Redirection indésirable
Fermé
jh.explorer
Messages postés
23
Date d'inscription
jeudi 5 juin 2008
Statut
Membre
Dernière intervention
9 août 2008
-
7 août 2008 à 19:59
jh.explorer Messages postés 23 Date d'inscription jeudi 5 juin 2008 Statut Membre Dernière intervention 9 août 2008 - 9 août 2008 à 19:54
jh.explorer Messages postés 23 Date d'inscription jeudi 5 juin 2008 Statut Membre Dernière intervention 9 août 2008 - 9 août 2008 à 19:54
A voir également:
- Redirection indésirable
- Mail indésirable - Guide
- Appel indésirable suspecté - Guide
- Courrier indésirable iphone invisible - Forum MacOS
- Redirection de mail - Guide
- Courrier indésirable gmail - Guide
6 réponses
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 290
7 août 2008 à 20:00
7 août 2008 à 20:00
Salut,
- Télécharge HijackThis V 2.02 (HijackThis Installer) :
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
- Fais un double-clic sur HJTInstall.exe afin de lancer l'installation
- Clique sur Install ensuite sur I Accept
- Clique sur Do a scan system and save log file
- Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.
- Télécharge HijackThis V 2.02 (HijackThis Installer) :
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
- Fais un double-clic sur HJTInstall.exe afin de lancer l'installation
- Clique sur Install ensuite sur I Accept
- Clique sur Do a scan system and save log file
- Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.
jh.explorer
Messages postés
23
Date d'inscription
jeudi 5 juin 2008
Statut
Membre
Dernière intervention
9 août 2008
7 août 2008 à 20:02
7 août 2008 à 20:02
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:01:29, on 07/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WINXML2 Class - {314A5833-8490-4a3b-904A-110444F25E50} - C:\WINDOWS\wxmlua.dll
O2 - BHO: {d101971b-95b3-4fca-bb14-947d4ef0b153} - {351b0fe4-d749-41bb-acf4-3b59b179101d} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7AE18E39-FBCA-4A77-9CAC-FBE5AC809027} - (no file)
O2 - BHO: (no name) - {8444F263-2A79-4FB1-AC07-41B0A2FC7A95} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /M "Stylus DX4800" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.1.1.0/ImageUploader5.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.livemetallica.com/nugster/dlControl.CAB
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://jeuxentelechargement.orange.fr/online2/zuma/oberongamesloader.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C623B2B-2931-4063-89F1-79A5DAD5C85E}: NameServer = 80.10.246.1,81.253.149.2
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
Scan saved at 20:01:29, on 07/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WINXML2 Class - {314A5833-8490-4a3b-904A-110444F25E50} - C:\WINDOWS\wxmlua.dll
O2 - BHO: {d101971b-95b3-4fca-bb14-947d4ef0b153} - {351b0fe4-d749-41bb-acf4-3b59b179101d} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7AE18E39-FBCA-4A77-9CAC-FBE5AC809027} - (no file)
O2 - BHO: (no name) - {8444F263-2A79-4FB1-AC07-41B0A2FC7A95} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /M "Stylus DX4800" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.1.1.0/ImageUploader5.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.livemetallica.com/nugster/dlControl.CAB
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://jeuxentelechargement.orange.fr/online2/zuma/oberongamesloader.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C623B2B-2931-4063-89F1-79A5DAD5C85E}: NameServer = 80.10.246.1,81.253.149.2
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 290
7 août 2008 à 20:04
7 août 2008 à 20:04
- Télécharge et installe MalwareByte's Anti-Malware :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm
- Mets-le à jour
- Redémarre en mode sans échec (Recommandé) :
https://www.malekal.com/demarrer-windows-mode-sans-echec/
- Choisis ta session habituelle
- Fais un scan complet avec MalwareByte's Anti-Malware
- Supprime tout ce que le logiciel trouve, enregistre le rapport
- Redémarre en mode normal et poste le rapport ici
Tutorial :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm
- Mets-le à jour
- Redémarre en mode sans échec (Recommandé) :
https://www.malekal.com/demarrer-windows-mode-sans-echec/
- Choisis ta session habituelle
- Fais un scan complet avec MalwareByte's Anti-Malware
- Supprime tout ce que le logiciel trouve, enregistre le rapport
- Redémarre en mode normal et poste le rapport ici
Tutorial :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
jh.explorer
Messages postés
23
Date d'inscription
jeudi 5 juin 2008
Statut
Membre
Dernière intervention
9 août 2008
8 août 2008 à 18:32
8 août 2008 à 18:32
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1031
Windows 5.1.2600 Service Pack 2
06:57:15 08/08/2008
mbam-log-8-8-2008 (06-57-15).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 135399
Temps écoulé: 2 hour(s), 46 minute(s), 40 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 16
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 10
