|
|
Auteur
|
Message
|
1
|
|
|
|
Quelqu'un peut il m'aider pour des pubs intempestives ! 
-->Message édité par Dan1234 le 27/12/2007 17:25:49<--
|
|
Modérateur/Helper
|
|
|
1) Si tu es sous vista, fais d'abord ça / sinon passe de suite à l’étape suivante  :
Désactive l'UAC ( Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ...
et valide par OK , il te sera demandé de redémarrer, fais le )
Ensuite :
2) Télécharge Navilog : http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
selon l antivirus que tu utilise navilog peut etre detecté comme virus !!!
dans ce cas la desactive le pendant le telechargement et le scan!!!!
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
|
|
|
|
|
Search Navipromo version 3.3.8 commencé le 26/12/2007 à 18:29:42,64
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 11.12.2007 à 18h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS
Executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans C:\WINDOWS ***
*** Recherche dossiers dans C:\Program Files ***
*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1 ***
*** Recherche dossiers dans "C:\Documents and Settings\Maison.MAISON-CP47L4TQ\application data" ***
*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1.WIN\MENUDM~1\PROGRA~1 ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans C:\WINDOWS\system32 *
* Recherche dans "C:\Documents and Settings\Maison.MAISON-CP47L4TQ\local settings\application data" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans C:\WINDOWS\system32 :
* Dans "C:\Documents and Settings\Maison.MAISON-CP47L4TQ\local settings\application data" :
3)Recherche Certificats :
Certificat Egroup absent !
4)Recherche fichiers connus :
C:\WINDOWS\system32\jjkkj.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
*** Analyse terminée le 26/12/2007 à 18:35:37,65 ***
|
|
Modérateur/Helper
|
|
|
|
Infection Vundo
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.[list]
http://www.atribune.org/ccount/click.php?id=4
· Double-clique VundoFix.exe afin de le lancer
· Clique sur le bouton Scan for Vundo
· Lorsque le scan est complété, clique sur le bouton Remove Vundo
· Une invite te demandera si tu veux supprimer les fichiers, clique YES
· Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
· Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
· Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-dessus, à partir de "clique sur le bouton Scan for Vundo".
|
|
|
|
|
VundoFix V6.7.7
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Scan started at 18:43:19 26/12/2007
Listing files found while scanning....
C:\WINDOWS\system32\jdvumibg.exe
Beginning removal...
Attempting to delete C:\WINDOWS\system32\jdvumibg.exe
C:\WINDOWS\system32\jdvumibg.exe Could not be deleted.
Performing Repairs to the registry.
Done!
|
|
Modérateur/Helper
|
|
|
Télécharge Combofix sUBs :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Redémarre en mode sans échecs : aide ici >>> http://forum.telecharger.01net.com/telecharger/virus_et_assimiles/failles_de_(...)
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Copie/colle un nouveau rapport HiJackThis avec.
|
|
|
|
|
ComboFix 07-12-21.4 - Maison 2007-12-26 19:34:50.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.71 [GMT 1:00]
Running from: C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\.protected
C:\Documents and Settings\Dan.MAISON-CP47L4TQ\Application Data\install_fr[1].exe
C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data.\Ultimate Cleaner
C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data.\Ultimate Cleaner\settings.dat
C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data\Ultimate Cleaner\settings.dat
C:\Program Files\Fichiers communs\Yazzle1122OinUninstaller.exe
C:\Program Files\Fichiers communs\Yazzle1848OinAdmin.exe
C:\Program Files\Fichiers communs\Yazzle1848OinUninstaller.exe
C:\Program Files\inetget2
C:\Program Files\Insider
C:\Program Files\Insider\Insider.exe
C:\Program Files\Insider\UnInstall.exe
C:\Program Files\SecCenter
C:\Program Files\SecCenter\scprot4.exe
C:\Program Files\Temporary
C:\Program Files\Ultimate Cleaner
C:\Program Files\WinAble
C:\setup.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\msnimport.exe
C:\WINDOWS\PerfInfo
C:\WINDOWS\PerfInfo\HugS9Jav2Xuc.exe
C:\WINDOWS\PerfInfo\HugS9Jav2Xud.exe
C:\WINDOWS\system32\drivers\etc\.protected
C:\WINDOWS\system32\ext
C:\WINDOWS\system32\hlvbfwoq
C:\WINDOWS\system32\hlvbfwoq\bg1.gif
C:\WINDOWS\system32\hlvbfwoq\bgtop.gif
C:\WINDOWS\system32\hlvbfwoq\bottom1.gif
C:\WINDOWS\system32\hlvbfwoq\essentials.gif
C:\WINDOWS\system32\hlvbfwoq\hlvbfwoq1.exe
C:\WINDOWS\system32\hlvbfwoq\hlvbfwoq2.exe
C:\WINDOWS\system32\hlvbfwoq\hlvbfwoq3.exe
C:\WINDOWS\system32\hlvbfwoq\icon1.ico
C:\WINDOWS\system32\hlvbfwoq\install1.gif
C:\WINDOWS\system32\hlvbfwoq\left1.gif
C:\WINDOWS\system32\hlvbfwoq\li.gif
C:\WINDOWS\system32\hlvbfwoq\logo.gif
C:\WINDOWS\system32\hlvbfwoq\main.htm
C:\WINDOWS\system32\hlvbfwoq\mainframe.htm
C:\WINDOWS\system32\hlvbfwoq\reinstall1.gif
C:\WINDOWS\system32\hlvbfwoq\right1.gif
C:\WINDOWS\system32\hlvbfwoq\s1.htm
C:\WINDOWS\system32\hlvbfwoq\s2.htm
C:\WINDOWS\system32\hlvbfwoq\s3.htm
C:\WINDOWS\system32\hlvbfwoq\SMTop1.gif
C:\WINDOWS\system32\hlvbfwoq\SMTop2.gif
C:\WINDOWS\system32\hlvbfwoq\SMTop3.gif
C:\WINDOWS\system32\hlvbfwoq\SMTop4.gif
C:\WINDOWS\system32\hlvbfwoq\soft1_off.gif
C:\WINDOWS\system32\hlvbfwoq\soft1_off_ext.gif
C:\WINDOWS\system32\hlvbfwoq\soft1_on.gif
C:\WINDOWS\system32\hlvbfwoq\soft1_on_ext.gif
C:\WINDOWS\system32\hlvbfwoq\soft2_off.gif
C:\WINDOWS\system32\hlvbfwoq\soft2_off_ext.gif
C:\WINDOWS\system32\hlvbfwoq\soft2_on.gif
C:\WINDOWS\system32\hlvbfwoq\soft2_on_ext.gif
C:\WINDOWS\system32\hlvbfwoq\soft3_off.gif
C:\WINDOWS\system32\hlvbfwoq\soft3_off_ext.gif
C:\WINDOWS\system32\hlvbfwoq\soft3_on.gif
C:\WINDOWS\system32\hlvbfwoq\soft3_on_ext.gif
C:\WINDOWS\system32\hlvbfwoq\softbottom_off.gif
C:\WINDOWS\system32\hlvbfwoq\softbottom_on.gif
C:\WINDOWS\system32\hlvbfwoq\softleft_off.gif
C:\WINDOWS\system32\hlvbfwoq\softleft_on.gif
C:\WINDOWS\system32\hlvbfwoq\top1.gif
C:\WINDOWS\system32\hlvbfwoq\top2.gif
C:\WINDOWS\system32\hlvbfwoq\turnoff1.gif
C:\WINDOWS\system32\hlvbfwoq\turnon1.gif
C:\WINDOWS\system32\jdvumibg.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-26 to 2007-12-26 ))))))))))))))))))))))))))))))))))))
.
