 2009-01-14 22:45 268 --ah----- C:\sqmdata06.sqm
2009-01-14 22:45 . 2009-01-14 22:45 244 --ah----- C:\sqmnoopt06.sqm
2009-01-11 23:10 . 2009-01-11 23:10 268 --ah----- C:\sqmdata05.sqm
2009-01-11 23:10 . 2009-01-11 23:10 244 --ah----- C:\sqmnoopt05.sqm
2009-01-09 10:39 . 2009-01-09 10:39 268 --ah----- C:\sqmdata04.sqm
2009-01-09 10:39 . 2009-01-09 10:39 244 --ah----- C:\sqmnoopt04.sqm
2009-01-08 23:56 . 2009-01-08 23:56 80 -r-hs---- c:\windows\3DXCT.BIN
2009-01-08 23:54 . 2009-01-08 23:54 <REP> d-------- c:\windows\Logs
2009-01-08 22:37 . 2009-01-08 22:37 268 --ah----- C:\sqmdata03.sqm
2009-01-08 22:37 . 2009-01-08 22:37 244 --ah----- C:\sqmnoopt03.sqm
2009-01-08 19:00 . 2009-01-08 19:00 268 --ah----- C:\sqmdata02.sqm
2009-01-08 19:00 . 2009-01-08 19:00 244 --ah----- C:\sqmnoopt02.sqm
2009-01-08 16:51 . 2009-01-08 16:51 <REP> d-------- c:\documents and settings\SeLoR\Application Data\Reallusion
2009-01-08 16:24 . 2009-02-04 15:13 <REP> d-------- c:\program files\Reallusion
2009-01-08 16:24 . 2009-01-08 23:56 <REP> d-------- c:\program files\Fichiers communs\Reallusion
2009-01-08 16:24 . 2009-01-09 10:31 <REP> d-------- c:\documents and settings\All Users\Application Data\Reallusion
2009-01-08 16:24 . 2009-01-08 16:24 80 -r-hs---- c:\windows\CT5STET.BIN
2009-01-08 16:23 . 2009-01-08 16:23 <REP> d-------- c:\documents and settings\SeLoR\Application Data\InstallShield
2009-01-06 01:13 . 2009-01-06 01:13 268 --ah----- C:\sqmdata01.sqm
2009-01-06 01:13 . 2009-01-06 01:13 244 --ah----- C:\sqmnoopt01.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-06 10:09 --------- d-----w c:\documents and settings\SeLoR\Application Data\Skype
2009-02-06 10:06 --------- d-----w c:\program files\SuperCopier2
2009-02-06 09:41 --------- d-----w c:\program files\LogMeIn
2009-02-04 14:14 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-04 14:07 --------- d-----w c:\documents and settings\SeLoR\Application Data\Gesloc
2009-02-04 11:18 --------- d-----w c:\documents and settings\All Users\Application Data\AntiVir PersonalEdition Classic
2009-02-03 16:37 --------- d-----w c:\program files\Java
2009-01-15 20:45 --------- d-----w c:\documents and settings\SeLoR\Application Data\Apple Computer
2009-01-15 16:45 --------- d-----w c:\program files\Bonjour
2009-01-15 16:44 --------- d-----w c:\program files\QuickTime
2009-01-14 21:48 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-02 17:44 --------- d-----w c:\program files\Microsoft Money 2005
2008-12-18 14:16 --------- d-----w c:\program files\trucparticleIllusion 3.0
2008-12-18 08:41 --------- d-----w c:\program files\nLite
2008-12-18 08:26 --------- d-----w c:\program files\Windows Updates Downloader
2008-12-18 08:17 --------- d-----w c:\program files\My Drivers
2008-12-16 21:46 --------- d-----w c:\program files\LogMeIn Ignition
2008-12-13 19:12 --------- d-----w c:\program files\FlashFXP
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-10 08:27 --------- d-----w c:\program files\wLite
2008-12-10 08:27 --------- d-----w c:\documents and settings\All Users\Application Data\webcamXP5
2008-12-09 18:58 --------- d-----w c:\program files\Ant Renamer
2008-12-09 14:58 --------- d-----w c:\documents and settings\All Users\Application Data\LogMeIn
2008-12-05 12:56 12 ----a-w c:\documents and settings\SeLoR\TV.dat
2008-11-30 20:55 339,968 ----a-w c:\windows\system32\pythoncom25.dll
2008-11-30 20:55 2,117,632 ----a-w c:\windows\system32\python25.dll
2008-11-30 20:55 114,688 ----a-w c:\windows\system32\pywintypes25.dll
2007-11-22 17:11 12 ----a-w c:\documents and settings\SeLoR\recsche.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-09-13 22880040]
"\\192.168.1.100\EPSON Stylus Photo RX640 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAME.EXE" [2007-01-16 177664]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"MNS"="c:\program files\Mobile Net Switch\MNS.exe" [2007-10-05 905720]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-11-21 3297280]
"cbvcs"="c:\windows\system32\urretnd.exe" [2009-02-06 106827]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7573504]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-03 761946]
"FunctionKeyCtrl"="c:\program files\Function Key Controller\FKC.exe" [2006-05-25 49152]
"BisonTrayIcon"="c:\windows\BisonCam\BisonTrayIcon.exe" [2005-10-06 40960]
"DTVRemote"="c:\program files\LifeView DTV\RemoteControl.exe" [2006-04-26 57344]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-03 148888]
"avgnt"="c:\program files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-25 266497]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-03-29 624248]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-09-14 2595480]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-09-14 905056]
"Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2007-09-14 140568]
"{B179023B-6238-4499-8F26-CD73E9D90E0A}"="c:\program files\Mediafour\MacDrive 7\MacDrive.exe" [2007-07-12 179288]
"MDGetStarted.exe"="c:\program files\Mediafour\MacDrive 7\MDGetStarted.exe" [2007-06-13 139264]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"nwiz"="nwiz.exe" [2006-05-09 c:\windows\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2006-02-15 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

c:\documents and settings\SeLoR\Menu D‚marrer\Programmes\D‚marrage\
Alienware Dock.lnk - c:\program files\AlienGUIse\AlienwareDock\ObjectDock.exe [2007-10-30 2074360]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2007-10-31 557568]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-03-14 622653]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 20:35 87352 c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.LAGS"= lagarith.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\se32.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"e:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"e:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"e:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2007-09-05 277888]
R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.sys [2007-02-28 19072]
R1 se32;EnTech softEngine;c:\windows\system32\drivers\se32.sys [2007-05-03 12112]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-07-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-12-09 47640]
R2 MacDriveService;MacDriveService;c:\program files\Mediafour\MacDrive 7\MacDriveService.exe [2007-05-01 143360]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;e:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]
S1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [2007-11-08 16695]
S2 aecpcitc;aecpcitc;c:\windows\system32\drivers\aecpcitc.sys [2007-11-08 31520]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-06-29 42512]
S3 Wibukey2;Wibukey2;c:\windows\system32\drivers\Wibukey2.sys [2007-11-09 16384]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mchInjDrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29257f68-eaf9-11dd-8fca-001641b32978}]
\Shell\AutoRun\command - F:\00hoeav.com
\Shell\explore\Command - F:\00hoeav.com
\Shell\open\Command - F:\00hoeav.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63d5d5dc-0099-11dd-8f2c-001641b32978}]
\Shell\AutoRun\command - F:\00hoeav.com
\Shell\explore\Command - F:\00hoeav.com
\Shell\open\Command - F:\00hoeav.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78b12273-dd98-11dd-8fc0-001641b32978}]
\Shell\AutoRun\command - b.com
\Shell\explore\Command - b.com
\Shell\open\Command - b.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{930fb87c-9132-11dd-8f75-001641b32978}]
\Shell\AutoRun\command - I:\00hoeav.com
\Shell\explore\Command - I:\00hoeav.com
\Shell\open\Command - I:\00hoeav.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd47912f-9752-11dc-8ede-001641b32978}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6f955e2-eb8b-11dd-8fcb-001641b32978}]
\Shell\AutoRun\command - I:\00hoeav.com
\Shell\explore\Command - I:\00hoeav.com
\Shell\open\Command - I:\00hoeav.com
.
Contenu du dossier 'Tâches planifiées'

2009-01-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHELINS SUPPRIMES - - - -

ShellIconOverlayIdentifiers-MacDrive Volume Icons - (no file)