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\chilkatmail2.chilkatemail2 (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\chilkatmail2.chilkatemail2.1 (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\chilkatmail2.chilkatemailbundle2 (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\chilkatmail2.chilkatemailbundle2.1 (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\chilkatmail2.chilkatmailman2 (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\chilkatmail2.chilkatmailman2.1 (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9869efb4-18e9-11d3-a837-00104b9e30b5} (Trojan.Agent) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Products\rdomain (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\prodname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\compname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Documents and Settings\Propriétaire\Local Settings\Temp\NI.UGA6PV_0001_N122M1202 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Documents and Settings\Propriétaire\Local Settings\Temp\NI.UGA6PV_0001_N122M1202\settings.ini (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Temp\NI.UGA6PV_0001_N122M1202\setup.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Temp\NI.UGA6PV_0001_N122M1202\setup.len (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\KB25746.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\KB26917.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\KB50333.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMaf024cd5.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\RBXML550.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Temp\CmdLineExt03.dll (Trojan.Agent) -> Quarantined and deleted successfully.
Version de la base de données: 1031
Windows 5.1.2600 Service Pack 2
06:57:15 08/08/2008
mbam-log-8-8-2008 (06-57-15).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 135399
Temps écoulé: 2 hour(s), 46 minute(s), 40 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 16
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 10
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\chilkatmail2.chilkatemail2 (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\chilkatmail2.chilkatemail2.1 (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\chilkatmail2.chilkatemailbundle2 (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\chilkatmail2.chilkatemailbundle2.1 (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\chilkatmail2.chilkatmailman2 (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\chilkatmail2.chilkatmailman2.1 (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9869efb4-18e9-11d3-a837-00104b9e30b5} (Trojan.Agent) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Products\rdomain (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\prodname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\compname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Documents and Settings\Propriétaire\Local Settings\Temp\NI.UGA6PV_0001_N122M1202 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Documents and Settings\Propriétaire\Local Settings\Temp\NI.UGA6PV_0001_N122M1202\settings.ini (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Temp\NI.UGA6PV_0001_N122M1202\setup.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Temp\NI.UGA6PV_0001_N122M1202\setup.len (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\KB25746.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\KB26917.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\KB50333.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMaf024cd5.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\RBXML550.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Temp\CmdLineExt03.dll (Trojan.Agent) -> Quarantined and deleted successfully.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 290
9 août 2008 à 18:25
9 août 2008 à 18:25
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
jh.explorer
Messages postés
23
Date d'inscription
jeudi 5 juin 2008
Statut
Membre
Dernière intervention
9 août 2008
9 août 2008 à 19:54
9 août 2008 à 19:54
voici le rapport combo
ComboFix 08-08-08.08 - Propriétaire 2008-08-09 19:24:20.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.397 [GMT 2:00]
Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
* Resident AV is active
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\bapqlrgm.ini
C:\WINDOWS\system32\bbueoqob.ini
C:\WINDOWS\system32\ctwpifnf.ini
C:\WINDOWS\system32\dqwtooqo.ini
C:\WINDOWS\system32\evklacje.ini
C:\WINDOWS\system32\gfcmlrsq.ini
C:\WINDOWS\system32\gowdeyee.ini
C:\WINDOWS\system32\imlghxef.ini
C:\WINDOWS\system32\khgmdrbb.ini
C:\WINDOWS\system32\klnmp.ini
C:\WINDOWS\system32\klnmp.ini2
C:\WINDOWS\system32\kqbtaolp.ini
C:\WINDOWS\system32\ltmigwuk.ini
C:\WINDOWS\system32\mkdwdtiu.ini
C:\WINDOWS\system32\nejgpbsy.ini
C:\WINDOWS\system32\nffnaxcs.ini
C:\WINDOWS\system32\nomoxxgh.ini
C:\WINDOWS\system32\pdycvujv.ini
C:\WINDOWS\system32\pyobyrxd.ini
C:\WINDOWS\system32\uqptdbfb.ini
C:\WINDOWS\system32\wwrixsih.ini
C:\WINDOWS\system32\xbtfmvbo.ini
C:\WINDOWS\system32\xctnktka.ini
C:\WINDOWS\system32\xcytjtbn.ini
C:\WINDOWS\system32\ymcxmmjo.ini
C:\WINDOWS\system32\ywvegspr.ini
.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-09 to 2008-08-09 ))))))))))))))))))))))))))))))))))))
.
