|
|
Auteur
|
Message
|
1
|
|
|
|
Bonjour,
Je ne peux quasiment plus surfer la connection bug. Mozilla est carrement bloqué et internet explorer marche par accés et bug!
J'ai un antivirus bidfinder et j'ai analysé et meme avec counterspy en mode sans echec car non possible sinon et je n'ai pas trouvé de virus ou autre. Je suis cependant pleins de spams.
Merci de votre aide
|
|
mieux vaut tard que jamais
|
|
|
Bonjour,
Télécharge MalwareByte anti malware ici: http://www.commentcamarche.net/telecharger/telecharger-34055379-malwarebyte-s(...) c'est un logiciel gratuit ,faire mise à jour et ensuite recherche examen complet et supprime ce qu'il te trouve
Et ce logiciel très efficace en essaie ici : Tuneup http://www.tuneup.fr/products/tuneup-utilities/ et le lancer . logiciel extra et regroupant un tas d'analyse une fois installé ,tu auras deux icônes de raccourcis sur ton bureau,
Le premier Tuneup maintenance en un clic tu le lance et répare tout ce qui est en rouge sur les résultat d'analyse,
Sur le deuxième icône de raccourcis Tuneup utilities 2008 là tu choisis tout ce que tu désire faire sur ton pc analyse ,rangement ,défragmntation disque dur ,base de régistre etc ... etc ... ce logiciel a lui tout seul regroupe un tas de choses ,tres simple à utiliser il est vraiment extra tu me diras ce que tu en penses ,
Tu peut également avant de faire Tuneup qui est a faire en dernier
Télécharger AVG anti Spyware 7.5 ici : http://www.clubic.com/telecharger-fiche27645-avg-anti-spyware.html
Tiens nous au courant stp
Bonne journée et bon surf
-------
-------
Merci et bon surf
|
|
mieux vaut tard que jamais
|
|
|
Bonjour,
Comme on dit pas de nouvelles = bonnes nouvelles ,du moins je l'espère.
Merci
Bon Week-end
-------
Merci et bon surf
|
|
|
|
|
BOnsoir,
Après cette longue absence en raison de la coupure de ma connection internet par mon FAI qui c'est rajoutée à mon problème initial,je récupère enfin ma ligne aujourd'hui. J'ai utilisé malware qui a permis de surfer quasi normalement mais si je laisse la connection 10 minutes sans rien faire je suis complétement bloqué. Je pense qu'il persiste des problèmes et je vais donc passé à la phase suivante sur les conseils donnés. Bonne nuit et à bientôt
|
|
Modérateur/Helper
|
|
|
Bonjour,
Fais plutôt ça 
Télécharge Hijackthis (de Trend Micro) sur ton Bureau.
Double clique sur HJTInstall.exe pour lancer l'installation.
Clique sur Install.
Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer.
Accepte la licence en cliquant sur Yes.
Clique sur "Do a system scan and save a logfile".
Poste ici le rapport généré.
Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log
Aide : Comment utiliser HijackThis.
|
|
|
|
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:51:43, on 11/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\eqoon\tools\service\eqoonservice.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\espmain.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {3c0338a5-0d38-e198-0204-1ab409a27570} - {07572a90-4ba1-4020-891e-83d05a8330c3} - C:\WINDOWS\system32\rpnqcixy.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [d8cb2c14] rundll32.exe "C:\WINDOWS\system32\imimjfiw.dll",b
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [bend logo clock film] C:\Documents and Settings\All Users\Application Data\Frag great bend logo\Readme Support.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [sect peak] C:\DOCUME~1\JEAN-F~1\APPLIC~1\HtmPoll\Aim Platform.exe
O4 - HKCU\..\Run: [SoundMan] C:\WINDOWS\system32\SOUNDMAN.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\system32\ime" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\system32\Inetsrv" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,DelNodeRunDLL32 "%SystemRoot%\System32\dllcache" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_08] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_09] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_10] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_11] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe
O4 - Global Startup: EPSON SMART PANEL for Scanner.lnk = C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\espmain.exe
O4 - Global Startup: Lancer l'utilitaire d'enregistrement.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?70a572bbbe4b438d84c1a2627eaeef7e
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?70a572bbbe4b438d84c1a2627eaeef7e
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O15 - Trusted IP range: 213.151.173.74
O20 - Winlogon Notify: vtuuuss - vtuuuss.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: eQoon Service - ALTIANET - c:\program files\eqoon\tools\service\eqoonservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
--
End of file - 12358 bytes
Bonjour! Ci joint le rapport demandé. Merci a bientot
|
|
Modérateur/Helper
|
|
|
Re,
Si tu as Vista, fais ceci avant :
Désactive l'UAC( Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ... et valide par OK , il te sera demandé de redémarrer, fais le )
1) Désactive toute protection résidente ( antivirus…) ! Aide ici : http://forum.pcastuces.com/desactiver_les_protections_residentes-f31s4.htm
Déconnecte-toi d’internet, ferme tous les programmes en cours et laisse combofix travailler : ne fais donc pas autre chose en même temps !
Télécharge Combofix de sUBs
Sauvegarde le sur ton bureau et pas ailleurs !
Redémarre en mode sans échecs : aide ici >>>
http://forum.telecharger.01net.com/telecharger/virus_et_assimiles/failles_de_(...)
/!\ Ne jamais redémarrer en mode sans échec via msconfig ! /!\
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport. Il se trouve ici : C:\Combofix.txt
2) Copie/colle un nouveau rapport HiJackThis avec.
|
|
|
|
|
Bonsoir . Je n'ai pas vista et je ne trouve pas la méthode pour désactiver la case utiliser le contrôle.
