Analyse fichier hijackthis mawarebytes
Résolu/Fermé
A voir également:
- Analyse fichier hijackthis mawarebytes
- Fichier rar - Guide
- Fichier host - Guide
- Fichier iso - Guide
- Comment réduire la taille d'un fichier - Guide
- Ouvrir fichier .bin - Guide
6 réponses
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
16 déc. 2008 à 20:28
16 déc. 2008 à 20:28
slt,
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
16 déc. 2008 à 22:09
16 déc. 2008 à 22:09
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
____________________________
Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :
http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe
/!\ Déconnectes toi et fermes toutes applications en cours
● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Double clique sur l'icône Ad-removersituée sur ton bureau
● Au menu principal choisi l'option "A"
● Postes le rapport qui apparait à la fin .
( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note :
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
____________________________
a la fin il faudra:
mettre a jour internet explorer
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
mettre à jour adobe reader
https://acrobat.adobe.com/fr/fr/acrobat/pdf-reader.html
mettre a jour java:
Télécharge JavaRa.zip de Paul 'Prm753' McLain et Fred de Vries.
Décompresse le fichier sur ton bureau (clique droit > Extraire tout.)
Double-clique sur le répertoire JavaRa obtenu.
Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)
Clique sur Search For Updates.
Sélectionne Update Using jucheck.exe puis clique sur Search.
Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes.
Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions.
Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.
Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse.
Note : le rapport se trouve aussi à la racine de la partition système, en général C:\ sous le nom JavaRa.log
(c:\JavaRa.log)
Ferme l'application.
si cela ne fonctionne pas
https://www.java.com/fr/download/windows_manual.jsp?locale=fr&host=www.java.com:80
tu peux désinstaller les vieilles versions.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
____________________________
Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :
http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe
/!\ Déconnectes toi et fermes toutes applications en cours
● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Double clique sur l'icône Ad-removersituée sur ton bureau
● Au menu principal choisi l'option "A"
● Postes le rapport qui apparait à la fin .
( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note :
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
____________________________
a la fin il faudra:
mettre a jour internet explorer
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
mettre à jour adobe reader
https://acrobat.adobe.com/fr/fr/acrobat/pdf-reader.html
mettre a jour java:
Télécharge JavaRa.zip de Paul 'Prm753' McLain et Fred de Vries.
Décompresse le fichier sur ton bureau (clique droit > Extraire tout.)
Double-clique sur le répertoire JavaRa obtenu.
Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)
Clique sur Search For Updates.
Sélectionne Update Using jucheck.exe puis clique sur Search.
Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes.
Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions.
Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.
Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse.
Note : le rapport se trouve aussi à la racine de la partition système, en général C:\ sous le nom JavaRa.log
(c:\JavaRa.log)
Ferme l'application.
si cela ne fonctionne pas
https://www.java.com/fr/download/windows_manual.jsp?locale=fr&host=www.java.com:80
tu peux désinstaller les vieilles versions.
super, merci pour ton aide tout a bien marché : le message bizarre que j'avais au début de windows a disparu, et lorsque j'ai relancé malwarebytes, le rapport n'indique plus de trace du trojan.agent. ci joint les rapports de combofix et ad remover pour que tu vérifies si tout est bien clean, encore merci.
ComboFix 08-12-15.08 - Compaq_Propriétaire 2008-12-16 22:30:15.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1022.593 [GMT 1:00]
Lancé depuis: c:\documents and settings\Compaq_Propriétaire\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\pack.epk
c:\windows\system32\test.ttt
c:\windows\system32\win32hlp.cnf
c:\windows\Tasks\vmjluzms.job
D:\Autorun.inf
[color=blue]Une copie infectée de c:\windows\system32\userinit.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\qoobox\Quarantine\C\\WINDOWS\system32\userinit.exe.vir[/COLOR]
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-16 au 2008-12-16 ))))))))))))))))))))))))))))))))))))
.
2008-12-16 21:49 . 2008-12-16 21:50 <REP> d-------- C:\rsit
2008-12-16 18:24 . 2008-12-16 18:25 <REP> d-------- c:\windows\ERUNT
2008-12-16 18:15 . 2008-12-16 18:56 <REP> d-------- C:\SDFix
2008-12-15 22:18 . 2008-12-15 22:18 <REP> d-------- c:\documents and settings\Compaq_Propriétaire\Application Data\Grisoft
2008-12-15 22:18 . 2008-12-15 22:18 <REP> d-------- c:\documents and settings\All Users\Application Data\Grisoft
2008-12-15 20:59 . 2007-05-30 13:10 10,872 --a------ c:\windows\system32\drivers\AvgAsCln.sys
2008-12-15 19:51 . 2008-12-15 20:55 <REP> d-------- c:\windows\BDOSCAN8
2008-12-15 19:13 . 2008-12-15 19:13 <REP> d-------- c:\program files\Trend Micro
2008-12-15 18:08 . 2008-12-15 19:08 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-14 17:30 . 2008-10-16 11:23 3,088,384 --a------ c:\windows\system32\SET602.tmp
2008-12-14 17:30 . 2008-10-16 11:23 3,088,384 --a------ c:\windows\system32\SET5C7.tmp
2008-12-14 17:30 . 2008-10-16 11:23 1,024,512 --a------ c:\windows\system32\SET60A.tmp
2008-12-14 17:30 . 2008-10-16 11:23 1,024,512 --a------ c:\windows\system32\SET5CF.tmp
2008-12-14 17:30 . 2008-10-16 11:23 671,744 --a------ c:\windows\system32\SET5FA.tmp
2008-12-14 17:30 . 2008-10-16 11:23 671,744 --a------ c:\windows\system32\SET5BF.tmp
2008-12-14 17:30 . 2008-10-16 11:23 474,624 --a------ c:\windows\system32\SET5FC.tmp
2008-12-14 17:30 . 2008-10-16 11:23 474,624 --a------ c:\windows\system32\SET5C1.tmp
2008-12-14 17:30 . 2008-10-16 11:23 449,024 --a------ c:\windows\system32\SET5C6.tmp
2008-12-14 17:29 . 2008-10-16 11:23 1,499,648 --a------ c:\windows\system32\SET5FD.tmp
2008-12-14 17:29 . 2008-10-16 11:23 1,499,648 --a------ c:\windows\system32\SET5C2.tmp
2008-12-14 17:29 . 2008-10-16 11:23 621,056 --a------ c:\windows\system32\SET5FB.tmp
2008-12-14 17:29 . 2008-10-16 11:23 621,056 --a------ c:\windows\system32\SET5C0.tmp
2008-12-14 17:29 . 2008-10-16 11:23 251,904 --a------ c:\windows\system32\SET605.tmp
2008-12-14 17:29 . 2008-10-16 11:23 251,904 --a------ c:\windows\system32\SET5CA.tmp
2008-12-14 15:38 . 2008-12-14 15:38 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-14 15:38 . 2008-12-14 15:38 <REP> d-------- c:\documents and settings\Compaq_Propriétaire\Application Data\Malwarebytes
2008-12-14 15:38 . 2008-12-14 15:38 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-14 15:38 . 2008-12-03 19:54 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-14 15:38 . 2008-12-03 19:54 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-14 15:36 . 2008-12-14 18:39 <REP> d-------- c:\program files\Yahoo!