2008-08-09 16:34 . 2008-06-14 19:33 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-09 16:18 . 2008-08-09 16:18 <REP> d-------- C:\WINDOWS\system32\fr
2008-08-09 16:18 . 2008-08-09 16:18 <REP> d-------- C:\WINDOWS\l2schemas
2008-08-09 15:36 . 2008-04-14 04:33 712,704 --------- C:\WINDOWS\system32\windowscodecs.dll
2008-08-09 15:36 . 2008-04-14 04:33 346,112 --------- C:\WINDOWS\system32\windowscodecsext.dll
2008-08-09 15:36 . 2008-04-14 04:33 276,992 --------- C:\WINDOWS\system32\wmphoto.dll
2008-08-09 15:36 . 2008-04-14 04:33 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-08-09 15:34 . 2008-04-14 04:33 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
2008-08-09 15:33 . 2008-04-14 04:33 651,264 --------- C:\WINDOWS\system32\dot3ui.dll
2008-08-09 15:32 . 2008-04-14 04:33 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-08-09 12:05 . 2008-08-09 12:05 131,584 --a------ C:\Program Files\KB40115.exe
2008-08-09 12:05 . 2008-08-09 12:05 126,976 --a------ C:\WINDOWS\wxml73885.dll
2008-08-08 19:47 . 2008-08-09 12:11 <REP> d-------- C:\Program Files\EvilLyrics
2008-08-08 17:40 . 2008-08-08 17:41 <REP> d-------- C:\WINDOWS\ERUNT
2008-08-07 20:13 . 2008-08-07 20:13 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-08-07 20:11 . 2004-01-01 12:22 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-08-07 20:11 . 2004-01-01 09:48 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-08-07 20:11 . 2004-01-01 09:48 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-08-07 20:11 . 2005-12-28 06:49 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-08-07 20:11 . 2005-12-28 06:48 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-08-07 20:11 . 2005-12-28 06:48 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-08-07 20:11 . 2005-12-28 06:48 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-08-07 20:11 . 2004-01-01 09:48 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-08-07 20:11 . 2004-01-01 12:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Sonic
2008-08-07 20:11 . 2004-01-01 12:52 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SampleView
2008-08-07 20:11 . 2008-08-07 20:11 <REP> d-------- C:\Documents and Settings\Administrateur
2008-08-06 19:30 . 2008-08-09 16:43 <REP> d-------- C:\fixwareout
2008-08-05 23:26 . 2008-08-07 20:07 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-05 23:26 . 2008-08-05 23:26 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Malwarebytes
2008-08-05 23:26 . 2008-08-05 23:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-05 23:26 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-05 23:26 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-04 20:32 . 2008-08-04 20:32 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\NeroDigital™
2008-08-01 21:48 . 2008-08-01 21:48 131,072 --a------ C:\WINDOWS\wxmlua.dll
2008-07-30 13:53 . 2008-07-30 13:53 131,072 --a------ C:\WINDOWS\winxml2c.dll
2008-07-26 03:35 . 2008-07-26 03:35 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-07-25 14:32 . 2008-07-25 14:32 <REP> d-------- C:\Program Files\AxBx
2008-07-25 06:43 . 2008-07-25 06:46 <REP> d-------- C:\Program Files\SpywareBlaster
2008-07-24 16:20 . 2008-07-24 18:44 <REP> d-------- C:\Program Files\Anti Trojan Elite
2008-07-23 18:25 . 2008-07-23 18:25 <REP> d-------- C:\Program Files\Nero
2008-07-23 18:25 . 2008-07-23 18:28 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-07-23 18:25 . 2008-07-23 18:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-07-23 18:20 . 2008-07-23 18:20 131,072 --a------ C:\WINDOWS\xml2u32i.dll
2008-07-20 18:55 . 2008-07-20 18:55 <REP> d-------- C:\Program Files\PowerISO
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-09 17:33 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-08-09 17:22 --------- d-----w C:\Program Files\Wanadoo
2008-08-05 16:45 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Azureus
2008-08-04 21:34 --------- d-----w C:\Program Files\eMule
2008-08-03 21:17 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 2
2008-07-30 17:35 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-07-30 13:51 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Screenshot Sender
2008-07-26 01:35 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-07-25 20:11 --------- d-----w C:\Program Files\Acoustica Beatcraft
2008-07-25 04:47 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-25 04:36 --------- d-----w C:\Program Files\Steinberg
2008-07-25 04:34 --------- d-----w C:\Program Files\LimeWire
2008-07-25 04:32 --------- d-----w C:\Program Files\HP
2008-07-25 04:29 --------- d-----w C:\Program Files\AviSynth 2.5
2008-07-24 09:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-23 16:41 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Nero