Je suis sur xp. Merci
|
|
Modérateur/Helper
|
|
|
Re,
L'emploie de "Si" indique que c'est hypothétique. Si tu as vista, fais ceci, sinon passe à la suite.
Tu n'as pas vista, donc tu passes à la suite.
|
|
|
|
|
ComboFix 08-05-11.1 - Jean-Firmin 2008-05-11 23:35:32.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.363 [GMT 2:00]
Endroit: C:\Documents and Settings\Jean-Firmin\Bureau\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
ADS - explorer.exe: deleted 25338 bytes in 5 streams.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\msettings.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\adeeg.ini
C:\WINDOWS\system32\andaqsnb.dll
C:\WINDOWS\system32\auvryukh.dll
C:\WINDOWS\system32\bcegkoqh.dll
C:\WINDOWS\system32\betwmota.dll
C:\WINDOWS\system32\bjvxawhw.dll
C:\WINDOWS\system32\chrxjfmp.dll
C:\WINDOWS\system32\deuviwal.dll
C:\WINDOWS\system32\fatfyfyn.dll
C:\WINDOWS\system32\gcmqiumy.dll
C:\WINDOWS\system32\ivtymdhw.dll
C:\WINDOWS\system32\jkwfmadt.dll
C:\WINDOWS\system32\jrrbrghj.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mxocefuw.dll
C:\WINDOWS\system32\nllhphrn.dll
C:\WINDOWS\system32\oqjgptxm.dll
C:\WINDOWS\system32\qadwjyui.dll
C:\WINDOWS\system32\rarrpewh.dll
C:\WINDOWS\system32\rpnqcixy.dll
C:\WINDOWS\system32\sqjuaepr.dll
C:\WINDOWS\system32\trcupvek.dll
C:\WINDOWS\system32\tulwmwmr.dll
C:\WINDOWS\system32\uuiuqlky.dll
C:\WINDOWS\system32\uwklycwq.dll
C:\WINDOWS\system32\vfkdhmkq.dll
C:\WINDOWS\system32\wqrfctkw.dll
C:\WINDOWS\system32\wujyoqff.dll
C:\WINDOWS\system32\ypdtnsll.dll
C:\WINDOWS\system32\yyscgitg.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-11 to 2008-05-11 ))))))))))))))))))))))))))))))))))))
.
2008-05-11 23:40 . 2008-05-11 23:40 <REP> d-------- C:\WINDOWS\system32\xircom
2008-05-11 23:40 . 2008-05-11 23:40 <REP> d-------- C:\WINDOWS\system32\restore
2008-05-11 23:40 . 2008-05-11 23:40 <REP> d--hs---- C:\WINDOWS\system32\dllcache
2008-05-11 23:40 . 2008-05-11 23:40 <REP> d-------- C:\WINDOWS\srchasst
2008-05-11 23:40 . 2008-05-11 23:40 <REP> d-------- C:\Program Files\microsoft frontpage
2008-05-11 23:31 . 2008-05-11 23:31 34,360 --a------ C:\WINDOWS\system32\drivers\sbapifs.sys
2008-05-11 19:35 . 2008-05-11 19:35 <REP> d-------- C:\Program Files\HtmPoll
2008-05-11 00:44 . 2008-05-11 00:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-27 17:38 . 2008-04-27 17:38 <REP> d-------- C:\Documents and Settings\Jean-Firmin\Application Data\Malwarebytes
2008-04-27 17:35 . 2008-04-30 08:23 0 --a------ C:\Debug.QC6
2008-04-27 17:34 . 2008-04-27 17:34 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-27 17:34 . 2008-04-27 17:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-22 02:00 . 2008-04-22 02:00 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-04-21 02:00 . 2008-04-21 02:00 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-04-20 19:59 . 2008-04-20 19:59 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2008-04-20 19:16 . 2008-04-20 19:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2008-04-20 19:05 . 2008-04-20 19:05 <REP> d-------- C:\Program Files\Sunbelt Software
2008-04-13 21:33 . 2008-05-11 23:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-13 21:33 . 2008-04-13 21:33 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-13 14:34 . 2008-04-19 21:55 1,554 ---hs---- C:\WINDOWS\system32\sdhvrvcf.ini
2008-04-11 21:21 . 2008-04-13 14:26 1,134 ---hs---- C:\WINDOWS\system32\jpyktkqo.ini
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-11 17:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-11 17:37 --------- d-----w C:\Documents and Settings\Jean-Firmin\Application Data\HtmPoll
2008-05-11 17:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Frag great bend logo
2008-05-11 15:15 --------- d-----w C:\Program Files\Maxis
2008-05-10 22:56 --------- d-----w C:\Documents and Settings\Constant\Application Data\HtmPoll
2008-04-29 22:53 1,036,288 ----a-w C:\WINDOWS\explorer.exe
2008-04-27 10:49 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-04-25 21:47 --------- d-----w C:\Program Files\McAfee
2008-04-24 12:11 --------- d-----w C:\Program Files\Picasa2
2008-04-22 05:13 --------- d-----w C:\Program Files\Navilog1
2008-04-09 17:52 --------- d-----w C:\Program Files\ImTOO
2008-04-09 17:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-07 17:54 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-30 13:24 --------- d-----w C:\Documents and Settings\Jean-Firmin\Application Data\Apple Computer
2008-03-22 21:23 --------- d-----w C:\Program Files\Full Tilt Poker
2008-03-22 19:19 --------- d-----w C:\Program Files\LimeWire
2008-03-21 12:41 --------- d-----w C:\Documents and Settings\Juliette\Application Data\HtmPoll
2008-03-21 12:20 --------- d-----w C:\Program Files\Vision Objects
2008-03-17 20:28 --------- d-----w C:\Documents and Settings\Jean-Firmin\Application Data\SiteAdvisor
2008-03-13 17:48 1,409 ----a-w C:\WINDOWS\Fonts\Technic.fot
2008-03-13 17:48 1,409 ----a-w C:\WINDOWS\Fonts\Av_Garde.fot
2008-03-13 17:47 1,409 ----a-w C:\WINDOWS\Fonts\Lydian.fot
2008-03-13 17:47 1,409 ----a-w C:\WINDOWS\Fonts\Bedrock.fot
2006-12-10 19:01 284 ----a-w C:\Documents and Settings\Constant\Application Data\ViewerApp.dat
.