2007-12-26 19:18 . 2007-12-26 19:18 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-12-26 17:59 . 2007-12-26 17:59 <REP> d-------- C:\Documents and Settings\Dan.MAISON-CP47L4TQ\Application Data\F-Secure
2007-12-25 17:52 . 2007-12-25 17:52 <REP> d-------- C:\Documents and Settings\Dan.MAISON-CP47L4TQ\Application Data\ispnews
2007-12-25 16:08 . 2007-12-25 16:08 507,599 --a------ C:\upload_moi_MAISON-CP47L4TQ.tar.gz
2007-12-24 22:41 . 2007-12-26 19:22 <REP> d-------- C:\VundoFix Backups
2007-12-24 21:50 . 2007-12-26 18:35 <REP> d-------- C:\Program Files\Navilog1
2007-12-24 20:50 . 2007-12-24 21:27 3,828 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-24 20:49 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-24 20:49 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-12-24 20:49 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2007-12-24 20:49 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-24 20:49 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-24 19:20 . 2007-12-24 19:20 <REP> d-------- C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data\SoftInform
2007-12-24 19:19 . 2007-12-24 19:19 <REP> d-------- C:\Program Files\SoftInform
2007-12-24 19:19 . 2007-12-25 00:12 <REP> d-------- C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data\AdsCleaner
2007-12-24 19:14 . 2007-12-24 19:14 <REP> d-------- C:\Program Files\crocpopup+
2007-12-24 19:11 . 2007-12-24 19:11 <REP> d-------- C:\Program Files\Trend Micro
2007-12-24 19:06 . 2007-12-24 22:36 988,949 ---hs---- C:\WINDOWS\system32\uiqocolt.ini
2007-12-24 16:00 . 2007-12-24 18:59 <REP> d-------- C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data\F-Secure
2007-12-24 15:58 . 2007-12-24 15:58 <REP> d-------- C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data\ispnews
2007-12-24 15:49 . 2007-12-24 15:49 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure
2007-12-24 15:49 . 2005-11-18 16:04 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2007-12-24 15:49 . 2005-11-18 16:04 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2007-12-24 15:44 . 2007-12-24 15:49 <REP> d-------- C:\Program Files\AntivirusFirewall
2007-12-24 15:44 . 2007-12-24 15:44 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.123-6588780L.exe
2007-12-24 11:19 . 2007-12-24 19:00 988,709 ---hs---- C:\WINDOWS\system32\qqtsnhmw.ini
2007-12-24 11:04 . 2007-12-24 11:04 <REP> d-------- C:\WINDOWS\ppqvmpqr
2007-12-24 11:04 . 2007-12-24 11:04 208,896 --a------ C:\WINDOWS\system32\ndaTqsVqrX.dll
2007-12-22 17:12 . 2007-12-23 18:19 990,849 ---hs---- C:\WINDOWS\system32\jnviikqc.ini
2007-12-22 14:21 . 2007-12-24 23:10 355,833 --ahs---- C:\WINDOWS\system32\jjkkj.ini
2007-12-22 14:21 . 2007-12-24 23:09 355,787 --a------ C:\WINDOWS\system32\jjkkj.ini2
2007-12-21 18:47 . 2007-12-21 18:47 <REP> d-------- C:\Program Files\PQDVD
2007-12-21 18:32 . 2007-12-21 18:32 <REP> d-------- C:\Program Files\Red Kawa
2007-12-21 18:19 . 2007-12-22 18:19 834 ---hs---- C:\WINDOWS\system32\aphkelqx.ini
2007-12-21 16:05 . 2007-12-21 16:05 <REP> d-------- C:\Documents and Settings\Jonathan\Application Data\Mazaika
2007-12-21 12:32 . 2007-12-21 17:07 714 ---hs---- C:\WINDOWS\system32\egnpkkky.ini
2007-12-20 18:26 . 2007-12-20 18:26 <REP> d-------- C:\Documents and Settings\Dan.MAISON-CP47L4TQ\Application Data\Mazaika
2007-12-20 15:21 . 2007-12-20 15:21 <REP> d-------- C:\Program Files\Mazaika
2007-12-20 15:21 . 2007-12-20 15:21 <REP> d-------- C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data\Mazaika
2007-12-19 17:29 . 2007-12-21 19:00 <REP> d-------- C:\temp
2007-12-19 17:24 . 2007-12-19 17:24 <REP> d-------- C:\Program Files\Avex
2007-12-19 17:00 . 2007-12-19 17:16 <REP> d-------- C:\Documents and Settings\Jonathan\Application Data\KNOB LIVE
2007-12-18 13:36 . 2007-12-21 12:30 594 ---hs---- C:\WINDOWS\system32\wxbykueh.ini
2007-12-18 10:06 . 2007-12-18 10:06 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2007-12-17 20:05 . 2007-12-17 21:42 36,363 --a------ C:\WINDOWS\CSTBox.INI
2007-12-17 09:11 . 2007-12-17 09:27 <REP> d-------- C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data\KNOB LIVE
2007-12-17 08:01 . 2007-12-17 08:01 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Open Ante Anti Dog
2007-12-17 08:00 . 2007-12-17 08:00 <REP> d-------- C:\Program Files\KNOB LIVE
2007-12-17 08:00 . 2007-12-17 08:00 <REP> d-------- C:\Program Files\Circle Developement
2007-12-17 08:00 . 2007-12-17 08:01 <REP> d-------- C:\Documents and Settings\Dan.MAISON-CP47L4TQ\Application Data\KNOB LIVE
2007-12-16 13:31 . 2007-12-17 13:31 972,144 ---hs---- C:\WINDOWS\system32\dubnielg.ini
2007-12-15 16:18 . 2006-07-22 19:37 49,152 --------- C:\WINDOWS\system32\INETWH32.dll
2007-12-15 14:17 . 2007-12-15 14:17 <REP> d-------- C:\Program Files\WinSCP
2007-12-15 13:23 . 2007-12-16 13:28 971,964 ---hs---- C:\WINDOWS\system32\ucrobwlm.ini
2007-12-14 17:03 . 2007-12-15 13:20 952,623 ---hs---- C:\WINDOWS\system32\tnswqaya.ini
2007-12-14 11:55 . 2007-12-14 16:20 949,278 ---hs---- C:\WINDOWS\system32\qaqapqxu.ini
2007-12-13 12:53 . 2007-12-23 11:15 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-12-13 11:41 . 2007-12-13 21:21 930,408 ---hs---- C:\WINDOWS\system32\xglwhhfp.ini
2007-12-13 07:49 . 2007-12-13 10:23 930,288 ---hs---- C:\WINDOWS\system32\qdlubakx.ini
2007-12-12 15:59 . 2007-12-24 15:22 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-12-11 22:06 . 2007-12-11 22:06 <REP> d-------- C:\Program Files\Kugafmpg
2007-12-11 18:44 . 2007-12-11 18:44 252,480 --a------ C:\WINDOWS\system32\awtqn.dll
2007-12-11 16:10 . 2007-12-11 16:10 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-11 15:34 . 2007-12-11 15:35 252,480 --a------ C:\WINDOWS\system32\vtstt.dll
2007-12-11 13:34 . 2007-12-11 13:44 252,480 --a------ C:\WINDOWS\system32\vturp.dll
2007-12-11 12:34 . 2007-12-11 12:37 252,480 --a------ C:\WINDOWS\system32\ssqro.dll