2008-07-21 10:11 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-07-18 12:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
2008-07-11 18:24 --------- d-----w C:\Program Files\Azureus
2008-07-07 07:40 56,108 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2008-06-24 14:06 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-18 23:52 --------- d-----w C:\Program Files\Fichiers communs\BitDefender
2008-06-17 09:41 --------- d-----w C:\Program Files\GIMP-2.0
2008-06-17 09:39 --------- d-----w C:\Program Files\Winamp
2008-06-16 21:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2008-06-16 08:12 --------- d-----w C:\Program Files\DivX
2008-06-15 12:09 --------- d-----w C:\Program Files\Ripp-it_AM
2008-06-15 04:11 568 ----a-w C:\reecmuxmkv.bat
2008-06-15 00:09 --------- d-----w C:\Program Files\VirtualDub
2008-06-14 22:59 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia
2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 12:33 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Steinberg
2008-06-06 12:54 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2008-06-06 12:54 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-05-25 13:48 88,576 ---ha-w C:\Documents and Settings\Propriétaire\Application Data\rbap550.dll
2007-05-25 13:48 38,912 ---ha-w C:\Documents and Settings\Propriétaire\Application Data\RBShell550.dll
2007-05-25 13:48 29,184 ---ha-w C:\Documents and Settings\Propriétaire\Application Data\RBInternetEncodings550.dll
2005-12-27 23:10 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2006-12-01 21:32 8 --sh--r C:\WINDOWS\system32\C2C79C0203.sys
2006-12-01 21:37 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E61EB7E6-0C75-32EE-AB12-51854441931D}]
2008-08-09 12:05 126976 --a------ C:\WINDOWS\wxml73885.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 12:46 196608]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-31 00:25 67128]
"WOOKIT"="C:\Program Files\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]
"Acme.PCHButton"="C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe" [2004-01-01 12:42 159744]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-19 13:12 68856]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-08-21 10:27 495616]
"EPSON Stylus DX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE" [2005-02-02 06:00 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 09:01 110592]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2003-11-03 17:50 221184]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-15 12:42 4112384]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-07-15 12:42 81920]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-05-21 20:11 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 12:09 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 12:03 217088]
"EPSON Stylus DX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE" [2005-02-02 06:00 98304]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-02-20 14:06 741376]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-06-24 18:16 368640]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 21:16 286720]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-06-19 09:53 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 09:31 2221352]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-07-26 03:33 185896]
"nwiz"="nwiz.exe" [2004-07-15 12:42 843776 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 10:01 437160]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\vio\dvacm.acm
"MIDI1"= WGDRVR32.DLL
"WAVE1"= WGDRVR32.DLL
"VIDC.X264"= x264vfw.dll
"vidc.i420"= i420vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-10-19 21:16 286720 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-19 13:12 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Neoact\\Carom3D\\update.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\WINDOWS\\system32\\mshta.exe"=
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\Program Files\\Xi\\NetXfer\\NetTransport.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Maïdo Production\\IziSpot 4\\IziSpot.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\FlightGear\\bin\\win32\\fgfs.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\PromptPilote\\PromptPilote.exe"=
"C:\\Documents and Settings\\Propriétaire\\Mes documents\\Jeux\\racer053b4\\racer053b4\\racer.exe"=
"C:\\Documents and Settings\\Propriétaire\\Mes documents\\Jeux\\racer053b4\\racer053b4\\tracked.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\BitDownload\\BitDownload.exe"=
"C:\\Program Files\\wamp\\Apache2\\bin\\httpd.exe"=
"C:\\Documents and Settings\\Propriétaire\\Mes documents\\Jeux\\nexuiz-23\\Nexuiz\\nexuiz.exe"=