------- Sigcheck -------
2006-07-19 20:47 359040 80082776f5f39852ee40c521806e1135 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"SetDefaultMIDI"="MIDIDef.exe" [2002-12-03 17:16 49152 C:\WINDOWS\MIDIDEF.EXE]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 14:31 68856]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"sect peak"="C:\DOCUME~1\JEAN-F~1\APPLIC~1\HtmPoll\Aim Platform.exe" [2008-05-11 19:34 448512]
"SoundMan"="C:\WINDOWS\system32\SOUNDMAN.EXE" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17Helper"="P17.dll" [2006-03-17 16:11 81408 C:\WINDOWS\system32\P17.DLL]
"InstantAccess"="C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.exe" [1999-12-14 10:12 37376]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 11:40 49152]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [ ]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" [2007-06-29 07:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 15:42 267064]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 23:57 36640]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"d8cb2c14"="C:\WINDOWS\system32\imimjfiw.dll" [ ]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-11-28 12:57 698864]
"bend logo clock film"="C:\Documents and Settings\All Users\Application Data\Frag great bend logo\Jump free.exe" [2008-05-11 23:51 2861568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2004-08-19 16:09 138240]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuuuss]
vtuuuss.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.enc"= ITIG726.acm
"vidc.LEAD"= LCODCCMP2.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"C:\\Program Files\\eQoon\\Tools\\Service\\eQoonService.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\explorer.exe"=
"C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"=
R0 Defrag32b;Defrag32Boot;C:\WINDOWS\system32\drivers\Defrag32b.sys [2004-10-23 09:01]
R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2008-04-20 19:59]
R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 11:22]
R2 Defrag32;Defrag32;C:\WINDOWS\system32\drivers\Defrag32.sys [2004-10-23 09:01]
S1 atitray;atitray;C:\PROGRA~1\NGOATI~1.4\ATT\atitray.sys []
S3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapifs.sys [2008-05-11 23:31]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 23:41]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d877b6f-2ae3-11db-a0f8-00112fb46b50}]
\Shell\AutoRun\command - H:\.pspware\PSPWareLauncher.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4c0f026-b230-11db-a35f-00112fb46b50}]
\Shell\AutoRun\command - H:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df3a39d6-f6bf-11dc-a7de-00112fb46b50}]
\Shell\AutoRun\command - F:\PenInkViewer\Viewer_for_Windows\PenInkViewer.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-09 16:35:05 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-05-11 21:00:00 C:\WINDOWS\Tasks\A253CF169188476A.job"
- c:\docume~1\juliette\applic~1\htmpoll\oneheartdale.exe
"2008-05-11 21:00:00 C:\WINDOWS\Tasks\AA0AE60691899DEE.job"
- c:\docume~1\constant\applic~1\htmpoll\oneheartdale.exe
"2008-05-11 21:31:41 C:\WINDOWS\Tasks\AE4F7AF49188F738.job"
- c:\docume~1\jean-f~1\applic~1\htmpoll\oneheartdale.exe
"2007-10-28 12:41:29 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-10 22:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\iM732PQN.exe
"2008-05-11 07:00:01 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\iM732PQN.exe
"2008-05-11 08:00:07 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\iM732PQN.exe
"2008-05-11 09:00:47 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\iM732PQN.exe
"2008-05-11 10:00:23 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\iM732PQN.exe
"2008-05-11 11:02:21 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\iM732PQN.exe
"2008-05-11 12:00:28 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\iM732PQN.exe
"2008-05-11 13:00:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\iM732PQN.exe
"2008-05-11 14:00:23 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\iM732PQN.exe
"2008-05-09 15:00:34 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\iM732PQN.exe
"2008-05-11 16:00:03 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\iM732PQN.exe
"2008-05-10 23:00:07 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\iM732PQN.exe