2008-12-14 15:35 . 2008-12-14 15:36 <REP> d-------- c:\program files\CCleaner
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-16 21:31 25,088 ----a-w c:\windows\system32\userinit.exe
2008-12-16 21:31 25,088 ----a-w c:\windows\system32\dllcache\userinit.exe
2008-12-14 21:28 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-14 21:26 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-14 21:19 --------- d-----w c:\program files\Lavasoft
2008-12-14 19:44 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-14 14:29 --------- d-----w c:\program files\Neuf
2008-12-14 14:28 --------- d-----w c:\program files\crocpopup+
2008-12-14 11:10 --------- d-----w c:\program files\eMule
2008-12-14 11:05 --------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\Canon
2008-11-01 09:30 --------- d-----w c:\program files\Winamp
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 13:00 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 13:00 283,648 ----a-w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:17 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:17 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2007-12-27 09:27 724 ----a-w c:\documents and settings\Compaq_Propriétaire\Application Data\wklnhst.dat
2006-10-11 08:04 61,036 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 48,742 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 29,313 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 41,082 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 166,510 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2006-05-27 12:22 22 --sha-w c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"SweetIM"="c:\program files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 73840]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-05 155648]
"PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-14 7323648]
"NAV Agent"="c:\progra~1\NORTON~1\navapw32.exe" [2001-08-21 74832]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-03 61440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-23 278528]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 49152]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"nwiz"="nwiz.exe" [2005-12-14 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 36040]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\TEMP\\CI_HITACHI\\MAJ_Hitachi.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\WINDOWS\\system32\\mcoinstall.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R3 SPC620;Philips SPC620NC PC Camera;c:\windows\system32\drivers\SPC620.sys [2007-12-31 484864]
R3 SPC620m;Philips SPC620NC PC Cameram;c:\windows\system32\drivers\SPC620m.sys [2007-12-31 7680]
S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;c:\windows\system32\DRIVERS\usb8023.sys [2004-08-05 12672]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Contenu du dossier 'Tâches planifiées'
2008-12-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
1981-07-23 c:\windows\Tasks\Norton AntiVirus - Analyser mon ordinateur.job
- c:\progra~1\NORTON~1\NAVW32.exe [2001-08-21 09:29]
2006-07-28 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-08-24 18:22]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-StandardInstall - (no file)
HKLM-Run-PCDrProfiler - (no file)
HKLM-Run-NWEReboot - (no file)
Notify-xxyxuRLc - xxyxuRLc.dll
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.club-internet.fr
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://redirect.hp.com/svs/rdr?TYPE=3&tp=ebay&pf=desktop&locale=fr_fr&bd=all&c=q106
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: {0C2724A6-3812-43E0-B8C5-FAF021AA2B16} = 194.117.200.10,194.117.200.15
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\CONFLICT.1\telechargement-photoweb.ocx
O16 -: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB}
hxxp://www4.photoweb.fr/telechargement/Photoweb_uploader.cab
c:\windows\Downloaded Program Files\CONFLICT.1\telechargement-photoweb.inf
c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\ImageUploader5.ocx
O16 -: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
hxxp://www.photoweb.fr/telechargement/telechargement-photoweb.cab
c:\windows\Downloaded Program Files\ImageUploader5.inf
c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\telechargement-photoweb.ocx
O16 -: {68C1822F-F5C7-4404-A73F-03C10E0E94DA}
hxxp://www4.photoweb.fr/telechargement/Photoweb_uploader.cab
c:\windows\Downloaded Program Files\telechargement-photoweb.inf
c:\windows\Downloaded Program Files\WinWeb.dll - O16 -: {7876E4A5-78B7-4020-B08F-C960A1ED54C9}
hxxp://86.206.44.98/WinWebPush.cab
FF - ProfilePath - c:\documents and settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\gsw4mjo5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.fr/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA2&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-16 22:33:32
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\windows\TEMP\TMP00000008CA8F893658EBA639 524288 bytes
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Norton AntiVirus\Navapsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Fichiers communs\Symantec Shared\Security Center\symwsc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\windows\VPro620.exe
c:\program files\Club-Internet\Dr Club Internet\bin\mpbtn.exe
c:\program files\Club-Internet\Lanceur\lanceur.exe
c:\program files\Fichiers communs\Symantec Shared\Security Center\SymSCUI.exe
.
**************************************************************************
.
Heure de fin: 2008-12-16 22:41:18 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-16 21:41:15
Avant-CF: 171 290 513 408 octets libres
Après-CF: 171,349,884,928 octets libres
224 --- E O F --- 2008-12-14 18:59:56
--------- Logfile of AD-Remover 1.0.7.7 by C_XX ---------
# START at: 22:45:07 | Mar 16/12/2008 | Microsoft® Windows XP™ (v5.1.2600)
# BOOT MODE: Normal
# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: NOM-EB85C523610 | USER: Compaq_Propri‚taire ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: FAT32)
- F:\ (File System: FAT32)
- G:\ (File System: FAT32)
- H:\ (File System: FAT32)
- I:\ (File System: FAT32)
- J:\ (File System: FAT32)
# Internet Explorer v6.0.2900.2180
--------- [ RUNNING PROCESSES: 40 ] ---------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\VPro620.exe
C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\ntvdm.exe
-----------------------------------
+-----------------------| Boonty/Boonty Games Elements found :
"HKEY_LOCAL_MACHINE\Software\Boonty"
.
[04/05/2006 18:49|d--------] C:\PROGRA~1\BOONTY~1
[04/05/2006 10:26|--a------] C:\PROGRA~1\BOONTY~1\BUBBLE~1.EXE
[04/05/2006 10:35|d--------] C:\PROGRA~1\BOONTY~1\COMPON~1
[04/05/2006 10:35|--a------] C:\PROGRA~1\BOONTY~1\PACMAN~1.EXE
[27/10/2004 15:53|--a------] C:\PROGRA~1\BOONTY~1\COMPON~1\bureau.url
[27/10/2003 13:07|--a------] C:\PROGRA~1\BOONTY~1\COMPON~1\Joystick.ico
[27/10/2004 15:53|--a------] C:\PROGRA~1\BOONTY~1\COMPON~1\start.url
+-----------------------| Eorezo Elements found :
.