"X:\\Program Files\\MC2\\Sniper Elite\\SniperElite.exe"=
"C:\\Documents and Settings\\Propriétaire\\Local Settings\\Temp\\Nero Web\\SetupXu.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\Winsos\\winsos.exe"=
"C:\\Program Files\\Podmailing\\podmailing.exe"=
"C:\\Program Files\\TmNationsForever\\TmForever.exe"=
"C:\WINDOWS\winlogon.exe"= C:\WINDOWS\winlogon.exe
"C:\\Program Files\\eMule\\eMule.exe"=
"C:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:TCP 4662
"4672:UDP"= 4672:UDP:UDP 4672
"4661:TCP"= 4661:TCP:TCP 4661
"4665:UDP"= 4665:UDP:UDP 4665
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 20:27]
S3 ATE_PROCMON;ATE_PROCMON;C:\Program Files\Anti Trojan Elite\ATEPMon.sys []
S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2007-06-21 14:30]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18]
S3 gAGP440p;gAGP440p;C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\gAGP440p.sys []
S3 MagixASIODrv;MAGIX_ASIO_BoostDriver;C:\MAGIX\ms2005_deLuxe\mxasio.sys [2002-04-16 13:10]
S3 UsbSagCom;SAGEM Full USB Driver;C:\WINDOWS\system32\DRIVERS\UsbSagCom.sys [2005-04-07 11:24]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 20:45]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 20:45]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
2008-08-09 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
2008-08-08 C:\WINDOWS\Tasks\User_Feed_Synchronization-{43D4BF56-7D2D-46E5-B324-489926120209}.job
- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 12:58]
.
- - - - ORPHANS REMOVED - - - -
BHO-{351b0fe4-d749-41bb-acf4-3b59b179101d} - (no file)
BHO-{7AE18E39-FBCA-4A77-9CAC-FBE5AC809027} - (no file)
BHO-{8444F263-2A79-4FB1-AC07-41B0A2FC7A95} - (no file)
HKLM-Run-Anti Trojan Elite - C:\Program Files\Anti Trojan Elite\TJEnder.exe
HKLM-Run-VTTimer - VTTimer.exe
MSConfigStartUp-NeroFilterCheck - C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
MSConfigStartUp-WinampAgent - C:\Program Files\Winamp\winampa.exe
MSConfigStartUp-AlcxMonitor - ALCXMNTR.EXE
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\nvla8in7.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.msn.fr/
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 2\plugins\npdivx32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 2\plugins\npDivxPlayerPlugin.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 2\plugins\npnul32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 2\plugins\nppdf32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 2\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 2\plugins\npqtplugin.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 2\plugins\npqtplugin2.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 2\plugins\npqtplugin3.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 2\plugins\npqtplugin4.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 2\plugins\npqtplugin5.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 2\plugins\npqtplugin6.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 2\plugins\npqtplugin7.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 2\plugins\nprjplug.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 2\plugins\nprpjplug.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-09 19:33:51
Windows 5.1.2600 Service Pack 3 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-08-09 19:43:33
ComboFix-quarantined-files.txt 2008-08-09 17:42:21
Pre-Run: 16,076,111,872 octets libres
Post-Run: 16,038,002,688 octets libres
315 --- E O F --- 2008-08-09 15:13:15
ComboFix 08-08-08.08 - Propriétaire 2008-08-09 19:24:20.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.397 [GMT 2:00]
Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
* Resident AV is active
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\bapqlrgm.ini
C:\WINDOWS\system32\bbueoqob.ini
C:\WINDOWS\system32\ctwpifnf.ini
C:\WINDOWS\system32\dqwtooqo.ini
C:\WINDOWS\system32\evklacje.ini
C:\WINDOWS\system32\gfcmlrsq.ini
C:\WINDOWS\system32\gowdeyee.ini
C:\WINDOWS\system32\imlghxef.ini
C:\WINDOWS\system32\khgmdrbb.ini
C:\WINDOWS\system32\klnmp.ini
C:\WINDOWS\system32\klnmp.ini2
C:\WINDOWS\system32\kqbtaolp.ini
C:\WINDOWS\system32\ltmigwuk.ini
C:\WINDOWS\system32\mkdwdtiu.ini
C:\WINDOWS\system32\nejgpbsy.ini
C:\WINDOWS\system32\nffnaxcs.ini
C:\WINDOWS\system32\nomoxxgh.ini
C:\WINDOWS\system32\pdycvujv.ini
C:\WINDOWS\system32\pyobyrxd.ini
C:\WINDOWS\system32\uqptdbfb.ini
C:\WINDOWS\system32\wwrixsih.ini
C:\WINDOWS\system32\xbtfmvbo.ini
C:\WINDOWS\system32\xctnktka.ini
C:\WINDOWS\system32\xcytjtbn.ini
C:\WINDOWS\system32\ymcxmmjo.ini
C:\WINDOWS\system32\ywvegspr.ini
.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-09 to 2008-08-09 ))))))))))))))))))))))))))))))))))))
.