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/ig?hl=fr
uInternet Settings,ProxyServer = 192.168.201.253:3128
uInternet Settings,ProxyOverride = <local> 127.0.0.1
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {08D9ACA1-BC11-4E23-B7C5-8D0F706E3BBE} = 192.168.201.1
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\documents and settings\SeLoR\Application Data\Mozilla\Firefox\Profiles\ug2v0vey.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig?hl=fr
FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=
FF - prefs.js: network.proxy.ftp - 192.168.201.253
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 192.168.201.253
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.socks - 192.168.201.253
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 192.168.201.253
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\SeLoR\Application Data\Mozilla\Firefox\Profiles\ug2v0vey.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\documents and settings\SeLoR\Application Data\Mozilla\Firefox\Profiles\ug2v0vey.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-06 11:08:14
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\SeLoR\LOCALS~1\Temp\mc21.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000004
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000003
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000002
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook]
"Name"="Outlook"
"DisplayName"="Microsoft Outlook"
"Param1"="Outlook"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:00000020

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:4e,8d,2b,48,9d,d4,5e,09,53,0d,e8,fb,e6,cd,96,e9,ff,cd,39,af,68,
dd,e3,bc,57,a8,0f,b5,43,e7,ca,99,48,e3,80,45,90,fe,45,dd,f5,ef,05,0f,b9,c8,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:4e,8d,2b,48,9d,d4,5e,09,53,0d,e8,fb,e6,cd,96,e9,ff,cd,39,af,68,
dd,e3,bc,57,a8,0f,b5,43,e7,ca,99,48,e3,80,45,90,fe,45,dd,f5,ef,05,0f,b9,c8,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1068)
c:\windows\system32\LMIinit.dll
c:\program files\AlienGUIse\fastload.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'lsass.exe'(1128)
c:\windows\system32\relog_ap.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Fichiers communs\Acronis\Schedule2\schedul2.exe
c:\program files\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\system32\MNSFramework.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
c:\windows\system32\wdfmgr.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-02-06 11:14:48 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-02-06 10:14:41

Avant-CF: 8 641 306 624 octets libres
Après-CF: 10,367,275,008 octets libres

371 --- E O F --- 2009-01-14 21:48:30

Répondre à selor
selor   09-02-2009 à 11:10:41
- 0 +

Nouveau rapport Hijack de ce matin :

Logfile of HijackThis v1.99.1
Scan saved at 11:15:37, on 09/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Function Key Controller\FKC.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\BisonCam\BisonTrayIcon.exe
C:\Program Files\LifeView DTV\RemoteControl.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
E:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\WINDOWS\system32\MNSFramework.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Mobile Net Switch\MNS.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AntiVir PersonalEdition Classic\avnotify.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\SeLoR\Bureau\hijackthis(2)\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.201.253:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [FunctionKeyCtrl] C:\Program Files\Function Key Controller\FKC.exe
O4 - HKLM\..\Run: [BisonTrayIcon] C:\WINDOWS\BisonCam\BisonTrayIcon.exe
O4 - HKLM\..\Run: [DTVRemote] "C:\Program Files\LifeView DTV\RemoteControl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [{B179023B-6238-4499-8F26-CD73E9D90E0A}] "C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe"
O4 - HKLM\..\Run: [MDGetStarted.exe] "C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" /auto
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [\\192.168.1.100\EPSON Stylus Photo RX640 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAME.EXE /FU "C:\DOCUME~1\SeLoR\LOCALS~1\Temp\E_S17F.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MNS] C:\Program Files\Mobile Net Switch\MNS.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [cbvcs] C:\WINDOWS\system32\urretnd.exe
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/too [...] ontrol.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 3762088078
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{08D9ACA1-BC11-4E23-B7C5-8D0F706E3BBE}: NameServer = 192.168.201.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{08D9ACA1-BC11-4E23-B7C5-8D0F706E3BBE}: NameServer = 192.168.201.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{08D9ACA1-BC11-4E23-B7C5-8D0F706E3BBE}: NameServer = 192.168.201.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MacDriveService - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - E:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: MNS Framework (MNSFramework) - Unknown owner - C:\WINDOWS\system32\MNSFramework.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe

Répondre à selor
selor   10-02-2009 à 01:06:24
- 0 +

jai relancer combofix et il a apparemment encore degager des trucs

voici le nouveau rapport .. je fais tout seul hein mais vu que personne me repond hihi ):)


ComboFix 09-02-08.02 - SeLoR 2009-02-10 0:53:58.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2047.1354 [GMT 1:00]
Lancé depuis: c:\documents and settings\SeLoR\Bureau\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\windows\system32\optyhww0.dll
c:\windows\system32\urretnd.exe
E:\Autorun.inf
F:\Autorun.inf
H:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-09 au 2009-02-09 ))))))))))))))))))))))))))))))))))))
.

