| Sujet auquel vous répondez | |
|---|---|
| Sujet : HELPPPPPP SUR-INFECTION !!!!!!!!! | |
| maikilestbo | Quelqu'un peut m'aider j'ai peur que mon ordi soit envahis de trojan????? :ouch: :ouch: :ouch:
je suis sous XP j'avais avast jusque hier mais aujourd'hui remplacé par antivir je vous post ; antivir ; combofix (en MSE) ; Malwarebytes' Anti-Malware (MSE) ; et bien sur HijackThis par contre vundo fix ne donne rien Merci de votre aide je suis largé là!!!!!! ANTIVIR : Avira AntiVir Personal Report file date: dimanche 11 mai 2008 16:34 Scanning for 1258665 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: GOUGOUNE Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56 AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37 LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23 LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58 ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 05/05/2008 11:12:23 ANTIVIR3.VDF : 7.0.4.23 99840 Bytes 09/05/2008 11:12:27 Engineversion : 8.1.0.42 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21 AESCRIPT.DLL : 8.1.0.31 262522 Bytes 11/05/2008 11:13:07 AESCN.DLL : 8.1.0.16 119156 Bytes 11/05/2008 11:13:06 AERDL.DLL : 8.1.0.20 418165 Bytes 11/05/2008 11:13:05 AEPACK.DLL : 8.1.1.4 364918 Bytes 11/05/2008 11:13:01 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 11/05/2008 11:12:57 AEHEUR.DLL : 8.1.0.26 1237366 Bytes 11/05/2008 11:12:55 AEHELP.DLL : 8.1.0.14 115063 Bytes 11/05/2008 11:12:36 AEGEN.DLL : 8.1.0.20 299380 Bytes 11/05/2008 11:12:35 AEEMU.DLL : 8.1.0.6 430451 Bytes 11/05/2008 11:12:31 AECORE.DLL : 8.1.0.28 168310 Bytes 11/05/2008 11:12:29 AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53 AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47 AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25 RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: dimanche 11 mai 2008 16:34 Starting search for hidden objects. '63806' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'wscntfy.exe' - '1' Module(s) have been scanned Scan process 'searchfilterhost.exe' - '1' Module(s) have been scanned Scan process 'searchprotocolhost.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'lxcgcoms.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'ServiceLayer.exe' - '1' Module(s) have been scanned Scan process 'WindowsSearch.exe' - '1' Module(s) have been scanned Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned Scan process 'msmsgs.exe' - '1' Module(s) have been scanned Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'reader_sl.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'LaunchApplication.exe' - '1' Module(s) have been scanned Scan process 'ezprint.exe' - '1' Module(s) have been scanned Scan process 'lxcgmon.exe' - '1' Module(s) have been scanned Scan process 'ps2.EXE' - '1' Module(s) have been scanned Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned Scan process 'HpqCmon.exe' - '1' Module(s) have been scanned Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned Scan process 'searchindexer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'oodag.exe' - '1' Module(s) have been scanned Scan process 'mdm.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 48 processes with 48 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Master boot sector HD1 [INFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Master boot sector HD2 [INFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Master boot sector HD3 [INFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Master boot sector HD4 [INFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'D:\' [INFO] No virus was found! Starting to scan the registry. The registry was scanned ( '46' files ). Starting the file scan: Begin scan in 'C:\' <HP_PAVILION> C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\QooBox\Quarantine\catchme2008-05-11_ 94652,00.zip [0] Archive type: ZIP --> ddcYrQih.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '489b2f68.qua'! C:\QooBox\Quarantine\C\WINDOWS\qadovnel.dll.vir [DETECTION] Is the Trojan horse TR/Vapsup.ept.1 [NOTE] The file was moved to '488b2f6d.qua'! C:\QooBox\Quarantine\C\WINDOWS\spwoqbmv.exe.vir [DETECTION] Is the Trojan horse TR/Vapsup.ept.2 [NOTE] The file was moved to '489e2f7e.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\dvwxgphp.dll.vir [DETECTION] Is the Trojan horse TR/Monder.DB [NOTE] The file was moved to '489e2f87.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\ejqqxobk.dll.vir [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '48982f7e.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\rgpfaluv.dll.vir [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '48972f7f.