2008-08-09 16:34 . 2008-06-14 19:33 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-09 16:18 . 2008-08-09 16:18 <REP> d-------- C:\WINDOWS\system32\fr
2008-08-09 16:18 . 2008-08-09 16:18 <REP> d-------- C:\WINDOWS\l2schemas
2008-08-09 15:36 . 2008-04-14 04:33 712,704 --------- C:\WINDOWS\system32\windowscodecs.dll
2008-08-09 15:36 . 2008-04-14 04:33 346,112 --------- C:\WINDOWS\system32\windowscodecsext.dll
2008-08-09 15:36 . 2008-04-14 04:33 276,992 --------- C:\WINDOWS\system32\wmphoto.dll
2008-08-09 15:36 . 2008-04-14 04:33 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-08-09 15:34 . 2008-04-14 04:33 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
2008-08-09 15:33 . 2008-04-14 04:33 651,264 --------- C:\WINDOWS\system32\dot3ui.dll
2008-08-09 15:32 . 2008-04-14 04:33 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-08-09 12:05 . 2008-08-09 12:05 131,584 --a------ C:\Program Files\KB40115.exe
2008-08-09 12:05 . 2008-08-09 12:05 126,976 --a------ C:\WINDOWS\wxml73885.dll
2008-08-08 19:47 . 2008-08-09 12:11 <REP> d-------- C:\Program Files\EvilLyrics
2008-08-08 17:40 . 2008-08-08 17:41 <REP> d-------- C:\WINDOWS\ERUNT
2008-08-07 20:13 . 2008-08-07 20:13 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-08-07 20:11 . 2004-01-01 12:22 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-08-07 20:11 . 2004-01-01 09:48 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-08-07 20:11 . 2004-01-01 09:48 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-08-07 20:11 . 2005-12-28 06:49 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-08-07 20:11 . 2005-12-28 06:48 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-08-07 20:11 . 2005-12-28 06:48 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-08-07 20:11 . 2005-12-28 06:48 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-08-07 20:11 . 2004-01-01 09:48 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-08-07 20:11 . 2004-01-01 12:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Sonic
2008-08-07 20:11 . 2004-01-01 12:52 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SampleView
2008-08-07 20:11 . 2008-08-07 20:11 <REP> d-------- C:\Documents and Settings\Administrateur
2008-08-06 19:30 . 2008-08-09 16:43 <REP> d-------- C:\fixwareout
2008-08-05 23:26 . 2008-08-07 20:07 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-05 23:26 . 2008-08-05 23:26 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Malwarebytes
2008-08-05 23:26 . 2008-08-05 23:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-05 23:26 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-05 23:26 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-04 20:32 . 2008-08-04 20:32 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\NeroDigital™
2008-08-01 21:48 . 2008-08-01 21:48 131,072 --a------ C:\WINDOWS\wxmlua.dll
2008-07-30 13:53 . 2008-07-30 13:53 131,072 --a------ C:\WINDOWS\winxml2c.dll
2008-07-26 03:35 . 2008-07-26 03:35 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-07-25 14:32 . 2008-07-25 14:32 <REP> d-------- C:\Program Files\AxBx
2008-07-25 06:43 . 2008-07-25 06:46 <REP> d-------- C:\Program Files\SpywareBlaster
2008-07-24 16:20 . 2008-07-24 18:44 <REP> d-------- C:\Program Files\Anti Trojan Elite
2008-07-23 18:25 . 2008-07-23 18:25 <REP> d-------- C:\Program Files\Nero
2008-07-23 18:25 . 2008-07-23 18:28 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-07-23 18:25 . 2008-07-23 18:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-07-23 18:20 . 2008-07-23 18:20 131,072 --a------ C:\WINDOWS\xml2u32i.dll
2008-07-20 18:55 . 2008-07-20 18:55 <REP> d-------- C:\Program Files\PowerISO
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-09 17:33 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-08-09 17:22 --------- d-----w C:\Program Files\Wanadoo
2008-08-05 16:45 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Azureus
2008-08-04 21:34 --------- d-----w C:\Program Files\eMule
2008-08-03 21:17 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 2
2008-07-30 17:35 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-07-30 13:51 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Screenshot Sender
2008-07-26 01:35 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-07-25 20:11 --------- d-----w C:\Program Files\Acoustica Beatcraft