2009-02-10 01:00 . 2009-02-10 01:00 244 --ah----- C:\sqmnoopt18.sqm
2009-02-10 01:00 . 2009-02-10 01:00 232 --ah----- C:\sqmdata18.sqm
2009-02-09 23:04 . 2009-02-09 23:04 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-02-09 23:04 . 2009-02-09 23:50 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-09 18:25 . 2009-02-09 18:25 268 --ah----- C:\sqmdata17.sqm
2009-02-09 18:25 . 2009-02-09 18:25 244 --ah----- C:\sqmnoopt17.sqm
2009-02-06 18:28 . 2009-02-06 18:28 268 --ah----- C:\sqmdata16.sqm
2009-02-06 18:28 . 2009-02-06 18:28 244 --ah----- C:\sqmnoopt16.sqm
2009-02-04 13:44 . 2009-02-06 10:45 89,600 -r-hs---- c:\windows\system32\optyhww1.dll
2009-02-04 13:39 . 2009-02-04 13:39 268 --ah----- C:\sqmdata15.sqm
2009-02-04 13:39 . 2009-02-04 13:39 244 --ah----- C:\sqmnoopt15.sqm
2009-02-04 12:57 . 2009-02-06 10:45 106,827 -r-hs---- C:\ft96s.exe
2009-02-03 17:44 . 2009-02-03 17:44 268 --ah----- C:\sqmdata14.sqm
2009-02-03 17:44 . 2009-02-03 17:44 244 --ah----- C:\sqmnoopt14.sqm
2009-02-03 17:37 . 2009-02-03 17:37 <REP> d-------- c:\program files\Sun
2009-02-03 17:37 . 2009-02-03 17:37 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-02 23:39 . 2009-02-02 23:39 268 --ah----- C:\sqmdata13.sqm
2009-02-02 23:39 . 2009-02-02 23:39 244 --ah----- C:\sqmnoopt13.sqm
2009-01-30 17:13 . 2009-01-30 17:13 268 --ah----- C:\sqmdata12.sqm
2009-01-30 17:13 . 2009-01-30 17:13 244 --ah----- C:\sqmnoopt12.sqm
2009-01-30 15:59 . 2009-02-03 16:31 <REP> d-------- c:\documents and settings\SeLoR\workspace
2009-01-26 18:41 . 2009-01-26 18:41 268 --ah----- C:\sqmdata11.sqm
2009-01-26 18:41 . 2009-01-26 18:41 244 --ah----- C:\sqmnoopt11.sqm
2009-01-26 11:23 . 2008-12-27 16:16 100,808 --a------ C:\IMG_1459.JPG
2009-01-25 23:17 . 2009-01-25 23:17 268 --ah----- C:\sqmdata10.sqm
2009-01-25 23:17 . 2009-01-25 23:17 244 --ah----- C:\sqmnoopt10.sqm
2009-01-25 15:45 . 2009-01-25 15:45 268 --ah----- C:\sqmdata09.sqm
2009-01-25 15:45 . 2009-01-25 15:45 244 --ah----- C:\sqmnoopt09.sqm
2009-01-19 00:00 . 2009-01-19 00:00 268 --ah----- C:\sqmdata08.sqm
2009-01-19 00:00 . 2009-01-19 00:00 244 --ah----- C:\sqmnoopt08.sqm
2009-01-15 22:09 . 2009-01-15 22:09 268 --ah----- C:\sqmdata07.sqm
2009-01-15 22:09 . 2009-01-15 22:09 244 --ah----- C:\sqmnoopt07.sqm
2009-01-15 21:44 . 2004-08-04 00:54 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-01-15 21:44 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-01-15 21:44 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-01-15 21:44 . 2001-08-23 17:47 5,632 --a------ c:\windows\system32\ptpusb.dll
2009-01-15 17:46 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2009-01-15 17:46 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2009-01-15 17:45 . 2009-01-15 17:46 <REP> d-------- c:\program files\iTunes
2009-01-15 17:45 . 2009-01-15 17:45 <REP> d-------- c:\program files\iPod
2009-01-15 17:45 . 2009-01-15 17:46 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-15 17:42 . 2009-01-15 17:45 <REP> d-------- c:\program files\Fichiers communs\Apple
2009-01-15 17:42 . 2009-01-15 17:42 <REP> d-------- c:\program files\Apple Software Update
2009-01-15 17:42 . 2008-11-07 14:23 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
2009-01-15 17:41 . 2009-01-15 17:41 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-01-14 22:45 . 2009-01-14 22:45 268 --ah----- C:\sqmdata06.sqm
2009-01-14 22:45 . 2009-01-14 22:45 244 --ah----- C:\sqmnoopt06.sqm
2009-01-11 23:10 . 2009-01-11 23:10 268 --ah----- C:\sqmdata05.sqm
2009-01-11 23:10 . 2009-01-11 23:10 244 --ah----- C:\sqmnoopt05.sqm
2009-01-09 10:39 . 2009-01-09 10:39 268 --ah----- C:\sqmdata04.sqm
2009-01-09 10:39 . 2009-01-09 10:39 244 --ah----- C:\sqmnoopt04.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-10 00:01 --------- d-----w c:\documents and settings\SeLoR\Application Data\Skype
2009-02-09 23:58 --------- d-----w c:\program files\SuperCopier2
2009-02-09 23:54 --------- d-----w c:\program files\LogMeIn
2009-02-04 14:14 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-04 14:13 --------- d-----w c:\program files\Reallusion
2009-02-04 14:07 --------- d-----w c:\documents and settings\SeLoR\Application Data\Gesloc
2009-02-04 11:18 --------- d-----w c:\documents and settings\All Users\Application Data\AntiVir PersonalEdition Classic
2009-02-03 16:37 --------- d-----w c:\program files\Java
2009-01-15 20:45 --------- d-----w c:\documents and settings\SeLoR\Application Data\Apple Computer
2009-01-15 16:45 --------- d-----w c:\program files\Bonjour
2009-01-15 16:44 --------- d-----w c:\program files\QuickTime
2009-01-14 21:48 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-09 09:31 --------- d-----w c:\documents and settings\All Users\Application Data\Reallusion
2009-01-08 22:56 --------- d-----w c:\program files\Fichiers communs\Reallusion
2009-01-08 15:51 --------- d-----w c:\documents and settings\SeLoR\Application Data\Reallusion
2009-01-08 15:23 --------- d-----w c:\documents and settings\SeLoR\Application Data\InstallShield
2009-01-02 17:44 --------- d-----w c:\program files\Microsoft Money 2005
2008-12-18 14:16 --------- d-----w c:\program files\trucparticleIllusion 3.0
2008-12-18 08:41 --------- d-----w c:\program files\nLite
2008-12-18 08:26 --------- d-----w c:\program files\Windows Updates Downloader
2008-12-18 08:17 --------- d-----w c:\program files\My Drivers
2008-12-16 21:46 --------- d-----w c:\program files\LogMeIn Ignition
2008-12-13 19:12 --------- d-----w c:\program files\FlashFXP
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-10 08:27 --------- d-----w c:\program files\wLite
2008-12-10 08:27 --------- d-----w c:\documents and settings\All Users\Application Data\webcamXP5
2008-12-09 18:58 --------- d-----w c:\program files\Ant Renamer
2008-12-09 14:58 --------- d-----w c:\documents and settings\All Users\Application Data\LogMeIn
2008-12-05 12:56 12 ----a-w c:\documents and settings\SeLoR\TV.dat
2008-11-30 20:55 339,968 ----a-w c:\windows\system32\pythoncom25.dll
2008-11-30 20:55 2,117,632 ----a-w c:\windows\system32\python25.dll
2008-11-30 20:55 114,688 ----a-w c:\windows\system32\pywintypes25.dll
2007-11-22 17:11 12 ----a-w c:\documents and settings\SeLoR\recsche.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-02-06_11.13.29.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-09 23:59:04 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_320.dat
+ 2009-02-10 00:00:28 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4e8.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-09-13 22880040]
"\\192.168.1.100\EPSON Stylus Photo RX640 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAME.EXE" [2007-01-16 177664]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"MNS"="c:\program files\Mobile Net Switch\MNS.exe" [2007-10-05 905720]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-11-21 3297280]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7573504]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-03 761946]
"FunctionKeyCtrl"="c:\program files\Function Key Controller\FKC.exe" [2006-05-25 49152]
"BisonTrayIcon"="c:\windows\BisonCam\BisonTrayIcon.exe" [2005-10-06 40960]
"DTVRemote"="c:\program files\LifeView DTV\RemoteControl.exe" [2006-04-26 57344]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-03 148888]
"avgnt"="c:\program files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-25 266497]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-03-29 624248]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-09-14 2595480]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-09-14 905056]
"Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2007-09-14 140568]
"{B179023B-6238-4499-8F26-CD73E9D90E0A}"="c:\program files\Mediafour\MacDrive 7\MacDrive.exe" [2007-07-12 179288]
"MDGetStarted.exe"="c:\program files\Mediafour\MacDrive 7\MDGetStarted.exe" [2007-06-13 139264]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"nwiz"="nwiz.exe" [2006-05-09 c:\windows\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2006-02-15 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

c:\documents and settings\SeLoR\Menu D‚marrer\Programmes\D‚marrage\
Alienware Dock.lnk - c:\program files\AlienGUIse\AlienwareDock\ObjectDock.exe [2007-10-30 2074360]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2007-10-31 557568]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-03-14 622653]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 20:35 87352 c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.LAGS"= lagarith.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\se32.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"e:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"e:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"e:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2007-09-05 277888]
R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.sys [2007-02-28 19072]
R1 se32;EnTech softEngine;c:\windows\system32\drivers\se32.sys [2007-05-03 12112]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-07-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-12-09 47640]
R2 MacDriveService;MacDriveService;c:\program files\Mediafour\MacDrive 7\MacDriveService.exe [2007-05-01 143360]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;e:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]
S1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [2007-11-08 16695]
S2 aecpcitc;aecpcitc;c:\windows\system32\drivers\aecpcitc.sys [2007-11-08 31520]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-06-29 42512]
S3 Wibukey2;Wibukey2;c:\windows\system32\drivers\Wibukey2.sys [2007-11-09 16384]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mchInjDrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29257f68-eaf9-11dd-8fca-001641b32978}]
\Shell\AutoRun\command - F:\00hoeav.com
\Shell\explore\Command - F:\00hoeav.com
\Shell\open\Command - F:\00hoeav.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63d5d5dc-0099-11dd-8f2c-001641b32978}]
\Shell\AutoRun\command - F:\00hoeav.com
\Shell\explore\Command - F:\00hoeav.com
\Shell\open\Command - F:\00hoeav.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78b12273-dd98-11dd-8fc0-001641b32978}]
\Shell\AutoRun\command - b.com
\Shell\explore\Command - b.com
\Shell\open\Command - b.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd47912f-9752-11dc-8ede-001641b32978}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2906da7-bbaa-11dd-8f97-001641b32978}]
\Shell\AutoRun\command - J:\ft96s.exe
\Shell\open\Command - J:\ft96s.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6f955e2-eb8b-11dd-8fcb-001641b32978}]
\Shell\AutoRun\command - I:\00hoeav.com
\Shell\explore\Command - I:\00hoeav.com
\Shell\open\Command - I:\00hoeav.com
.
Contenu du dossier 'Tâches planifiées'

2009-01-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-cbvcs - c:\windows\system32\urretnd.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/ig?hl=fr
uInternet Settings,ProxyServer = 192.168.201.253:3128
uInternet Settings,ProxyOverride = <local> 127.0.0.1
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\documents and settings\SeLoR\Application Data\Mozilla\Firefox\Profiles\ug2v0vey.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig?hl=fr
FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=
FF - prefs.js: network.proxy.ftp - 192.168.201.253
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 192.168.201.253
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.socks - 192.168.201.253
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 192.168.201.253
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\SeLoR\Application Data\Mozilla\Firefox\Profiles\ug2v0vey.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\documents and settings\SeLoR\Application Data\Mozilla\Firefox\Profiles\ug2v0vey.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-10 01:00:29
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\SeLoR\LOCALS~1\Temp\mc21.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000004
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000003
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000002
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook]
"Name"="Outlook"
"DisplayName"="Microsoft Outlook"
"Param1"="Outlook"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:00000020

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:4e,8d,2b,48,9d,d4,5e,09,53,0d,e8,fb,e6,cd,96,e9,ff,cd,39,af,68,
dd,e3,bc,57,a8,0f,b5,43,e7,ca,99,48,e3,80,45,90,fe,45,dd,f5,ef,05,0f,b9,c8,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:4e,8d,2b,48,9d,d4,5e,09,53,0d,e8,fb,e6,cd,96,e9,ff,cd,39,af,68,
dd,e3,bc,57,a8,0f,b5,43,e7,ca,99,48,e3,80,45,90,fe,45,dd,f5,ef,05,0f,b9,c8,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1344)
c:\windows\system32\LMIinit.dll
c:\program files\AlienGUIse\fastload.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'lsass.exe'(1400)
c:\windows\system32\relog_ap.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Fichiers communs\Acronis\Schedule2\schedul2.exe
c:\program files\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\system32\MNSFramework.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
c:\windows\system32\wdfmgr.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Heure de fin: 2009-02-10 1:07:29 - La machine a redémarré [SeLoR]
ComboFix-quarantined-files.txt 2009-02-10 00:07:21
ComboFix2.txt 2009-02-06 10:14:54

Avant-CF: 6,785,785,856 octets libres
Après-CF: 6,769,618,944 octets libres

366 --- E O F --- 2009-01-14 21:48:30

Répondre à selor
Egwene   10-02-2009 à 22:34:43
- 0 +

:hello:

Désactive toute protection résidente ( antivirus…) ! <------- Pense-y !