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\wilpktss.dll.vir [DETECTION] Is the Trojan horse TR/Monder.96320 [NOTE] The file was moved to '48932f83.qua'! C:\System Volume Information\_restore{BCBB538F-4B22-4C6E-BAFD-9A806D251BB2}\RP330\A0064418.exe [DETECTION] Contains detection pattern of the dropper DR/Click.Agent.IQ.3 [NOTE] The file was moved to '48573014.qua'! C:\System Volume Information\_restore{BCBB538F-4B22-4C6E-BAFD-9A806D251BB2}\RP345\A0071784.dll [DETECTION] Is the Trojan horse TR/PCK.Monder.96256.2 [NOTE] The file was moved to '4857308e.qua'! C:\System Volume Information\_restore{BCBB538F-4B22-4C6E-BAFD-9A806D251BB2}\RP345\A0072772.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '4857308f.qua'! C:\System Volume Information\_restore{BCBB538F-4B22-4C6E-BAFD-9A806D251BB2}\RP348\A0073864.dll [DETECTION] Is the Trojan horse TR/Monder.96320 [NOTE] The file was moved to '48573093.qua'! C:\System Volume Information\_restore{BCBB538F-4B22-4C6E-BAFD-9A806D251BB2}\RP351\A0075333.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '485730a2.qua'! C:\System Volume Information\_restore{BCBB538F-4B22-4C6E-BAFD-9A806D251BB2}\RP351\A0075553.exe [DETECTION] Is the Trojan horse TR/Vapsup.ept.2 [NOTE] The file was moved to '485730a7.qua'! C:\System Volume Information\_restore{BCBB538F-4B22-4C6E-BAFD-9A806D251BB2}\RP351\A0075554.dll [DETECTION] Is the Trojan horse TR/Vapsup.ept.1 [NOTE] The file was moved to '49d07078.qua'! C:\System Volume Information\_restore{BCBB538F-4B22-4C6E-BAFD-9A806D251BB2}\RP351\A0075584.dll [DETECTION] Is the Trojan horse TR/Monder.DB [NOTE] The file was moved to '485730a8.qua'! C:\System Volume Information\_restore{BCBB538F-4B22-4C6E-BAFD-9A806D251BB2}\RP351\A0075585.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '49d07079.qua'! C:\System Volume Information\_restore{BCBB538F-4B22-4C6E-BAFD-9A806D251BB2}\RP351\A0075589.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [NOTE] The file was moved to '485730aa.qua'! C:\System Volume Information\_restore{BCBB538F-4B22-4C6E-BAFD-9A806D251BB2}\RP351\A0075590.dll [DETECTION] Is the Trojan horse TR/Monder.96320 [NOTE] The file was moved to '485730a9.qua'! C:\System Volume Information\_restore{BCBB538F-4B22-4C6E-BAFD-9A806D251BB2}\RP353\A0075724.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '485730af.qua'! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! Begin scan in 'D:\' <HP_RECOVERY> End of the scan: dimanche 11 mai 2008 20:06 Used time: 3:32:08 min The scan has been done completely. 8146 Scanning directories 527322 Files were scanned 19 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 19 files were moved to quarantine 0 files were renamed 3 Files cannot be scanned 527303 Files not concerned 19456 Archives were scanned 7 Warnings 19 Notes 63806 Objects were scanned with rootkit scan 0 Hidden objects were found COMBOFIX (MSE): ComboFix 08-05-09.1 - Propriétaire 2008-05-11 16:08:31.3 - NTFSx86 MINIMAL Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe . ((((((((((((((((((((((((((((( Fichiers créés 2008-04-11 to 2008-05-11 )))))))))))))))))))))))))))))))))))) . 2008-05-11 14:11 . 2008-05-11 14:11 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Malwarebytes 2008-05-11 14:11 . 2008-05-11 14:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-05-11 14:11 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-05-11 14:11 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-05-11 13:10 . 2008-05-11 13:10 <REP> d-------- C:\Program Files\Avira 2008-05-11 13:10 . 2008-05-11 13:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-05-11 01:11 . 2008-05-11 01:11 <REP> d-------- C:\VundoFix Backups 2008-05-10 22:53 . 2008-05-10 22:53 <REP> d-------- C:\Program Files\TimeAdjuster 2008-05-10 21:33 . 2008-05-10 21:56 192 --a------ C:\WINDOWS\dvdtoaviconverter.ini 2008-05-10 21:30 . 2008-05-10 21:30 1 --a------ C:\WINDOWS\system32\SysDVDtoavi.dat 2008-05-10 21:29 . 2006-03-24 14:55 958,464 --a------ C:\WINDOWS\system32\advdaudio.ocx 2008-05-10 21:29 . 2003-08-07 14:01 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll 2008-05-10 21:29 . 2002-05-23 20:40 110,080 --a------ C:\WINDOWS\system32\advd.dll 2008-05-10 21:29 . 2001-06-23 21:20 23,040 --a------ C:\WINDOWS\system32\auth.dll 2008-05-10 21:28 . 2008-05-10 21:28 <REP> d-------- C:\Program Files\MyDVDTools 2008-05-05 01:41 . 2008-05-05 01:41 <REP> d-------- C:\Deckard 2008-05-02 15:31 . 2008-05-02 15:31 <REP> d-------- C:\Program Files\Ubi Soft 2008-05-02 14:51 . 