"2008-05-11 17:00:08 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\iM732PQN.exe
"2008-05-11 18:00:00 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\iM732PQN.exe
"2008-05-02 19:00:00 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\iM732PQN.exe
"2008-05-02 20:01:54 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\iM732PQN.exe
"2008-05-11 21:00:00 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\iM732PQN.exe
"2008-05-10 22:00:00 C:\WINDOWS\Tasks\At25.job"
- C:\WINDOWS\system32\uON1EC8u.exe
"2008-05-10 23:00:08 C:\WINDOWS\Tasks\At26.job"
- C:\WINDOWS\system32\uON1EC8u.exe
"2008-05-11 00:00:11 C:\WINDOWS\Tasks\At27.job"
- C:\WINDOWS\system32\uON1EC8u.exe
"2008-05-11 01:00:59 C:\WINDOWS\Tasks\At28.job"
- C:\WINDOWS\system32\uON1EC8u.exe
"2008-05-11 02:03:21 C:\WINDOWS\Tasks\At29.job"
- C:\WINDOWS\system32\uON1EC8u.exe
"2008-05-11 00:00:12 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\iM732PQN.exe
"2008-05-11 03:00:12 C:\WINDOWS\Tasks\At30.job"
- C:\WINDOWS\system32\uON1EC8u.exe
"2008-05-11 04:01:32 C:\WINDOWS\Tasks\At31.job"
- C:\WINDOWS\system32\uON1EC8u.exe
"2008-05-11 05:01:35 C:\WINDOWS\Tasks\At32.job"
- C:\WINDOWS\system32\uON1EC8u.exe
"2008-05-08 06:00:00 C:\WINDOWS\Tasks\At33.job"
- C:\WINDOWS\system32\uON1EC8u.exe
"2008-05-11 07:00:01 C:\WINDOWS\Tasks\At34.job"
- C:\WINDOWS\system32\uON1EC8u.exe
"2008-05-11 08:00:09 C:\WINDOWS\Tasks\At35.job"
- C:\WINDOWS\system32\uON1EC8u.exe
"2008-05-11 09:00:49 C:\WINDOWS\Tasks\At36.job"
- C:\WINDOWS\system32\uON1EC8u.exe
"2008-05-11 10:00:25 C:\WINDOWS\Tasks\At37.job"
- C:\WINDOWS\system32\uON1EC8u.exe
"2008-05-11 11:02:23 C:\WINDOWS\Tasks\At38.job"
- C:\WINDOWS\system32\uON1EC8u.exe
"2008-05-11 12:00:30 C:\WINDOWS\Tasks\At39.job"
- C:\WINDOWS\system32\uON1EC8u.exe
"2008-05-11 01:01:02 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\iM732PQN.exe
"2008-05-11 13:00:00 C:\WINDOWS\Tasks\At40.job"
- C:\WINDOWS\system32\uON1EC8u.exe
"2008-05-11 14:00:26 C:\WINDOWS\Tasks\At41.job"
- C:\WINDOWS\system32\uON1EC8u.exe
"2008-05-09 15:00:36 C:\WINDOWS\Tasks\At42.job"
- C:\WINDOWS\system32\uON1EC8u.exe
"2008-05-11 16:00:03 C:\WINDOWS\Tasks\At43.job"
- C:\WINDOWS\system32\uON1EC8u.exe
"2008-05-11 17:00:10 C:\WINDOWS\Tasks\At44.job"
- C:\WINDOWS\system32\uON1EC8u.exe
"2008-05-11 18:00:00 C:\WINDOWS\Tasks\At45.job"
- C:\WINDOWS\system32\uON1EC8u.exe
"2008-05-02 19:00:00 C:\WINDOWS\Tasks\At46.job"
- C:\WINDOWS\system32\uON1EC8u.exe
"2008-05-02 20:02:03 C:\WINDOWS\Tasks\At47.job"
- C:\WINDOWS\system32\uON1EC8u.exe
"2008-05-11 21:00:00 C:\WINDOWS\Tasks\At48.job"
- C:\WINDOWS\system32\uON1EC8u.exe
"2008-05-11 02:03:39 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\iM732PQN.exe
"2008-05-11 03:00:15 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\iM732PQN.exe
"2008-05-11 04:01:34 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\iM732PQN.exe
"2008-05-11 05:01:37 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\iM732PQN.exe
"2008-05-08 06:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\iM732PQN.exe
"2008-05-11 21:15:27 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-02-14 20:35:59 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-02-14 20:35:58 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-11 23:49:02
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\SiteAdvisor\6253\saHook.dll
-> C:\PROGRA~1\TEXTBR~1.0\Bin\TBMHOOK.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\eQoon\Tools\Service\eQoonService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\FICHIE~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\FICHIE~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TextBridge Pro 8.0\Bin\InstantAccess.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\espmain.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-11 23:56:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-11 21:56:26
Pre-Run: 3,935,289,344 octets libres
Post-Run: 4,670,414,848 octets libres
349 Ci joint le rapport! merci
|
|
Modérateur/Helper
|
|
|
|
|
ComboFix 08-05-11.1 - Jean-Firmin 2008-05-12 18:09:07.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.155 [GMT 2:00]
Endroit: C:\Documents and Settings\Jean-Firmin\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jean-Firmin\Mes documents\cFscript.txt
* Resident AV is active
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-12 to 2008-05-12 ))))))))))))))))))))))))))))))))))))
.