Copie le texte se situant dans le cadre ci-dessous : ( Ctrl + C )

File::
c:\windows\system32\optyhww1.dll
I:\00hoeav.com
J:\ft96s.exe
F:\00hoeav.com
C:\ft96s.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29257f68-eaf9-11dd-8fca-001641b32978}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63d5d5dc-0099-11dd-8f2c-001641b32978}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78b12273-dd98-11dd-8fc0-001641b32978}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2906da7-bbaa-11dd-8f97-001641b32978}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6f955e2-eb8b-11dd-8fcb-001641b32978}]



=> Ouvre le Bloc Notes : Démarrer > Tous les programmes > Accessoires > Bloc notes

- Colles y le texte (CTRL + V)
- Enregistre ce fichier dans : Bureau
- Nom du fichier : CFScript
- Type du fichier : tous les fichiers !!
- Clique sur Enregistrer
- Quitte le Bloc Notes

Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :

http://membres.lycos.fr/wawaseb8/images/help/cfscript.gif

* Cela va relancer Combofix : au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
* Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Copie/Colle son contenue sur le forum.
Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt
* Poste un nouveau rapport hijackthis.

;)

------------------------------ Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
Répondre à Egwene
selor   11-02-2009 à 19:01:25
- 0 +

SLt et merci de ton aide :)

New Combofix :

ComboFix 09-02-10.03 - SeLoR 2009-02-11 18:49:49.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2047.1360 [GMT 1:00]
Lancé depuis: c:\documents and settings\SeLoR\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\SeLoR\Bureau\CFScript.txt
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé

FILE ::
C:\ft96s.exe
c:\windows\system32\optyhww1.dll
F:\00hoeav.com
I:\00hoeav.com
J:\ft96s.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ft96s.exe
c:\windows\system32\optyhww0.dll
c:\windows\system32\optyhww1.dll
c:\windows\system32\urretnd.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-11 au 2009-02-11 ))))))))))))))))))))))))))))))))))))
.