2007-12-11 09:34 . 2007-12-11 09:45 252,480 --a------ C:\WINDOWS\system32\geedc.dll
2007-12-11 09:30 . 2007-12-21 18:19 <REP> d-------- C:\Program Files\Lxfwsjga
2007-12-10 20:07 . 2007-12-24 16:36 <REP> d-------- C:\Program Files\lgpoxyny
2007-12-10 20:07 . 2007-12-10 20:07 <REP> d-------- C:\Program Files\Ansxzfpn
2007-12-10 18:54 . 2007-12-10 18:55 <REP> d-------- C:\Program Files\3D Canvas 7
2007-12-09 20:27 . 2007-12-09 20:27 <REP> d-------- C:\Documents and Settings\Dan.MAISON-CP47L4TQ\Application Data\CyberLink
2007-12-09 15:41 . 2007-12-09 15:41 <REP> d-------- C:\Program Files\Free iPod Video Converter
2007-12-09 15:41 . 2004-05-25 17:06 417,792 --a------ C:\WINDOWS\system32\ac3filter.ax
2007-12-09 15:41 . 2005-02-27 21:48 356,352 --a------ C:\WINDOWS\system32\RealMediaSplitter.ax
2007-12-09 15:41 . 2004-01-10 17:02 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax
2007-12-07 12:44 . 2007-12-07 12:44 <REP> d-------- C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data\ArcSoft
2007-12-05 17:13 . 2007-12-05 18:09 <REP> d-------- C:\Program Files\Anvsoft Flash to 3GP Converter
2007-12-05 17:12 . 2007-12-05 17:12 0 --a------ C:\WINDOWS\system32\QuickTime.qtp
2007-12-05 17:05 . 2007-12-05 17:05 <REP> d-------- C:\Program Files\Magicbit
2007-12-04 18:59 . 2007-12-04 18:59 <REP> d-------- C:\ConvertTemp
2007-12-04 18:54 . 2007-12-24 16:20 <REP> d-------- C:\Program Files\WinAVI MP4 Converter
2007-12-04 02:33 . 2007-12-04 02:33 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 02:33 . 2007-12-04 02:33 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-12-04 02:33 . 2007-12-04 02:33 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-12-04 02:33 . 2007-12-04 02:33 682,496 --a------ C:\WINDOWS\system32\DivX.dll
2007-12-04 02:33 . 2007-12-04 02:33 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
2007-11-29 23:30 . 2007-11-29 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 23:30 . 2007-11-29 23:30 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-11-29 23:30 . 2007-11-29 23:30 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-11-29 23:30 . 2007-11-29 23:30 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-11-29 23:30 . 2007-11-29 23:30 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
2007-11-29 23:30 . 2007-11-29 23:30 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-11-29 23:28 . 2007-11-29 23:28 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-11-29 23:28 . 2007-11-29 23:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-11-29 23:28 . 2007-11-29 23:28 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
2007-11-29 23:28 . 2007-11-29 23:28 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
2007-11-28 22:55 . 2007-11-28 22:55 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 22:53 . 2007-11-28 22:53 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-11-28 22:53 . 2007-11-28 22:53 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-26 18:45 73 ----a-w C:\Program Files\uvPL.log
2007-12-26 18:23 --------- d-----w C:\Program Files\Ulead.dat
2007-12-25 20:06 --------- d-----w C:\Documents and Settings\Dan.MAISON-CP47L4TQ\Application Data\LimeWire
2007-12-23 14:27 --------- d-----w C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data\uTorrent
2007-12-23 10:18 --------- d-----w C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data\Apple Computer
2007-12-18 09:06 8,192 --sha-w C:\Program Files\Thumbs.db
2007-12-17 20:04 --------- d-----w C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data\Ulead Systems
2007-12-17 07:00 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-15 15:28 --------- d-----w C:\Documents and Settings\Dan.MAISON-CP47L4TQ\Application Data\Ulead Systems
2007-12-15 15:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-15 15:17 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Ulead Systems
2007-12-15 15:16 --------- d-----w C:\Program Files\Ulead Systems
2007-12-13 16:35 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\LimeWire
2007-12-10 17:54 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\Ulead Systems
2007-12-09 14:21 --------- d-----w C:\Documents and Settings\Dan.MAISON-CP47L4TQ\Application Data\Apple Computer
2007-12-07 12:13 --------- d-----w C:\Program Files\DivX
2007-12-06 21:36 --------- d-----w C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data\LimeWire
2007-12-04 16:04 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\Apple Computer
2007-12-03 18:53 --------- d-----w C:\Program Files\iTunes
2007-12-03 18:41 --------- d-----w C:\Program Files\iPod
2007-12-01 13:34 --------- d-----w C:\Program Files\LimeWire
2007-11-25 17:18 --------- d-----w C:\Program Files\Capturino 1.4
2007-11-25 16:06 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\Canon
2007-11-25 16:06 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\ArcSoft
2007-11-24 21:10 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\Ahead
2007-11-21 13:22 360,580 ----a-w C:\WINDOWS\eSellerateEngine.dll
2007-11-21 13:21 --------- d-----w C:\Program Files\MSN Content Plus Inc
2007-11-21 13:03 --------- d-----w C:\Documents and Settings\Dan.MAISON-CP47L4TQ\Application Data\MSN6
2007-11-19 17:47 --------- d-----w C:\Documents and Settings\Dan.MAISON-CP47L4TQ\Application Data\Canon
2007-11-19 17:47 --------- d-----w C:\Documents and Settings\Dan.MAISON-CP47L4TQ\Application Data\ArcSoft
2007-11-18 17:19 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-11-18 13:19 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\DivX
2007-11-17 20:24 --------- d-----w C:\Documents and Settings\Dan.MAISON-CP47L4TQ\Application Data\Samsung
2007-11-17 20:19 --------- d-----w C:\Program Files\Samsung
2007-11-17 16:36 --------- d-----w C:\Program Files\QuickTime
2007-11-17 16:36 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Messenger Plus!
