Et bien voilà voilà ! Rapport ComboFix:
ComboFix 08-07-24.1 - Garçons 2008-07-25 10:33:04.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.232 [GMT 2:00]
Endroit: C:\Documents and Settings\Garçons\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\MabryObj.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-25 to 2008-07-25 ))))))))))))))))))))))))))))))))))))
.
2008-07-19 10:26 . 2008-07-18 19:15 36,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-19 10:05 . 2008-07-19 10:05 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-19 10:05 . 2008-07-19 10:05 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-13 19:19 . 2008-07-13 19:19 4,096 --a------ C:\WINDOWS\system32\crash
2008-07-09 09:46 . 2008-07-09 09:46 <REP> d-------- C:\Program Files\DNA
2008-07-05 09:15 . 2008-07-16 16:41 106,496 --a------ C:\WINDOWS\DUMP6ce3.tmp
2008-07-05 09:15 . 2008-07-16 16:39 106,496 --a------ C:\WINDOWS\DUMP5b5e.tmp
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-25 08:30 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-07-25 08:26 --------- d-----w C:\Documents and Settings\Garçons\Application Data\DNA
2008-07-25 07:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-25 06:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-19 08:26 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-07-18 17:15 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-07-18 06:37 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-18 06:02 106,496 ----a-w C:\WINDOWS\DUMP5c58.tmp
2008-07-18 06:02 106,496 ----a-w C:\WINDOWS\DUMP5256.tmp
2008-07-17 17:16 106,496 ----a-w C:\WINDOWS\DUMP4f7d.tmp
2008-07-17 17:15 106,496 ----a-w C:\WINDOWS\DUMP4f88.tmp
2008-07-17 17:14 106,496 ----a-w C:\WINDOWS\DUMP4f9d.tmp
2008-07-17 17:12 106,496 ----a-w C:\WINDOWS\DUMP4f6a.tmp
2008-07-17 17:11 106,496 ----a-w C:\WINDOWS\DUMP4f9c.tmp
2008-07-17 17:10 106,496 ----a-w C:\WINDOWS\DUMP4f5c.tmp
2008-07-17 17:09 106,496 ----a-w C:\WINDOWS\DUMP4eec.tmp
2008-07-17 17:07 106,496 ----a-w C:\WINDOWS\DUMP4fa9.tmp
2008-07-17 17:06 106,496 ----a-w C:\WINDOWS\DUMP4f9b.tmp
2008-07-17 17:05 106,496 ----a-w C:\WINDOWS\DUMP597a.tmp
2008-07-17 17:04 106,496 ----a-w C:\WINDOWS\DUMP536f.tmp
2008-07-17 17:03 106,496 ----a-w C:\WINDOWS\DUMP535f.tmp
2008-07-17 17:01 106,496 ----a-w C:\WINDOWS\DUMP4eeb.tmp
2008-07-17 17:00 106,496 ----a-w C:\WINDOWS\DUMP511d.tmp
2008-07-17 16:59 106,496 ----a-w C:\WINDOWS\DUMP4f0b.tmp
2008-07-17 16:58 106,496 ----a-w C:\WINDOWS\DUMP4fc7.tmp
2008-07-17 16:56 106,496 ----a-w C:\WINDOWS\DUMP4f29.tmp
2008-07-17 16:55 106,496 ----a-w C:\WINDOWS\DUMP4f5b.tmp
2008-07-17 16:54 106,496 ----a-w C:\WINDOWS\DUMP4fa8.tmp
2008-07-17 16:53 106,496 ----a-w C:\WINDOWS\DUMP4f9a.tmp
2008-07-17 16:52 106,496 ----a-w C:\WINDOWS\DUMP4f7c.tmp
2008-07-17 16:50 106,496 ----a-w C:\WINDOWS\DUMP4fa7.tmp
2008-07-17 16:49 106,496 ----a-w C:\WINDOWS\DUMP4fd8.tmp