2008-07-25 04:47 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-25 04:36 --------- d-----w C:\Program Files\Steinberg
2008-07-25 04:34 --------- d-----w C:\Program Files\LimeWire
2008-07-25 04:32 --------- d-----w C:\Program Files\HP
2008-07-25 04:29 --------- d-----w C:\Program Files\AviSynth 2.5
2008-07-24 09:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-23 16:41 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Nero
2008-07-21 10:11 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-07-18 12:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
2008-07-11 18:24 --------- d-----w C:\Program Files\Azureus
2008-07-07 07:40 56,108 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2008-06-24 14:06 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-18 23:52 --------- d-----w C:\Program Files\Fichiers communs\BitDefender
2008-06-17 09:41 --------- d-----w C:\Program Files\GIMP-2.0
2008-06-17 09:39 --------- d-----w C:\Program Files\Winamp
2008-06-16 21:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2008-06-16 08:12 --------- d-----w C:\Program Files\DivX
2008-06-15 12:09 --------- d-----w C:\Program Files\Ripp-it_AM
2008-06-15 04:11 568 ----a-w C:\reecmuxmkv.bat
2008-06-15 00:09 --------- d-----w C:\Program Files\VirtualDub
2008-06-14 22:59 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia
2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 12:33 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Steinberg
2008-06-06 12:54 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2008-06-06 12:54 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-05-25 13:48 88,576 ---ha-w C:\Documents and Settings\Propriétaire\Application Data\rbap550.dll
2007-05-25 13:48 38,912 ---ha-w C:\Documents and Settings\Propriétaire\Application Data\RBShell550.dll
2007-05-25 13:48 29,184 ---ha-w C:\Documents and Settings\Propriétaire\Application Data\RBInternetEncodings550.dll
2005-12-27 23:10 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2006-12-01 21:32 8 --sh--r C:\WINDOWS\system32\C2C79C0203.sys
2006-12-01 21:37 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E61EB7E6-0C75-32EE-AB12-51854441931D}]
2008-08-09 12:05 126976 --a------ C:\WINDOWS\wxml73885.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-06-01 12:46 196608]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-31 00:25 67128]
"WOOKIT"="C:\Program Files\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]
"Acme.PCHButton"="C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\pchbutton.exe" [2004-01-01 12:42 159744]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-19 13:12 68856]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-08-21 10:27 495616]
"EPSON Stylus DX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE" [2005-02-02 06:00 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 09:01 110592]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2003-11-03 17:50 221184]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-15 12:42 4112384]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-07-15 12:42 81920]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-05-21 20:11 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-06-01 12:09 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-06-01 12:03 217088]
"EPSON Stylus DX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE" [2005-02-02 06:00 98304]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-02-20 14:06 741376]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-06-24 18:16 368640]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 21:16 286720]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-06-19 09:53 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 09:31 2221352]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-07-26 03:33 185896]
"nwiz"="nwiz.exe" [2004-07-15 12:42 843776 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 10:01 437160]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\vio\dvacm.acm
"MIDI1"= WGDRVR32.DLL
"WAVE1"= WGDRVR32.DLL
"VIDC.X264"= x264vfw.dll
"vidc.i420"= i420vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-10-19 21:16 286720 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-19 13:12 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Neoact\\Carom3D\\update.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\WINDOWS\\system32\\mshta.exe"=