2008-05-02 14:51 <REP> d-------- C:\Program Files\Red Storm Entertainment 2008-05-02 13:51 . 2008-05-11 00:18 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-05-02 13:50 . 2008-05-02 14:15 <REP> d-------- C:\Program Files\Spyware Doctor 2008-05-02 13:50 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-05-02 13:50 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-05-02 13:50 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-05-02 13:50 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-05-01 00:23 . 2008-05-01 00:24 <REP> d-------- C:\Program Files\PDFCreator 2008-05-01 00:23 . 2005-10-15 12:32 196,608 --a------ C:\WINDOWS\system32\pdfcmnnt.dll 2008-05-01 00:23 . 1998-07-06 00:00 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL 2008-04-30 23:03 . 2008-05-11 13:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\tqrefyxq 2008-04-28 13:38 . 2008-04-28 13:38 <REP> d-------- C:\Données Ciel 2008-04-28 13:36 . 2008-04-28 13:36 <REP> d-------- C:\Program Files\Fichiers communs\Sage 2008-04-28 13:36 . 2008-04-28 13:36 <REP> d-------- C:\Program Files\Ciel 2008-04-28 13:36 . 2008-04-28 13:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ciel 2008-04-28 10:38 . 2008-04-28 10:38 <REP> d-------- C:\Program Files\EBP 2008-04-28 10:38 . 2008-04-28 10:39 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\{BCCC73C0-0E1A-4E82-9085-F29F133687F4} 2008-04-13 14:48 . 2008-05-10 22:39 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-04-13 14:48 . 2008-04-13 14:48 1,409 --a------ C:\WINDOWS\QTFont.for 2008-04-12 09:56 . 2008-05-08 10:05 <REP> d-------- C:\Program Files\CyberMUT 2008-04-12 09:56 . 2002-07-04 17:54 176,128 --a------ C:\WINDOWS\calceuro.exe 2008-04-12 09:56 . 2001-07-05 16:10 102,400 --a------ C:\WINDOWS\system32\CmutEuro32.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-11 12:09 --------- d-----w C:\Program Files\Common files 2008-05-10 20:56 --------- d-----w C:\Program Files\URUSoft 2008-05-10 19:58 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-05-10 19:58 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Thunderbird 2008-05-10 08:08 --------- d-----w C:\Program Files\Lx_cats 2008-05-08 12:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-05-05 23:11 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\LimeWire 2008-05-05 18:08 --------- d-----w C:\Program Files\PowerArchiver 2008-05-04 06:57 --------- d-----w C:\Program Files\Hijackthis Version Française 2008-05-02 13:41 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-02 12:13 --------- d-----w C:\Program Files\RKFree 2008-04-30 21:28 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-04-27 18:24 --------- d-----w C:\Program Files\CréaStart 2007 2008-04-27 18:19 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\OpenOffice.org2 2008-04-13 12:28 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Nokia Multimedia Player 2008-04-08 10:07 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\PC Suite 2008-04-08 07:41 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Nokia 2008-04-04 22:55 --------- d-----w C:\Program Files\OO Software 2008-04-04 22:15 --------- d-----w C:\Program Files\FinePixViewer 2008-04-04 22:13 --------- d-----w C:\Program Files\ArcSoft 2008-04-04 22:11 --------- d-----w C:\Program Files\Lavasoft 2008-04-04 22:11 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-04-04 22:11 --------- d-----w C:\Program Files\a-squared Free 2008-04-04 22:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-04-04 22:02 --------- d-----w C:\Program Files\CCleaner 2008-04-04 21:37 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\FrostWire 2008-04-04 21:37 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Azureus 2008-04-04 21:30 --------- d-----w C:\Program Files\ToniArts 2008-04-04 21:16 --------- d-----w C:\Program Files\Trend Micro 2008-04-04 21:10 --------- d-----w C:\Program Files\Yahoo! 2008-03-24 19:25 --------- d-----w C:\Program Files\Webteh 2008-03-24 19:25 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\BSplayer 2008-03-24 18:36 110,040 -c--a-w C:\Documents and Settings\Propriétaire\Application Data\GDIPFONTCACHEV1.DAT 2008-03-24 12:41 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Vso 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-18 21:18 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Zylom 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-15 21:45 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE 2008-02-15 21:45 290,816 ------w C:\WINDOWS\Setup1.exe 2007-09-14 19:43 450 ----a-w C:\Documents and Settings\Propriétaire\Application Data\filterclsid.dat 2007-06-07 00:37 0 ----a-w