2007-11-17 15:50 65,175 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2007-11-17 15:50 6,128 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-11-17 15:50 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2007-11-17 15:36 --------- d-----w C:\Program Files\TGTSoft
2007-11-17 15:17 --------- d-----w C:\Program Files\Stardock
2007-11-17 14:37 --------- d-----w C:\Documents and Settings\Dan.MAISON-CP47L4TQ\Application Data\DivX
2007-11-16 21:35 --------- d-----w C:\Program Files\Easy-TV
2007-11-16 21:32 --------- d-----w C:\Program Files\adslTV
2007-11-16 21:32 --------- d-----w C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data\vlc
2007-11-16 21:26 --------- d-----w C:\Program Files\Solway's Internet TV and Radio
2007-11-15 20:04 --------- d-----w C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data\Canon
2007-11-15 19:57 --------- d-----w C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data\ScanSoft
2007-11-15 19:57 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SSScanWizard
2007-11-15 19:57 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SSScanAppDataDir
2007-11-15 19:56 --------- d-----w C:\Program Files\Fichiers communs\ScanSoft Shared
2007-11-15 19:54 --------- d-----w C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data\InterTrust
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 13:03 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet
2007-11-11 12:54 --------- d-----w C:\Program Files\Bonjour
2007-11-11 12:45 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
2007-11-08 19:57 --------- d-----w C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data\Kazaa Lite
2007-11-04 20:55 --------- d-----w C:\Program Files\Adverts
2007-11-04 20:05 --------- d-----w C:\Program Files\aft_plug
2007-11-04 20:00 172 ----a-w C:\Program Files\uvs.log
2007-11-04 20:00 100 ----a-w C:\Program Files\MP4Set.ini
2007-11-04 19:59 --------- d-----w C:\Program Files\Content
2007-11-04 19:57 --------- d-----w C:\Program Files\Intel
2007-11-04 19:57 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SmartSound Software Inc
2007-11-04 19:54 --------- d-----w C:\Program Files\Samples
2007-11-04 19:54 --------- d-----w C:\Program Files\ppp
2007-11-04 19:54 --------- d-----w C:\Program Files\motion_plug
2007-11-04 19:54 --------- d-----w C:\Program Files\EditingStyle
2007-11-04 19:54 --------- d-----w C:\Program Files\Device
2007-11-04 19:54 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallShield
2007-11-04 19:53 --------- d-----w C:\Program Files\XML
2007-11-04 19:53 --------- d-----w C:\Program Files\VIO
2007-11-04 19:53 --------- d-----w C:\Program Files\Vfx_plug
2007-11-04 19:53 --------- d-----w C:\Program Files\vft_plug
2007-11-04 19:53 --------- d-----w C:\Program Files\SIO
2007-11-04 19:53 --------- d-----w C:\Program Files\plugin
2007-11-04 19:53 --------- d-----w C:\Program Files\fio
2007-11-04 19:53 --------- d-----w C:\Program Files\EIO
2007-11-04 19:53 --------- d-----w C:\Program Files\Drawing
2007-11-04 19:53 --------- d-----w C:\Program Files\BITMAP
2007-11-04 19:53 --------- d-----w C:\Program Files\AudioQuality
2007-11-04 19:53 --------- d-----w C:\Program Files\afComponent
2007-11-04 19:53 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2007-11-04 18:59 --------- d-----w C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data\CyberLink
2007-11-04 18:58 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\CyberLink
2007-11-04 18:11 --------- d-----w C:\Program Files\Realtek AC97
2007-11-04 17:07 --------- d-----w C:\Program Files\ma-config.com
2007-11-04 17:07 --------- d-----w C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data\ma-config.com
2007-11-04 16:21 --------- d-----w C:\Program Files\Snapshot Viewer
2007-11-04 16:10 --------- d-----w C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data\Microsoft Web Folders
2007-11-04 15:24 --------- d-----w C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data\Ahead
2007-11-04 15:07 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Ahead
2007-11-04 15:06 --------- d-----w C:\Program Files\Ahead
2007-11-04 14:47 --------- d-----w C:\Program Files\MagicISO
2007-11-04 13:33 --------- d-----w C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data\DivX
2007-11-04 13:28 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\LightScribe
2007-11-04 13:27 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Droppix
2007-11-04 13:22 --------- d-----w C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data\Droppix
2007-11-04 13:17 --------- d-----w C:\Program Files\Fichiers communs\LightScribe
2007-11-03 19:05 --------- d-----w C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data\MSN6
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0140DF95-9128-4053-AE72-F43F0CFCA062}]
2007-04-26 09:59 58368 --a------ C:\WINDOWS\system32\SiKernel.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89ba2336-1862-4af2-ae50-5acd414e4b6d}]
C:\WINDOWS\system32\xhajbkxn.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CBDEECF6-8706-45BD-9A7E-BCC97FCFE080}]
C:\WINDOWS\system32\jkkjj.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-11-21 14:24]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"LightScribe Control Panel"="C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2007-08-23 17:36]
"GrimBase"="C:\DOCUME~1\MAISON~1.MAI\APPLIC~1\KNOBLI~1\Axis Remote.exe" [2007-12-17 08:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 C:\WINDOWS\soundman.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
"UVS10 Preload"="C:\Program Files\uvPL.exe" [2006-03-07 00:52]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 10:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]
"Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2005-07-28 08:32]
"Anti Dog Beep Grid"="C:\Documents and Settings\All Users.WINDOWS\Application Data\Open Ante Anti Dog\01 media.exe" [2007-12-26 19:46]
"F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.exe" [2005-10-26 02:51]
"F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2005-07-18 15:51]
"F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe" [2005-10-18 09:29]
"News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2005-05-31 13:45]
"a87937ad"="C:\WINDOWS\system32\tlocoqiu.dll" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintfj32]
wintfj32.dll
R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 16:04]
R2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2007-12-24 15:45]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 16:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2007-12-24 16:04]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 10:03]
S1 lusbaudio;Microphone USB Logitech;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 22:05]
S3 QCEmerald;QuickCam Web Logitech;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 22:05]
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2007-10-31 14:09]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b895825-ac77-11dc-a853-000461a58546}]
\Shell\AutoRun\command - E:\autorun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-26 18:00:02 C:\WINDOWS\Tasks\AFEF8183918432AF.job"
"2007-12-18 13:43:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-26 09:54:02 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\ANTIVI~1\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\ANTIVI~1\ANTI-V~1\report.txt
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-26 19:45:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-26 19:48:15 - machine was rebooted
.
2007-12-22 08:48:51 --- E O F ---
Et le rapport Hijack This :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:50:25, on 26/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Mes documents\ulead\Dan\CalCheck.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.ircfast2.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Poly HTML Filter BHO - {0140DF95-9128-4053-AE72-F43F0CFCA062} - C:\WINDOWS\system32\SiKernel.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {d6b4e414-dca5-05ea-2fa4-26816332ab98} - {89ba2336-1862-4af2-ae50-5acd414e4b6d} - C:\WINDOWS\system32\xhajbkxn.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {CBDEECF6-8706-45BD-9A7E-BCC97FCFE080} - C:\WINDOWS\system32\jkkjj.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\uvPL.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [Anti Dog Beep Grid] C:\Documents and Settings\All Users.WINDOWS\Application Data\Open Ante Anti Dog\01 media.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [a87937ad] rundll32.exe "C:\WINDOWS\system32\tlocoqiu.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [GrimBase] C:\DOCUME~1\MAISON~1.MAI\APPLIC~1\KNOBLI~1\Axis Remote.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
O4 - Global Startup: Ulead Kalendar Checker.lnk = C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Mes documents\ulead\Dan\CalCheck.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuw(...)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: wintfj32 - wintfj32.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 11107 bytes
|
|
Modérateur/Helper
|
|
|
Bon tu es très infecté, je suis en train de te préparer un script Tu ne l'auras peut-être pas avant demain.
Mais j'ai des questions : ces liens et/ou programmes te disent-ils quelque chose ?
*http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx*
[GrimBase] C:\DOCUME~1\MAISON~1.MAI\APPLIC~1\KNOBLI~1\Axis Remote.exe
[Anti Dog Beep Grid] C:\Documents and Settings\All Users.WINDOWS\Application Data\Open Ante Anti Dog\01 media.exe
-->Message édité par Mérillym le 26/12/2007 21:34:21<--
|
|
|
|
|
|
|
|
Ca sera long a le " desinfecter" ??
|
|
Modérateur/Helper
|
|
|
Non, si tout se passe bien, et s'il n'y a pas de "récalcitrant"
1) Sauvegarde de la base de registre en cas de problème
Cliquer sur Démarrer / exécuter / tape regedit puis valide par ok:
Sélectionnez la ligne "poste de travail" d'un clic:
Dans le menu Fichier cliquez sur exporter :
Choisis de sauvegarder sur le bureau pour retrouver la sauvegarde facilement, nommez-la (ex sauvegarde bdr2) puis enregistrer:
Ta sauvegarde de la base de registre windows est sur le bureau:
En cas de problème, pour la relancer, il suffira de double-cliquer dessus et d accepter la fusion dans le registre en validant par ok a la demande formulée.
Redémarre en mode sans échec !