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\Program Files\\Xi\\NetXfer\\NetTransport.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Maïdo Production\\IziSpot 4\\IziSpot.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\FlightGear\\bin\\win32\\fgfs.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\PromptPilote\\PromptPilote.exe"=
"C:\\Documents and Settings\\Propriétaire\\Mes documents\\Jeux\\racer053b4\\racer053b4\\racer.exe"=
"C:\\Documents and Settings\\Propriétaire\\Mes documents\\Jeux\\racer053b4\\racer053b4\\tracked.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\BitDownload\\BitDownload.exe"=
"C:\\Program Files\\wamp\\Apache2\\bin\\httpd.exe"=
"C:\\Documents and Settings\\Propriétaire\\Mes documents\\Jeux\\nexuiz-23\\Nexuiz\\nexuiz.exe"=
"X:\\Program Files\\MC2\\Sniper Elite\\SniperElite.exe"=
"C:\\Documents and Settings\\Propriétaire\\Local Settings\\Temp\\Nero Web\\SetupXu.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\Winsos\\winsos.exe"=
"C:\\Program Files\\Podmailing\\podmailing.exe"=
"C:\\Program Files\\TmNationsForever\\TmForever.exe"=
"C:\WINDOWS\winlogon.exe"= C:\WINDOWS\winlogon.exe
"C:\\Program Files\\eMule\\eMule.exe"=
"C:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:TCP 4662
"4672:UDP"= 4672:UDP:UDP 4672
"4661:TCP"= 4661:TCP:TCP 4661
"4665:UDP"= 4665:UDP:UDP 4665
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 20:27]
S3 ATE_PROCMON;ATE_PROCMON;C:\Program Files\Anti Trojan Elite\ATEPMon.sys []
S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2007-06-21 14:30]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18]
S3 gAGP440p;gAGP440p;C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\gAGP440p.sys []
S3 MagixASIODrv;MAGIX_ASIO_BoostDriver;C:\MAGIX\ms2005_deLuxe\mxasio.sys [2002-04-16 13:10]
S3 UsbSagCom;SAGEM Full USB Driver;C:\WINDOWS\system32\DRIVERS\UsbSagCom.sys [2005-04-07 11:24]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 20:45]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 20:45]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
2008-08-09 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
2008-08-08 C:\WINDOWS\Tasks\User_Feed_Synchronization-{43D4BF56-7D2D-46E5-B324-489926120209}.job
- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 12:58]
.
- - - - ORPHANS REMOVED - - - -
BHO-{351b0fe4-d749-41bb-acf4-3b59b179101d} - (no file)
BHO-{7AE18E39-FBCA-4A77-9CAC-FBE5AC809027} - (no file)
BHO-{8444F263-2A79-4FB1-AC07-41B0A2FC7A95} - (no file)
HKLM-Run-Anti Trojan Elite - C:\Program Files\Anti Trojan Elite\TJEnder.exe
HKLM-Run-VTTimer - VTTimer.exe
MSConfigStartUp-NeroFilterCheck - C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
MSConfigStartUp-WinampAgent - C:\Program Files\Winamp\winampa.exe
MSConfigStartUp-AlcxMonitor - ALCXMNTR.EXE
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\nvla8in7.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.msn.fr/
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 2\plugins\npdivx32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 2\plugins\npDivxPlayerPlugin.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 2\plugins\npnul32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 2\plugins\nppdf32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 2\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 2\plugins\npqtplugin.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 2\plugins\npqtplugin2.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 2\plugins\npqtplugin3.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 2\plugins\npqtplugin4.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 2\plugins\npqtplugin5.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 2\plugins\npqtplugin6.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 2\plugins\npqtplugin7.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 2\plugins\nprjplug.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 2\plugins\nprpjplug.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-09 19:33:51
Windows 5.1.2600 Service Pack 3 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-08-09 19:43:33
ComboFix-quarantined-files.txt 2008-08-09 17:42:21
Pre-Run: 16,076,111,872 octets libres
Post-Run: 16,038,002,688 octets libres
315 --- E O F --- 2008-08-09 15:13:15