2009-02-10 20:54 . 2009-02-10 20:54 <REP> d-------- c:\program files\Windows Media Connect 2
2009-02-10 20:51 . 2009-02-10 20:52 <REP> d-------- c:\windows\system32\drivers\UMDF
2009-02-10 19:05 . 2009-02-10 19:05 <REP> d-------- c:\program files\RealVNC
2009-02-10 17:40 . 2009-02-10 17:40 <REP> d-------- c:\program files\TwonkyMedia
2009-02-10 17:40 . 2009-02-10 17:44 <REP> d-------- c:\documents and settings\SeLoR\Application Data\TwonkyMedia
2009-02-10 17:02 . 2009-02-10 17:02 <REP> d-------- c:\program files\Avira
2009-02-10 17:02 . 2009-02-10 17:02 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-02-10 10:30 . 2009-02-10 10:30 <REP> d-------- c:\program files\Avira GmbH
2009-02-10 01:00 . 2009-02-10 01:00 244 --ah----- C:\sqmnoopt18.sqm
2009-02-10 01:00 . 2009-02-10 01:00 232 --ah----- C:\sqmdata18.sqm
2009-02-09 23:04 . 2009-02-09 23:04 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-02-09 23:04 . 2009-02-09 23:50 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-09 18:25 . 2009-02-09 18:25 268 --ah----- C:\sqmdata17.sqm
2009-02-09 18:25 . 2009-02-09 18:25 244 --ah----- C:\sqmnoopt17.sqm
2009-02-06 18:28 . 2009-02-06 18:28 268 --ah----- C:\sqmdata16.sqm
2009-02-06 18:28 . 2009-02-06 18:28 244 --ah----- C:\sqmnoopt16.sqm
2009-02-04 13:39 . 2009-02-04 13:39 268 --ah----- C:\sqmdata15.sqm
2009-02-04 13:39 . 2009-02-04 13:39 244 --ah----- C:\sqmnoopt15.sqm
2009-02-03 17:44 . 2009-02-03 17:44 268 --ah----- C:\sqmdata14.sqm
2009-02-03 17:44 . 2009-02-03 17:44 244 --ah----- C:\sqmnoopt14.sqm
2009-02-03 17:37 . 2009-02-03 17:37 <REP> d-------- c:\program files\Sun
2009-02-03 17:37 . 2009-02-03 17:37 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-02 23:39 . 2009-02-02 23:39 268 --ah----- C:\sqmdata13.sqm
2009-02-02 23:39 . 2009-02-02 23:39 244 --ah----- C:\sqmnoopt13.sqm
2009-01-30 17:13 . 2009-01-30 17:13 268 --ah----- C:\sqmdata12.sqm
2009-01-30 17:13 . 2009-01-30 17:13 244 --ah----- C:\sqmnoopt12.sqm
2009-01-30 15:59 . 2009-02-03 16:31 <REP> d-------- c:\documents and settings\SeLoR\workspace
2009-01-26 18:41 . 2009-01-26 18:41 268 --ah----- C:\sqmdata11.sqm
2009-01-26 18:41 . 2009-01-26 18:41 244 --ah----- C:\sqmnoopt11.sqm
2009-01-26 11:23 . 2008-12-27 16:16 100,808 --a------ C:\IMG_1459.JPG
2009-01-25 23:17 . 2009-01-25 23:17 268 --ah----- C:\sqmdata10.sqm
2009-01-25 23:17 . 2009-01-25 23:17 244 --ah----- C:\sqmnoopt10.sqm
2009-01-25 15:45 . 2009-01-25 15:45 268 --ah----- C:\sqmdata09.sqm
2009-01-25 15:45 . 2009-01-25 15:45 244 --ah----- C:\sqmnoopt09.sqm
2009-01-19 00:00 . 2009-01-19 00:00 268 --ah----- C:\sqmdata08.sqm
2009-01-19 00:00 . 2009-01-19 00:00 244 --ah----- C:\sqmnoopt08.sqm
2009-01-15 22:09 . 2009-01-15 22:09 268 --ah----- C:\sqmdata07.sqm
2009-01-15 22:09 . 2009-01-15 22:09 244 --ah----- C:\sqmnoopt07.sqm
2009-01-15 21:44 . 2004-08-04 00:54 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-01-15 21:44 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-01-15 21:44 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-01-15 21:44 . 2001-08-23 17:47 5,632 --a------ c:\windows\system32\ptpusb.dll
2009-01-15 17:46 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2009-01-15 17:46 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2009-01-15 17:45 . 2009-01-15 17:46 <REP> d-------- c:\program files\iTunes
2009-01-15 17:45 . 2009-01-15 17:45 <REP> d-------- c:\program files\iPod
2009-01-15 17:45 . 2009-01-15 17:46 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-15 17:42 . 2009-01-15 17:45 <REP> d-------- c:\program files\Fichiers communs\Apple
2009-01-15 17:42 . 2009-01-15 17:42 <REP> d-------- c:\program files\Apple Software Update
2009-01-15 17:42 . 2008-11-07 14:23 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
2009-01-15 17:41 . 2009-01-15 17:41 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-01-15 16:54 . 2009-02-10 18:41 3,911,448 --a------ c:\windows\setupapi.log.22.old
2009-01-14 22:45 . 2009-01-14 22:45 268 --ah----- C:\sqmdata06.sqm
2009-01-14 22:45 . 2009-01-14 22:45 244 --ah----- C:\sqmnoopt06.sqm
2009-01-11 23:10 . 2009-01-11 23:10 268 --ah----- C:\sqmdata05.sqm
2009-01-11 23:10 . 2009-01-11 23:10 244 --ah----- C:\sqmnoopt05.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-11 17:59 --------- d-----w c:\documents and settings\SeLoR\Application Data\Skype
2009-02-11 17:56 --------- d-----w c:\program files\SuperCopier2
2009-02-11 10:06 --------- d-----w c:\program files\LogMeIn
2009-02-10 09:30 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-04 14:13 --------- d-----w c:\program files\Reallusion
2009-02-04 14:07 --------- d-----w c:\documents and settings\SeLoR\Application Data\Gesloc
2009-02-03 16:37 --------- d-----w c:\program files\Java
2009-01-15 20:45 --------- d-----w c:\documents and settings\SeLoR\Application Data\Apple Computer
2009-01-15 16:45 --------- d-----w c:\program files\Bonjour
2009-01-15 16:44 --------- d-----w c:\program files\QuickTime
2009-01-14 21:48 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-09 09:31 --------- d-----w c:\documents and settings\All Users\Application Data\Reallusion
2009-01-08 22:56 --------- d-----w c:\program files\Fichiers communs\Reallusion
2009-01-08 15:51 --------- d-----w c:\documents and settings\SeLoR\Application Data\Reallusion
2009-01-08 15:23 --------- d-----w c:\documents and settings\SeLoR\Application Data\InstallShield
2009-01-02 17:44 --------- d-----w c:\program files\Microsoft Money 2005
2008-12-18 14:16 --------- d-----w c:\program files\trucparticleIllusion 3.0
2008-12-18 08:41 --------- d-----w c:\program files\nLite
2008-12-18 08:26 --------- d-----w c:\program files\Windows Updates Downloader
2008-12-18 08:17 --------- d-----w c:\program files\My Drivers
2008-12-16 21:46 --------- d-----w c:\program files\LogMeIn Ignition
2008-12-13 19:12 --------- d-----w c:\program files\FlashFXP
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-05 12:56 12 ----a-w c:\documents and settings\SeLoR\TV.dat
2007-11-22 17:11 12 ----a-w c:\documents and settings\SeLoR\recsche.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-02-06_11.13.29.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-04 14:05:26 39,424 ------w c:\windows\AppPatch\acadproc.dll
- 2004-08-05 12:00:00 208,896 ----a-w c:\windows\inf\unregmp2.exe
+ 2006-11-03 08:58:34 317,440 ----a-w c:\windows\inf\unregmp2.exe
- 2002-12-13 12:42:56 8,192 ----a-w c:\windows\system32\asferror.dll
+ 2006-11-03 08:56:54 7,680 ----a-w c:\windows\system32\asferror.dll
+ 2006-10-18 20:47:08 276,992 ------w c:\windows\system32\audiodev.dll
- 2005-01-28 12:44:28 294,912 ----a-w c:\windows\system32\blackbox.dll
+ 2006-10-18 20:47:10 542,720 ----a-w c:\windows\system32\blackbox.dll
- 2005-01-28 12:44:28 164,864 ----a-w c:\windows\system32\cewmdm.dll
+ 2006-10-18 20:47:10 229,376 ----a-w c:\windows\system32\cewmdm.dll
- 2002-12-13 12:42:56 8,192 -c--a-w c:\windows\system32\dllcache\asferror.dll
+ 2006-11-03 08:56:54 7,680 -c--a-w c:\windows\system32\dllcache\asferror.dll
- 2005-01-28 12:44:28 294,912 -c--a-w c:\windows\system32\dllcache\blackbox.dll
+ 2006-10-18 20:47:10 542,720 -c--a-w c:\windows\system32\dllcache\blackbox.dll
- 2005-01-28 12:44:28 164,864 -c--a-w c:\windows\system32\dllcache\cewmdm.dll
+ 2006-10-18 20:47:10 229,376 -c--a-w c:\windows\system32\dllcache\cewmdm.dll
- 2005-01-28 12:44:28 502,272 -c--a-w c:\windows\system32\dllcache\drmv2clt.dll
+ 2006-10-18 20:47:10 991,744 -c--a-w c:\windows\system32\dllcache\drmv2clt.dll
- 2005-01-28 12:44:28 6,656 -c--a-w c:\windows\system32\dllcache\laprxy.dll
+ 2006-10-18 20:47:14 11,264 -c--a-w c:\windows\system32\dllcache\LAPRXY.dll
- 2008-06-10 04:52:04 96,768 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-18 00:09:22 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe
- 2004-08-05 12:00:00 310,272 -c--a-w c:\windows\system32\dllcache\mp43dmod.dll
+ 2006-10-18 20:47:14 4,096 -c--a-w c:\windows\system32\dllcache\MP43DMOD.dll
- 2004-08-05 12:00:00 384,512 -c--a-w c:\windows\system32\dllcache\mp4sdmod.dll
+ 2006-10-18 20:47:14 4,096 -c--a-w c:\windows\system32\dllcache\MP4SDMOD.dll
- 2004-08-05 12:00:00 240,640 -c--a-w c:\windows\system32\dllcache\mpg4dmod.dll
+ 2006-10-18 20:47:14 4,096 -c--a-w c:\windows\system32\dllcache\MPG4DMOD.dll
- 2004-08-05 12:00:00 368,640 -c--a-w c:\windows\system32\dllcache\mpvis.dll
+ 2006-11-03 08:57:06 244,224 -c--a-w c:\windows\system32\dllcache\mpvis.dll
- 2005-01-28 12:44:28 142,336 -c--a-w c:\windows\system32\dllcache\msnetobj.dll
+ 2006-10-18 20:47:16 179,712 -c--a-w c:\windows\system32\dllcache\msnetobj.dll
- 2005-01-28 12:44:28 25,088 -c--a-w c:\windows\system32\dllcache\mspmsnsv.dll
+ 2006-10-18 20:47:16 27,136 -c--a-w c:\windows\system32\dllcache\mspmsnsv.dll
- 2005-01-28 12:44:28 173,568 -c--a-w c:\windows\system32\dllcache\mspmsp.dll
+ 2006-10-18 20:47:16 175,616 -c--a-w c:\windows\system32\dllcache\mspmsp.dll
- 2005-01-28 12:44:28 364,784 -c--a-w c:\windows\system32\dllcache\msscp.dll
+ 2006-10-18 20:47:16 414,208 -c--a-w c:\windows\system32\dllcache\msscp.dll
- 2005-01-28 12:44:28 315,904 -c--a-w c:\windows\system32\dllcache\mswmdm.dll
+ 2006-10-18 20:47:16 321,536 -c--a-w c:\windows\system32\dllcache\mswmdm.dll
- 2005-01-28 12:44:28 221,184 -c--a-w c:\windows\system32\dllcache\qasf.dll
+ 2006-10-18 20:47:18 211,456 -c--a-w c:\windows\system32\dllcache\qasf.dll
- 2004-08-05 12:00:00 778,240 -c--a-w c:\windows\system32\dllcache\setup_wm.exe
+ 2006-11-03 09:02:28 1,680,384 -c--a-w c:\windows\system32\dllcache\setup_wm.exe
- 2004-08-05 12:00:00 208,896 -c--a-w c:\windows\system32\dllcache\unregmp2.exe
+ 2006-11-03 08:58:34 317,440 -c--a-w c:\windows\system32\dllcache\unregmp2.exe
- 2005-01-28 12:44:28 396,528 -c--a-w c:\windows\system32\dllcache\wmadmod.dll
+ 2006-10-18 20:47:18 757,248 -c--a-w c:\windows\system32\dllcache\WMADMOD.dll
- 2005-01-28 12:44:28 716,288 -c--a-w c:\windows\system32\dllcache\wmadmoe.dll
+ 2006-10-18 20:47:18 1,117,696 -c--a-w c:\windows\system32\dllcache\WMADMOE.dll
- 2007-10-20 05:01:32 227,328 -c--a-w c:\windows\system32\dllcache\wmasf.dll
+ 2007-10-25 08:28:30 222,720 -c--a-w c:\windows\system32\dllcache\wmasf.dll
- 2005-01-28 12:44:28 28,160 -c--a-w c:\windows\system32\dllcache\wmdmlog.dll
+ 2006-10-18 20:47:18 33,792 -c--a-w c:\windows\system32\dllcache\wmdmlog.dll
- 2005-01-28 12:44:28 33,792 -c--a-w c:\windows\system32\dllcache\wmdmps.dll
+ 2006-10-18 20:47:18 37,376 -c--a-w c:\windows\system32\dllcache\wmdmps.dll
- 2004-08-05 12:00:00 200,704 -c--a-w c:\windows\system32\dllcache\wmerror.dll
+ 2006-11-03 08:58:42 272,384 -c--a-w c:\windows\system32\dllcache\wmerror.dll
- 2005-01-28 12:44:28 150,016 -c--a-w c:\windows\system32\dllcache\wmidx.dll
+ 2006-10-18 20:47:20 157,184 -c--a-w c:\windows\system32\dllcache\wmidx.dll
- 2008-06-10 05:28:36 1,028,096 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll
+ 2008-06-18 04:03:08 938,496 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll
- 2007-04-30 01:22:16 4,734,976 -c--a-w c:\windows\system32\dllcache\wmp.dll
+ 2006-10-18 20:47:20 10,834,432 -c--a-w c:\windows\system32\dllcache\wmp.dll
- 2004-08-05 12:00:00 114,688 -c--a-w c:\windows\system32\dllcache\wmpasf.dll
+ 2006-10-18 20:47:20 242,688 -c--a-w c:\windows\system32\dllcache\wmpasf.dll
- 2004-08-05 12:00:00 98,304 -c--a-w c:\windows\system32\dllcache\wmpband.dll
+ 2006-11-03 08:58:48 96,256 -c--a-w c:\windows\system32\dllcache\wmpband.dll
- 2004-08-05 12:00:00 233,472 -c--a-w c:\windows\system32\dllcache\wmpdxm.dll
+ 2006-10-18 20:47:20 314,880 -c--a-w c:\windows\system32\dllcache\wmpdxm.dll
- 2004-08-05 12:00:00 73,728 -c--a-w c:\windows\system32\dllcache\wmplayer.exe
+ 2006-11-03 08:59:00 64,000 -c--a-w c:\windows\system32\dllcache\wmplayer.exe
- 2004-08-05 12:00:00 2,985,984 -c--a-w c:\windows\system32\dllcache\wmploc.dll
+ 2006-11-03 09:03:34 8,292,352 -c--a-w c:\windows\system32\dllcache\wmploc.dll
- 2004-08-05 12:00:00 102,400 -c--a-w c:\windows\system32\dllcache\wmpshell.dll
+ 2006-11-03 08:59:06 99,840 -c--a-w c:\windows\system32\dllcache\wmpshell.dll
- 2005-01-28 12:44:28 774,904 -c--a-w c:\windows\system32\dllcache\wmsdmod.dll