2) Relance HijackThis, clique sur « do a system scan only », coche ces lignes puis clique sur "Fix Checked" et referme HijackThis :
O2 - BHO: Poly HTML Filter BHO - {0140DF95-9128-4053-AE72-F43F0CFCA062} - C:\WINDOWS\system32\SiKernel.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {d6b4e414-dca5-05ea-2fa4-26816332ab98} - {89ba2336-1862-4af2-ae50-5acd414e4b6d} - C:\WINDOWS\system32\xhajbkxn.dll (file missing)
O2 - BHO: (no name) - {CBDEECF6-8706-45BD-9A7E-BCC97FCFE080} - C:\WINDOWS\system32\jkkjj.dll (file missing)
O4 - HKLM\..\Run: [Anti Dog Beep Grid] C:\Documents and Settings\All Users.WINDOWS\Application Data\Open Ante Anti Dog\01 media.exe
O4 - HKLM\..\Run: [a87937ad] rundll32.exe "C:\WINDOWS\system32\tlocoqiu.dll",b
O4 - HKCU\..\Run: [GrimBase] C:\DOCUME~1\MAISON~1.MAI\APPLIC~1\KNOBLI~1\Axis Remote.exe
O20 - Winlogon Notify: wintfj32 - wintfj32.dll (file missing)
3) Déconnecte-toi, ferme toutes les fenêtres puis fais la manipulation suivante
Copie le texte se situant dans le cadre ci-dessous :
File::
C:\WINDOWS\system32\uiqocolt.ini
C:\WINDOWS\system32\qqtsnhmw.ini
C:\WINDOWS\system32\ndaTqsVqrX.dll
C:\WINDOWS\system32\jnviikqc.ini
C:\WINDOWS\system32\jjkkj.ini
C:\WINDOWS\system32\jjkkj.ini2
C:\WINDOWS\system32\aphkelqx.ini
C:\WINDOWS\system32\egnpkkky.ini
C:\WINDOWS\system32\wxbykueh.ini
C:\WINDOWS\system32\dubnielg.ini
C:\WINDOWS\system32\ucrobwlm.ini
C:\WINDOWS\system32\xglwhhfp.ini
C:\WINDOWS\system32\tnswqaya.ini
C:\WINDOWS\system32\qaqapqxu.ini
C:\WINDOWS\system32\qdlubakx.ini
C:\WINDOWS\system32\awtqn.dll
C:\WINDOWS\system32\vtstt.dll
C:\WINDOWS\system32\vturp.dll
C:\WINDOWS\system32\ssqro.dll
C:\WINDOWS\system32\geedc.dll
Folder::
C:\VundoFix Backups
C:\WINDOWS\ppqvmpqr
C:\Program Files\Kugafmpg
C:\Program Files\Lxfwsjga
C:\Program Files\lgpoxyny
C:\Program Files\Ansxzfpn
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0140DF95-9128-4053-AE72-F43F0CFCA062}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89ba2336-1862-4af2-ae50-5acd414e4b6d}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CBDEECF6-8706-45BD-9A7E-BCC97FCFE080}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrimBase"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Anti Dog Beep Grid"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintfj32]
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
Et dis-moi au passage comment va le PC
P.S : tu avais déjà posté ici... http://forum.telecharger.01net.com/telecharger/securite_virus_et_assimiles/fa(...) et je ne sais pas ce que tu fais avec ton pc, mais il faudrait que tu fasses un peu attention à ce que tu fais sur le net. 
-->Message édité par Mérillym le 26/12/2007 23:05:44<--
|
|
|
|
|
ComboFix 07-12-21.4 - Maison 2007-12-27 10:05:43.2 - NTFSx86
Running from: C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Bureau\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\system32\aphkelqx.ini
C:\WINDOWS\system32\awtqn.dll
C:\WINDOWS\system32\dubnielg.ini
C:\WINDOWS\system32\egnpkkky.ini
C:\WINDOWS\system32\geedc.dll
C:\WINDOWS\system32\jjkkj.ini
C:\WINDOWS\system32\jjkkj.ini2
C:\WINDOWS\system32\jnviikqc.ini
C:\WINDOWS\system32\ndaTqsVqrX.dll
C:\WINDOWS\system32\qaqapqxu.ini
C:\WINDOWS\system32\qdlubakx.ini
C:\WINDOWS\system32\qqtsnhmw.ini
C:\WINDOWS\system32\ssqro.dll
C:\WINDOWS\system32\tnswqaya.ini
C:\WINDOWS\system32\ucrobwlm.ini
C:\WINDOWS\system32\uiqocolt.ini
C:\WINDOWS\system32\vtstt.dll
C:\WINDOWS\system32\vturp.dll
C:\WINDOWS\system32\wxbykueh.ini
C:\WINDOWS\system32\xglwhhfp.ini
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Ansxzfpn
C:\Program Files\Kugafmpg
C:\Program Files\lgpoxyny
C:\Program Files\lgpoxyny\XMNQDGJW.0LL
C:\Program Files\Lxfwsjga
C:\VundoFix Backups
C:\VundoFix Backups\acacqkli.dll.bad
C:\VundoFix Backups\asuptsmb.exe.bad
C:\VundoFix Backups\avuxyyae.dll.bad
C:\VundoFix Backups\awtst.dll.bad
C:\VundoFix Backups\axufbxpq.dll.bad
C:\VundoFix Backups\bgdedkyk.dll.bad
C:\VundoFix Backups\bsmcekyx.dll.bad
C:\VundoFix Backups\cbxutrr.dll.bad
C:\VundoFix Backups\cnvbjhah.dll.bad
C:\VundoFix Backups\cpbjquay.dll.bad
C:\VundoFix Backups\crnlwunq.exe.bad
C:\VundoFix Backups\eyuijcnh.exe.bad
C:\VundoFix Backups\flaeepol.dll.bad
C:\VundoFix Backups\gervrbvg.ini.bad
C:\VundoFix Backups\ggmtxtwd.exe.bad
C:\VundoFix Backups\gvbrvreg.dll.bad
C:\VundoFix Backups\ilkqcaca.ini.bad
C:\VundoFix Backups\jajwajfl.dll.bad
C:\VundoFix Backups\jdvumibg.exe.bad
C:\VundoFix Backups\jkkji.dll.bad
C:\VundoFix Backups\jkkjj.dll.bad
C:\VundoFix Backups\jpfrburc.exe.bad
C:\VundoFix Backups\lpsgygfj.dll.bad
C:\VundoFix Backups\mljjj.dll.bad
C:\VundoFix Backups\mllmn.dll.bad
C:\VundoFix Backups\nnhnibkc.dll.bad
C:\VundoFix Backups\pfhhwlgx.dll.bad
C:\VundoFix Backups\plouqpfb.exe.bad
C:\VundoFix Backups\pmnno.dll.bad
C:\VundoFix Backups\ptbtwqso.dll.bad
C:\VundoFix Backups\qopbmqwn.exe.bad
C:\VundoFix Backups\qpejiveo.exe.bad
C:\VundoFix Backups\qpxbfuxa.ini.bad
C:\VundoFix Backups\rmmlrivl.dll.bad
C:\VundoFix Backups\scmrcldb.exe.bad
C:\VundoFix Backups\sylikpjk.exe.bad
C:\VundoFix Backups\tarwgnyw.dll.bad
C:\VundoFix Backups\tlocoqiu.dll.bad
C:\VundoFix Backups\upbxqqkf.exe.bad
C:\VundoFix Backups\vcuijewi.dll.bad
C:\VundoFix Backups\vwsyeuap.exe.bad
C:\VundoFix Backups\wbfbuamf.dll.bad
C:\VundoFix Backups\wgcxsvee.dll.bad
C:\VundoFix Backups\xhajbkxn.dll.bad
C:\VundoFix Backups\xqlekhpa.dll.bad
C:\VundoFix Backups\xrillvty.dll.bad
C:\VundoFix Backups\xtpswjmh.dll.bad
C:\VundoFix Backups\yauqjbpc.ini.bad
C:\VundoFix Backups\ynrhjduh.exe.bad
C:\VundoFix Backups\yvvfgvgw.exe.bad
C:\VundoFix Backups\yxlbeowl.exe.bad
C:\WINDOWS\ppqvmpqr
C:\WINDOWS\ppqvmpqr\1.png
C:\WINDOWS\ppqvmpqr\2.png
C:\WINDOWS\ppqvmpqr\3.png
C:\WINDOWS\ppqvmpqr\4.png
C:\WINDOWS\ppqvmpqr\5.png
C:\WINDOWS\ppqvmpqr\6.png
C:\WINDOWS\ppqvmpqr\bottom-rc.gif
C:\WINDOWS\ppqvmpqr\content.png
C:\WINDOWS\ppqvmpqr\download.gif
C:\WINDOWS\ppqvmpqr\frame-bottom-left.gif
C:\WINDOWS\ppqvmpqr\frame-h1bg.gif
C:\WINDOWS\ppqvmpqr\head.png
C:\WINDOWS\ppqvmpqr\indexuc.html
C:\WINDOWS\ppqvmpqr\indexud.html
C:\WINDOWS\ppqvmpqr\main.css
C:\WINDOWS\ppqvmpqr\net.png
C:\WINDOWS\ppqvmpqr\pc-mag.gif
C:\WINDOWS\ppqvmpqr\pc.gif
C:\WINDOWS\ppqvmpqr\poloska1.png
C:\WINDOWS\ppqvmpqr\poloska2.png
C:\WINDOWS\ppqvmpqr\poloska3.png
C:\WINDOWS\ppqvmpqr\promouc1.html
C:\WINDOWS\ppqvmpqr\promouc2.html
C:\WINDOWS\ppqvmpqr\promouc3.html
C:\WINDOWS\ppqvmpqr\promouc4.html
C:\WINDOWS\ppqvmpqr\promouc5.html
C:\WINDOWS\ppqvmpqr\promoud1.html
C:\WINDOWS\ppqvmpqr\promoud2.html
C:\WINDOWS\ppqvmpqr\promoud3.html