2008-05-12 00:24 . 2008-05-12 00:24 16 --a------ C:\WINDOWS\smapanel.ini
2008-05-12 00:02 . 2006-07-19 20:46 747,392 --a------ C:\WINDOWS\system32\dllcache\adm8830.sys
2008-05-12 00:02 . 2006-07-19 20:46 584,448 --a------ C:\WINDOWS\system32\dllcache\adm8810.sys
2008-05-12 00:02 . 2006-07-19 20:46 553,984 --a------ C:\WINDOWS\system32\dllcache\adm8820.sys
2008-05-12 00:02 . 2006-07-19 20:47 84,480 --a------ C:\WINDOWS\system32\dllcache\ac97via.sys
2008-05-12 00:02 . 2006-07-19 20:46 61,952 --a------ C:\WINDOWS\system32\dllcache\acerscad.dll
2008-05-12 00:02 . 2006-07-19 20:46 46,112 --a------ C:\WINDOWS\system32\dllcache\adptsf50.sys
2008-05-12 00:02 . 2006-07-19 20:46 20,160 --a------ C:\WINDOWS\system32\dllcache\adm8511.sys
2008-05-12 00:02 . 2006-07-19 20:47 10,880 --a------ C:\WINDOWS\system32\dllcache\admjoy.sys
2008-05-12 00:02 . 2006-07-19 20:46 7,424 --a------ C:\WINDOWS\system32\dllcache\adicvls.sys
2008-05-12 00:01 . 2006-07-19 20:46 462,848 --a------ C:\WINDOWS\system32\dllcache\a3dapi.dll
2008-05-12 00:01 . 2006-07-19 20:46 297,728 --a------ C:\WINDOWS\system32\dllcache\ac97sis.sys
2008-05-12 00:01 . 2006-07-19 20:47 231,552 --a------ C:\WINDOWS\system32\dllcache\ac97ali.sys
2008-05-12 00:01 . 2006-07-19 20:46 96,256 --a------ C:\WINDOWS\system32\dllcache\ac97intc.sys
2008-05-12 00:01 . 2006-07-19 20:47 48,128 --a------ C:\WINDOWS\system32\dllcache\61883.sys
2008-05-12 00:01 . 2006-07-19 20:46 38,400 --a------ C:\WINDOWS\system32\dllcache\8514a.dll
2008-05-12 00:01 . 2006-07-19 20:46 23,552 --a------ C:\WINDOWS\system32\dllcache\abp480n5.sys
2008-05-11 23:59 . 2006-07-19 20:47 2,150,400 --a------ C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-05-11 23:59 . 2006-07-19 20:46 762,780 --a------ C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-05-11 23:59 . 2006-07-19 20:46 689,216 --a------ C:\WINDOWS\system32\dllcache\3dfxvs.dll
2008-05-11 23:59 . 2006-07-19 20:46 148,352 --a------ C:\WINDOWS\system32\dllcache\3dfxvsm.sys
2008-05-11 23:59 . 2006-07-19 20:47 66,048 --a------ C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-05-11 23:59 . 2006-07-19 20:46 11,264 --a------ C:\WINDOWS\system32\dllcache\1394vdbg.sys
2008-05-11 23:40 . 2008-05-11 23:40 <REP> d-------- C:\WINDOWS\system32\xircom
2008-05-11 23:40 . 2008-05-11 23:40 <REP> d-------- C:\WINDOWS\system32\restore
2008-05-11 23:40 . 2008-05-12 00:32 <REP> d--hs---- C:\WINDOWS\system32\dllcache
2008-05-11 23:40 . 2008-05-11 23:40 <REP> d-------- C:\WINDOWS\srchasst
2008-05-11 23:40 . 2008-05-11 23:40 <REP> d-------- C:\Program Files\microsoft frontpage
2008-05-11 23:31 . 2008-05-11 23:31 34,360 --a------ C:\WINDOWS\system32\drivers\sbapifs.sys
2008-05-11 19:35 . 2008-05-11 19:35 <REP> d-------- C:\Program Files\HtmPoll
2008-05-11 00:44 . 2008-05-11 00:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-27 17:38 . 2008-04-27 17:38 <REP> d-------- C:\Documents and Settings\Jean-Firmin\Application Data\Malwarebytes
2008-04-27 17:35 . 2008-04-30 08:23 0 --a------ C:\Debug.QC6
2008-04-27 17:34 . 2008-04-27 17:34 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-27 17:34 . 2008-04-27 17:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-22 02:00 . 2008-04-22 02:00 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-04-21 02:00 . 2008-04-21 02:00 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-04-20 19:59 . 2008-04-20 19:59 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2008-04-20 19:16 . 2008-04-20 19:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2008-04-20 19:05 . 2008-04-20 19:05 <REP> d-------- C:\Program Files\Sunbelt Software
2008-04-13 21:33 . 2008-05-12 18:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-13 21:33 . 2008-04-13 21:33 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-12 13:51 --------- d-----w C:\Documents and Settings\Juliette\Application Data\HtmPoll
2008-05-11 17:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-11 17:37 --------- d-----w C:\Documents and Settings\Jean-Firmin\Application Data\HtmPoll
2008-05-11 15:15 --------- d-----w C:\Program Files\Maxis
2008-05-10 22:56 --------- d-----w C:\Documents and Settings\Constant\Application Data\HtmPoll
2008-04-29 22:53 1,036,288 ----a-w C:\WINDOWS\explorer.exe
2008-04-27 10:49 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-04-25 21:47 --------- d-----w C:\Program Files\McAfee
2008-04-24 12:11 --------- d-----w C:\Program Files\Picasa2
2008-04-22 05:13 --------- d-----w C:\Program Files\Navilog1
2008-04-09 17:52 --------- d-----w C:\Program Files\ImTOO
2008-04-09 17:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-07 17:54 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-30 13:24 --------- d-----w C:\Documents and Settings\Jean-Firmin\Application Data\Apple Computer
2008-03-22 21:23 --------- d-----w C:\Program Files\Full Tilt Poker
2008-03-22 19:19 --------- d-----w C:\Program Files\LimeWire
2008-03-21 12:20 --------- d-----w C:\Program Files\Vision Objects
2008-03-17 20:28 --------- d-----w C:\Documents and Settings\Jean-Firmin\Application Data\SiteAdvisor
2008-03-13 17:48 1,409 ----a-w C:\WINDOWS\Fonts\Technic.fot
2008-03-13 17:48 1,409 ----a-w C:\WINDOWS\Fonts\Av_Garde.fot
2008-03-13 17:47 1,409 ----a-w C:\WINDOWS\Fonts\Lydian.fot
2008-03-13 17:47 1,409 ----a-w C:\WINDOWS\Fonts\Bedrock.fot
2006-12-10 19:01 284 ----a-w C:\Documents and Settings\Constant\Application Data\ViewerApp.dat
.