2008-07-17 16:48 106,496 ----a-w C:\WINDOWS\DUMP5033.tmp
2008-07-17 16:47 106,496 ----a-w C:\WINDOWS\DUMP4fc6.tmp
2008-07-17 16:46 106,496 ----a-w C:\WINDOWS\DUMP4f5a.tmp
2008-07-17 16:44 106,496 ----a-w C:\WINDOWS\DUMP513d.tmp
2008-07-17 16:43 106,496 ----a-w C:\WINDOWS\DUMP513c.tmp
2008-07-17 16:42 106,496 ----a-w C:\WINDOWS\DUMP4f7b.tmp
2008-07-17 16:41 106,496 ----a-w C:\WINDOWS\DUMP4fd7.tmp
2008-07-17 16:40 106,496 ----a-w C:\WINDOWS\DUMP4fe5.tmp
2008-07-17 16:38 106,496 ----a-w C:\WINDOWS\DUMP4f7a.tmp
2008-07-17 16:37 106,496 ----a-w C:\WINDOWS\DUMP4f99.tmp
2008-07-17 16:36 106,496 ----a-w C:\WINDOWS\DUMP4f48.tmp
2008-07-17 16:35 106,496 ----a-w C:\WINDOWS\DUMP4f79.tmp
2008-07-17 16:33 106,496 ----a-w C:\WINDOWS\DUMP4f98.tmp
2008-07-17 16:32 106,496 ----a-w C:\WINDOWS\DUMP4f1a.tmp
2008-07-17 16:31 106,496 ----a-w C:\WINDOWS\DUMP4f78.tmp
2008-07-17 16:30 106,496 ----a-w C:\WINDOWS\DUMP51e8.tmp
2008-07-17 16:29 106,496 ----a-w C:\WINDOWS\DUMP4f69.tmp
2008-07-17 16:27 106,496 ----a-w C:\WINDOWS\DUMP51c9.tmp
2008-07-17 16:26 106,496 ----a-w C:\WINDOWS\DUMP4fd6.tmp
2008-07-17 16:25 106,496 ----a-w C:\WINDOWS\DUMP4f39.tmp
2008-07-17 16:24 106,496 ----a-w C:\WINDOWS\DUMP4f68.tmp
2008-07-17 16:23 106,496 ----a-w C:\WINDOWS\DUMP5246.tmp
2008-07-17 16:21 106,496 ----a-w C:\WINDOWS\DUMP4fd5.tmp
2008-07-17 16:20 106,496 ----a-w C:\WINDOWS\DUMP5081.tmp
2008-07-17 16:19 106,496 ----a-w C:\WINDOWS\DUMP4f59.tmp
2008-07-17 16:18 106,496 ----a-w C:\WINDOWS\DUMP4f87.tmp
2008-07-17 16:17 106,496 ----a-w C:\WINDOWS\DUMP4f58.tmp
2008-07-17 16:15 106,496 ----a-w C:\WINDOWS\DUMP510e.tmp
2008-07-17 16:14 106,496 ----a-w C:\WINDOWS\DUMP4efa.tmp
2008-07-17 16:13 106,496 ----a-w C:\WINDOWS\DUMP4f77.tmp
2008-07-17 16:12 106,496 ----a-w C:\WINDOWS\DUMP515c.tmp
2008-07-17 16:10 106,496 ----a-w C:\WINDOWS\DUMP4f97.tmp
2008-07-17 16:09 106,496 ----a-w C:\WINDOWS\DUMP4fc5.tmp
2008-07-17 16:08 106,496 ----a-w C:\WINDOWS\DUMP4fa6.tmp
2008-07-17 16:07 106,496 ----a-w C:\WINDOWS\DUMP5004.tmp
2008-07-17 16:06 106,496 ----a-w C:\WINDOWS\DUMP4f0a.tmp
2008-07-17 16:04 106,496 ----a-w C:\WINDOWS\DUMP5af1.tmp
2008-07-13 17:15 --------- d-----w C:\Program Files\World of Warcraft
2008-07-12 14:11 --------- d-----w C:\Program Files\WowCartographe
2008-07-09 10:27 --------- d-----w C:\Documents and Settings\Garçons\Application Data\BitTorrent
2008-06-22 05:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-22 05:43 --------- d-----w C:\Program Files\Lavasoft
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-19 15:55 --------- d-----w C:\Program Files\Fichiers communs\Softwin
2008-06-19 15:53 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-06-19 14:22 --------- d-----w C:\Program Files\Trend Micro
2008-06-19 09:37 --------- d-----w C:\Program Files\CCleaner
2008-06-19 09:36 --------- d-----w C:\Program Files\Yahoo!
2008-06-18 09:59 --------- d-----w C:\Program Files\Windows Live
2008-06-18 09:58 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-06-18 09:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-18 06:08 --------- d-----w C:\Documents and Settings\Garçons\Application Data\VSO
2008-06-16 14:48 --------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-13 12:45 579,464 ----a-w C:\WINDOWS\system32\SymNeti.dll
2008-06-13 12:45 207,240 ----a-w C:\WINDOWS\system32\SymRedir.dll
2008-06-13 12:14 31,280 ----a-w C:\WINDOWS\system32\drivers\SymIM.sys
2008-06-13 12:14 13,093 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
2008-06-13 12:14 1,611 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.EXE" [2004-10-13 18:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-07-09 09:46 289088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 22:10 335872]
"VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" [2003-08-13 11:33 299008]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-03-10 15:45 185896]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 12:41 196608]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"flockbox"="C:\Program Files\My Lockbox\flockbox.exe" [2007-12-14 17:59 1071472]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-02-14 12:01 51048]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 22:53 714608]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-02-28 10:59 570664]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 00:34 57344 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-05 18:07:56 125624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-02-28 18:07 1828136 C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-07 16:55 267064 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 17:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat"=
"C:\\Program Files\\Electronic Arts\\L'Avènement du Roi-sorcier\\game.dat"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
R0 MPRIFL;MPRIFL;C:\WINDOWS\system32\DRIVERS\MPRIFL.SYS [2007-12-13 21:13]
R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2003-06-16 17:07]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [2008-02-14 12:02]
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 12:17]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);C:\WINDOWS\system32\DRIVERS\zebrceb.sys [2008-02-13 15:50]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 22:32]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-02-13 15:50]
S3 lredbooo;lredbooo;C:\DOCUME~1\GARONS~1\LOCALS~1\Temp\lredbooo.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 07:58]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1ae257e-c8c5-11db-85e9-000c7683870f}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{c23dd370-cb79-11d2-898a-00c04f80a47f}]
rundll32.exe advpack.dll,LaunchINFSectionEx %SystemRoot%\INF\toolimg.inf,PerUserStub.Install,,36
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-06-23 06:45:47 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-14 18:00:31 C:\WINDOWS\Tasks\Norton Internet Security - Effectuer une analyse complète du système - Garçons.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
- - - - ORPHANS REMOVED - - - -
Notify-WgaLogon - (no file)
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.fr/
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 -: {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Program Files\Internet Explorer\Toolbar\toolbar.hta
O18 -: Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\itss51.dll
O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-25 10:36:24
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
**************************************************************************
.
Temps d'accomplissement: 2008-07-25 10:39:38
ComboFix-quarantined-files.txt 2008-07-25 08:38:36
Pre-Run: 23,687,430,144 octets libres
Post-Run: 23,709,573,120 octets libres
230 --- E O F --- 2008-07-16 14:55:10
----------------------------------------------------------------------------------------------------------------------------------------------------------
Rapport HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:56, on 25/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\My Lockbox\flockbox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Afficher Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [flockbox] C:\Program Files\My Lockbox\flockbox.exe /a
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Program Files\Internet Explorer\Toolbar\toolbar.hta
O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Program Files\Internet Explorer\Toolbar\toolbar.hta
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\befr.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
End of file - 9089 bytes
--------------------------------------------------------------------------------------------------------------------------------------------------
[b][u]DITE MOI CE QU'IL EN EST SVP (j'ai mis en grand pour pas que vous loupiez le message, je ne suis en aucun cas énervé!) , vous pensez que le virus est supprimé? Et à l'avenir (si le virus est bien mort et qu'il n'y en a plus) que dois-je utiliser pour éviter tout infection de ce genre? J'utilise Norton mais il l'a laissé passer! Je peux utiliser Bitdefender mais il ralentit mon PC, qu'en pensez-vous svp?
--
Os iusti meditabitur sapientiam, Et lingua eius loquetur indicium.
Beatus vir qui suffert tentationem, Quoniqm cum probates fuerit accipient coronam vitae.
"peut rien" télécharer cause system defender