+-----------------------| Everest Poker Elements found :
.
+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :
.
+-----------------------| Messenger Skinner Elements found :
.
+-----------------------| Sweetim Elements found :
"HKEY_CLASSES_ROOT\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run" /v "SweetIM"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Upgradecodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks" /v "{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Macrogaming"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9"
.
[23/07/2007 18:27|d--------] C:\PROGRA~1\MACROG~1
[23/07/2007 18:27|d--------] C:\PROGRA~1\MACROG~1\SweetIM
[14/12/2008 21:04|d--------] C:\PROGRA~1\MACROG~1\SWEETI~1
[23/07/2007 18:27|d--------] C:\PROGRA~1\MACROG~1\SweetIM\conf
[23/07/2007 18:27|d--------] C:\PROGRA~1\MACROG~1\SweetIM\data
[20/12/2006 16:00|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\default.xml
[23/07/2007 18:27|d--------] C:\PROGRA~1\MACROG~1\SweetIM\logs
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGADAP~1.DLL
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGARCH~1.DLL
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\mgcommon.dll
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGCOMM~1.DLL
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\mgconfig.dll
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGFLAS~1.DLL
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGHOOK~1.DLL
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGIEPL~1.DLL
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\mglogger.dll
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGMEDI~1.DLL
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGMSNA~1.DLL
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGMSNM~1.DLL
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGSWEE~1.DLL
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGUPDA~1.DLL
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGXML_~1.DLL
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGYAHO~1.DLL
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGYAHO~2.DLL
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\SweetIM.exe
[23/07/2007 18:27|d--------] C:\PROGRA~1\MACROG~1\SweetIM\update
[02/07/2006 16:59|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\conf\adapter.xml
[14/09/2008 21:05|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\conf\AUTOUP~1.XML
[05/11/2006 17:49|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\conf\logger.xml
[02/07/2006 16:59|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\conf\messages.xml
[03/12/2006 15:59|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\conf\sweetim.xml
[20/12/2006 15:58|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\conf\SWEETI~1.XML
[29/11/2008 22:56|d--------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users
[29/11/2008 22:56|d--------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\BEAURE~1.FR
[04/08/2007 15:19|d--------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\FIFIPU~1.FR
[23/07/2007 18:27|--a------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\MAIN_U~1.XML
[29/11/2008 22:56|--a------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\BEAURE~1.FR\EMOTIC~1.XML
[29/11/2008 22:56|--a------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\BEAURE~1.FR\USER_C~1.XML
[17/08/2007 20:11|--a------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\FIFIPU~1.FR\EMOTIC~1.XML
[17/08/2007 20:11|--a------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\FIFIPU~1.FR\LASTUS~2.XML
[04/08/2007 15:19|--a------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\FIFIPU~1.FR\LASTUS~3.XML
[04/08/2007 13:45|--a------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\FIFIPU~1.FR\LASTUS~1.XML
[23/07/2007 18:35|--a------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\FIFIPU~1.FR\USER_C~1.XML
[23/09/2007 12:44|d--------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100AC.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100AD.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100B4.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100B6.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100BA.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100BE.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100C0.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100C6.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100C8.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100CC.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100CD.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100D0.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100D1.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100D2.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100D5.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100DE.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100E7.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100FA.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100FD.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100FE.dat
[29/01/2006 14:44|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010104.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010105.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010106.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010107.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0001010A.dat
[26/01/2006 21:51|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010118.dat
[19/01/2006 17:33|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010119.dat
[06/04/2006 19:56|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010817.dat
[23/04/2006 20:38|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010819.dat
[23/04/2006 20:38|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0001081A.dat
[07/06/2006 22:36|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0001083F.dat
[07/06/2006 23:02|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010847.dat
[27/06/2006 20:32|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0001084C.dat
[31/07/2006 19:25|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0001084D.dat
[23/08/2006 18:57|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010857.dat
[23/08/2006 18:57|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010859.dat
[24/08/2006 09:57|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0001085D.dat
[13/09/2006 18:22|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010861.dat
[12/10/2006 11:02|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010866.dat
[12/10/2006 11:02|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010868.dat
[12/10/2006 11:02|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010869.dat
[15/11/2006 12:13|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010871.dat
[10/01/2007 10:27|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0001088C.dat
[01/03/2007 15:52|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0001088F.dat
[21/03/2007 19:27|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010891.dat
[21/03/2007 19:27|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010893.dat
[11/04/2007 17:21|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010896.dat
[29/04/2007 15:36|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010899.dat
[13/05/2007 20:13|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0001089A.dat
[13/05/2007 20:13|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0001089B.dat
[13/05/2007 20:13|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0001089D.dat
[27/06/2007 12:08|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000108A5.dat
[27/06/2007 12:08|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000108A6.dat
[15/07/2007 10:46|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000108A7.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0002005A.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00020069.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0002006B.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0002006E.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00020071.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00020072.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00020073.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00020076.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0002007D.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00020098.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0002009E.dat