------- Sigcheck -------
2006-07-19 20:47 359040 80082776f5f39852ee40c521806e1135 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot_2008-05-12_15.54.21,50 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-12 13:05:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-12 16:02:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"SetDefaultMIDI"="MIDIDef.exe" [2002-12-03 17:16 49152 C:\WINDOWS\MIDIDEF.EXE]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 14:31 68856]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"sect peak"="C:\DOCUME~1\JEAN-F~1\APPLIC~1\HtmPoll\Aim Platform.exe" [2008-05-11 19:34 448512]
"SoundMan"="C:\WINDOWS\system32\SOUNDMAN.EXE" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17Helper"="P17.dll" [2006-03-17 16:11 81408 C:\WINDOWS\system32\P17.DLL]
"InstantAccess"="C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.exe" [ ]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 11:40 49152]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 20:33 57344]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" [2007-06-29 07:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 15:42 267064]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 23:57 36640]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"d8cb2c14"="C:\WINDOWS\system32\imimjfiw.dll" [ ]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-11-28 12:57 698864]
"bend logo clock film"="C:\Documents and Settings\All Users\Application Data\Frag great bend logo\Jump free.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2004-08-19 16:09 138240]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]
C:\Documents and Settings\Jean-Firmin\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
Dragon NaturallySpeaking.lnk - C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe [2007-12-23 15:41:06 2383923]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
EPSON SMART PANEL for Scanner.lnk - C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\espmain.exe [2006-07-20 19:02:19 180224]
Lancer l'utilitaire d'enregistrement.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2006-08-01 13:19:16 1073152]
Monitor.lnk - C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe [2007-01-12 13:27:13 114688]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-09-19 23:32:50 126136]
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2006-12-09 14:20:02 151552]
Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2006-12-09 14:20:00 106496]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuuuss]
vtuuuss.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.enc"= ITIG726.acm
"vidc.LEAD"= LCODCCMP2.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"C:\\Program Files\\eQoon\\Tools\\Service\\eQoonService.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\explorer.exe"=
"C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"=
R0 Defrag32b;Defrag32Boot;C:\WINDOWS\system32\drivers\Defrag32b.sys [2004-10-23 09:01]
R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2008-04-20 19:59]
R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 11:22]
R2 Defrag32;Defrag32;C:\WINDOWS\system32\drivers\Defrag32.sys [2004-10-23 09:01]
R2 eQoon Service;eQoon Service;c:\program files\eqoon\tools\service\eqoonservice.exe [2006-10-25 15:32]
R2 PDSched;PDScheduler;"C:\Program Files\Raxco\PerfectDisk\PDSched.exe" [2005-02-09 11:52]
S1 atitray;atitray;C:\PROGRA~1\NGOATI~1.4\ATT\atitray.sys []
S3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapifs.sys [2008-05-11 23:31]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 23:41]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d877b6f-2ae3-11db-a0f8-00112fb46b50}]
\Shell\AutoRun\command - H:\.pspware\PSPWareLauncher.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4c0f026-b230-11db-a35f-00112fb46b50}]
\Shell\AutoRun\command - H:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df3a39d6-f6bf-11dc-a7de-00112fb46b50}]
\Shell\AutoRun\command - F:\PenInkViewer\Viewer_for_Windows\PenInkViewer.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-09 16:35:05 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2007-10-28 12:41:29 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-12 15:15:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-02-14 20:35:59 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-02-14 20:35:58 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 18:11:52
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\SiteAdvisor\6253\saHook.dll
.
Temps d'accomplissement: 2008-05-12 18:14:25
ComboFix-quarantined-files.txt 2008-05-12 16:14:02
ComboFix2.txt 2008-05-12 13:55:38
ComboFix3.txt 2008-05-11 21:56:34
Pre-Run: 4,672,061,440 octets libres
Post-Run: 4,663,615,488 octets libres
ComboFix 08-05-11.1 - Jean-Firmin 2008-05-12 18:09:07.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.155 [GMT 2:00]
Endroit: C:\Documents and Settings\Jean-Firmin\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jean-Firmin\Mes documents\cFscript.txt
* Resident AV is active
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-12 to 2008-05-12 ))))))))))))))))))))))))))))))))))))
.