+ 2006-10-18 20:47:22 4,096 -c--a-w c:\windows\system32\dllcache\wmsdmod.dll
- 2005-01-28 12:44:28 1,119,744 -c--a-w c:\windows\system32\dllcache\wmsdmoe2.dll
+ 2006-10-18 20:47:22 4,096 -c--a-w c:\windows\system32\dllcache\wmsdmoe2.dll
- 2005-01-28 12:44:28 413,944 -c--a-w c:\windows\system32\dllcache\wmspdmod.dll
+ 2006-10-18 20:47:22 603,648 -c--a-w c:\windows\system32\dllcache\WMSPDMOD.dll
- 2005-01-28 12:44:28 940,544 -c--a-w c:\windows\system32\dllcache\wmspdmoe.dll
+ 2006-10-18 20:47:22 1,329,152 -c--a-w c:\windows\system32\dllcache\WMSPDMOE.dll
- 2008-06-10 06:07:24 2,376,760 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
+ 2008-06-18 04:03:14 2,458,112 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
- 2005-01-28 12:44:28 895,736 -c--a-w c:\windows\system32\dllcache\wmvdmod.dll
+ 2006-10-18 20:47:22 4,096 -c--a-w c:\windows\system32\dllcache\wmvdmod.dll
- 2005-01-28 12:44:28 1,003,008 -c--a-w c:\windows\system32\dllcache\wmvdmoe2.dll
+ 2006-10-18 20:47:22 4,096 -c--a-w c:\windows\system32\dllcache\wmvdmoe2.dll
- 2007-02-27 14:18:30 40,000 ----a-w c:\windows\system32\drivers\avgntdd.sys
+ 2008-05-09 11:15:47 45,376 ----a-w c:\windows\system32\drivers\avgntdd.sys
- 2006-11-22 13:30:31 14,848 ----a-w c:\windows\system32\drivers\avgntmgr.sys
+ 2008-01-21 16:11:28 22,336 ----a-w c:\windows\system32\drivers\avgntmgr.sys
- 2008-11-25 21:30:37 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys
+ 2008-10-30 09:21:03 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys
- 2007-03-01 09:34:36 28,352 ----a-w c:\windows\system32\drivers\ssmdrv.sys
+ 2007-11-08 17:03:26 21,248 ----a-w c:\windows\system32\drivers\ssmdrv.sys
+ 2006-10-18 20:47:22 671,232 ------w c:\windows\system32\drivers\UMDF\wpdmtpdr.dll
- 2005-01-28 12:44:28 18,944 ----a-w c:\windows\system32\drivers\wpdusb.sys
+ 2006-10-18 19:00:00 38,528 ----a-w c:\windows\system32\drivers\wpdusb.sys
+ 2006-09-28 17:55:50 77,568 ------w c:\windows\system32\drivers\WudfPf.sys
+ 2006-09-28 18:00:34 82,944 ------w c:\windows\system32\drivers\WudfRd.sys
+ 2006-10-18 19:00:46 249,856 ------w c:\windows\system32\drmupgds.exe
- 2005-01-28 12:44:28 502,272 ----a-w c:\windows\system32\drmv2clt.dll
+ 2006-10-18 20:47:10 991,744 ----a-w c:\windows\system32\drmv2clt.dll
- 2005-01-28 12:44:28 6,656 ----a-w c:\windows\system32\laprxy.dll
+ 2006-10-18 20:47:14 11,264 ----a-w c:\windows\system32\LAPRXY.dll
- 2008-06-10 04:52:04 96,768 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-18 00:09:22 100,864 ----a-w c:\windows\system32\logagent.exe
+ 2006-10-18 20:47:14 212,992 ------w c:\windows\system32\MFPLAT.dll
+ 2006-10-18 20:47:14 259,072 ------w c:\windows\system32\MP43DECD.dll
- 2004-08-05 12:00:00 310,272 ----a-w c:\windows\system32\mp43dmod.dll
+ 2006-10-18 20:47:14 4,096 ----a-w c:\windows\system32\MP43DMOD.dll
+ 2006-10-18 20:47:14 317,440 ------w c:\windows\system32\MP4SDECD.dll
- 2004-08-05 12:00:00 384,512 ----a-w c:\windows\system32\mp4sdmod.dll
+ 2006-10-18 20:47:14 4,096 ----a-w c:\windows\system32\MP4SDMOD.dll
+ 2006-10-18 20:47:14 259,072 ------w c:\windows\system32\MPG4DECD.dll
- 2004-08-05 12:00:00 240,640 ----a-w c:\windows\system32\mpg4dmod.dll
+ 2006-10-18 20:47:14 4,096 ----a-w c:\windows\system32\MPG4DMOD.dll
+ 2006-10-02 14:28:42 312,128 ------w c:\windows\system32\msdelta.dll
- 2005-01-28 12:44:28 142,336 ----a-w c:\windows\system32\msnetobj.dll
+ 2006-10-18 20:47:16 179,712 ----a-w c:\windows\system32\msnetobj.dll
- 2005-01-28 12:44:28 25,088 ----a-w c:\windows\system32\MsPMSNSv.dll
+ 2006-10-18 20:47:16 27,136 ----a-w c:\windows\system32\mspmsnsv.dll
- 2005-01-28 12:44:28 173,568 ----a-w c:\windows\system32\MsPMSP.dll
+ 2006-10-18 20:47:16 175,616 ----a-w c:\windows\system32\mspmsp.dll
- 2005-01-28 12:44:28 364,784 ----a-w c:\windows\system32\MSSCP.dll
+ 2006-10-18 20:47:16 414,208 ----a-w c:\windows\system32\msscp.dll
- 2005-01-28 12:44:28 315,904 ----a-w c:\windows\system32\MSWMDM.dll
+ 2006-10-18 20:47:16 321,536 ----a-w c:\windows\system32\mswmdm.dll
+ 2006-10-18 20:47:18 284,160 ------w c:\windows\system32\PortableDeviceApi.dll
+ 2006-10-18 20:47:18 101,888 ------w c:\windows\system32\PortableDeviceClassExtension.dll
+ 2006-10-18 20:47:18 166,912 ------w c:\windows\system32\PortableDeviceTypes.dll
+ 2006-10-18 20:47:18 132,096 ------w c:\windows\system32\PortableDeviceWiaCompat.dll
+ 2006-10-18 20:47:18 199,168 ------w c:\windows\system32\PortableDeviceWMDRM.dll
- 2005-01-28 12:44:28 221,184 ----a-w c:\windows\system32\qasf.dll
+ 2006-10-18 20:47:18 211,456 ----a-w c:\windows\system32\qasf.dll
- 2007-11-30 11:19:06 18,296 ------w c:\windows\system32\spmsg.dll
+ 2007-07-27 08:41:40 16,760 ------w c:\windows\system32\spmsg.dll
- 2005-01-28 12:44:28 47,104 ----a-w c:\windows\system32\uwdf.exe
+ 2006-10-18 20:58:00 8,704 ----a-w c:\windows\system32\uwdf.exe
- 2005-01-28 12:44:28 15,872 ----a-w c:\windows\system32\wdfapi.dll
+ 2006-10-18 20:47:18 4,096 ----a-w c:\windows\system32\wdfapi.dll
- 2005-01-28 12:44:28 38,912 ----a-w c:\windows\system32\wdfmgr.exe
+ 2006-10-18 20:58:00 8,704 ----a-w c:\windows\system32\wdfmgr.exe
- 2005-01-28 12:44:28 396,528 ----a-w c:\windows\system32\wmadmod.dll
+ 2006-10-18 20:47:18 757,248 ----a-w c:\windows\system32\WMADMOD.dll
- 2005-01-28 12:44:28 716,288 ----a-w c:\windows\system32\wmadmoe.dll
+ 2006-10-18 20:47:18 1,117,696 ----a-w c:\windows\system32\WMADMOE.dll
- 2007-10-20 05:01:32 227,328 ----a-w c:\windows\system32\wmasf.dll
+ 2007-10-25 08:28:30 222,720 ----a-w c:\windows\system32\wmasf.dll
- 2005-01-28 12:44:28 28,160 ----a-w c:\windows\system32\WMDMLOG.dll
+ 2006-10-18 20:47:18 33,792 ----a-w c:\windows\system32\wmdmlog.dll
- 2005-01-28 12:44:28 33,792 ----a-w c:\windows\system32\WMDMPS.dll
+ 2006-10-18 20:47:18 37,376 ----a-w c:\windows\system32\wmdmps.dll
- 2005-01-28 12:44:28 335,872 ----a-w c:\windows\system32\WMDRMdev.dll
+ 2006-10-18 20:47:18 429,056 ----a-w c:\windows\system32\wmdrmdev.dll
- 2005-01-28 12:44:28 290,816 ----a-w c:\windows\system32\WMDRMNet.dll
+ 2006-10-18 20:47:20 348,672 ----a-w c:\windows\system32\wmdrmnet.dll
+ 2006-10-18 20:47:20 535,040 ------w c:\windows\system32\wmdrmsdk.dll
- 2004-08-05 12:00:00 200,704 ----a-w c:\windows\system32\wmerror.dll
+ 2006-11-03 08:58:42 272,384 ----a-w c:\windows\system32\wmerror.dll
- 2005-01-28 12:44:28 150,016 ----a-w c:\windows\system32\wmidx.dll
+ 2006-10-18 20:47:20 157,184 ----a-w c:\windows\system32\wmidx.dll
- 2008-06-10 05:28:36 1,028,096 ----a-w c:\windows\system32\WMNetmgr.dll
+ 2008-06-18 04:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll
- 2007-04-30 01:22:16 4,734,976 ----a-w c:\windows\system32\wmp.dll
+ 2006-10-18 20:47:20 10,834,432 ----a-w c:\windows\system32\wmp.dll
- 2004-08-05 12:00:00 114,688 ----a-w c:\windows\system32\wmpasf.dll
+ 2006-10-18 20:47:20 242,688 ----a-w c:\windows\system32\wmpasf.dll
- 2004-08-05 12:00:00 233,472 ----a-w c:\windows\system32\wmpdxm.dll
+ 2006-10-18 20:47:20 314,880 ----a-w c:\windows\system32\wmpdxm.dll
+ 2006-10-18 20:47:20 295,936 ------w c:\windows\system32\wmpeffects.dll
+ 2006-10-18 20:47:20 1,661,440 ------w c:\windows\system32\wmpencen.dll
- 2004-08-05 12:00:00 2,985,984 ----a-w c:\windows\system32\wmploc.dll
+ 2006-11-03 09:03:34 8,292,352 ----a-w c:\windows\system32\wmploc.dll
+ 2006-10-18 20:47:20 613,376 ------w c:\windows\system32\wmpmde.dll
+ 2006-10-18 20:47:20 130,048 ------w c:\windows\system32\wmpps.dll
- 2004-08-05 12:00:00 102,400 ----a-w c:\windows\system32\wmpshell.dll
+ 2006-11-03 08:59:06 99,840 ----a-w c:\windows\system32\wmpshell.dll
+ 2006-10-18 20:47:20 204,288 ------w c:\windows\system32\wmpsrcwp.dll
- 2005-01-28 12:44:28 774,904 ----a-w c:\windows\system32\wmsdmod.dll
+ 2006-10-18 20:47:22 4,096 ----a-w c:\windows\system32\wmsdmod.dll
- 2005-01-28 12:44:28 1,119,744 ----a-w c:\windows\system32\wmsdmoe2.dll
+ 2006-10-18 20:47:22 4,096 ----a-w c:\windows\system32\wmsdmoe2.dll
- 2005-01-28 12:44:28 413,944 ----a-w c:\windows\system32\wmspdmod.dll
+ 2006-10-18 20:47:22 603,648 ----a-w c:\windows\system32\WMSPDMOD.dll
- 2005-01-28 12:44:28 940,544 ----a-w c:\windows\system32\wmspdmoe.dll
+ 2006-10-18 20:47:22 1,329,152 ----a-w c:\windows\system32\WMSPDMOE.dll
- 2005-01-28 12:44:28 1,218,808 ----a-w c:\windows\system32\wmvadvd.dll
+ 2006-10-18 20:47:22 4,096 ----a-w c:\windows\system32\WMVADVD.dll
- 2005-01-28 12:44:28 1,512,448 ----a-w c:\windows\system32\WMVADVE.DLL
+ 2006-10-18 20:47:22 4,096 ----a-w c:\windows\system32\WMVADVE.DLL
- 2008-06-10 06:07:24 2,376,760 ----a-w c:\windows\system32\WMVCore.dll
+ 2008-06-18 04:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll
+ 2006-10-18 20:47:22 1,543,680 ------w c:\windows\system32\WMVDECOD.dll
- 2005-01-28 12:44:28 895,736 ----a-w c:\windows\system32\wmvdmod.dll
+ 2006-10-18 20:47:22 4,096 ----a-w c:\windows\system32\wmvdmod.dll
- 2005-01-28 12:44:28 1,003,008 ----a-w c:\windows\system32\wmvdmoe2.dll
+ 2006-10-18 20:47:22 4,096 ----a-w c:\windows\system32\wmvdmoe2.dll
+ 2006-10-18 20:47:22 1,574,912 ------w c:\windows\system32\WMVENCOD.dll
+ 2006-10-18 20:47:22 1,382,912 ------w c:\windows\system32\WMVSDECD.dll
+ 2006-10-18 20:47:22 767,488 ------w c:\windows\system32\WMVSENCD.dll
+ 2006-10-18 20:47:22 656,896 ------w c:\windows\system32\WMVXENCD.dll
- 2005-01-28 12:44:28 38,912 ----a-w c:\windows\system32\wpd_ci.dll
+ 2006-10-18 20:47:22 629,760 ----a-w c:\windows\system32\wpd_ci.dll
- 2005-01-28 12:44:28 61,952 ----a-w c:\windows\system32\wpdconns.dll
+ 2006-10-18 20:47:22 35,840 ----a-w c:\windows\system32\wpdconns.dll
- 2005-01-28 12:44:28 114,176 ----a-w c:\windows\system32\wpdmtp.dll
+ 2006-10-18 20:47:22 154,624 ----a-w c:\windows\system32\wpdmtp.dll
- 2005-01-28 12:44:28 66,560 ----a-w c:\windows\system32\wpdmtpus.dll
+ 2006-10-18 20:47:22 63,488 ----a-w c:\windows\system32\wpdmtpus.dll
+ 2006-10-18 20:47:22 2,603,008 ------w c:\windows\system32\WpdShext.dll
+ 2006-10-18 19:00:14 17,408 ------w c:\windows\system32\wpdshextautoplay.exe
+ 2006-11-02 10:52:12 44,032 ------w c:\windows\system32\wpdshextres.dll
+ 2006-10-18 20:47:22 133,632 ------w c:\windows\system32\WPDShServiceObj.dll
- 2005-01-28 12:44:28 331,264 ----a-w c:\windows\system32\wpdsp.dll
+ 2006-10-18 20:47:22 356,352 ----a-w c:\windows\system32\wpdsp.dll
+ 2006-09-28 19:13:26 95,344 ------w c:\windows\system32\WUDFCoinstaller.dll
+ 2006-09-28 17:56:38 146,432 ------w c:\windows\system32\WudfHost.exe
+ 2006-09-28 17:56:16 165,376 ------w c:\windows\system32\WudfPlatform.dll
+ 2006-09-28 17:56:14 55,808 ------w c:\windows\system32\WudfSvc.dll
+ 2006-09-28 17:56:38 316,416 ------w c:\windows\system32\WUDFx.dll
+ 2009-02-11 17:56:28 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_594.dat
+ 2009-02-11 17:57:51 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_c0c.dat
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-09-13 22880040]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"MNS"="c:\program files\Mobile Net Switch\MNS.exe" [2007-10-05 905720]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-11-21 3297280]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7573504]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-03 761946]
"FunctionKeyCtrl"="c:\program files\Function Key Controller\FKC.exe" [2006-05-25 49152]
"BisonTrayIcon"="c:\windows\BisonCam\BisonTrayIcon.exe" [2005-10-06 40960]
"DTVRemote"="c:\program files\LifeView DTV\RemoteControl.exe" [2006-04-26 57344]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-03 148888]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-03-29 624248]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-09-14 2595480]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-09-14 905056]
"Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2007-09-14 140568]
"{B179023B-6238-4499-8F26-CD73E9D90E0A}"="c:\program files\Mediafour\MacDrive 7\MacDrive.exe" [2007-07-12 179288]
"MDGetStarted.exe"="c:\program files\Mediafour\MacDrive 7\MDGetStarted.exe" [2007-06-13 139264]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"nwiz"="nwiz.exe" [2006-05-09 c:\windows\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2006-02-15 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

c:\documents and settings\SeLoR\Menu D‚marrer\Programmes\D‚marrage\
Alienware Dock.lnk - c:\program files\AlienGUIse\AlienwareDock\ObjectDock.exe [2007-10-30 2074360]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2007-10-31 557568]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-03-14 622653]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 20:35 87352 c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.LAGS"= lagarith.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\se32.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"e:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"e:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"e:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TwonkyMedia\\twonkymediaserver.exe"=
"c:\\Program Files\\TwonkyMedia\\twonkymedia.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2007-09-05 277888]
R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.sys [2007-02-28 19072]
R1 se32;EnTech softEngine;c:\windows\system32\drivers\se32.sys [2007-05-03 12112]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-07-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-12-09 47640]
R2 MacDriveService;MacDriveService;c:\program files\Mediafour\MacDrive 7\MacDriveService.exe [2007-05-01 143360]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;e:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]
S1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [2007-11-08 16695]
S2 aecpcitc;aecpcitc;c:\windows\system32\drivers\aecpcitc.sys [2007-11-08 31520]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-06-29 42512]
S3 Wibukey2;Wibukey2;c:\windows\system32\drivers\Wibukey2.sys [2007-11-09 16384]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mchInjDrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd47912f-9752-11dc-8ede-001641b32978}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contenu du dossier 'Tâches planifiées'