[19/01/2006 17:33|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000200C0.dat
[31/07/2006 19:25|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00020114.dat
[12/10/2006 11:02|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0002012B.dat
[21/03/2007 19:27|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0002014B.dat
[27/05/2007 09:47|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0002015C.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00030007.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0003001F.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00040024.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00040029.dat
[08/05/2006 11:41|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0004004D.dat
[31/07/2006 19:25|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00040063.dat
[23/08/2006 18:57|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0004006B.dat
[10/01/2007 10:27|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000400A3.dat
[21/03/2007 19:27|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000400A9.dat
[27/06/2007 12:08|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000400BB.dat
[03/12/2006 19:10|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00050001.dat
[03/12/2006 19:10|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00050002.dat
[09/09/2007 13:35|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00050004.dat
[11/07/2007 12:20|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00050005.dat
[12/10/2006 11:02|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0006007D.dat
[13/05/2007 20:13|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000600B6.dat
[11/07/2007 12:19|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\01050002.dat
[23/09/2007 12:44|--a------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\CACHE_~1.DAT
[02/07/2006 16:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\affid.dat
[12/10/2006 15:50|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\basis.xml
[02/07/2006 16:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\BOOKMA~1.BMP
[23/07/2007 18:27|d--------] C:\PROGRA~1\MACROG~1\SWEETI~1\Cache
[02/07/2006 16:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\EMAIL_~1.BMP
[02/07/2006 16:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\GAMES_~1.BMP
[02/07/2006 16:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\GREETI~1.BMP
[02/07/2006 16:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\MOBILE~1.BMP
[02/07/2006 16:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\MUSIC_~1.BMP
[02/07/2006 16:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\NEWS_2~1.BMP
[02/07/2006 16:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\SHOPIN~1.BMP
[02/07/2006 16:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\SMILEY~1.BMP
[02/07/2006 16:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\SMILEY~2.BMP
[02/07/2006 16:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\SWEETI~1.BMP
[05/11/2006 15:46|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.crc
[27/12/2006 14:35|--a------] C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.xml
[02/07/2006 16:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\version.txt
[04/01/2008 17:20|--a------] C:\PROGRA~1\MACROG~1\SWEETI~1\Cache\CD2005~1.XML
[16/12/2008 22:35|--a------] C:\WINDOWS\Prefetch\SWEETI~1.PF
+-----------------------| ADDED SCAN :
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
...\gsw4mjo5.default\prefs.js :
~~~~ Mozilla FireFox version 2.0 ~~~~
Start Page : "https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f"
+----------+
+---------------------------------------------------------------------------+
+--[HKEY_CURRENT_USER\..\Run]
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
SweetIM REG_SZ C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
updateMgr REG_SZ "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
+--[HKEY_LOCAL_MACHINE\..\Run]
Recguard REG_SZ C:\WINDOWS\SMINST\RECGUARD.EXE
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
PS2 REG_SZ C:\WINDOWS\system32\ps2.exe
nwiz REG_SZ nwiz.exe /installquiet /keeploaded /nodetect
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
NAV Agent REG_SZ C:\PROGRA~1\NORTON~1\navapw32.exe
KBD REG_SZ C:\HP\KBD\KBD.EXE
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
hpsysdrv REG_SZ c:\windows\system\hpsysdrv.exe
HP Software Update REG_SZ C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
BJCFD REG_SZ C:\Program Files\BroadJump\Client Foundation\CFD.exe
RemoteControl REG_SZ "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
LanguageShortcut REG_SZ "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
!AVG Anti-Spyware REG_SZ "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
+--[HKEY_USERS\.DEFAULT\..\Run]
DWQueuedReporting REG_SZ "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.club-internet.fr
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
+---------------------------------------------------------------------------+
- "C:\AD-report-Scan-16.12.2008.log" (~22076 bytes)
# END at: 22:45:52 | 16/12/2008 - Time elapsed: 44.8 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 298 lines ]
+---------------------------------------------------------------------------+
ComboFix 08-12-15.08 - Compaq_Propriétaire 2008-12-16 22:30:15.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1022.593 [GMT 1:00]
Lancé depuis: c:\documents and settings\Compaq_Propriétaire\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\pack.epk
c:\windows\system32\test.ttt
c:\windows\system32\win32hlp.cnf
c:\windows\Tasks\vmjluzms.job
D:\Autorun.inf
[color=blue]Une copie infectée de c:\windows\system32\userinit.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\qoobox\Quarantine\C\\WINDOWS\system32\userinit.exe.vir[/COLOR]
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-16 au 2008-12-16 ))))))))))))))))))))))))))))))))))))
.
2008-12-16 21:49 . 2008-12-16 21:50 <REP> d-------- C:\rsit
2008-12-16 18:24 . 2008-12-16 18:25 <REP> d-------- c:\windows\ERUNT
2008-12-16 18:15 . 2008-12-16 18:56 <REP> d-------- C:\SDFix
2008-12-15 22:18 . 2008-12-15 22:18 <REP> d-------- c:\documents and settings\Compaq_Propriétaire\Application Data\Grisoft
2008-12-15 22:18 . 2008-12-15 22:18 <REP> d-------- c:\documents and settings\All Users\Application Data\Grisoft
2008-12-15 20:59 . 2007-05-30 13:10 10,872 --a------ c:\windows\system32\drivers\AvgAsCln.sys
2008-12-15 19:51 . 2008-12-15 20:55 <REP> d-------- c:\windows\BDOSCAN8
2008-12-15 19:13 . 2008-12-15 19:13 <REP> d-------- c:\program files\Trend Micro
2008-12-15 18:08 . 2008-12-15 19:08 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-14 17:30 . 2008-10-16 11:23 3,088,384 --a------ c:\windows\system32\SET602.tmp
2008-12-14 17:30 . 2008-10-16 11:23 3,088,384 --a------ c:\windows\system32\SET5C7.tmp
2008-12-14 17:30 . 2008-10-16 11:23 1,024,512 --a------ c:\windows\system32\SET60A.tmp
2008-12-14 17:30 . 2008-10-16 11:23 1,024,512 --a------ c:\windows\system32\SET5CF.tmp
2008-12-14 17:30 . 2008-10-16 11:23 671,744 --a------ c:\windows\system32\SET5FA.tmp
2008-12-14 17:30 . 2008-10-16 11:23 671,744 --a------ c:\windows\system32\SET5BF.tmp
2008-12-14 17:30 . 2008-10-16 11:23 474,624 --a------ c:\windows\system32\SET5FC.tmp
2008-12-14 17:30 . 2008-10-16 11:23 474,624 --a------ c:\windows\system32\SET5C1.tmp
2008-12-14 17:30 . 2008-10-16 11:23 449,024 --a------ c:\windows\system32\SET5C6.tmp
2008-12-14 17:29 . 2008-10-16 11:23 1,499,648 --a------ c:\windows\system32\SET5FD.tmp
2008-12-14 17:29 . 2008-10-16 11:23 1,499,648 --a------ c:\windows\system32\SET5C2.tmp
2008-12-14 17:29 . 2008-10-16 11:23 621,056 --a------ c:\windows\system32\SET5FB.tmp
2008-12-14 17:29 . 2008-10-16 11:23 621,056 --a------ c:\windows\system32\SET5C0.tmp
2008-12-14 17:29 . 2008-10-16 11:23 251,904 --a------ c:\windows\system32\SET605.tmp
2008-12-14 17:29 . 2008-10-16 11:23 251,904 --a------ c:\windows\system32\SET5CA.tmp
2008-12-14 15:38 . 2008-12-14 15:38 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-14 15:38 . 2008-12-14 15:38 <REP> d-------- c:\documents and settings\Compaq_Propriétaire\Application Data\Malwarebytes
2008-12-14 15:38 . 2008-12-14 15:38 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-14 15:38 . 2008-12-03 19:54 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-14 15:38 . 2008-12-03 19:54 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-14 15:36 . 2008-12-14 18:39 <REP> d-------- c:\program files\Yahoo!