2008-05-12 00:24 . 2008-05-12 00:24 16 --a------ C:\WINDOWS\smapanel.ini
2008-05-12 00:02 . 2006-07-19 20:46 747,392 --a------ C:\WINDOWS\system32\dllcache\adm8830.sys
2008-05-12 00:02 . 2006-07-19 20:46 584,448 --a------ C:\WINDOWS\system32\dllcache\adm8810.sys
2008-05-12 00:02 . 2006-07-19 20:46 553,984 --a------ C:\WINDOWS\system32\dllcache\adm8820.sys
2008-05-12 00:02 . 2006-07-19 20:47 84,480 --a------ C:\WINDOWS\system32\dllcache\ac97via.sys
2008-05-12 00:02 . 2006-07-19 20:46 61,952 --a------ C:\WINDOWS\system32\dllcache\acerscad.dll
2008-05-12 00:02 . 2006-07-19 20:46 46,112 --a------ C:\WINDOWS\system32\dllcache\adptsf50.sys
2008-05-12 00:02 . 2006-07-19 20:46 20,160 --a------ C:\WINDOWS\system32\dllcache\adm8511.sys
2008-05-12 00:02 . 2006-07-19 20:47 10,880 --a------ C:\WINDOWS\system32\dllcache\admjoy.sys
2008-05-12 00:02 . 2006-07-19 20:46 7,424 --a------ C:\WINDOWS\system32\dllcache\adicvls.sys
2008-05-12 00:01 . 2006-07-19 20:46 462,848 --a------ C:\WINDOWS\system32\dllcache\a3dapi.dll
2008-05-12 00:01 . 2006-07-19 20:46 297,728 --a------ C:\WINDOWS\system32\dllcache\ac97sis.sys
2008-05-12 00:01 . 2006-07-19 20:47 231,552 --a------ C:\WINDOWS\system32\dllcache\ac97ali.sys
2008-05-12 00:01 . 2006-07-19 20:46 96,256 --a------ C:\WINDOWS\system32\dllcache\ac97intc.sys
2008-05-12 00:01 . 2006-07-19 20:47 48,128 --a------ C:\WINDOWS\system32\dllcache\61883.sys
2008-05-12 00:01 . 2006-07-19 20:46 38,400 --a------ C:\WINDOWS\system32\dllcache\8514a.dll
2008-05-12 00:01 . 2006-07-19 20:46 23,552 --a------ C:\WINDOWS\system32\dllcache\abp480n5.sys
2008-05-11 23:59 . 2006-07-19 20:47 2,150,400 --a------ C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-05-11 23:59 . 2006-07-19 20:46 762,780 --a------ C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-05-11 23:59 . 2006-07-19 20:46 689,216 --a------ C:\WINDOWS\system32\dllcache\3dfxvs.dll
2008-05-11 23:59 . 2006-07-19 20:46 148,352 --a------ C:\WINDOWS\system32\dllcache\3dfxvsm.sys
2008-05-11 23:59 . 2006-07-19 20:47 66,048 --a------ C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-05-11 23:59 . 2006-07-19 20:46 11,264 --a------ C:\WINDOWS\system32\dllcache\1394vdbg.sys
2008-05-11 23:40 . 2008-05-11 23:40 <REP> d-------- C:\WINDOWS\system32\xircom
2008-05-11 23:40 . 2008-05-11 23:40 <REP> d-------- C:\WINDOWS\system32\restore
2008-05-11 23:40 . 2008-05-12 00:32 <REP> d--hs---- C:\WINDOWS\system32\dllcache
2008-05-11 23:40 . 2008-05-11 23:40 <REP> d-------- C:\WINDOWS\srchasst
2008-05-11 23:40 . 2008-05-11 23:40 <REP> d-------- C:\Program Files\microsoft frontpage
2008-05-11 23:31 . 2008-05-11 23:31 34,360 --a------ C:\WINDOWS\system32\drivers\sbapifs.sys
2008-05-11 19:35 . 2008-05-11 19:35 <REP> d-------- C:\Program Files\HtmPoll
2008-05-11 00:44 . 2008-05-11 00:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-27 17:38 . 2008-04-27 17:38 <REP> d-------- C:\Documents and Settings\Jean-Firmin\Application Data\Malwarebytes
2008-04-27 17:35 . 2008-04-30 08:23 0 --a------ C:\Debug.QC6
2008-04-27 17:34 . 2008-04-27 17:34 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-27 17:34 . 2008-04-27 17:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-22 02:00 . 2008-04-22 02:00 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-04-21 02:00 . 2008-04-21 02:00 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-04-20 19:59 . 2008-04-20 19:59 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2008-04-20 19:16 . 2008-04-20 19:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2008-04-20 19:05 . 2008-04-20 19:05 <REP> d-------- C:\Program Files\Sunbelt Software
2008-04-13 21:33 . 2008-05-12 18:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-13 21:33 . 2008-04-13 21:33 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-12 13:51 --------- d-----w C:\Documents and Settings\Juliette\Application Data\HtmPoll
2008-05-11 17:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-11 17:37 --------- d-----w C:\Documents and Settings\Jean-Firmin\Application Data\HtmPoll
2008-05-11 15:15 --------- d-----w C:\Program Files\Maxis
2008-05-10 22:56 --------- d-----w C:\Documents and Settings\Constant\Application Data\HtmPoll
2008-04-29 22:53 1,036,288 ----a-w C:\WINDOWS\explorer.exe
2008-04-27 10:49 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-04-25 21:47 --------- d-----w C:\Program Files\McAfee
2008-04-24 12:11 --------- d-----w C:\Program Files\Picasa2
2008-04-22 05:13 --------- d-----w C:\Program Files\Navilog1
2008-04-09 17:52 --------- d-----w C:\Program Files\ImTOO
2008-04-09 17:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-07 17:54 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-30 13:24 --------- d-----w C:\Documents and Settings\Jean-Firmin\Application Data\Apple Computer
2008-03-22 21:23 --------- d-----w C:\Program Files\Full Tilt Poker
2008-03-22 19:19 --------- d-----w C:\Program Files\LimeWire
2008-03-21 12:20 --------- d-----w C:\Program Files\Vision Objects
2008-03-17 20:28 --------- d-----w C:\Documents and Settings\Jean-Firmin\Application Data\SiteAdvisor
2008-03-13 17:48 1,409 ----a-w C:\WINDOWS\Fonts\Technic.fot
2008-03-13 17:48 1,409 ----a-w C:\WINDOWS\Fonts\Av_Garde.fot
2008-03-13 17:47 1,409 ----a-w C:\WINDOWS\Fonts\Lydian.fot
2008-03-13 17:47 1,409 ----a-w C:\WINDOWS\Fonts\Bedrock.fot
2006-12-10 19:01 284 ----a-w C:\Documents and Settings\Constant\Application Data\ViewerApp.dat
.