2009-01-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/ig?hl=fr
uInternet Settings,ProxyServer = 192.168.201.253:3128
uInternet Settings,ProxyOverride = <local> 127.0.0.1
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\documents and settings\SeLoR\Application Data\Mozilla\Firefox\Profiles\ug2v0vey.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig?hl=fr
FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=
FF - prefs.js: network.proxy.ftp - 192.168.201.253
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 192.168.201.253
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.socks - 192.168.201.253
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 192.168.201.253
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\SeLoR\Application Data\Mozilla\Firefox\Profiles\ug2v0vey.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\documents and settings\SeLoR\Application Data\Mozilla\Firefox\Profiles\ug2v0vey.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-11 18:57:41
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\SeLoR\LOCALS~1\Temp\mc21.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000004
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000003
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000002
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1708537768-1326574676-682003330-1003\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook]
"Name"="Outlook"
"DisplayName"="Microsoft Outlook"
"Param1"="Outlook"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:00000020

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:4e,8d,2b,48,9d,d4,5e,09,53,0d,e8,fb,e6,cd,96,e9,ff,cd,39,af,68,
dd,e3,bc,57,a8,0f,b5,43,e7,ca,99,48,e3,80,45,90,fe,45,dd,f5,ef,05,0f,b9,c8,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:4e,8d,2b,48,9d,d4,5e,09,53,0d,e8,fb,e6,cd,96,e9,ff,cd,39,af,68,
dd,e3,bc,57,a8,0f,b5,43,e7,ca,99,48,e3,80,45,90,fe,45,dd,f5,ef,05,0f,b9,c8,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1036)
c:\windows\system32\LMIinit.dll
c:\program files\AlienGUIse\fastload.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'lsass.exe'(1096)
c:\windows\system32\relog_ap.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Fichiers communs\Acronis\Schedule2\schedul2.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\system32\MNSFramework.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Heure de fin: 2009-02-11 19:04:15 - La machine a redémarré [SeLoR]
ComboFix-quarantined-files.txt 2009-02-11 18:04:12
ComboFix2.txt 2009-02-10 00:07:31
ComboFix3.txt 2009-02-06 10:14:54

Avant-CF: 9,392,218,112 octets libres
Après-CF: 9,413,435,392 octets libres

574 --- E O F --- 2009-02-11 02:01:09

Répondre à selor
selor   11-02-2009 à 19:02:37
- 0 +

New Hijackthis ds la foulee :)

Logfile of HijackThis v1.99.1
Scan saved at 19:06:51, on 11/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
E:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\WINDOWS\system32\MNSFramework.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Function Key Controller\FKC.exe
C:\WINDOWS\BisonCam\BisonTrayIcon.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mobile Net Switch\MNS.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\SeLoR\Bureau\hijackthis(2)\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.201.253:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [FunctionKeyCtrl] C:\Program Files\Function Key Controller\FKC.exe
O4 - HKLM\..\Run: [BisonTrayIcon] C:\WINDOWS\BisonCam\BisonTrayIcon.exe
O4 - HKLM\..\Run: [DTVRemote] "C:\Program Files\LifeView DTV\RemoteControl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [{B179023B-6238-4499-8F26-CD73E9D90E0A}] "C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe"
O4 - HKLM\..\Run: [MDGetStarted.exe] "C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" /auto
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MNS] C:\Program Files\Mobile Net Switch\MNS.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/too [...] ontrol.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 3762088078
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MacDriveService - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - E:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: MNS Framework (MNSFramework) - Unknown owner - C:\WINDOWS\system32\MNSFramework.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe

Répondre à selor
selor   12-02-2009 à 09:28:46
- 0 +

encore des truc qui trainent ?

Répondre à selor
selor   16-02-2009 à 11:44:31
- 0 +

Y a til encore des trucs qui trainent ??
merci je suis patient mais j'aimerais en finir avec les bebettes de cet ordi :):)

Répondre à selor
Egwene   16-02-2009 à 15:04:12
- 0 +

:hello: selor,

Oui je suis un peu long, je m'excuse pour ces délais bien trop longs, normalement je réponds au moins une fois par jour, mais depuis quelques temps j'ai d'autres projets liés à la sécurité informatique et donc je ne désinfecte plus, car plus le temps. J'ai juste repris quelques sujets d'AngelDark durant son absence, sujets que je n'avais pas l'intention de prendre initialement.

Merci pour ta compréhension.

On finit :)

C'est toi qui a installé ce proxy ? Cela te dit-il quelque chose ?

uInternet Settings,ProxyServer = 192.168.201.253:3128

1) Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.

AIDE : Tuto en images sur MBAM

2) ~Fais une analyse antivirus en ligne sur le site de Kaspersky
http://www.kaspersky.com/kos/eng/p [...] bscan.html

  • Clique sur Accept
  • Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
  • clique une nouvelle fois sur "Accept"
  • Les bases de mises à jour vont s'installer, patiente un moment
  • Clique sur Next.
  • Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera. Et poste-moi le rapport que tu obtiens.


Comment va le PC ? Toujours des problèmes ?

;)

------------------------------ Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
Répondre à Egwene
selor   16-02-2009 à 16:13:20
- 0 +

Angeldark a écrit :

Euh la patience, tu connais ? :)


Euh vi mais je postais pour faire remonter le post je pensais que vous maviez oubliez :)
Mais je pense que je le suis vivi

Répondre à selor
Créer un nouveau sujet Répondre
Tom's Guide > Forum > Sécurité - Virus > Virus malware et cftmon.exe ???
Aller à :

Il y a 698 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.

Plan du forum
Forum Bestofmedia ©
2000-2009 Bestofmedia Group
Page générée en 0,880 secondes
Attention

Vous allez répondre sur un sujet resté inactif pendant plus de 6 mois.
Assurez-vous d'apporter des éléments nouveaux à la discussion avant de poursuivre.

Répondre Annuler
Liens