2008-12-14 15:35 . 2008-12-14 15:36 <REP> d-------- c:\program files\CCleaner
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-16 21:31 25,088 ----a-w c:\windows\system32\userinit.exe
2008-12-16 21:31 25,088 ----a-w c:\windows\system32\dllcache\userinit.exe
2008-12-14 21:28 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-14 21:26 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-14 21:19 --------- d-----w c:\program files\Lavasoft
2008-12-14 19:44 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-14 14:29 --------- d-----w c:\program files\Neuf
2008-12-14 14:28 --------- d-----w c:\program files\crocpopup+
2008-12-14 11:10 --------- d-----w c:\program files\eMule
2008-12-14 11:05 --------- d-----w c:\documents and settings\Compaq_Propriétaire\Application Data\Canon
2008-11-01 09:30 --------- d-----w c:\program files\Winamp
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 13:00 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 13:00 283,648 ----a-w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:17 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:17 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2007-12-27 09:27 724 ----a-w c:\documents and settings\Compaq_Propriétaire\Application Data\wklnhst.dat
2006-10-11 08:04 61,036 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 48,742 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 29,313 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 41,082 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 166,510 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2006-05-27 12:22 22 --sha-w c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"SweetIM"="c:\program files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 73840]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-05 155648]
"PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-14 7323648]
"NAV Agent"="c:\progra~1\NORTON~1\navapw32.exe" [2001-08-21 74832]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-03 61440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-23 278528]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 49152]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"nwiz"="nwiz.exe" [2005-12-14 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 36040]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\TEMP\\CI_HITACHI\\MAJ_Hitachi.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\WINDOWS\\system32\\mcoinstall.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R3 SPC620;Philips SPC620NC PC Camera;c:\windows\system32\drivers\SPC620.sys [2007-12-31 484864]
R3 SPC620m;Philips SPC620NC PC Cameram;c:\windows\system32\drivers\SPC620m.sys [2007-12-31 7680]
S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;c:\windows\system32\DRIVERS\usb8023.sys [2004-08-05 12672]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Contenu du dossier 'Tâches planifiées'
2008-12-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
1981-07-23 c:\windows\Tasks\Norton AntiVirus - Analyser mon ordinateur.job
- c:\progra~1\NORTON~1\NAVW32.exe [2001-08-21 09:29]
2006-07-28 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-08-24 18:22]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-StandardInstall - (no file)
HKLM-Run-PCDrProfiler - (no file)
HKLM-Run-NWEReboot - (no file)
Notify-xxyxuRLc - xxyxuRLc.dll
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.club-internet.fr
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://redirect.hp.com/svs/rdr?TYPE=3&tp=ebay&pf=desktop&locale=fr_fr&bd=all&c=q106
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: {0C2724A6-3812-43E0-B8C5-FAF021AA2B16} = 194.117.200.10,194.117.200.15
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\CONFLICT.1\telechargement-photoweb.ocx
O16 -: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB}
hxxp://www4.photoweb.fr/telechargement/Photoweb_uploader.cab
c:\windows\Downloaded Program Files\CONFLICT.1\telechargement-photoweb.inf
c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\ImageUploader5.ocx
O16 -: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
hxxp://www.photoweb.fr/telechargement/telechargement-photoweb.cab
c:\windows\Downloaded Program Files\ImageUploader5.inf
c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\telechargement-photoweb.ocx
O16 -: {68C1822F-F5C7-4404-A73F-03C10E0E94DA}
hxxp://www4.photoweb.fr/telechargement/Photoweb_uploader.cab
c:\windows\Downloaded Program Files\telechargement-photoweb.inf
c:\windows\Downloaded Program Files\WinWeb.dll - O16 -: {7876E4A5-78B7-4020-B08F-C960A1ED54C9}
hxxp://86.206.44.98/WinWebPush.cab
FF - ProfilePath - c:\documents and settings\Compaq_Propriétaire\Application Data\Mozilla\Firefox\Profiles\gsw4mjo5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.fr/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA2&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-16 22:33:32
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\windows\TEMP\TMP00000008CA8F893658EBA639 524288 bytes
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Norton AntiVirus\Navapsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Fichiers communs\Symantec Shared\Security Center\symwsc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\windows\VPro620.exe
c:\program files\Club-Internet\Dr Club Internet\bin\mpbtn.exe
c:\program files\Club-Internet\Lanceur\lanceur.exe
c:\program files\Fichiers communs\Symantec Shared\Security Center\SymSCUI.exe
.
**************************************************************************
.
Heure de fin: 2008-12-16 22:41:18 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-16 21:41:15
Avant-CF: 171 290 513 408 octets libres
Après-CF: 171,349,884,928 octets libres
224 --- E O F --- 2008-12-14 18:59:56
--------- Logfile of AD-Remover 1.0.7.7 by C_XX ---------
# START at: 22:45:07 | Mar 16/12/2008 | Microsoft® Windows XP™ (v5.1.2600)
# BOOT MODE: Normal
# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: NOM-EB85C523610 | USER: Compaq_Propri‚taire ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: FAT32)
- F:\ (File System: FAT32)
- G:\ (File System: FAT32)
- H:\ (File System: FAT32)
- I:\ (File System: FAT32)
- J:\ (File System: FAT32)
# Internet Explorer v6.0.2900.2180
--------- [ RUNNING PROCESSES: 40 ] ---------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\VPro620.exe
C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\ntvdm.exe
-----------------------------------
+-----------------------| Boonty/Boonty Games Elements found :
"HKEY_LOCAL_MACHINE\Software\Boonty"
.
[04/05/2006 18:49|d--------] C:\PROGRA~1\BOONTY~1
[04/05/2006 10:26|--a------] C:\PROGRA~1\BOONTY~1\BUBBLE~1.EXE
[04/05/2006 10:35|d--------] C:\PROGRA~1\BOONTY~1\COMPON~1
[04/05/2006 10:35|--a------] C:\PROGRA~1\BOONTY~1\PACMAN~1.EXE
[27/10/2004 15:53|--a------] C:\PROGRA~1\BOONTY~1\COMPON~1\bureau.url
[27/10/2003 13:07|--a------] C:\PROGRA~1\BOONTY~1\COMPON~1\Joystick.ico
[27/10/2004 15:53|--a------] C:\PROGRA~1\BOONTY~1\COMPON~1\start.url
+-----------------------| Eorezo Elements found :
.
+-----------------------| Everest Poker Elements found :
.
+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :
.
+-----------------------| Messenger Skinner Elements found :
.
+-----------------------| Sweetim Elements found :
"HKEY_CLASSES_ROOT\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run" /v "SweetIM"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Upgradecodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks" /v "{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Macrogaming"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9"
.