------- Sigcheck -------
2006-07-19 20:47 359040 80082776f5f39852ee40c521806e1135 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot_2008-05-12_15.54.21,50 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-12 13:05:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-12 16:02:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"SetDefaultMIDI"="MIDIDef.exe" [2002-12-03 17:16 49152 C:\WINDOWS\MIDIDEF.EXE]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 14:31 68856]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"sect peak"="C:\DOCUME~1\JEAN-F~1\APPLIC~1\HtmPoll\Aim Platform.exe" [2008-05-11 19:34 448512]
"SoundMan"="C:\WINDOWS\system32\SOUNDMAN.EXE" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17Helper"="P17.dll" [2006-03-17 16:11 81408 C:\WINDOWS\system32\P17.DLL]
"InstantAccess"="C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.exe" [ ]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 11:40 49152]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 20:33 57344]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" [2007-06-29 07:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 15:42 267064]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 23:57 36640]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"d8cb2c14"="C:\WINDOWS\system32\imimjfiw.dll" [ ]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-11-28 12:57 698864]
"bend logo clock film"="C:\Documents and Settings\All Users\Application Data\Frag great bend logo\Jump free.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2004-08-19 16:09 138240]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]
C:\Documents and Settings\Jean-Firmin\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
Dragon NaturallySpeaking.lnk - C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe [2007-12-23 15:41:06 2383923]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
EPSON SMART PANEL for Scanner.lnk - C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\espmain.exe [2006-07-20 19:02:19 180224]
Lancer l'utilitaire d'enregistrement.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2006-08-01 13:19:16 1073152]
Monitor.lnk - C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe [2007-01-12 13:27:13 114688]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-09-19 23:32:50 126136]
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2006-12-09 14:20:02 151552]
Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2006-12-09 14:20:00 106496]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuuuss]
vtuuuss.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.enc"= ITIG726.acm
"vidc.LEAD"= LCODCCMP2.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"C:\\Program Files\\eQoon\\Tools\\Service\\eQoonService.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\explorer.exe"=
"C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"=
R0 Defrag32b;Defrag32Boot;C:\WINDOWS\system32\drivers\Defrag32b.sys [2004-10-23 09:01]
R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2008-04-20 19:59]
R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 11:22]
R2 Defrag32;Defrag32;C:\WINDOWS\system32\drivers\Defrag32.sys [2004-10-23 09:01]
R2 eQoon Service;eQoon Service;c:\program files\eqoon\tools\service\eqoonservice.exe [2006-10-25 15:32]
R2 PDSched;PDScheduler;"C:\Program Files\Raxco\PerfectDisk\PDSched.exe" [2005-02-09 11:52]
S1 atitray;atitray;C:\PROGRA~1\NGOATI~1.4\ATT\atitray.sys []
S3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapifs.sys [2008-05-11 23:31]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 23:41]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d877b6f-2ae3-11db-a0f8-00112fb46b50}]
\Shell\AutoRun\command - H:\.pspware\PSPWareLauncher.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4c0f026-b230-11db-a35f-00112fb46b50}]
\Shell\AutoRun\command - H:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df3a39d6-f6bf-11dc-a7de-00112fb46b50}]
\Shell\AutoRun\command - F:\PenInkViewer\Viewer_for_Windows\PenInkViewer.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-09 16:35:05 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2007-10-28 12:41:29 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-12 15:15:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-02-14 20:35:59 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-02-14 20:35:58 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 18:11:52
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\SiteAdvisor\6253\saHook.dll
.
Temps d'accomplissement: 2008-05-12 18:14:25
ComboFix-quarantined-files.txt 2008-05-12 16:14:02
ComboFix2.txt 2008-05-12 13:55:38
ComboFix3.txt 2008-05-11 21:56:34
et le rapport HJT
Pre-Run: 4,672,061,440 octets libres
Post-Run: 4,663,615,488 octets libresLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:41:14, on 12/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\eqoon\tools\service\eqoonservice.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\espmain.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [d8cb2c14] rundll32.exe "C:\WINDOWS\system32\imimjfiw.dll",b
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [bend logo clock film] C:\Documents and Settings\All Users\Application Data\Frag great bend logo\Jump free.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [sect peak] C:\DOCUME~1\JEAN-F~1\APPLIC~1\HtmPoll\Aim Platform.exe
O4 - HKCU\..\Run: [SoundMan] C:\WINDOWS\system32\SOUNDMAN.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\system32\ime" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\system32\Inetsrv" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,DelNodeRunDLL32 "%SystemRoot%\System32\dllcache" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_08] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_09] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_10] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_11] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe
O4 - Global Startup: EPSON SMART PANEL for Scanner.lnk = C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\espmain.exe
O4 - Globa | | |