C:\WINDOWS\ppqvmpqr\promoud4.html
C:\WINDOWS\ppqvmpqr\promoud5.html
C:\WINDOWS\ppqvmpqr\reg.png
C:\WINDOWS\ppqvmpqr\repair.png
C:\WINDOWS\ppqvmpqr\scr-1.png
C:\WINDOWS\ppqvmpqr\scr-2.png
C:\WINDOWS\ppqvmpqr\styles.css
C:\WINDOWS\ppqvmpqr\top-rc.gif
C:\WINDOWS\ppqvmpqr\vline.gif
C:\WINDOWS\system32\aphkelqx.ini
C:\WINDOWS\system32\awtqn.dll
C:\WINDOWS\system32\dubnielg.ini
C:\WINDOWS\system32\egnpkkky.ini
C:\WINDOWS\system32\geedc.dll
C:\WINDOWS\system32\jjkkj.ini
C:\WINDOWS\system32\jjkkj.ini2
C:\WINDOWS\system32\jnviikqc.ini
C:\WINDOWS\system32\ndaTqsVqrX.dll
C:\WINDOWS\system32\qaqapqxu.ini
C:\WINDOWS\system32\qdlubakx.ini
C:\WINDOWS\system32\qqtsnhmw.ini
C:\WINDOWS\system32\ssqro.dll
C:\WINDOWS\system32\tnswqaya.ini
C:\WINDOWS\system32\ucrobwlm.ini
C:\WINDOWS\system32\uiqocolt.ini
C:\WINDOWS\system32\vtstt.dll
C:\WINDOWS\system32\vturp.dll
C:\WINDOWS\system32\wxbykueh.ini
C:\WINDOWS\system32\xglwhhfp.ini
.
((((((((((((((((((((((((((((( Fichiers créés 2007-11-27 to 2007-12-27 ))))))))))))))))))))))))))))))))))))
.
2007-12-27 09:57 . 2007-12-27 09:57 <REP> d-------- C:\Program Files\KNOB LIVE
2007-12-26 19:18 . 2007-12-26 19:18 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-12-26 17:59 . 2007-12-26 17:59 <REP> d-------- C:\Documents and Settings\Dan.MAISON-CP47L4TQ\Application Data\F-Secure
2007-12-25 17:52 . 2007-12-25 17:52 <REP> d-------- C:\Documents and Settings\Dan.MAISON-CP47L4TQ\Application Data\ispnews
2007-12-25 16:08 . 2007-12-25 16:08 507,599 --a------ C:\upload_moi_MAISON-CP47L4TQ.tar.gz
2007-12-24 21:50 . 2007-12-26 18:35 <REP> d-------- C:\Program Files\Navilog1
2007-12-24 20:50 . 2007-12-24 21:27 3,828 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-24 20:49 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-24 20:49 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-12-24 20:49 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2007-12-24 20:49 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-24 20:49 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-24 19:20 . 2007-12-24 19:20 <REP> d-------- C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data\SoftInform
2007-12-24 19:19 . 2007-12-24 19:19 <REP> d-------- C:\Program Files\SoftInform
2007-12-24 19:19 . 2007-12-25 00:12 <REP> d-------- C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data\AdsCleaner
2007-12-24 19:14 . 2007-12-24 19:14 <REP> d-------- C:\Program Files\crocpopup+
2007-12-24 19:11 . 2007-12-24 19:11 <REP> d-------- C:\Program Files\Trend Micro
2007-12-24 16:00 . 2007-12-24 18:59 <REP> d-------- C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data\F-Secure
2007-12-24 15:58 . 2007-12-24 15:58 <REP> d-------- C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data\ispnews
2007-12-24 15:49 . 2007-12-24 15:49 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\F-Secure
2007-12-24 15:49 . 2005-11-18 16:04 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2007-12-24 15:49 . 2005-11-18 16:04 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2007-12-24 15:44 . 2007-12-24 15:49 <REP> d-------- C:\Program Files\AntivirusFirewall
2007-12-24 15:44 . 2007-12-24 15:44 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.123-6588780L.exe
2007-12-21 18:47 . 2007-12-21 18:47 <REP> d-------- C:\Program Files\PQDVD
2007-12-21 18:32 . 2007-12-21 18:32 <REP> d-------- C:\Program Files\Red Kawa
2007-12-21 16:05 . 2007-12-21 16:05 <REP> d-------- C:\Documents and Settings\Jonathan\Application Data\Mazaika
2007-12-20 18:26 . 2007-12-20 18:26 <REP> d-------- C:\Documents and Settings\Dan.MAISON-CP47L4TQ\Application Data\Mazaika
2007-12-20 15:21 . 2007-12-20 15:21 <REP> d-------- C:\Program Files\Mazaika
2007-12-20 15:21 . 2007-12-20 15:21 <REP> d-------- C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data\Mazaika
2007-12-19 17:29 . 2007-12-21 19:00 <REP> d-------- C:\temp
2007-12-19 17:24 . 2007-12-19 17:24 <REP> d-------- C:\Program Files\Avex
2007-12-19 17:00 . 2007-12-19 17:16 <REP> d-------- C:\Documents and Settings\Jonathan\Application Data\KNOB LIVE
2007-12-18 10:06 . 2007-12-18 10:06 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2007-12-17 20:05 . 2007-12-17 21:42 36,363 --a------ C:\WINDOWS\CSTBox.INI
2007-12-17 09:11 . 2007-12-27 09:57 <REP> d-------- C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data\KNOB LIVE
2007-12-17 08:01 . 2007-12-27 09:57 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Open Ante Anti Dog
2007-12-17 08:00 . 2007-12-17 08:00 <REP> d-------- C:\Program Files\Circle Developement
2007-12-17 08:00 . 2007-12-17 08:01 <REP> d-------- C:\Documents and Settings\Dan.MAISON-CP47L4TQ\Application Data\KNOB LIVE
2007-12-15 16:18 . 2006-07-22 19:37 49,152 --------- C:\WINDOWS\system32\INETWH32.dll
2007-12-15 14:17 . 2007-12-15 14:17 <REP> d-------- C:\Program Files\WinSCP
2007-12-13 12:53 . 2007-12-23 11:15 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-12-12 15:59 . 2007-12-24 15:22 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-12-11 16:10 . 2007-12-11 16:10 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-10 18:54 . 2007-12-10 18:55 <REP> d-------- C:\Program Files\3D Canvas 7
2007-12-09 20:27 . 2007-12-09 20:27 <REP> d-------- C:\Documents and Settings\Dan.MAISON-CP47L4TQ\Application Data\CyberLink
2007-12-09 15:41 . 2007-12-09 15:41 <REP> d-------- C:\Program Files\Free iPod Video Converter
2007-12-09 15:41 . 2004-05-25 17:06 417,792 --a------ C:\WINDOWS\system32\ac3filter.ax
2007-12-09 15:41 . 2005-02-27 21:48 356,352 --a------ C:\WINDOWS\system32\RealMediaSplitter.ax
2007-12-09 15:41 . 2004-01-10 17:02 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax
2007-12-07 12:44 . 2007-12-07 12:44 <REP> d-------- C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data\ArcSoft
2007-12-05 17:13 . 2007-12-05 18:09 <REP> d-------- C:\Program Files\Anvsoft Flash to 3GP Converter
2007-12-05 17:12 . 2007-12-05 17:12 0 --a------ C:\WINDOWS\system32\QuickTime.qtp
2007-12-05 17:05 . 2007-12-05 17:05 <REP> d-------- C:\Program Files\Magicbit
2007-12-04 18:59 . 2007-12-04 18:59 <REP> d-------- C:\ConvertTemp
2007-12-04 18:54 . 2007-12-24 16:20 <REP> d-------- C:\Program Files\WinAVI MP4 Converter
2007-12-04 02:33 . 2007-12-04 02:33 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 02:33 . 2007-12-04 02:33 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-12-04 02:33 . 2007-12-04 02:33 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-12-04 02:33 . 2007-12-04 02:33 682,496 --a------ C:\WINDOWS\system32\DivX.dll