[23/07/2007 18:27|d--------] C:\PROGRA~1\MACROG~1
[23/07/2007 18:27|d--------] C:\PROGRA~1\MACROG~1\SweetIM
[14/12/2008 21:04|d--------] C:\PROGRA~1\MACROG~1\SWEETI~1
[23/07/2007 18:27|d--------] C:\PROGRA~1\MACROG~1\SweetIM\conf
[23/07/2007 18:27|d--------] C:\PROGRA~1\MACROG~1\SweetIM\data
[20/12/2006 16:00|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\default.xml
[23/07/2007 18:27|d--------] C:\PROGRA~1\MACROG~1\SweetIM\logs
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGADAP~1.DLL
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGARCH~1.DLL
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\mgcommon.dll
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGCOMM~1.DLL
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\mgconfig.dll
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGFLAS~1.DLL
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGHOOK~1.DLL
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGIEPL~1.DLL
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\mglogger.dll
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGMEDI~1.DLL
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGMSNA~1.DLL
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGMSNM~1.DLL
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGSWEE~1.DLL
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGUPDA~1.DLL
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGXML_~1.DLL
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGYAHO~1.DLL
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\MGYAHO~2.DLL
[27/12/2006 15:53|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\SweetIM.exe
[23/07/2007 18:27|d--------] C:\PROGRA~1\MACROG~1\SweetIM\update
[02/07/2006 16:59|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\conf\adapter.xml
[14/09/2008 21:05|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\conf\AUTOUP~1.XML
[05/11/2006 17:49|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\conf\logger.xml
[02/07/2006 16:59|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\conf\messages.xml
[03/12/2006 15:59|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\conf\sweetim.xml
[20/12/2006 15:58|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\conf\SWEETI~1.XML
[29/11/2008 22:56|d--------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users
[29/11/2008 22:56|d--------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\BEAURE~1.FR
[04/08/2007 15:19|d--------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\FIFIPU~1.FR
[23/07/2007 18:27|--a------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\MAIN_U~1.XML
[29/11/2008 22:56|--a------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\BEAURE~1.FR\EMOTIC~1.XML
[29/11/2008 22:56|--a------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\BEAURE~1.FR\USER_C~1.XML
[17/08/2007 20:11|--a------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\FIFIPU~1.FR\EMOTIC~1.XML
[17/08/2007 20:11|--a------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\FIFIPU~1.FR\LASTUS~2.XML
[04/08/2007 15:19|--a------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\FIFIPU~1.FR\LASTUS~3.XML
[04/08/2007 13:45|--a------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\FIFIPU~1.FR\LASTUS~1.XML
[23/07/2007 18:35|--a------] C:\PROGRA~1\MACROG~1\SweetIM\conf\users\FIFIPU~1.FR\USER_C~1.XML
[23/09/2007 12:44|d--------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100AC.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100AD.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100B4.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100B6.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100BA.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100BE.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100C0.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100C6.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100C8.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100CC.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100CD.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100D0.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100D1.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100D2.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100D5.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100DE.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100E7.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100FA.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100FD.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000100FE.dat
[29/01/2006 14:44|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010104.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010105.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010106.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010107.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0001010A.dat
[26/01/2006 21:51|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010118.dat
[19/01/2006 17:33|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010119.dat
[06/04/2006 19:56|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010817.dat
[23/04/2006 20:38|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010819.dat
[23/04/2006 20:38|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0001081A.dat
[07/06/2006 22:36|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0001083F.dat
[07/06/2006 23:02|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010847.dat
[27/06/2006 20:32|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0001084C.dat
[31/07/2006 19:25|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0001084D.dat
[23/08/2006 18:57|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010857.dat
[23/08/2006 18:57|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010859.dat
[24/08/2006 09:57|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0001085D.dat
[13/09/2006 18:22|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010861.dat
[12/10/2006 11:02|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010866.dat
[12/10/2006 11:02|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010868.dat
[12/10/2006 11:02|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010869.dat
[15/11/2006 12:13|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010871.dat
[10/01/2007 10:27|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0001088C.dat
[01/03/2007 15:52|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0001088F.dat
[21/03/2007 19:27|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010891.dat
[21/03/2007 19:27|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010893.dat
[11/04/2007 17:21|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010896.dat
[29/04/2007 15:36|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00010899.dat
[13/05/2007 20:13|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0001089A.dat
[13/05/2007 20:13|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0001089B.dat
[13/05/2007 20:13|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0001089D.dat
[27/06/2007 12:08|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000108A5.dat
[27/06/2007 12:08|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000108A6.dat
[15/07/2007 10:46|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000108A7.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0002005A.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00020069.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0002006B.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0002006E.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00020071.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00020072.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00020073.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00020076.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0002007D.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00020098.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0002009E.dat
[19/01/2006 17:33|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000200C0.dat
[31/07/2006 19:25|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00020114.dat
[12/10/2006 11:02|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0002012B.dat
[21/03/2007 19:27|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0002014B.dat
[27/05/2007 09:47|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0002015C.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00030007.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0003001F.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00040024.dat
[16/12/2005 11:23|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00040029.dat
[08/05/2006 11:41|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0004004D.dat
[31/07/2006 19:25|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00040063.dat
[23/08/2006 18:57|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0004006B.dat
[10/01/2007 10:27|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000400A3.dat
[21/03/2007 19:27|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000400A9.dat
[27/06/2007 12:08|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000400BB.dat
[03/12/2006 19:10|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00050001.dat
[03/12/2006 19:10|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00050002.dat
[09/09/2007 13:35|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00050004.dat
[11/07/2007 12:20|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\00050005.dat
[12/10/2006 11:02|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\0006007D.dat
[13/05/2007 20:13|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\000600B6.dat