C:\Documents and Settings\Propriétaire\Application Data\wklnhst.dat 2006-01-27 23:07 313,856 -c--a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe 2005-01-21 03:23 45,056 -c----r C:\Program Files\SetAttrib.exe 2004-12-19 19:49 30,010,107 -c--a-w C:\Program Files\nero6603.exe 2004-11-30 09:53 40,960 -c----r C:\Program Files\delete.exe 2004-07-12 22:12 1,023,726 -c--a-w C:\Program Files\wrar320.exe 2004-06-21 16:12 21,861,938 -c--a-w C:\Program Files\3820-fra-win2k_xp.exe 2004-05-03 19:01 2,713,880 -c--a-w C:\Program Files\WindowsXP-KB835732-x86-FRA.EXE 2004-03-05 21:00 3,783,046 -c--a-w C:\Program Files\codecfull.exe 2004-03-05 20:41 252,657 -c--a-w C:\Program Files\gspot221.exe 2004-02-15 19:48 9,304,688 -c--a-w C:\Program Files\MPSetupXP.exe 2007-09-05 07:38 64 -csha-r C:\WINDOWS\A696C37FD14D1A13.bin 2007-04-07 22:56 5 -csha-w C:\WINDOWS\system32\fdedfffc_g.dll 2006-10-05 19:34 5 -csha-w C:\WINDOWS\system32\fdedfffc_s.dll 2006-10-13 16:47 16,384 -csha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat 2006-10-13 16:47 16,384 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat 2006-10-13 16:47 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((( snapshot@2008-05-11_ 9.57.11.87 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-11 07:49:19 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-11 14:06:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-01-21 16:12:56 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys + 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys + 2008-03-04 11:28:53 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys + 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C2C91F8-5B98-41B2-AFA2-6C1B1977167D}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5DABEDE9-B27E-46B6-B41B-73899090D8C1}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C78394D-954E-4D04-93E6-6EE2A392E27F}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIEW"="nview.dll" [2003-05-03 07:19 835654 C:\WINDOWS\system32\nview.dll] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 02:04 1415824] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2003-04-14 21:05 1498032] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-03 22:10 344064] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 05:42 248320] "CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 15:23 90112] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152] "PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-17 00:57 81920] "LXCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-04-27 16:21 69632] "lxcgmon.exe"="C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" [2005-05-05 01:24 200704] "EzPrint"="C:\Program Files\Lexmark 2300 Series\ezprint.exe" [2005-06-08 18:19 94208] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "KIT3"="C:\WINDOWS\system32\spool\hpprintqueue.exe" [ ] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088] C:\Documents and Settings\Default User\Menu D‚marrer\Programmes\D‚marrage\ mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 15:11:14 27136] C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 15:11:14 27136] C:\Documents and Settings\Default User\Menu D‚marrer\Programmes\D‚marrage\ mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 15:11:14 27136] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360] Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 16:40:46 118784] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 16:39 294400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebyaab] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqQgHwx] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtutt] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.DIVF"= DivX412.dll "vidc.vp31"= vp31vfw.dll "vidc.3ivx"= 3ivxVfWCodec.dll "vidc.3iv2"= 3ivxVfWCodec.dll "msacm.divxa32"= divxa32.acm "VIDC.HFYU"= huffyuv.dll "VIDC.i263"= i263_32.drv "msacm.imc"= imc32.acm "msacm.l3acm"= l3codecp.acm "VIDC.X264"= x264vfw.dll "vidc.i420"= i420vfw.dll "vidc.dvsd"= pdvcodec.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KLBLMain] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bootvis.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^F-Secure Anti-Virus 2006.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoEngine] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoWeather] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Startup Wizard] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDDHealth] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv] --a------ 1998-05-08 00:04 52736 c:\windows\system\hpsysdrv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAV50] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection] --a--c--- 2002-07-18 16:36 28672 C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2003-05-03 07:19 4640768 C:\WINDOWS\System32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PVModule] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard] --a------ 2003-02-13 16:01 190976 C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Restore] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] --a--c--- 2003-05-08 08:32 36864 C:\WINDOWS\system32\VTTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT] --a------ 2004-08-23 14:50 122880 C:\PROGRA~1\Wanadoo\Shell.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\Jeux classiques\\Bin\\CmCenterV2.exe"= "C:\\WINDOWS\\system32\\LEXPPS.EXE"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\WINDOWS\\system32\\rundll32.exe"= "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "C:\\Program Files\\NEC\\NEC Mobile Suite\\CommsService.exe"= "<NO NAME>"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\WINDOWS\\system32\\mshta.exe"= "C:\\WINDOWS\\system32\\lxcgcoms.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\NetMeeting\\conf.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "22117:TCP"= 22117:TCP:BitComet 22117 TCP "22117:UDP"= 22117:UDP:BitComet 22117 UDP "10240:TCP"= 10240:TCP:PIOLET_TCP "20480:UDP"= 20480:UDP:PIOLET_UDP "45400:TCP"= 45400:TCP:frost "13720:TCP"= 13720:TCP:frostwire13720 R3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys [2006-05-25 00:09] R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08] S1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys [2006-05-18 19:38] S2 litsgt;litsgt;C:\WINDOWS\system32\DRIVERS\litsgt.sys [2006-05-24 22:46] S2 tansgt;tansgt;C:\WINDOWS\system32\DRIVERS\tansgt.sys [2006-05-24 22:46] S3 archbus;NEC WMC USB_BJ1 Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\archbus.sys [2005-08-30 13:17] S3 archmdfl;NEC WMC USB_BJ1 Modem Filter;C:\WINDOWS\system32\DRIVERS\archmdfl.sys [2005-08-30 13:17] S3 archmdm;NEC WMC USB_BJ1 Port Drivers;C:\WINDOWS\system32\DRIVERS\archmdm.sys [2005-08-30 13:17] S3 archobex;NEC WMC USB_BJ1 OBEX Interface Drivers (WDM);C:\WINDOWS\system32\DRIVERS\archobex.sys [2005-08-30 13:17] S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2006-10-28 11:57] S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46] S3 RapDrv;RapDrv;C:\WINDOWS\system32\drivers\RapDrv.sys [2003-10-24 15:57] S3 RapFile;RapFile;C:\WINDOWS\system32\drivers\RapFile.sys [2003-02-25 18:26] S3 RapNet;RapNet;C:\WINDOWS\system32\drivers\RapNet.sys [2003-02-25 18:26] S3 snpstd2;Trust WB-3400T Webcam;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-10-14 18:12] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 07:58] . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2006-02-26 16:00:00 C:\WINDOWS\Tasks\A83F101F9190803F.job" - c:\docume~1\moman\applic~1\proxyt~1\Upload Type Does.exe "2008-01-07 19:15:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2006-02-26 16:05:00 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE "2007-11-03 02:01:28 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-11 16:11:40 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-05-11 16:13:49 ComboFix-quarantined-files.txt 2008-05-11 14:13:28 ComboFix2.txt 2008-05-11 12:03:58 Pre-Run: 82,128,248,832 octets libres Post-Run: 82,108,289,024 octets libres 281 --- E O F --- 2008-04-09 12:26:34 Malwarebytes' Anti-Malware (aussi en MSE) : Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 139939 Temps écoulé: 1 hour(s), 32 minute(s), 0 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 6 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 17 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce86878f-d099-4ffc-a4dc-e51d192063b1} (Trojan.Vundo) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> No action taken. HKEY_CURRENT_USER\Software\Casino Tropez (Adware.Casino) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Casino Tropez (Adware.Casino) -> No action taken. HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> No action taken. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\QooBox\Quarantine\C\WINDOWS\xbaqktfv.exe.vir (Trojan.FakeAlert) -> No action taken. C:\QooBox\Quarantine\C\WINDOWS\system32\ddcYrQih.dll.vir (Trojan.Vundo) -> No action taken. C:\QooBox\Quarantine\C\WINDOWS\system32\epxtdral.dll.vir (Trojan.Vundo) -> No action taken. C:\QooBox\Quarantine\C\WINDOWS\system32\nnnkLdee.dll.vir (Trojan.Vundo) -> No action taken. C:\QooBox\Quarantine\C\WINDOWS\system32\qoMdDtqn.dll.vir (Trojan.Vundo) -> No action taken. C:\System Volume Information\_restore{BCBB538F-4B22-4C6E-BAFD-9A806D251BB2}\RP348\A0073863.dll (Trojan.Vundo) -> No action taken. C:\System Volume Information\_restore{BCBB538F-4B22-4C6E-BAFD-9A806D251BB2}\RP351\A0075508.dll (Trojan.Vundo) -> No action taken. C:\System Volume Information\_restore{BCBB538F-4B22-4C6E-BAFD-9A806D251BB2}\RP351\A0075555.exe (Trojan.FakeAlert) -> No action taken. C:\System Volume Information\_restore{BCBB538F-4B22-4C6E-BAFD-9A806D251BB2}\RP351\A0075586.dll (Trojan.Vundo) -> No action taken. C:\System Volume Information\_restore{BCBB538F-4B22-4C6E-BAFD-9A806D251BB2}\RP351\A0075587.dll (Trojan.Vundo) -> No action taken. C:\System Volume Information\_restore{BCBB538F-4B22-4C6E-BAFD-9A806D251BB2}\RP351\A0075588.dll (Trojan.Vundo) -> No action taken. C:\System Volume Information\_restore{BCBB538F-4B22-4C6E-BAFD-9A806D251BB2}\RP351\A0075606.dll (Trojan.Vundo) -> No action taken. C:\System Volume Information\_restore{BCBB538F-4B22-4C6E-BAFD-9A806D251BB2}\RP352\A0075634.exe (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\bwngjgdu.exe (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\ssqQgHwx.dll.vir (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico (Malware.Trace) -> No action taken. C:\Documents and Settings\Propriétaire\Application Data\urlredir.cfg (Adware.RightOnAds) -> No action taken. HijackThis dernier en date Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:08:13 , on 11/05/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5700.0007) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ps2.exe C:\Program Files\Lexmark 2300 Series\lxcgmon.exe C:\Program Files\Lexmark 2300 Series\ezprint.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\lxcgcoms.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Propriétaire\Bureau\Sanner.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr9.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Li [...] SUB_CLCID} R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.metacrawl.ws R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C2C91F8-5B98-41B2-AFA2-6C1B1977167D} - (no file) O2 - BHO: (no name) - {5DABEDE9-B27E-46B6-B41B-73899090D8C1} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {9C78394D-954E-4D04-93E6-6EE2A392E27F} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: (no name) - {CE86878F-D099-4FFC-A4DC-E51D192063B1} - (no file) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [KIT3] C:\WINDOWS\system32\spool\hpprintqueue.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM') O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html O8 - Extra context menu item: Open with BitPump - C:\Program Files\AnalogX\BitPump\ieint.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file) O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/bina [...] b31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/bina [...] b56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/bina [...] b31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://sevetlolo.spaces.live.com// [...] nPUpld.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0895ce [...] 601_fr.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/bina [...] b31267.cab O16 - DPF: {981D847D-2C06-4FB7-A09C-4F0A48601B2C} - http://techcity.aol.fr/download/img/DiagSetup.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/bina [...] b32846.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/bina [...] b56907.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/bina [...] b31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F8A5B59B-A90F-4F33-8165-9842E26390E6}: NameServer = 213.140.2.12,213.140.2.21 O20 - Winlogon Notify: gebyaab - C:\WINDOWS\ O20 - Winlogon Notify: ssqQgHwx - C:\WINDOWS\ O20 - Winlogon Notify: vtutt - C:\WINDOWS\ O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing) O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: BlackICE - Unknown owner - C:\Program Files\ISS\BlackICE\blackd.exe (file missing) O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - Unknown owner - C:\WINDOWS\System32\FTRTSVC.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HDD Information Service (HDDSvc) - Unknown owner - C:\WINDOWS\system32\HDDSvc.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: RapApp - Unknown owner - C:\Program Files\ISS\BlackICE\rapapp.exe (file missing) O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O24 - Desktop Component 0: (no name) - (no file) O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/PROPRI~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg -- End of file - 13261 bytes MERCDI D'AVANCE |