2007-12-04 02:33 . 2007-12-04 02:33 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
2007-11-29 23:30 . 2007-11-29 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 23:30 . 2007-11-29 23:30 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-11-29 23:30 . 2007-11-29 23:30 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-11-29 23:30 . 2007-11-29 23:30 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-11-29 23:30 . 2007-11-29 23:30 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
2007-11-29 23:30 . 2007-11-29 23:30 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-11-29 23:28 . 2007-11-29 23:28 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-11-29 23:28 . 2007-11-29 23:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-11-29 23:28 . 2007-11-29 23:28 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
2007-11-29 23:28 . 2007-11-29 23:28 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
2007-11-28 22:55 . 2007-11-28 22:55 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 22:53 . 2007-11-28 22:53 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-11-28 22:53 . 2007-11-28 22:53 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2007-11-28 22:53 . 2007-11-28 22:53 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-11-28 22:53 . 2007-11-28 22:53 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-11-28 22:53 . 2007-11-28 22:53 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-11-28 22:53 . 2007-11-28 22:53 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-11-28 22:53 . 2007-11-28 22:53 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-11-28 22:52 . 2007-11-28 22:52 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-28 22:52 . 2007-11-28 22:52 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
2007-11-28 22:52 . 2007-11-28 22:52 3,162 --a------ C:\WINDOWS\system32\dtu_fr.qm
2007-11-28 14:21 . 2006-10-04 15:06 1,197,294 -----c--- C:\WINDOWS\system32\DllCache\sysmain.sdb
2007-11-28 14:21 . 2006-10-04 15:06 764,868 -----c--- C:\WINDOWS\system32\DllCache\apph_sp.sdb
2007-11-28 14:21 . 2006-10-04 15:06 217,118 -----c--- C:\WINDOWS\system32\DllCache\apphelp.sdb
2007-11-28 14:20 . 2007-11-28 14:20 <REP> d-------- C:\Program Files\Windows Media Connect 2
2007-11-28 14:19 . 2007-11-28 14:19 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-11-28 14:02 . 2007-10-11 00:49 6,065,664 -----c--- C:\WINDOWS\system32\DllCache\ieframe.dll
2007-11-28 14:02 . 2007-04-17 10:32 2,455,488 -----c--- C:\WINDOWS\system32\DllCache\ieapfltr.dat
2007-11-28 14:02 . 2007-03-08 06:10 1,048,576 -----c--- C:\WINDOWS\system32\DllCache\ieframe.dll.mui
2007-11-28 14:02 . 2007-10-11 00:49 459,264 -----c--- C:\WINDOWS\system32\DllCache\msfeeds.dll
2007-11-28 14:02 . 2007-10-11 00:49 383,488 -----c--- C:\WINDOWS\system32\DllCache\ieapfltr.dll
2007-11-28 14:02 . 2007-10-11 00:49 267,776 -----c--- C:\WINDOWS\system32\DllCache\iertutil.dll
2007-11-28 14:02 . 2007-10-11 00:49 63,488 -----c--- C:\WINDOWS\system32\DllCache\icardie.dll
2007-11-28 14:02 . 2007-10-11 00:49 52,224 -----c--- C:\WINDOWS\system32\DllCache\msfeedsbs.dll
2007-11-28 14:02 . 2007-10-10 11:59 13,824 -----c--- C:\WINDOWS\system32\DllCache\ieudinit.exe
2007-11-28 14:01 . 2007-11-28 14:03 <REP> d-------- C:\WINDOWS\system32\fr-fr
2007-11-28 13:56 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\DllCache\custsat.dll
2007-11-28 13:45 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2007-11-28 13:45 . 2003-02-28 18:26 46,352 --a------ C:\WINDOWS\setdebug.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-27 08:54 591 ----a-w C:\Program Files\uvPL.log
2007-12-27 08:50 --------- d-----w C:\Program Files\Ulead.dat
2007-12-25 20:06 --------- d-----w C:\Documents and Settings\Dan.MAISON-CP47L4TQ\Application Data\LimeWire
2007-12-23 14:27 --------- d-----w C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data\uTorrent
2007-12-23 10:18 --------- d-----w C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data\Apple Computer
2007-12-18 09:06 8,192 --sha-w C:\Program Files\Thumbs.db
2007-12-17 20:04 --------- d-----w C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data\Ulead Systems
2007-12-17 07:00 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-15 15:28 --------- d-----w C:\Documents and Settings\Dan.MAISON-CP47L4TQ\Application Data\Ulead Systems
2007-12-15 15:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-15 15:17 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Ulead Systems
2007-12-15 15:16 --------- d-----w C:\Program Files\Ulead Systems
2007-12-13 16:35 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\LimeWire
2007-12-10 17:54 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\Ulead Systems
2007-12-09 14:21 --------- d-----w C:\Documents and Settings\Dan.MAISON-CP47L4TQ\Application Data\Apple Computer
2007-12-07 12:13 --------- d-----w C:\Program Files\DivX
2007-12-06 21:36 --------- d-----w C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data\LimeWire
2007-12-04 16:04 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\Apple Computer
2007-12-03 18:53 --------- d-----w C:\Program Files\iTunes
2007-12-03 18:41 --------- d-----w C:\Program Files\iPod
2007-12-01 13:34 --------- d-----w C:\Program Files\LimeWire
2007-11-25 17:18 --------- d-----w C:\Program Files\Capturino 1.4
2007-11-25 16:06 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\Canon
2007-11-25 16:06 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\ArcSoft
2007-11-24 21:10 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\Ahead
2007-11-21 13:22 360,580 ----a-w C:\WINDOWS\eSellerateEngine.dll
2007-11-21 13:21 --------- d-----w C:\Program Files\MSN Content Plus Inc
2007-11-21 13:03 --------- d-----w C:\Documents and Settings\Dan.MAISON-CP47L4TQ\Application Data\MSN6
2007-11-19 17:47 --------- d-----w C:\Documents and Settings\Dan.MAISON-CP47L4TQ\Application Data\Canon
2007-11-19 17:47 --------- d-----w C:\Documents and Settings\Dan.MAISON-CP47L4TQ\Application Data\ArcSoft
2007-11-18 17:19 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-11-18 13:19 --------- d-----w C:\Documents and Settings\Jonathan\Application Data\DivX
2007-11-17 20:24 --------- d-----w C:\Documents and Settings\Dan.MAISON-CP47L4TQ\Application Data\Samsung
2007-11-17 20:19 --------- d-----w C:\Program Files\Samsung
2007-11-17 16:36 --------- d-----w C:\Program Files\QuickTime
2007-11-17 16:36 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Messenger Plus!
2007-11-17 15:50 65,175 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2007-11-17 15:50 6,128 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-11-17 15:50 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2007-11-17 15:36 --------- d-----w C:\Program Files\TGTSoft
2007-11-17 15:17 --------- d-----w C:\Program Files\Stardock
2007-11-17 14:37 --------- d-----w C:\Documents and Settings\Dan.MAISON-CP47L4TQ\Application Data\DivX
2007-11-16 21:35 --------- d-----w C:\Program Files\Easy-TV
2007-11-16 21:32 --------- d-----w C:\Program Files\adslTV
2007-11-16 21:32 --------- d-----w C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data\vlc
2007-11-16 21:26 --------- d-----w C:\Program Files\Solway's Internet TV and Radio
2007-11-15 20:04 --------- d-----w C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data\Canon
2007-11-15 19:57 --------- d-----w C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data\ScanSoft
2007-11-15 19:57 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SSScanWizard
2007-11-15 19:57 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SSScanAppDataDir
2007-11-15 19:56 --------- d-----w C:\Program Files\Fichiers communs\ScanSoft Shared
2007-11-15 19:54 --------- d-----w C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data\InterTrust
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 13:03 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet
2007-11-11 12:54 --------- d-----w C:\Program Files\Bonjour
2007-11-11 12:45 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
2007-11-10 18:38 --------- d-----w C:\Documents and Settings\Invité\Application Data\Ahead
2007-11-08 19:57 --------- d-----w C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data\Kazaa Lite
2007-11-07 09:00 --------- d-----w C:\Documents and Settings\Invité\Application Data\Apple Computer
2007-11-06 08:27 --------- d-----w C:\Documents and Settings\Invité\Application Data\Ulead Systems
2007-11-06 08:02 --------- d-----w C:\Documents and Settings\Invité\Application Data\DivX
2007-11-04 20:55 --------- d-----w C:\Program Files\Adverts
2007-11-04 20:05 --------- d-----w C:\Program Files\aft_plug
2007-11-04 20:00 172 ----a-w C:\Program Files\uvs.log
2007-11-04 20:00 100 ----a-w C:\Program Files\MP4Set.ini
2007-11-04 19:59 --------- d-----w C:\Program Files\Content
2007-11-04 19:57 --------- d-----w C:\Program Files\Intel
2007-11-04 19:57 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SmartSound Software Inc
2007-11-04 19:54 --------- d-----w C:\Program Files\Samples
2007-11-04 19:54 --------- d-----w C:\Program Files\ppp
2007-11-04 19:54 --------- d-----w C:\Program Files\motion_plug
2007-11-04 19:54 --------- d-----w C:\Program Files\EditingStyle
2007-11-04 19:54 --------- d-----w C:\Program Files\Device
2007-11-04 19:54 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallShield
2007-11-04 19:53 --------- d-----w C:\Program Files\XML
2007-11-04 19:53 --------- d-----w C:\Program Files\VIO
2007-11-04 19:53 --------- d-----w C:\Program Files\Vfx_plug
2007-11-04 19:53 --------- d-----w C:\Program Files\vft_plug
2007-11-04 19:53 --------- d-----w C:\Program Files\SIO
2007-11-04 19:53 --------- d-----w C:\Program Files\plugin
2007-11-04 19:53 --------- d-----w C:\Program Files\fio
2007-11-04 19:53 --------- d-----w C:\Program Files\EIO
2007-11-04 19:53 --------- d-----w C:\Program Files\Drawing
2007-11-04 19:53 --------- d-----w C:\Program Files\BITMAP
2007-11-04 19:53 --------- d-----w C:\Program Files\AudioQuality
2007-11-04 19:53 --------- d-----w C:\Program Files\afComponent
2007-11-04 19:53 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2007-11-04 18:59 --------- d-----w C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data\CyberLink
2007-11-04 18:58 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\CyberLink
2007-11-04 18:11 --------- d-----w C:\Program Files\Realtek AC97
2007-11-04 17:07 --------- d-----w C:\Program Files\ma-config.com
2007-11-04 17:07 --------- d-----w C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data\ma-config.com
2007-11-04 16:21 --------- d-----w C:\Program Files\Snapshot Viewer
2007-11-04 16:10 --------- d-----w C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data\Microsoft Web Folders
2007-11-04 15:24 --------- d-----w C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data\Ahead
2007-11-04 15:07 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Ahead
2007-11-04 15:06 --------- d-----w C:\Program Files\Ahead
2007-11-04 14:47 --------- d-----w C:\Program Files\MagicISO
2007-11-04 13:33 --------- d-----w C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Application Data\DivX
2007-11-04 13:28 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\LightScribe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-11-21 14:24]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"LightScribe Control Panel"="C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2007-08-23 17:36]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 C:\WINDOWS\soundman.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
"UVS10 Preload"="C:\Program Files\uvPL.exe" [2006-03-07 00:52]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 10:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]
"Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2005-07-28 08:32]
"F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.exe" [2005-10-26 02:51]
"F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2005-07-18 15:51]
"F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe" [2005-10-18 09:29]
"News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2005-05-31 13:45]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09]
C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
Antivirus Firewall.lnk - C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe [2007-12-24 15:45:16]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 09:15:56]
Symantec Fax Starter Edition Port.lnk - C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE [1999-04-06 13:27:42]
Ulead Kalendar Checker.lnk - C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Mes documents\ulead\Dan\CalCheck.exe [2007-11-11 14:47:01]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"
R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 16:04]
R2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2007-12-24 15:45]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 16:14]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2007-12-24 16:04]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 10:03]
S1 lusbaudio;Microphone USB Logitech;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 22:05]
S3 QCEmerald;QuickCam Web Logitech;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 22:05]
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2007-10-31 14:09]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b895825-ac77-11dc-a853-000461a58546}]
\Shell\AutoRun\command - E:\autorun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-27 09:00:00 C:\WINDOWS\Tasks\AACEC4C191897FF5.job"
- c:\docume~1\maison~1.mai\applic~1\knobli~1\VGA WARN ACID.exe
"2007-12-27 09:00:00 C:\WINDOWS\Tasks\AFEF8183918432AF.job"
"2007-12-18 13:43:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-27 08:46:44 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\ANTIVI~1\ANTI-V~1\fsav.exeZ /HARD /ARCHIVE /DISINF /SCHED /NOBREAK /REPORT=C:\PROGRA~1\ANTIVI~1\ANTI-V~1\report.txt
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-27 10:11:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-27 10:11:55
C:\ComboFix2.txt ... 2007-12-26 19:48
.
2007-12-22 08:48:51 --- E O F ---
Et le rapport Hijack This :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:56, on 27/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
C:\Documents and Settings\Maison.MAISON-CP47L4TQ\Mes documents\ulead\Dan\CalCheck.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Mi | | |