[11/07/2007 12:19|-ra------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\01050002.dat
[23/09/2007 12:44|--a------] C:\PROGRA~1\MACROG~1\SweetIM\data\CONTEN~1\CACHE_~1.DAT
[02/07/2006 16:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\affid.dat
[12/10/2006 15:50|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\basis.xml
[02/07/2006 16:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\BOOKMA~1.BMP
[23/07/2007 18:27|d--------] C:\PROGRA~1\MACROG~1\SWEETI~1\Cache
[02/07/2006 16:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\EMAIL_~1.BMP
[02/07/2006 16:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\GAMES_~1.BMP
[02/07/2006 16:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\GREETI~1.BMP
[02/07/2006 16:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\MOBILE~1.BMP
[02/07/2006 16:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\MUSIC_~1.BMP
[02/07/2006 16:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\NEWS_2~1.BMP
[02/07/2006 16:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\SHOPIN~1.BMP
[02/07/2006 16:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\SMILEY~1.BMP
[02/07/2006 16:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\SMILEY~2.BMP
[02/07/2006 16:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\SWEETI~1.BMP
[05/11/2006 15:46|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.crc
[27/12/2006 14:35|--a------] C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.xml
[02/07/2006 16:58|-ra------] C:\PROGRA~1\MACROG~1\SWEETI~1\version.txt
[04/01/2008 17:20|--a------] C:\PROGRA~1\MACROG~1\SWEETI~1\Cache\CD2005~1.XML
[16/12/2008 22:35|--a------] C:\WINDOWS\Prefetch\SWEETI~1.PF
+-----------------------| ADDED SCAN :
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
...\gsw4mjo5.default\prefs.js :
~~~~ Mozilla FireFox version 2.0 ~~~~
Start Page : "https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f"
+----------+
+---------------------------------------------------------------------------+
+--[HKEY_CURRENT_USER\..\Run]
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
SweetIM REG_SZ C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
updateMgr REG_SZ "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
+--[HKEY_LOCAL_MACHINE\..\Run]
Recguard REG_SZ C:\WINDOWS\SMINST\RECGUARD.EXE
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
PS2 REG_SZ C:\WINDOWS\system32\ps2.exe
nwiz REG_SZ nwiz.exe /installquiet /keeploaded /nodetect
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
NAV Agent REG_SZ C:\PROGRA~1\NORTON~1\navapw32.exe
KBD REG_SZ C:\HP\KBD\KBD.EXE
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
hpsysdrv REG_SZ c:\windows\system\hpsysdrv.exe
HP Software Update REG_SZ C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
BJCFD REG_SZ C:\Program Files\BroadJump\Client Foundation\CFD.exe
RemoteControl REG_SZ "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
LanguageShortcut REG_SZ "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
!AVG Anti-Spyware REG_SZ "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
+--[HKEY_USERS\.DEFAULT\..\Run]
DWQueuedReporting REG_SZ "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.club-internet.fr
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
+---------------------------------------------------------------------------+
- "C:\AD-report-Scan-16.12.2008.log" (~22076 bytes)
# END at: 22:45:52 | 16/12/2008 - Time elapsed: 44.8 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 298 lines ]
+---------------------------------------------------------------------------+
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
17 déc. 2008 à 09:49
17 déc. 2008 à 09:49
relance ad remover, choisi l'option B et tape les chiffre de Sweetim et boonty et supprime les et colle le rapport
et un nouvel hijakhcits
et un nouvel hijakhcits
Bonjour,
ai supprimer fichiers avce ad remover, voici le rapport, ainsi que celui de hijack que j'ai lancé juste après
ogfile of AD-Remover 1.0.7.7 by C_XX ---------
*** Limited to ***
Boonty/BoontyGames
Sweetim
******************
# START at: 14:54:52 | Mer 17/12/2008 | Microsoft® Windows XP™ (v5.1.2600)
# BOOT MODE: Normal
# OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: NOM-EB85C523610 | USER: Compaq_Propri‚taire ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: FAT32)
- F:\ (File System: FAT32)
- G:\ (File System: FAT32)
- H:\ (File System: FAT32)
- I:\ (File System: FAT32)
- J:\ (File System: FAT32)
# Internet Explorer v6.0.2900.2180
--------- [ RUNNING PROCESSES: 41 ] ---------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\system32\rundll32.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\VPro620.exe
C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymSCUI.exe
C:\WINDOWS\system32\ntvdm.exe
-----------------------------------
(!) ---- IE start pages reset
+-----------------------| Boonty/Boonty Games Elements Deleted :
"HKEY_LOCAL_MACHINE\Software\Boonty"
.
[04/05/2006 18:49|d--------] C:\Program Files\BoontyGames
+-----------------------| Sweetim Elements Deleted :
"HKEY_CLASSES_ROOT\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run" /v "SweetIM"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Upgradecodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks" /v "{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Macrogaming"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9"
.
[23/07/2007 18:27|d--------] C:\Program Files\Macrogaming
/!\ NOT DELETED - [16/12/2008 22:35|--a------] C:\WINDOWS\Prefetch\SWEETI~1.PF
(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.
************* /!\ File(s)/Folder(s) Not Deleted /!\ *************
"C:\WINDOWS\Prefetch\SWEETIM.EXE-162DDC78.pf"
Second run ...
"C:\WINDOWS\Prefetch\SWEETIM.EXE-162DDC78.pf" - RESIST !
+-----------------------| ADDED SCAN :
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
...\gsw4mjo5.default\prefs.js :
~~~~ Mozilla FireFox version 2.0 ~~~~
Start Page : "https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f"
+----------+
+--[HKEY_CURRENT_USER\..\Run]
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
updateMgr REG_SZ "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
+--[HKEY_LOCAL_MACHINE\..\Run]
Recguard REG_SZ C:\WINDOWS\SMINST\RECGUARD.EXE
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
PS2 REG_SZ C:\WINDOWS\system32\ps2.exe
nwiz REG_SZ nwiz.exe /installquiet /keeploaded /nodetect
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
NAV Agent REG_SZ C:\PROGRA~1\NORTON~1\navapw32.exe
KBD REG_SZ C:\HP\KBD\KBD.EXE
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
hpsysdrv REG_SZ c:\windows\system\hpsysdrv.exe
HP Software Update REG_SZ C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
BJCFD REG_SZ C:\Program Files\BroadJump\Client Foundation\CFD.exe
RemoteControl REG_SZ "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
LanguageShortcut REG_SZ "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
!AVG Anti-Spyware REG_SZ "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
+--[HKEY_USERS\.DEFAULT\..\Run]
DWQueuedReporting REG_SZ "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/
+---------------------------------------------------------------------------+
- "C:\AD-report-Clean-17.12.2008.log" (~9700 bytes)
- "C:\AD-report-Scan-16.12.2008.log" (~22412 bytes)
# END at: 14:57:38 | 17/12/2008 - Time elapsed: 2 minutes, 46 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 147 lines ]
+---------------------------------------------------------------------------+
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:58:38, on 17/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\VPro620.exe
C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://adfarm.mediaplex.com/ad/ck/709-29563-11896-1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VPro620.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.01net.com/telecharger/
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www4.photoweb.fr/telechargement/Photoweb_uploader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.photoweb.fr/moncompte/Account/LogOn?ReturnUrl=%2ftransfert
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www4.photoweb.fr/telechargement/Photoweb_uploader.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://86.206.44.98/WinWebPush.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C2724A6-3812-43E0-B8C5-FAF021AA2B16}: NameServer = 194.117.200.10,194.117.200.15
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
ai supprimer fichiers avce ad remover, voici le rapport, ainsi que celui de hijack que j'ai lancé juste après
ogfile of AD-Remover 1.0.7.7 by C_XX ---------
*** Limited to ***
Boonty/BoontyGames
Sweetim
******************
# START at: 14:54:52 | Mer 17/12/2008 | Microsoft® Windows XP™ (v5.1.2600)
# BOOT MODE: Normal
# OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: NOM-EB85C523610 | USER: Compaq_Propri‚taire ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: FAT32)
- F:\ (File System: FAT32)
- G:\ (File System: FAT32)
- H:\ (File System: FAT32)
- I:\ (File System: FAT32)
- J:\ (File System: FAT32)
# Internet Explorer v6.0.2900.2180
--------- [ RUNNING PROCESSES: 41 ] ---------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\system32\rundll32.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\VPro620.exe
C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymSCUI.exe
C:\WINDOWS\system32\ntvdm.exe
-----------------------------------
(!) ---- IE start pages reset
+-----------------------| Boonty/Boonty Games Elements Deleted :
"HKEY_LOCAL_MACHINE\Software\Boonty"
.
[04/05/2006 18:49|d--------] C:\Program Files\BoontyGames
+-----------------------| Sweetim Elements Deleted :
"HKEY_CLASSES_ROOT\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run" /v "SweetIM"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Upgradecodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks" /v "{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Macrogaming"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9"
.
[23/07/2007 18:27|d--------] C:\Program Files\Macrogaming
/!\ NOT DELETED - [16/12/2008 22:35|--a------] C:\WINDOWS\Prefetch\SWEETI~1.PF
(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.
************* /!\ File(s)/Folder(s) Not Deleted /!\ *************
"C:\WINDOWS\Prefetch\SWEETIM.EXE-162DDC78.pf"
Second run ...
"C:\WINDOWS\Prefetch\SWEETIM.EXE-162DDC78.pf" - RESIST !
+-----------------------| ADDED SCAN :
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
...\gsw4mjo5.default\prefs.js :
~~~~ Mozilla FireFox version 2.0 ~~~~
Start Page : "https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f"
+----------+
+--[HKEY_CURRENT_USER\..\Run]
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
updateMgr REG_SZ "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
+--[HKEY_LOCAL_MACHINE\..\Run]
Recguard REG_SZ C:\WINDOWS\SMINST\RECGUARD.EXE
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
PS2 REG_SZ C:\WINDOWS\system32\ps2.exe
nwiz REG_SZ nwiz.exe /installquiet /keeploaded /nodetect
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
NAV Agent REG_SZ C:\PROGRA~1\NORTON~1\navapw32.exe
KBD REG_SZ C:\HP\KBD\KBD.EXE
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
hpsysdrv REG_SZ c:\windows\system\hpsysdrv.exe
HP Software Update REG_SZ C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
BJCFD REG_SZ C:\Program Files\BroadJump\Client Foundation\CFD.exe
RemoteControl REG_SZ "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
LanguageShortcut REG_SZ "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
!AVG Anti-Spyware REG_SZ "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
+--[HKEY_USERS\.DEFAULT\..\Run]
DWQueuedReporting REG_SZ "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/
+---------------------------------------------------------------------------+
- "C:\AD-report-Clean-17.12.2008.log" (~9700 bytes)
- "C:\AD-report-Scan-16.12.2008.log" (~22412 bytes)
# END at: 14:57:38 | 17/12/2008 - Time elapsed: 2 minutes, 46 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 147 lines ]
+---------------------------------------------------------------------------+
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:58:38, on 17/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\VPro620.exe
C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://adfarm.mediaplex.com/ad/ck/709-29563-11896-1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VPro620.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.01net.com/telecharger/
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www4.photoweb.fr/telechargement/Photoweb_uploader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.photoweb.fr/moncompte/Account/LogOn?ReturnUrl=%2ftransfert
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www4.photoweb.fr/telechargement/Photoweb_uploader.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://86.206.44.98/WinWebPush.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C2724A6-3812-43E0-B8C5-FAF021AA2B16}: NameServer = 194.117.200.10,194.117.200.15
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
17 déc. 2008 à 16:09
17 déc. 2008 à 16:09
mets a jour windows avec le sp3 et mets a jour internet explorer avec la version 7
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
encore des problèmes?
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
encore des problèmes?
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
17 déc. 2008 à 21:18
17 déc. 2008 à 21:18
pour virer ce qui a été utilisé
Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
voila j'ai nettoyé les programmes utilisés
ci joint rapport
merci
Rapport ToolsCleaner version 2.2.7 (par A.Rothstein & dj QUIOU) ]
-->- Recherche:
C:\Combofix.txt: trouvé !
C:\SDFIX: trouvé !
C:\Qoobox: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Program Files\Ad-remover\TOOLS\NIRCMD.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\WINDOWS\NIRCMD.exe: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\Program Files\Ad-remover\TOOLS\NIRCMD.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\WINDOWS\NIRCMD.exe: supprimé !
C:\SDFIX: supprimé !
C:\Qoobox: supprimé !
C:\Rsit: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
ci joint rapport
merci
Rapport ToolsCleaner version 2.2.7 (par A.Rothstein & dj QUIOU) ]
-->- Recherche:
C:\Combofix.txt: trouvé !
C:\SDFIX: trouvé !
C:\Qoobox: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Program Files\Ad-remover\TOOLS\NIRCMD.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\WINDOWS\NIRCMD.exe: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\Program Files\Ad-remover\TOOLS\NIRCMD.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\WINDOWS\NIRCMD.exe: supprimé !
C:\SDFIX: supprimé !
C:\Qoobox: supprimé !
C:\Rsit: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
16 déc. 2008 à 21:51
Logfile of random's system information tool 1.04 (written by random/random)
Run by Compaq_Propriétaire at 2008-12-16 21:49:52
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 163 GB (89%) free of 185 GB
Total RAM: 1022 MB (59% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:50:01, on 16/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\system32\rundll32.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe
C:\WINDOWS\VPro620.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Compaq_Propriétaire\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Compaq_Propriétaire.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://adfarm.mediaplex.com/ad/ck/709-29563-11896-1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -masquer
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VPro620.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www4.photoweb.fr/telechargement/Photoweb_uploader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.photoweb.fr/moncompte/Account/LogOn?ReturnUrl=%2ftransfert
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www4.photoweb.fr/telechargement/Photoweb_uploader.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://86.206.44.98/WinWebPush.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C2724A6-3812-43E0-B8C5-FAF021AA2B16}: NameServer = 194.117.200.10,194.117.200.15
O20 - Winlogon Notify: xxyxuRLc - xxyxuRLc.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe