pb Iexplore.exe + fenetres intempestives firefox et explorer +....
Dernière réponse : dans Le monde de Windows
Bonjour a tous,
Voila alors par ou commencer, en gros depuis que j'ai désinstallé Mcafee qui était expiré et que j'ai mis Nod32 qui me pourissait la vie, j'ai voulu le desinstaller pour mettre G-data, mais malheureusement un virus ou plutot un worm s'est glissé dedans...
Depuis, je n'ai que des problemes, fenetres de pub intempestives sur firefox et explorer pour des pubs de mer*e des messages d'erreur a tout va, des checkdisk reclamé sans cesse, mon ordi fait des crash avec l'écran bleu qui indique le vidage de la memoire physique, impossobilité de démarrer l'ordi en safe mode puisqu'il crash, impossible d'installer un logiciel.
J'ai fais des scans avec malwarebytes qui m'enleve a chaque fois des trucs, j'ai fais des smitfraudfix, des hijackthis et corrections via leur site, mais RIEN ne disparait.
Au passage j'ai pu installer un antivirus, Antivir, mais la il ne peut rien faire le pauvre.
Je poste quand meme mon rapport Hijackthis pour voir si quelqu'un ou un miracle peut quelque chose pour moi:
C:/documentandsettings/allusers/application data
Merci a vous
Voila alors par ou commencer, en gros depuis que j'ai désinstallé Mcafee qui était expiré et que j'ai mis Nod32 qui me pourissait la vie, j'ai voulu le desinstaller pour mettre G-data, mais malheureusement un virus ou plutot un worm s'est glissé dedans...
Depuis, je n'ai que des problemes, fenetres de pub intempestives sur firefox et explorer pour des pubs de mer*e des messages d'erreur a tout va, des checkdisk reclamé sans cesse, mon ordi fait des crash avec l'écran bleu qui indique le vidage de la memoire physique, impossobilité de démarrer l'ordi en safe mode puisqu'il crash, impossible d'installer un logiciel.
J'ai fais des scans avec malwarebytes qui m'enleve a chaque fois des trucs, j'ai fais des smitfraudfix, des hijackthis et corrections via leur site, mais RIEN ne disparait.
Au passage j'ai pu installer un antivirus, Antivir, mais la il ne peut rien faire le pauvre.
Je poste quand meme mon rapport Hijackthis pour voir si quelqu'un ou un miracle peut quelque chose pour moi:
C:/documentandsettings/allusers/application data
Merci a vous
Autres pages sur : iexplore exe fenetres intempestives firefox explorer
Lassé par la pub ? Créez un compte
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:59, on 2008-10-26
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\tme3srv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Toshiba Applet\DockMsgFrom.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TMEPROP] C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe -S
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DockMsgFrom] C:\Program Files\Toshiba\Toshiba Applet\DockMsgFrom.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [e017bed5] rundll32.exe "C:\WINDOWS\system32\wweipfnj.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.downlo...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110w.bay110.mail.live.com/mail/resources/MsnPU...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {86992E9F-0414-40FD-B586-0E782A613504} - http://cpimg.msnplus.co.kr/_Download/ActiveX/WPCPackIns...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie0610100...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: guard32.dll ahnrir.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6028\SAService.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TME3SRV - IEC - C:\Program Files\TOSHIBA\TOSHIBA Applet\tme3srv.exe
--
End of file - 13407 bytes
Scan saved at 10:21:59, on 2008-10-26
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\tme3srv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Toshiba Applet\DockMsgFrom.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TMEPROP] C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe -S
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DockMsgFrom] C:\Program Files\Toshiba\Toshiba Applet\DockMsgFrom.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [e017bed5] rundll32.exe "C:\WINDOWS\system32\wweipfnj.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.downlo...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110w.bay110.mail.live.com/mail/resources/MsnPU...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {86992E9F-0414-40FD-B586-0E782A613504} - http://cpimg.msnplus.co.kr/_Download/ActiveX/WPCPackIns...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie0610100...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: guard32.dll ahnrir.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6028\SAService.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TME3SRV - IEC - C:\Program Files\TOSHIBA\TOSHIBA Applet\tme3srv.exe
--
End of file - 13407 bytes
Salut ,
Je te conseille pour firefox d'utiliser l'extension Adblock . Cette extension sert à bloquer les popups .
Je te conseille pour firefox d'utiliser l'extension Adblock . Cette extension sert à bloquer les popups .
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [e017bed5] rundll32.exe "C:\WINDOWS\system32\wweipfnj.dll",b
Passer Combofix et poster le log ici.
Télécharger combofix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Exécuter le logiciel en cliquant dessus.
Ensuite attendre que le log soit fini. Ne rien toucher avant la fin.
La barre démarrer peut disparaître et c'est normal.
Le rapport est dans "Bloc note" et vous pouvez le sauvegarder.
Pour me copier/coller les log dans le "Bloc note" vous allez dans le menu Édition et cliquer sur "Sélectionner tout" et retourner dans "Édition" et cliquer sur "copier"
Sur le forum, faire un click droit et cliquer sur "coller".
Comodo Firewall est Hijacker. Donc ne pas trop donner de détail pour l'instant personnel ou faire de transaction.
O4 - HKLM\..\Run: [e017bed5] rundll32.exe "C:\WINDOWS\system32\wweipfnj.dll",b
Passer Combofix et poster le log ici.
Télécharger combofix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Exécuter le logiciel en cliquant dessus.
Ensuite attendre que le log soit fini. Ne rien toucher avant la fin.
La barre démarrer peut disparaître et c'est normal.
Le rapport est dans "Bloc note" et vous pouvez le sauvegarder.
Pour me copier/coller les log dans le "Bloc note" vous allez dans le menu Édition et cliquer sur "Sélectionner tout" et retourner dans "Édition" et cliquer sur "copier"
Sur le forum, faire un click droit et cliquer sur "coller".
Comodo Firewall est Hijacker. Donc ne pas trop donner de détail pour l'instant personnel ou faire de transaction.
ComboFix 08-10-29.04 - KAREEM 2008-10-29 12:54:04.1 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.732 [GMT 1:00]
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Invité\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\ebkq.exe
C:\WINDOWS\system32\ahnrir.dll
C:\WINDOWS\system32\ajmcnx.dll
C:\WINDOWS\system32\aqcregql.ini
C:\WINDOWS\system32\avhajyar.dll
C:\WINDOWS\system32\avysgf.dll
C:\WINDOWS\system32\azazvr.dll
C:\WINDOWS\system32\bgqdmi.dll
C:\WINDOWS\system32\brdsjcge.dll
C:\WINDOWS\system32\brhykl.dll
C:\WINDOWS\system32\ccwwzh.dll
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\cugqxaup.dll
C:\WINDOWS\system32\dixyqtnd.dll
C:\WINDOWS\system32\doekmvyi.dll
C:\WINDOWS\system32\drivers\TDSSserv.sys
C:\WINDOWS\system32\dwmlddhm.dll
C:\WINDOWS\system32\dxluge.dll
C:\WINDOWS\system32\dzdqoe.dll
C:\WINDOWS\system32\efcDWQjI.dll
C:\WINDOWS\system32\emfwssgu.dll
C:\WINDOWS\system32\entsfcxq.ini
C:\WINDOWS\system32\fcuumcog.ini
C:\WINDOWS\system32\gaifdrbg.dll
C:\WINDOWS\system32\govnar.dll
C:\WINDOWS\system32\gwkgqx.dll
C:\WINDOWS\system32\hgGwTkJY.dll
C:\WINDOWS\system32\hkgmjt.dll
C:\WINDOWS\system32\hmxshebe.dll
C:\WINDOWS\system32\hpuuongk.dll
C:\WINDOWS\system32\htpnwydv.dll
C:\WINDOWS\system32\ilshgn.dll
C:\WINDOWS\system32\jnfpieww.ini
C:\WINDOWS\system32\jxtdnyjn.dll
C:\WINDOWS\system32\luhwuqxd.dll
C:\WINDOWS\system32\mifridow.dll
C:\WINDOWS\system32\nhcqko.dll
C:\WINDOWS\system32\nUxENqss.ini
C:\WINDOWS\system32\nUxENqss.ini2
C:\WINDOWS\system32\nwqukebn.dll
C:\WINDOWS\system32\ohavcqfv.ini
C:\WINDOWS\system32\ojpsvugq.dll
C:\WINDOWS\system32\olduqmce.dll
C:\WINDOWS\system32\pcljvuvo.ini
C:\WINDOWS\system32\pdfpdt.dll
C:\WINDOWS\system32\prapagvb.dll
C:\WINDOWS\system32\puaxqguc.ini
C:\WINDOWS\system32\qbugbkth.dll
C:\WINDOWS\system32\rbbjmi.dll
C:\WINDOWS\system32\rwfqgdnt.dll
C:\WINDOWS\system32\rxnfdpld.dll
C:\WINDOWS\system32\tdssadw.dll
C:\WINDOWS\system32\TDSSerrors.log
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\TDSSlog.dll
C:\WINDOWS\system32\TDSSmain.dll
C:\WINDOWS\system32\TDSSserf.dll
C:\WINDOWS\system32\tdssservers.dat
C:\WINDOWS\system32\tjudhjau.dll
C:\WINDOWS\system32\vbuqof.dll
C:\WINDOWS\system32\vfqcvaho.dll
C:\WINDOWS\system32\vpvpnf.dll
C:\WINDOWS\system32\whhciz.dll
C:\WINDOWS\system32\wjaxsy.dll
C:\WINDOWS\system32\wsuxuoji.dll
C:\WINDOWS\system32\wweipfnj.dll
C:\WINDOWS\system32\xfogtlkt.dll
C:\WINDOWS\system32\xjkpvn.dll
C:\WINDOWS\system32\yxpmrb.dll
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_TDSSserv
-------\Legacy_TDSSserv
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-29 ))))))))))))))))))))))))))))))))))))
.
2008-10-29 12:50 . 2008-10-29 12:50 <REP> d--hs---- C:\FOUND.001
2008-10-29 12:50 . 2008-10-29 12:50 <REP> d--hs---- C:\FOUND.001
2008-10-29 12:38 . 2008-10-29 12:39 <REP> d-------- C:\Qoobox
2008-10-29 12:38 . 2008-10-29 12:38 <REP> d-------- C:\ComboFix
2008-10-27 13:10 . 2008-10-27 13:10 <REP> d-------- C:\Documents and Settings\KAREEM\Application Data\Avira
2008-10-27 13:03 . 2008-10-27 13:03 <REP> d-------- C:\Program Files\Avira
2008-10-27 13:03 . 2008-10-27 13:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-10-24 23:36 . 2008-10-24 23:36 268,288 --a------ C:\WINDOWS\system32\ssqNExUn.dll
2008-10-24 22:59 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-10-24 22:59 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-10-24 22:59 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-10-24 22:59 . 2008-10-01 15:51 87,552 --a------ C:\WINDOWS\system32\VACFix.exe
2008-10-24 22:59 . 2008-10-10 08:58 82,944 --a------ C:\WINDOWS\system32\o4Patch.exe
2008-10-24 22:59 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-10-24 22:59 . 2008-10-10 08:58 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-10-24 22:59 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-10-24 22:59 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-10-24 22:59 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-10-24 22:59 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-10-24 17:26 . 2008-10-24 17:26 268,288 --a------ C:\WINDOWS\system32\efcDSJDU.dll
2008-10-23 11:07 . 2008-10-23 11:07 <REP> d-------- C:\Program Files\COMODO
2008-10-23 11:07 . 2008-10-23 11:07 <REP> d-------- C:\Documents and Settings\KAREEM\Application Data\Comodo
2008-10-23 11:07 . 2008-10-23 11:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-10-23 11:07 . 2008-10-23 11:29 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-10-23 11:07 . 2008-10-23 11:29 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-10-23 11:07 . 2008-10-23 11:29 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-10-22 11:55 . 2008-10-22 11:55 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-22 11:55 . 2008-10-22 11:55 <REP> d-------- C:\Documents and Settings\KAREEM\Application Data\Malwarebytes
2008-10-22 11:55 . 2008-10-22 11:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-22 11:55 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-22 11:55 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-22 10:19 . 2008-10-22 10:19 <REP> d-------- C:\Program Files\Navilog1
2008-10-21 21:34 . 2008-10-21 21:34 <REP> d-------- C:\Program Files\a-squared Free
2008-10-21 21:31 . 2008-10-21 21:31 <REP> d-------- C:\Program Files\Trend Micro
2008-10-21 19:32 . 2006-10-26 09:56 168,392 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-10-21 19:32 . 2006-10-26 09:56 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-10-21 19:32 . 2006-10-26 09:56 35,048 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-10-21 19:32 . 2006-10-26 09:56 34,120 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-10-21 19:32 . 2006-10-26 09:56 31,944 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-10-21 19:31 . 2006-10-30 12:04 100,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-10-21 19:31 . 2006-11-23 15:54 1,808 --a------ C:\WINDOWS\system32\subst.inf
2008-10-20 09:45 . 2008-10-20 09:45 <REP> d-------- C:\Program Files\CCleaner
2008-10-19 18:00 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-10-19 17:58 . 2008-10-19 17:58 <REP> d-------- C:\Program Files\PC Connectivity Solution
2008-10-18 13:48 . 2008-10-24 23:03 4,100 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-17 22:40 . 2008-10-17 22:40 <REP> d-------- C:\Documents and Settings\KAREEM\Application Data\ESET
2008-10-16 00:45 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-16 00:44 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-16 00:44 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-16 00:44 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-16 00:44 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-16 00:44 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-03 22:54 . 2008-10-03 22:54 45,768 --a------ C:\WINDOWS\system32\drivers\MiniIcpt.sys
2008-10-02 23:34 . 2008-10-02 23:34 <REP> d--hs---- C:\FOUND.000
2008-10-02 23:34 . 2008-10-02 23:34 <REP> d--hs---- C:\FOUND.000
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-21 18:26 --------- d-----w C:\Program Files\Fichiers communs\McAfee
2008-10-19 17:05 --------- d-----w C:\Program Files\Fichiers communs\PCSuite
2008-10-19 17:05 --------- d-----w C:\Program Files\Fichiers communs\Nokia
2008-10-03 18:12 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-17 19:57 --------- d-----w C:\Program Files\PPMate
2008-09-17 19:57 --------- d-----w C:\Documents and Settings\KAREEM\Application Data\PPMate
2008-09-15 16:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 11:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-27 10:11 3,593,216 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-25 09:39 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-08-25 09:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-23 06:56 635,848 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-23 06:54 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-08-14 14:23 2,191,232 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 14:23 2,068,096 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 11:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2006-12-29 14:15 626,688 ----a-w C:\Program Files\Fichiers communs\sapconsaccess.dll
2006-12-29 14:15 40,960 ----a-w C:\Program Files\Fichiers communs\DigitalSignature.ocx
2006-12-29 14:15 3,100,672 ----a-w C:\Program Files\Fichiers communs\sapxlhelper.dll
2006-12-29 14:15 192,512 ----a-w C:\Program Files\Fichiers communs\sapconsr3.dll
2006-12-07 09:26 1,129,984 ----a-w C:\Program Files\Fichiers communs\SAPActiveXL.xlt
2006-12-07 09:26 1,124,864 ----a-w C:\Program Files\Fichiers communs\SAPActiveXL_nosig.xlt
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F215471-8182-42B8-B43B-15FF53C57171}]
2008-10-24 23:36 268288 --a------ C:\WINDOWS\system32\ssqNExUn.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~3\wcescomm.exe" [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-01-13 5525504]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 688218]
"TMEPROP"="C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe" [2005-01-19 253952]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2005-01-14 352256]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2004-12-21 118784]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 1077327]
"DockMsgFrom"="C:\Program Files\Toshiba\Toshiba Applet\DockMsgFrom.exe" [2004-11-11 114688]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 122939]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-11-14 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 286720]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-10-23 1655552]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-06-12 266497]
"TPSMain"="TPSMain.exe" [2005-01-21 C:\WINDOWS\system32\TPSMain.exe]
"TFncKy"="TFncKy.exe" [BU]
"nwiz"="nwiz.exe" [2005-01-13 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2005-01-13 C:\WINDOWS\system32\nvmctray.dll]
"NDSTray.exe"="NDSTray.exe" [BU]
"CFSServ.exe"="CFSServ.exe" [BU]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-07 C:\WINDOWS\agrsmmsg.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-02-02 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= guard32.dll dzdqoe.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.VP40"= vp4vfw.dll
"MSACM.CEGSM"= mobilev.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\ssqNExUn
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TrayMin210.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\TrayMin210.exe.lnk
backup=C:\WINDOWS\pss\TrayMin210.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^KAREEM^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=C:\Documents and Settings\KAREEM\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2008-04-23 02:08 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
--a------ 2007-03-22 14:02 2663480 C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
--a------ 2004-06-09 15:37 40960 C:\WINDOWS\VM_STI.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 14:07 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-06-17 16:00 1249280 C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ppmate]
--a------ 2006-11-23 03:45 1495123 C:\Program Files\PPMate\PPMate\ppmate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-14 23:43 286720 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
--a------ 2004-11-12 17:57 73728 C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--a------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2004-12-20 15:41 33792 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SPTISRV"=3 (0x3)
"iPod Service"=3 (0x3)
"McRedirector"=2 (0x2)
"McAfee HackerWatch Service"=2 (0x2)
"Emproxy"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
"SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"Babylon Client"=C:\Program Files\Babylon\Babylon.exe -AutoStart
"MSKDetectorExe"=C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
"MSKAGENTEXE"=C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
"MWLExe"=C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\tvants\\Tvants.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"C:\\WINDOWS\\System32\\dpvsetup.exe"=
"C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Fichiers communs\\Synacast\\SynaLive\\PE.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\PPMate\\PPMate\\ppmate.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6828:TCP"= 6828:TCP![:p]( ":p")
pLive
"4277:UDP"= 4277:UDP![:p]( ":p")
pLive
"13764:TCP"= 13764:TCP:BitComet 13764 TCP
"13764:UDP"= 13764:UDP:BitComet 13764 UDP
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"15080:TCP"= 15080:TCP:NortonAV
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-10-23 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-10-23 24208]
R2 AVEService;Avira AntiVir Premium MailGuard helper service;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-05-09 41217]
S0 dibeajxh;dibeajxh;C:\WINDOWS\system32\drivers\earktxv.sys [ ]
S2 AntiVirMailService;Avira AntiVir Premium MailGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2008-07-11 164097]
S2 antivirwebservice;Avira AntiVir Premium WebGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE [2008-06-12 258305]
S3 GOBBLER;GOBBLER;C:\WINDOWS\system32\drivers\GOBBLER.SYS [ ]
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2004-07-14 31547]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 20096]
S3 PEEK5;PEEK5 Protocol Driver;C:\DOCUME~1\KAREEM\Bureau\WINAIR~1\WINAIR~1\PEEK5.SYS [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{175d5ea0-7bfe-11db-995b-000e35eb802d}]
\shell\sorthb\command - "C:\Program Files\PSP Brew\PSPbrew.exe" /sorthb
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bb99a60-7419-11dc-9b19-000e35eb802d}]
\Shell\AutoRun\command - setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b5041d0-7a8e-11dc-9b25-000e35eb802d}]
\shell\sorthb\command - "C:\Program Files\PSP Brew\PSPbrew.exe" /sorthb
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0c350d0-d8eb-11dc-9c1f-000e35eb802d}]
\shell\sorthb\command - "C:\Program Files\PSP Brew\PSPbrew.exe" /sorthb
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1d1bf31-b6af-11db-99c4-000e35eb802d}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8f86fd0-7b4e-11db-9959-000e35eb802d}]
\shell\sorthb\command - "C:\Program Files\PSP Brew\PSPbrew.exe" /sorthb
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7cc0190-71b3-11da-973b-000e35eb802d}]
\Shell\AutoRun\command - F:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd74b500-eec0-11db-9a1d-000e35eb802d}]
\Shell\AutoRun\command - G:\setupSNK.exe
.
Contenu du dossier 'Tâches planifiées'
2008-10-24 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe []
2007-09-30 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
2008-10-24 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{159229C1-C44F-42D8-AEC6-09FBFB6375FC} - C:\WINDOWS\system32\efcDWQjI.dll
BHO-{5B88BA6E-3DF6-4A58-BBB4-7F06A35DF7F9} - C:\WINDOWS\system32\khfCrSjg.dll
BHO-{71AF7EF2-DACD-48C1-B14B-42829EDA6B6A} - C:\WINDOWS\system32\tuvVLdeb.dll
BHO-{77062945-6728-43E4-ADC4-CF45E7E1AF1A} - (no file)
BHO-{950A447F-980A-4BE1-A2C2-7176776AF2D3} - C:\WINDOWS\system32\nnnlmNFX.dll
BHO-{AC7B433F-7987-4217-9E1E-B21097BCE59A} - C:\WINDOWS\system32\xxyvtuSj.dll
BHO-{c25a21fb-133a-4219-a891-a6f4c3a90997} - C:\WINDOWS\system32\dzdqoe.dll
BHO-{F8881957-BBF5-4752-B611-9E7F532F78E1} - (no file)
WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
HKCU-Run-Sonic RecordNow! - (no file)
HKU-Default-Run-Nokia.PCSync - C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
ShellExecuteHooks-{159229C1-C44F-42D8-AEC6-09FBFB6375FC} - C:\WINDOWS\system32\efcDWQjI.dll
MSConfigStartUp-Adobe Photo Downloader - C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
MSConfigStartUp-Configuration de la neuf Box - C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe
MSConfigStartUp-Creative WebCam Tray - C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
MSConfigStartUp-iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe
MSConfigStartUp-MSKAGENTEXE - C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
MSConfigStartUp-PC Suite Tray - C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
MSConfigStartUp-SiteAdvisor - C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
MSConfigStartUp-TVAgent WiFi - C:\Program Files\neuf telecom\neuf Box\Wizard\Agent_WiFi.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\KAREEM\Application Data\Mozilla\Firefox\Profiles\0sg4fpqh.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-29 13:03:16
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\ssqNExUn.dll
PROCESSUS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Toshiba\Toshiba Applet\TMEEJDLL.dll
-> C:\WINDOWS\system32\ssqNExUn.dll
.
------------------------ Autres processus actifs ------------------------
.
C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION PREMIUM\SCHED.EXE
C:\PROGRAM FILES\A-SQUARED FREE\A2SERVICE.EXE
C:\PROGRAM FILES\TOSHIBA\CONFIGFREE\CFSVCS.EXE
C:\PROGRAM FILES\COMODO\FIREWALL\CMDAGENT.EXE
C:\WINDOWS\SYSTEM32\DVDRAMSV.EXE
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMAGENT.EXE
C:\PROGRAM FILES\TOSHIBA\TOSHIBA APPLET\TAPPSRV.EXE
C:\PROGRAM FILES\TOSHIBA\TOSHIBA APPLET\TME3SRV.EXE
C:\WINDOWS\SYSTEM32\WSCNTFY.EXE
C:\WINDOWS\SYSTEM32\TPSBATTM.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\PROGRAM FILES\TOSHIBA\CONFIGFREE\NDSTRAY.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\PROGRAM FILES\TOSHIBA\CONFIGFREE\CFSSERV.EXE
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
.
**************************************************************************
.
Heure de fin: 2008-10-29 13:10:04 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-29 12:09:54
Avant-CF: 13,266,419,712 octets libres
Après-CF: 13,366,886,400 octets libres
404 --- E O F --- 2008-10-22 18:33:22
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.732 [GMT 1:00]
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Invité\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\ebkq.exe
C:\WINDOWS\system32\ahnrir.dll
C:\WINDOWS\system32\ajmcnx.dll
C:\WINDOWS\system32\aqcregql.ini
C:\WINDOWS\system32\avhajyar.dll
C:\WINDOWS\system32\avysgf.dll
C:\WINDOWS\system32\azazvr.dll
C:\WINDOWS\system32\bgqdmi.dll
C:\WINDOWS\system32\brdsjcge.dll
C:\WINDOWS\system32\brhykl.dll
C:\WINDOWS\system32\ccwwzh.dll
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\cugqxaup.dll
C:\WINDOWS\system32\dixyqtnd.dll
C:\WINDOWS\system32\doekmvyi.dll
C:\WINDOWS\system32\drivers\TDSSserv.sys
C:\WINDOWS\system32\dwmlddhm.dll
C:\WINDOWS\system32\dxluge.dll
C:\WINDOWS\system32\dzdqoe.dll
C:\WINDOWS\system32\efcDWQjI.dll
C:\WINDOWS\system32\emfwssgu.dll
C:\WINDOWS\system32\entsfcxq.ini
C:\WINDOWS\system32\fcuumcog.ini
C:\WINDOWS\system32\gaifdrbg.dll
C:\WINDOWS\system32\govnar.dll
C:\WINDOWS\system32\gwkgqx.dll
C:\WINDOWS\system32\hgGwTkJY.dll
C:\WINDOWS\system32\hkgmjt.dll
C:\WINDOWS\system32\hmxshebe.dll
C:\WINDOWS\system32\hpuuongk.dll
C:\WINDOWS\system32\htpnwydv.dll
C:\WINDOWS\system32\ilshgn.dll
C:\WINDOWS\system32\jnfpieww.ini
C:\WINDOWS\system32\jxtdnyjn.dll
C:\WINDOWS\system32\luhwuqxd.dll
C:\WINDOWS\system32\mifridow.dll
C:\WINDOWS\system32\nhcqko.dll
C:\WINDOWS\system32\nUxENqss.ini
C:\WINDOWS\system32\nUxENqss.ini2
C:\WINDOWS\system32\nwqukebn.dll
C:\WINDOWS\system32\ohavcqfv.ini
C:\WINDOWS\system32\ojpsvugq.dll
C:\WINDOWS\system32\olduqmce.dll
C:\WINDOWS\system32\pcljvuvo.ini
C:\WINDOWS\system32\pdfpdt.dll
C:\WINDOWS\system32\prapagvb.dll
C:\WINDOWS\system32\puaxqguc.ini
C:\WINDOWS\system32\qbugbkth.dll
C:\WINDOWS\system32\rbbjmi.dll
C:\WINDOWS\system32\rwfqgdnt.dll
C:\WINDOWS\system32\rxnfdpld.dll
C:\WINDOWS\system32\tdssadw.dll
C:\WINDOWS\system32\TDSSerrors.log
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\TDSSlog.dll
C:\WINDOWS\system32\TDSSmain.dll
C:\WINDOWS\system32\TDSSserf.dll
C:\WINDOWS\system32\tdssservers.dat
C:\WINDOWS\system32\tjudhjau.dll
C:\WINDOWS\system32\vbuqof.dll
C:\WINDOWS\system32\vfqcvaho.dll
C:\WINDOWS\system32\vpvpnf.dll
C:\WINDOWS\system32\whhciz.dll
C:\WINDOWS\system32\wjaxsy.dll
C:\WINDOWS\system32\wsuxuoji.dll
C:\WINDOWS\system32\wweipfnj.dll
C:\WINDOWS\system32\xfogtlkt.dll
C:\WINDOWS\system32\xjkpvn.dll
C:\WINDOWS\system32\yxpmrb.dll
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_TDSSserv
-------\Legacy_TDSSserv
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-29 ))))))))))))))))))))))))))))))))))))
.
2008-10-29 12:50 . 2008-10-29 12:50 <REP> d--hs---- C:\FOUND.001
2008-10-29 12:50 . 2008-10-29 12:50 <REP> d--hs---- C:\FOUND.001
2008-10-29 12:38 . 2008-10-29 12:39 <REP> d-------- C:\Qoobox
2008-10-29 12:38 . 2008-10-29 12:38 <REP> d-------- C:\ComboFix
2008-10-27 13:10 . 2008-10-27 13:10 <REP> d-------- C:\Documents and Settings\KAREEM\Application Data\Avira
2008-10-27 13:03 . 2008-10-27 13:03 <REP> d-------- C:\Program Files\Avira
2008-10-27 13:03 . 2008-10-27 13:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-10-24 23:36 . 2008-10-24 23:36 268,288 --a------ C:\WINDOWS\system32\ssqNExUn.dll
2008-10-24 22:59 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-10-24 22:59 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-10-24 22:59 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-10-24 22:59 . 2008-10-01 15:51 87,552 --a------ C:\WINDOWS\system32\VACFix.exe
2008-10-24 22:59 . 2008-10-10 08:58 82,944 --a------ C:\WINDOWS\system32\o4Patch.exe
2008-10-24 22:59 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-10-24 22:59 . 2008-10-10 08:58 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-10-24 22:59 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-10-24 22:59 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-10-24 22:59 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-10-24 22:59 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-10-24 17:26 . 2008-10-24 17:26 268,288 --a------ C:\WINDOWS\system32\efcDSJDU.dll
2008-10-23 11:07 . 2008-10-23 11:07 <REP> d-------- C:\Program Files\COMODO
2008-10-23 11:07 . 2008-10-23 11:07 <REP> d-------- C:\Documents and Settings\KAREEM\Application Data\Comodo
2008-10-23 11:07 . 2008-10-23 11:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-10-23 11:07 . 2008-10-23 11:29 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-10-23 11:07 . 2008-10-23 11:29 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-10-23 11:07 . 2008-10-23 11:29 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-10-22 11:55 . 2008-10-22 11:55 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-22 11:55 . 2008-10-22 11:55 <REP> d-------- C:\Documents and Settings\KAREEM\Application Data\Malwarebytes
2008-10-22 11:55 . 2008-10-22 11:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-22 11:55 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-22 11:55 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-22 10:19 . 2008-10-22 10:19 <REP> d-------- C:\Program Files\Navilog1
2008-10-21 21:34 . 2008-10-21 21:34 <REP> d-------- C:\Program Files\a-squared Free
2008-10-21 21:31 . 2008-10-21 21:31 <REP> d-------- C:\Program Files\Trend Micro
2008-10-21 19:32 . 2006-10-26 09:56 168,392 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-10-21 19:32 . 2006-10-26 09:56 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-10-21 19:32 . 2006-10-26 09:56 35,048 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-10-21 19:32 . 2006-10-26 09:56 34,120 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-10-21 19:32 . 2006-10-26 09:56 31,944 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-10-21 19:31 . 2006-10-30 12:04 100,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-10-21 19:31 . 2006-11-23 15:54 1,808 --a------ C:\WINDOWS\system32\subst.inf
2008-10-20 09:45 . 2008-10-20 09:45 <REP> d-------- C:\Program Files\CCleaner
2008-10-19 18:00 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-10-19 17:58 . 2008-10-19 17:58 <REP> d-------- C:\Program Files\PC Connectivity Solution
2008-10-18 13:48 . 2008-10-24 23:03 4,100 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-17 22:40 . 2008-10-17 22:40 <REP> d-------- C:\Documents and Settings\KAREEM\Application Data\ESET
2008-10-16 00:45 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-16 00:44 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-16 00:44 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-16 00:44 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-16 00:44 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-16 00:44 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-03 22:54 . 2008-10-03 22:54 45,768 --a------ C:\WINDOWS\system32\drivers\MiniIcpt.sys
2008-10-02 23:34 . 2008-10-02 23:34 <REP> d--hs---- C:\FOUND.000
2008-10-02 23:34 . 2008-10-02 23:34 <REP> d--hs---- C:\FOUND.000
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-21 18:26 --------- d-----w C:\Program Files\Fichiers communs\McAfee
2008-10-19 17:05 --------- d-----w C:\Program Files\Fichiers communs\PCSuite
2008-10-19 17:05 --------- d-----w C:\Program Files\Fichiers communs\Nokia
2008-10-03 18:12 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-17 19:57 --------- d-----w C:\Program Files\PPMate
2008-09-17 19:57 --------- d-----w C:\Documents and Settings\KAREEM\Application Data\PPMate
2008-09-15 16:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 11:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-27 10:11 3,593,216 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-25 09:39 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-08-25 09:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-23 06:56 635,848 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-23 06:54 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-08-14 14:23 2,191,232 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 14:23 2,068,096 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 11:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2006-12-29 14:15 626,688 ----a-w C:\Program Files\Fichiers communs\sapconsaccess.dll
2006-12-29 14:15 40,960 ----a-w C:\Program Files\Fichiers communs\DigitalSignature.ocx
2006-12-29 14:15 3,100,672 ----a-w C:\Program Files\Fichiers communs\sapxlhelper.dll
2006-12-29 14:15 192,512 ----a-w C:\Program Files\Fichiers communs\sapconsr3.dll
2006-12-07 09:26 1,129,984 ----a-w C:\Program Files\Fichiers communs\SAPActiveXL.xlt
2006-12-07 09:26 1,124,864 ----a-w C:\Program Files\Fichiers communs\SAPActiveXL_nosig.xlt
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F215471-8182-42B8-B43B-15FF53C57171}]
2008-10-24 23:36 268288 --a------ C:\WINDOWS\system32\ssqNExUn.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~3\wcescomm.exe" [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-01-13 5525504]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 688218]
"TMEPROP"="C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe" [2005-01-19 253952]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2005-01-14 352256]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2004-12-21 118784]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 1077327]
"DockMsgFrom"="C:\Program Files\Toshiba\Toshiba Applet\DockMsgFrom.exe" [2004-11-11 114688]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 122939]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-11-14 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 286720]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-10-23 1655552]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-06-12 266497]
"TPSMain"="TPSMain.exe" [2005-01-21 C:\WINDOWS\system32\TPSMain.exe]
"TFncKy"="TFncKy.exe" [BU]
"nwiz"="nwiz.exe" [2005-01-13 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2005-01-13 C:\WINDOWS\system32\nvmctray.dll]
"NDSTray.exe"="NDSTray.exe" [BU]
"CFSServ.exe"="CFSServ.exe" [BU]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-07 C:\WINDOWS\agrsmmsg.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-02-02 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= guard32.dll dzdqoe.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.VP40"= vp4vfw.dll
"MSACM.CEGSM"= mobilev.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\ssqNExUn
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TrayMin210.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\TrayMin210.exe.lnk
backup=C:\WINDOWS\pss\TrayMin210.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^KAREEM^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=C:\Documents and Settings\KAREEM\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2008-04-23 02:08 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
--a------ 2007-03-22 14:02 2663480 C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
--a------ 2004-06-09 15:37 40960 C:\WINDOWS\VM_STI.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 14:07 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-06-17 16:00 1249280 C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ppmate]
--a------ 2006-11-23 03:45 1495123 C:\Program Files\PPMate\PPMate\ppmate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-14 23:43 286720 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
--a------ 2004-11-12 17:57 73728 C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--a------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2004-12-20 15:41 33792 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SPTISRV"=3 (0x3)
"iPod Service"=3 (0x3)
"McRedirector"=2 (0x2)
"McAfee HackerWatch Service"=2 (0x2)
"Emproxy"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
"SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"Babylon Client"=C:\Program Files\Babylon\Babylon.exe -AutoStart
"MSKDetectorExe"=C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
"MSKAGENTEXE"=C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
"MWLExe"=C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\tvants\\Tvants.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"C:\\WINDOWS\\System32\\dpvsetup.exe"=
"C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Fichiers communs\\Synacast\\SynaLive\\PE.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\PPMate\\PPMate\\ppmate.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6828:TCP"= 6828:TCP
pLive"4277:UDP"= 4277:UDP
pLive"13764:TCP"= 13764:TCP:BitComet 13764 TCP
"13764:UDP"= 13764:UDP:BitComet 13764 UDP
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"15080:TCP"= 15080:TCP:NortonAV
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-10-23 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-10-23 24208]
R2 AVEService;Avira AntiVir Premium MailGuard helper service;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-05-09 41217]
S0 dibeajxh;dibeajxh;C:\WINDOWS\system32\drivers\earktxv.sys [ ]
S2 AntiVirMailService;Avira AntiVir Premium MailGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2008-07-11 164097]
S2 antivirwebservice;Avira AntiVir Premium WebGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE [2008-06-12 258305]
S3 GOBBLER;GOBBLER;C:\WINDOWS\system32\drivers\GOBBLER.SYS [ ]
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2004-07-14 31547]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 20096]
S3 PEEK5;PEEK5 Protocol Driver;C:\DOCUME~1\KAREEM\Bureau\WINAIR~1\WINAIR~1\PEEK5.SYS [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{175d5ea0-7bfe-11db-995b-000e35eb802d}]
\shell\sorthb\command - "C:\Program Files\PSP Brew\PSPbrew.exe" /sorthb
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bb99a60-7419-11dc-9b19-000e35eb802d}]
\Shell\AutoRun\command - setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b5041d0-7a8e-11dc-9b25-000e35eb802d}]
\shell\sorthb\command - "C:\Program Files\PSP Brew\PSPbrew.exe" /sorthb
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0c350d0-d8eb-11dc-9c1f-000e35eb802d}]
\shell\sorthb\command - "C:\Program Files\PSP Brew\PSPbrew.exe" /sorthb
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1d1bf31-b6af-11db-99c4-000e35eb802d}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8f86fd0-7b4e-11db-9959-000e35eb802d}]
\shell\sorthb\command - "C:\Program Files\PSP Brew\PSPbrew.exe" /sorthb
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7cc0190-71b3-11da-973b-000e35eb802d}]
\Shell\AutoRun\command - F:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd74b500-eec0-11db-9a1d-000e35eb802d}]
\Shell\AutoRun\command - G:\setupSNK.exe
.
Contenu du dossier 'Tâches planifiées'
2008-10-24 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe []
2007-09-30 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
2008-10-24 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{159229C1-C44F-42D8-AEC6-09FBFB6375FC} - C:\WINDOWS\system32\efcDWQjI.dll
BHO-{5B88BA6E-3DF6-4A58-BBB4-7F06A35DF7F9} - C:\WINDOWS\system32\khfCrSjg.dll
BHO-{71AF7EF2-DACD-48C1-B14B-42829EDA6B6A} - C:\WINDOWS\system32\tuvVLdeb.dll
BHO-{77062945-6728-43E4-ADC4-CF45E7E1AF1A} - (no file)
BHO-{950A447F-980A-4BE1-A2C2-7176776AF2D3} - C:\WINDOWS\system32\nnnlmNFX.dll
BHO-{AC7B433F-7987-4217-9E1E-B21097BCE59A} - C:\WINDOWS\system32\xxyvtuSj.dll
BHO-{c25a21fb-133a-4219-a891-a6f4c3a90997} - C:\WINDOWS\system32\dzdqoe.dll
BHO-{F8881957-BBF5-4752-B611-9E7F532F78E1} - (no file)
WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
HKCU-Run-Sonic RecordNow! - (no file)
HKU-Default-Run-Nokia.PCSync - C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
ShellExecuteHooks-{159229C1-C44F-42D8-AEC6-09FBFB6375FC} - C:\WINDOWS\system32\efcDWQjI.dll
MSConfigStartUp-Adobe Photo Downloader - C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
MSConfigStartUp-Configuration de la neuf Box - C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe
MSConfigStartUp-Creative WebCam Tray - C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
MSConfigStartUp-iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe
MSConfigStartUp-MSKAGENTEXE - C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
MSConfigStartUp-PC Suite Tray - C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
MSConfigStartUp-SiteAdvisor - C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
MSConfigStartUp-TVAgent WiFi - C:\Program Files\neuf telecom\neuf Box\Wizard\Agent_WiFi.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\KAREEM\Application Data\Mozilla\Firefox\Profiles\0sg4fpqh.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-29 13:03:16
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\ssqNExUn.dll
PROCESSUS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Toshiba\Toshiba Applet\TMEEJDLL.dll
-> C:\WINDOWS\system32\ssqNExUn.dll
.
------------------------ Autres processus actifs ------------------------
.
C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION PREMIUM\SCHED.EXE
C:\PROGRAM FILES\A-SQUARED FREE\A2SERVICE.EXE
C:\PROGRAM FILES\TOSHIBA\CONFIGFREE\CFSVCS.EXE
C:\PROGRAM FILES\COMODO\FIREWALL\CMDAGENT.EXE
C:\WINDOWS\SYSTEM32\DVDRAMSV.EXE
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMAGENT.EXE
C:\PROGRAM FILES\TOSHIBA\TOSHIBA APPLET\TAPPSRV.EXE
C:\PROGRAM FILES\TOSHIBA\TOSHIBA APPLET\TME3SRV.EXE
C:\WINDOWS\SYSTEM32\WSCNTFY.EXE
C:\WINDOWS\SYSTEM32\TPSBATTM.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\PROGRAM FILES\TOSHIBA\CONFIGFREE\NDSTRAY.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\PROGRAM FILES\TOSHIBA\CONFIGFREE\CFSSERV.EXE
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
.
**************************************************************************
.
Heure de fin: 2008-10-29 13:10:04 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-29 12:09:54
Avant-CF: 13,266,419,712 octets libres
Après-CF: 13,366,886,400 octets libres
404 --- E O F --- 2008-10-22 18:33:22
Ouvrir le bloc note et faire un copier/coller entier de tout le texte qui est en vert:
Attention ce script spécialisé est adapter seulement pour cette machine.
File::
C:\WINDOWS\system32\ssqNExUn.dll
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\efcDSJDU.dll
Ensuite Ficher - sauvegarder sous et lui donner le nom de CFScript au final vous donne un fichier CFScript.txt.
Ensuite glisser le fichier comme ceci sur Combofix:
![]()
Un nouveau log va être donner et vous me le copier/coller.
Désactiver la restauration système explication ici et la remettre quand l'ordi sera propre: http://service1.symantec.com/SUPPORT/INTER/tsgeninfoint...
Scanner avec Malwarebyte et le mettant à jour avant.
Faire le scan en ligne de Kaspersky ici et me poster les fichiers infectés: http://webscanner.kaspersky.fr/
Finir le tout avec un nouveau Hijackthis.
Attention ce script spécialisé est adapter seulement pour cette machine.
File::
C:\WINDOWS\system32\ssqNExUn.dll
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\efcDSJDU.dll
Ensuite Ficher - sauvegarder sous et lui donner le nom de CFScript au final vous donne un fichier CFScript.txt.
Ensuite glisser le fichier comme ceci sur Combofix:
Un nouveau log va être donner et vous me le copier/coller.
Désactiver la restauration système explication ici et la remettre quand l'ordi sera propre: http://service1.symantec.com/SUPPORT/INTER/tsgeninfoint...
Scanner avec Malwarebyte et le mettant à jour avant.
Faire le scan en ligne de Kaspersky ici et me poster les fichiers infectés: http://webscanner.kaspersky.fr/
Finir le tout avec un nouveau Hijackthis.
ComboFix 08-10-29.04 - KAREEM 2008-10-29 20:32:28.3 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.443 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\KAREEM\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\KAREEM\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\exyiptku.dll
C:\WINDOWS\system32\fxowuwne.ini
C:\WINDOWS\system32\wcwhog.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-29 ))))))))))))))))))))))))))))))))))))
.
2008-10-29 12:50 . 2008-10-29 12:50 <REP> d--hs---- C:\FOUND.001
2008-10-27 13:10 . 2008-10-27 13:10 <REP> d-------- C:\Documents and Settings\KAREEM\Application Data\Avira
2008-10-27 13:03 . 2008-10-27 13:03 <REP> d-------- C:\Program Files\Avira
2008-10-27 13:03 . 2008-10-27 13:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-10-24 22:59 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-10-24 22:59 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-10-24 22:59 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-10-24 22:59 . 2008-10-01 15:51 87,552 --a------ C:\WINDOWS\system32\VACFix.exe
2008-10-24 22:59 . 2008-10-10 08:58 82,944 --a------ C:\WINDOWS\system32\o4Patch.exe
2008-10-24 22:59 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-10-24 22:59 . 2008-10-10 08:58 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-10-24 22:59 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-10-24 22:59 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-10-24 22:59 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-10-24 22:59 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-10-24 17:26 . 2008-10-24 17:26 268,288 --a------ C:\WINDOWS\system32\efcDSJDU.dll
2008-10-23 11:07 . 2008-10-23 11:07 <REP> d-------- C:\Program Files\COMODO
2008-10-23 11:07 . 2008-10-23 11:07 <REP> d-------- C:\Documents and Settings\KAREEM\Application Data\Comodo
2008-10-23 11:07 . 2008-10-23 11:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-10-23 11:07 . 2008-10-23 11:29 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-10-23 11:07 . 2008-10-23 11:29 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-10-23 11:07 . 2008-10-23 11:29 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-10-22 11:55 . 2008-10-22 11:55 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-22 11:55 . 2008-10-22 11:55 <REP> d-------- C:\Documents and Settings\KAREEM\Application Data\Malwarebytes
2008-10-22 11:55 . 2008-10-22 11:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-22 11:55 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-22 11:55 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-22 10:19 . 2008-10-22 10:19 <REP> d-------- C:\Program Files\Navilog1
2008-10-21 21:34 . 2008-10-21 21:34 <REP> d-------- C:\Program Files\a-squared Free
2008-10-21 21:31 . 2008-10-21 21:31 <REP> d-------- C:\Program Files\Trend Micro
2008-10-21 19:32 . 2006-10-26 09:56 168,392 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-10-21 19:32 . 2006-10-26 09:56 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-10-21 19:32 . 2006-10-26 09:56 35,048 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-10-21 19:32 . 2006-10-26 09:56 34,120 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-10-21 19:32 . 2006-10-26 09:56 31,944 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-10-21 19:31 . 2006-10-30 12:04 100,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-10-21 19:31 . 2006-11-23 15:54 1,808 --a------ C:\WINDOWS\system32\subst.inf
2008-10-21 19:26 . 2008-10-21 19:26 <REP> d-------- C:\Program Files\Fichiers communs\McAfee
2008-10-20 09:45 . 2008-10-20 09:45 <REP> d-------- C:\Program Files\CCleaner
2008-10-19 18:05 . 2008-10-19 18:05 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
2008-10-19 18:05 . 2008-10-19 18:05 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
2008-10-19 18:00 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-10-19 17:58 . 2008-10-19 17:58 <REP> d-------- C:\Program Files\PC Connectivity Solution
2008-10-18 13:48 . 2008-10-24 23:03 4,100 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-17 22:40 . 2008-10-17 22:40 <REP> d-------- C:\Documents and Settings\KAREEM\Application Data\ESET
2008-10-16 00:45 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-16 00:44 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-16 00:44 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-16 00:44 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-16 00:44 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-16 00:44 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-03 22:54 . 2008-10-03 22:54 45,768 --a------ C:\WINDOWS\system32\drivers\MiniIcpt.sys
2008-10-02 23:34 . 2008-10-02 23:34 <REP> d--hs---- C:\FOUND.000
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-03 18:12 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-17 19:57 --------- d-----w C:\Program Files\PPMate
2008-09-17 19:57 --------- d-----w C:\Documents and Settings\KAREEM\Application Data\PPMate
2008-09-15 16:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 11:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-27 10:11 3,593,216 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-25 09:39 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-08-25 09:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-23 06:56 635,848 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-23 06:54 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-08-14 14:23 2,191,232 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 14:23 2,068,096 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 11:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2006-12-29 14:15 626,688 ----a-w C:\Program Files\Fichiers communs\sapconsaccess.dll
2006-12-29 14:15 40,960 ----a-w C:\Program Files\Fichiers communs\DigitalSignature.ocx
2006-12-29 14:15 3,100,672 ----a-w C:\Program Files\Fichiers communs\sapxlhelper.dll
2006-12-29 14:15 192,512 ----a-w C:\Program Files\Fichiers communs\sapconsr3.dll
2006-12-07 09:26 1,129,984 ----a-w C:\Program Files\Fichiers communs\SAPActiveXL.xlt
2006-12-07 09:26 1,124,864 ----a-w C:\Program Files\Fichiers communs\SAPActiveXL_nosig.xlt
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
.
((((((((((((((((((((((((((((( snapshot@2008-10-29_13.09.00.52 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40e55190-8c1f-4d8e-aee8-4577713abc27}]
C:\WINDOWS\system32\wcwhog.dll [BU]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~3\wcescomm.exe" [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-01-13 5525504]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 688218]
"TMEPROP"="C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe" [2005-01-19 253952]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2005-01-14 352256]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2004-12-21 118784]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 1077327]
"DockMsgFrom"="C:\Program Files\Toshiba\Toshiba Applet\DockMsgFrom.exe" [2004-11-11 114688]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 122939]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-11-14 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 286720]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-10-23 1655552]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-06-12 266497]
"TPSMain"="TPSMain.exe" [2005-01-21 C:\WINDOWS\system32\TPSMain.exe]
"TFncKy"="TFncKy.exe" [BU]
"nwiz"="nwiz.exe" [2005-01-13 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2005-01-13 C:\WINDOWS\system32\nvmctray.dll]
"NDSTray.exe"="NDSTray.exe" [BU]
"CFSServ.exe"="CFSServ.exe" [BU]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-07 C:\WINDOWS\agrsmmsg.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-02-02 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= guard32.dll dzdqoe.dll wcwhog.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.VP40"= vp4vfw.dll
"MSACM.CEGSM"= mobilev.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TrayMin210.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\TrayMin210.exe.lnk
backup=C:\WINDOWS\pss\TrayMin210.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^KAREEM^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=C:\Documents and Settings\KAREEM\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2008-04-23 02:08 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
--a------ 2007-03-22 14:02 2663480 C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
--a------ 2004-06-09 15:37 40960 C:\WINDOWS\VM_STI.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 14:07 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-06-17 16:00 1249280 C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ppmate]
--a------ 2006-11-23 03:45 1495123 C:\Program Files\PPMate\PPMate\ppmate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-14 23:43 286720 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
--a------ 2004-11-12 17:57 73728 C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--a------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2004-12-20 15:41 33792 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SPTISRV"=3 (0x3)
"iPod Service"=3 (0x3)
"McRedirector"=2 (0x2)
"McAfee HackerWatch Service"=2 (0x2)
"Emproxy"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
"SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"Babylon Client"=C:\Program Files\Babylon\Babylon.exe -AutoStart
"MSKDetectorExe"=C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
"MSKAGENTEXE"=C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
"MWLExe"=C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\tvants\\Tvants.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"C:\\WINDOWS\\System32\\dpvsetup.exe"=
"C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Fichiers communs\\Synacast\\SynaLive\\PE.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\PPMate\\PPMate\\ppmate.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6828:TCP"= 6828:TCP![:p]( ":p")
pLive
"4277:UDP"= 4277:UDP![:p]( ":p")
pLive
"13764:TCP"= 13764:TCP:BitComet 13764 TCP
"13764:UDP"= 13764:UDP:BitComet 13764 UDP
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"15080:TCP"= 15080:TCP:NortonAV
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-10-23 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-10-23 24208]
R2 AVEService;Avira AntiVir Premium MailGuard helper service;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-05-09 41217]
S0 dibeajxh;dibeajxh;C:\WINDOWS\system32\drivers\earktxv.sys [ ]
S2 AntiVirMailService;Avira AntiVir Premium MailGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2008-07-11 164097]
S2 antivirwebservice;Avira AntiVir Premium WebGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE [2008-06-12 258305]
S3 GOBBLER;GOBBLER;C:\WINDOWS\system32\drivers\GOBBLER.SYS [ ]
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2004-07-14 31547]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 20096]
S3 PEEK5;PEEK5 Protocol Driver;C:\DOCUME~1\KAREEM\Bureau\WINAIR~1\WINAIR~1\PEEK5.SYS [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{175d5ea0-7bfe-11db-995b-000e35eb802d}]
\shell\sorthb\command - "C:\Program Files\PSP Brew\PSPbrew.exe" /sorthb
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bb99a60-7419-11dc-9b19-000e35eb802d}]
\Shell\AutoRun\command - setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b5041d0-7a8e-11dc-9b25-000e35eb802d}]
\shell\sorthb\command - "C:\Program Files\PSP Brew\PSPbrew.exe" /sorthb
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0c350d0-d8eb-11dc-9c1f-000e35eb802d}]
\shell\sorthb\command - "C:\Program Files\PSP Brew\PSPbrew.exe" /sorthb
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1d1bf31-b6af-11db-99c4-000e35eb802d}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8f86fd0-7b4e-11db-9959-000e35eb802d}]
\shell\sorthb\command - "C:\Program Files\PSP Brew\PSPbrew.exe" /sorthb
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7cc0190-71b3-11da-973b-000e35eb802d}]
\Shell\AutoRun\command - F:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd74b500-eec0-11db-9a1d-000e35eb802d}]
\Shell\AutoRun\command - G:\setupSNK.exe
.
Contenu du dossier 'Tâches planifiées'
2008-10-24 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe []
2007-09-30 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
2008-10-24 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-29 20:35:51
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Toshiba\Toshiba Applet\TMEEJDLL.dll
.
Heure de fin: 2008-10-29 20:36:40
ComboFix-quarantined-files.txt 2008-10-29 19:36:32
ComboFix2.txt 2008-10-29 12:10:08
Avant-CF: 15,982,428,160 octets libres
Après-CF: 15,968,141,312 octets libres
278 --- E O F --- 2008-10-22 18:33:22
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.443 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\KAREEM\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\KAREEM\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\exyiptku.dll
C:\WINDOWS\system32\fxowuwne.ini
C:\WINDOWS\system32\wcwhog.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-29 ))))))))))))))))))))))))))))))))))))
.
2008-10-29 12:50 . 2008-10-29 12:50 <REP> d--hs---- C:\FOUND.001
2008-10-27 13:10 . 2008-10-27 13:10 <REP> d-------- C:\Documents and Settings\KAREEM\Application Data\Avira
2008-10-27 13:03 . 2008-10-27 13:03 <REP> d-------- C:\Program Files\Avira
2008-10-27 13:03 . 2008-10-27 13:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-10-24 22:59 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-10-24 22:59 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-10-24 22:59 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-10-24 22:59 . 2008-10-01 15:51 87,552 --a------ C:\WINDOWS\system32\VACFix.exe
2008-10-24 22:59 . 2008-10-10 08:58 82,944 --a------ C:\WINDOWS\system32\o4Patch.exe
2008-10-24 22:59 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-10-24 22:59 . 2008-10-10 08:58 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-10-24 22:59 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-10-24 22:59 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-10-24 22:59 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-10-24 22:59 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-10-24 17:26 . 2008-10-24 17:26 268,288 --a------ C:\WINDOWS\system32\efcDSJDU.dll
2008-10-23 11:07 . 2008-10-23 11:07 <REP> d-------- C:\Program Files\COMODO
2008-10-23 11:07 . 2008-10-23 11:07 <REP> d-------- C:\Documents and Settings\KAREEM\Application Data\Comodo
2008-10-23 11:07 . 2008-10-23 11:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-10-23 11:07 . 2008-10-23 11:29 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-10-23 11:07 . 2008-10-23 11:29 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-10-23 11:07 . 2008-10-23 11:29 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-10-22 11:55 . 2008-10-22 11:55 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-22 11:55 . 2008-10-22 11:55 <REP> d-------- C:\Documents and Settings\KAREEM\Application Data\Malwarebytes
2008-10-22 11:55 . 2008-10-22 11:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-22 11:55 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-22 11:55 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-22 10:19 . 2008-10-22 10:19 <REP> d-------- C:\Program Files\Navilog1
2008-10-21 21:34 . 2008-10-21 21:34 <REP> d-------- C:\Program Files\a-squared Free
2008-10-21 21:31 . 2008-10-21 21:31 <REP> d-------- C:\Program Files\Trend Micro
2008-10-21 19:32 . 2006-10-26 09:56 168,392 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-10-21 19:32 . 2006-10-26 09:56 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-10-21 19:32 . 2006-10-26 09:56 35,048 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-10-21 19:32 . 2006-10-26 09:56 34,120 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-10-21 19:32 . 2006-10-26 09:56 31,944 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-10-21 19:31 . 2006-10-30 12:04 100,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-10-21 19:31 . 2006-11-23 15:54 1,808 --a------ C:\WINDOWS\system32\subst.inf
2008-10-21 19:26 . 2008-10-21 19:26 <REP> d-------- C:\Program Files\Fichiers communs\McAfee
2008-10-20 09:45 . 2008-10-20 09:45 <REP> d-------- C:\Program Files\CCleaner
2008-10-19 18:05 . 2008-10-19 18:05 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
2008-10-19 18:05 . 2008-10-19 18:05 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
2008-10-19 18:00 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-10-19 17:58 . 2008-10-19 17:58 <REP> d-------- C:\Program Files\PC Connectivity Solution
2008-10-18 13:48 . 2008-10-24 23:03 4,100 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-17 22:40 . 2008-10-17 22:40 <REP> d-------- C:\Documents and Settings\KAREEM\Application Data\ESET
2008-10-16 00:45 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-16 00:44 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-16 00:44 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-16 00:44 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-16 00:44 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-16 00:44 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-03 22:54 . 2008-10-03 22:54 45,768 --a------ C:\WINDOWS\system32\drivers\MiniIcpt.sys
2008-10-02 23:34 . 2008-10-02 23:34 <REP> d--hs---- C:\FOUND.000
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-03 18:12 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-17 19:57 --------- d-----w C:\Program Files\PPMate
2008-09-17 19:57 --------- d-----w C:\Documents and Settings\KAREEM\Application Data\PPMate
2008-09-15 16:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 11:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-27 10:11 3,593,216 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-25 09:39 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-08-25 09:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-23 06:56 635,848 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-23 06:54 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-08-14 14:23 2,191,232 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 14:23 2,068,096 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 11:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2006-12-29 14:15 626,688 ----a-w C:\Program Files\Fichiers communs\sapconsaccess.dll
2006-12-29 14:15 40,960 ----a-w C:\Program Files\Fichiers communs\DigitalSignature.ocx
2006-12-29 14:15 3,100,672 ----a-w C:\Program Files\Fichiers communs\sapxlhelper.dll
2006-12-29 14:15 192,512 ----a-w C:\Program Files\Fichiers communs\sapconsr3.dll
2006-12-07 09:26 1,129,984 ----a-w C:\Program Files\Fichiers communs\SAPActiveXL.xlt
2006-12-07 09:26 1,124,864 ----a-w C:\Program Files\Fichiers communs\SAPActiveXL_nosig.xlt
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
.
((((((((((((((((((((((((((((( snapshot@2008-10-29_13.09.00.52 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40e55190-8c1f-4d8e-aee8-4577713abc27}]
C:\WINDOWS\system32\wcwhog.dll [BU]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~3\wcescomm.exe" [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-01-13 5525504]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 688218]
"TMEPROP"="C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe" [2005-01-19 253952]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2005-01-14 352256]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2004-12-21 118784]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 1077327]
"DockMsgFrom"="C:\Program Files\Toshiba\Toshiba Applet\DockMsgFrom.exe" [2004-11-11 114688]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 122939]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-11-14 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 286720]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-10-23 1655552]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-06-12 266497]
"TPSMain"="TPSMain.exe" [2005-01-21 C:\WINDOWS\system32\TPSMain.exe]
"TFncKy"="TFncKy.exe" [BU]
"nwiz"="nwiz.exe" [2005-01-13 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2005-01-13 C:\WINDOWS\system32\nvmctray.dll]
"NDSTray.exe"="NDSTray.exe" [BU]
"CFSServ.exe"="CFSServ.exe" [BU]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-07 C:\WINDOWS\agrsmmsg.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-02-02 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= guard32.dll dzdqoe.dll wcwhog.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.VP40"= vp4vfw.dll
"MSACM.CEGSM"= mobilev.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TrayMin210.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\TrayMin210.exe.lnk
backup=C:\WINDOWS\pss\TrayMin210.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^KAREEM^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=C:\Documents and Settings\KAREEM\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2008-04-23 02:08 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
--a------ 2007-03-22 14:02 2663480 C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
--a------ 2004-06-09 15:37 40960 C:\WINDOWS\VM_STI.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 14:07 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-06-17 16:00 1249280 C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ppmate]
--a------ 2006-11-23 03:45 1495123 C:\Program Files\PPMate\PPMate\ppmate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-14 23:43 286720 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
--a------ 2004-11-12 17:57 73728 C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--a------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2004-12-20 15:41 33792 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SPTISRV"=3 (0x3)
"iPod Service"=3 (0x3)
"McRedirector"=2 (0x2)
"McAfee HackerWatch Service"=2 (0x2)
"Emproxy"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
"SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"Babylon Client"=C:\Program Files\Babylon\Babylon.exe -AutoStart
"MSKDetectorExe"=C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
"MSKAGENTEXE"=C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
"MWLExe"=C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\tvants\\Tvants.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"C:\\WINDOWS\\System32\\dpvsetup.exe"=
"C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Fichiers communs\\Synacast\\SynaLive\\PE.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\PPMate\\PPMate\\ppmate.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6828:TCP"= 6828:TCP
pLive"4277:UDP"= 4277:UDP
pLive"13764:TCP"= 13764:TCP:BitComet 13764 TCP
"13764:UDP"= 13764:UDP:BitComet 13764 UDP
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"15080:TCP"= 15080:TCP:NortonAV
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-10-23 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-10-23 24208]
R2 AVEService;Avira AntiVir Premium MailGuard helper service;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-05-09 41217]
S0 dibeajxh;dibeajxh;C:\WINDOWS\system32\drivers\earktxv.sys [ ]
S2 AntiVirMailService;Avira AntiVir Premium MailGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2008-07-11 164097]
S2 antivirwebservice;Avira AntiVir Premium WebGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE [2008-06-12 258305]
S3 GOBBLER;GOBBLER;C:\WINDOWS\system32\drivers\GOBBLER.SYS [ ]
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2004-07-14 31547]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 20096]
S3 PEEK5;PEEK5 Protocol Driver;C:\DOCUME~1\KAREEM\Bureau\WINAIR~1\WINAIR~1\PEEK5.SYS [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{175d5ea0-7bfe-11db-995b-000e35eb802d}]
\shell\sorthb\command - "C:\Program Files\PSP Brew\PSPbrew.exe" /sorthb
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bb99a60-7419-11dc-9b19-000e35eb802d}]
\Shell\AutoRun\command - setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b5041d0-7a8e-11dc-9b25-000e35eb802d}]
\shell\sorthb\command - "C:\Program Files\PSP Brew\PSPbrew.exe" /sorthb
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0c350d0-d8eb-11dc-9c1f-000e35eb802d}]
\shell\sorthb\command - "C:\Program Files\PSP Brew\PSPbrew.exe" /sorthb
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1d1bf31-b6af-11db-99c4-000e35eb802d}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8f86fd0-7b4e-11db-9959-000e35eb802d}]
\shell\sorthb\command - "C:\Program Files\PSP Brew\PSPbrew.exe" /sorthb
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7cc0190-71b3-11da-973b-000e35eb802d}]
\Shell\AutoRun\command - F:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd74b500-eec0-11db-9a1d-000e35eb802d}]
\Shell\AutoRun\command - G:\setupSNK.exe
.
Contenu du dossier 'Tâches planifiées'
2008-10-24 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe []
2007-09-30 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
2008-10-24 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-29 20:35:51
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Toshiba\Toshiba Applet\TMEEJDLL.dll
.
Heure de fin: 2008-10-29 20:36:40
ComboFix-quarantined-files.txt 2008-10-29 19:36:32
ComboFix2.txt 2008-10-29 12:10:08
Avant-CF: 15,982,428,160 octets libres
Après-CF: 15,968,141,312 octets libres
278 --- E O F --- 2008-10-22 18:33:22
ComboFix 08-10-29.04 - KAREEM 2008-10-30 10:13:27.4 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.623 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\KAREEM\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\KAREEM\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
C:\WINDOWS\system32\efcDSJDU.dll
C:\WINDOWS\system32\ssqNExUn.dll
C:\WINDOWS\system32\tmp.reg
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\efcDSJDU.dll
C:\WINDOWS\system32\tmp.reg
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-30 ))))))))))))))))))))))))))))))))))))
.
2008-10-30 09:47 . 2008-10-30 09:47 <REP> d--h----- C:\WINDOWS\ie8
2008-10-30 01:21 . 2008-10-30 01:21 1,393 --a------ C:\WINDOWS\imsins.BAK
2008-10-29 17:31 . 2008-10-15 17:35 337,408 --------- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-29 12:50 . 2008-10-29 12:50 <REP> d--hs---- C:\FOUND.001
2008-10-27 13:10 . 2008-10-27 13:10 <REP> d-------- C:\Documents and Settings\KAREEM\Application Data\Avira
2008-10-27 13:03 . 2008-10-27 13:03 <REP> d-------- C:\Program Files\Avira
2008-10-27 13:03 . 2008-10-27 13:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-10-24 22:59 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-10-24 22:59 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-10-24 22:59 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-10-24 22:59 . 2008-10-01 15:51 87,552 --a------ C:\WINDOWS\system32\VACFix.exe
2008-10-24 22:59 . 2008-10-10 08:58 82,944 --a------ C:\WINDOWS\system32\o4Patch.exe
2008-10-24 22:59 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-10-24 22:59 . 2008-10-10 08:58 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-10-24 22:59 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-10-24 22:59 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-10-24 22:59 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-10-24 22:59 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-10-23 11:07 . 2008-10-23 11:07 <REP> d-------- C:\Program Files\COMODO
2008-10-23 11:07 . 2008-10-23 11:07 <REP> d-------- C:\Documents and Settings\KAREEM\Application Data\Comodo
2008-10-23 11:07 . 2008-10-23 11:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-10-23 11:07 . 2008-10-23 11:29 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-10-23 11:07 . 2008-10-23 11:29 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-10-23 11:07 . 2008-10-23 11:29 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-10-22 11:55 . 2008-10-22 11:55 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-22 11:55 . 2008-10-22 11:55 <REP> d-------- C:\Documents and Settings\KAREEM\Application Data\Malwarebytes
2008-10-22 11:55 . 2008-10-22 11:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-22 11:55 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-22 11:55 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-22 10:19 . 2008-10-22 10:19 <REP> d-------- C:\Program Files\Navilog1
2008-10-21 21:34 . 2008-10-21 21:34 <REP> d-------- C:\Program Files\a-squared Free
2008-10-21 21:31 . 2008-10-21 21:31 <REP> d-------- C:\Program Files\Trend Micro
2008-10-21 19:32 . 2006-10-26 09:56 168,392 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-10-21 19:32 . 2006-10-26 09:56 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-10-21 19:32 . 2006-10-26 09:56 35,048 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-10-21 19:32 . 2006-10-26 09:56 34,120 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-10-21 19:32 . 2006-10-26 09:56 31,944 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-10-21 19:31 . 2006-10-30 12:04 100,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-10-21 19:31 . 2006-11-23 15:54 1,808 --a------ C:\WINDOWS\system32\subst.inf
2008-10-21 19:26 . 2008-10-21 19:26 <REP> d-------- C:\Program Files\Fichiers communs\McAfee
2008-10-20 09:45 . 2008-10-20 09:45 <REP> d-------- C:\Program Files\CCleaner
2008-10-19 18:05 . 2008-10-19 18:05 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
2008-10-19 18:05 . 2008-10-19 18:05 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
2008-10-19 18:00 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-10-19 17:58 . 2008-10-19 17:58 <REP> d-------- C:\Program Files\PC Connectivity Solution
2008-10-17 22:40 . 2008-10-17 22:40 <REP> d-------- C:\Documents and Settings\KAREEM\Application Data\ESET
2008-10-16 00:45 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-16 00:44 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-16 00:44 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-16 00:44 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-16 00:44 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-16 00:44 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-03 22:54 . 2008-10-03 22:54 45,768 --a------ C:\WINDOWS\system32\drivers\MiniIcpt.sys
2008-10-02 23:34 . 2008-10-02 23:34 <REP> d--hs---- C:\FOUND.000
2008-09-24 13:41 . 2008-10-19 18:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-24 13:41 . 2008-09-24 13:41 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-17 20:57 . 2008-09-17 20:57 <REP> d-------- C:\Program Files\PPMate
2008-09-17 20:57 . 2008-09-17 20:57 <REP> d-------- C:\Documents and Settings\KAREEM\Application Data\PPMate
2008-09-12 17:09 . 2008-09-12 17:09 <REP> d-------- C:\WINDOWS\system32\fr
2008-09-12 17:09 . 2008-09-12 17:09 <REP> d-------- C:\WINDOWS\system32\bits
2008-09-12 17:09 . 2008-09-12 17:09 <REP> d-------- C:\WINDOWS\l2schemas
2008-09-12 17:05 . 2008-09-12 17:05 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-09-12 16:53 . 2008-09-12 16:53 <REP> d-------- C:\WINDOWS\EHome
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-15 16:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 23:23 637,984 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-09-08 11:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-26 09:11 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2008-08-25 09:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-22 02:10 11,985,408 ----a-w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-22 02:09 5,699,584 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-22 02:08 878,592 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-22 02:08 878,592 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2008-08-22 02:08 43,008 ----a-w C:\WINDOWS\system32\licmgr10.dll
2008-08-22 02:08 43,008 ----a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
2008-08-22 02:08 236,544 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2008-08-22 02:08 1,206,784 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2008-08-22 02:07 755,200 ----a-w C:\WINDOWS\system32\dllcache\VGX.dll
2008-08-22 02:07 193,536 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2008-08-22 02:07 18,944 ----a-w C:\WINDOWS\system32\corpol.dll
2008-08-22 02:07 18,944 ------w C:\WINDOWS\system32\dllcache\corpol.dll
2008-08-22 02:07 116,224 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2008-08-22 02:07 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2008-08-22 02:05 70,656 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2008-08-22 02:04 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2008-08-22 02:04 45,568 ----a-w C:\WINDOWS\system32\dllcache\mshta.exe
2008-08-22 02:00 68,608 ----a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
2008-08-22 01:57 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2008-08-22 01:57 156,160 ----a-w C:\WINDOWS\system32\dllcache\msls31.dll
2008-08-22 01:42 443,392 ----a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-14 14:23 2,191,232 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 14:23 2,068,096 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 11:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-08-05 16:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 21:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 21:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 21:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 21:28 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2006-12-29 14:15 626,688 ----a-w C:\Program Files\Fichiers communs\sapconsaccess.dll
2006-12-29 14:15 40,960 ----a-w C:\Program Files\Fichiers communs\DigitalSignature.ocx
2006-12-29 14:15 3,100,672 ----a-w C:\Program Files\Fichiers communs\sapxlhelper.dll
2006-12-29 14:15 192,512 ----a-w C:\Program Files\Fichiers communs\sapconsr3.dll
2006-12-07 09:26 1,129,984 ----a-w C:\Program Files\Fichiers communs\SAPActiveXL.xlt
2006-12-07 09:26 1,124,864 ----a-w C:\Program Files\Fichiers communs\SAPActiveXL_nosig.xlt
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
.
((((((((((((((((((((((((((((( snapshot@2008-10-29_13.09.00.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-27 01:44:26 71,680 ------w C:\WINDOWS\ie8\admparse.dll
+ 2008-08-26 09:11:46 124,928 ------w C:\WINDOWS\ie8\advpack.dll
+ 2008-04-14 03:33:22 35,328 ------w C:\WINDOWS\ie8\corpol.dll
+ 2008-08-26 09:11:46 347,136 ------w C:\WINDOWS\ie8\dxtmsft.dll
+ 2008-08-26 09:11:46 214,528 ------w C:\WINDOWS\ie8\dxtrans.dll
+ 2006-10-17 11:44:36 60,416 ------w C:\WINDOWS\ie8\hmmapi.dll
+ 2008-08-26 09:11:46 63,488 ------w C:\WINDOWS\ie8\icardie.dll
+ 2008-08-25 09:39:40 70,656 ------w C:\WINDOWS\ie8\ie4uinit.exe
+ 2008-08-26 09:11:46 153,088 ------w C:\WINDOWS\ie8\ieakeng.dll
+ 2008-08-26 09:11:46 230,400 ------w C:\WINDOWS\ie8\ieaksie.dll
+ 2008-08-23 06:54:52 161,792 ------w C:\WINDOWS\ie8\ieakui.dll
+ 2007-04-17 10:32:38 2,455,488 ------w C:\WINDOWS\ie8\ieapfltr.dat
+ 2008-08-26 09:11:46 383,488 ------w C:\WINDOWS\ie8\ieapfltr.dll
+ 2008-08-26 09:11:46 384,512 ------w C:\WINDOWS\ie8\iedkcs32.dll
+ 2008-04-14 03:33:26 81,920 ------w C:\WINDOWS\ie8\ieencode.dll
+ 2008-10-03 18:12:28 6,066,176 ------w C:\WINDOWS\ie8\ieframe.dll
+ 2006-10-27 14:09:58 191,488 ------w C:\WINDOWS\ie8\iepeers.dll
+ 2006-10-27 14:09:58 287,744 ------w C:\WINDOWS\ie8\ieproxy.dll
+ 2008-08-26 09:11:48 44,544 ------w C:\WINDOWS\ie8\iernonce.dll
+ 2008-08-26 09:11:48 267,776 ------w C:\WINDOWS\ie8\iertutil.dll
+ 2006-10-27 01:44:26 55,296 ------w C:\WINDOWS\ie8\iesetup.dll
+ 2006-10-27 14:09:58 180,736 ------w C:\WINDOWS\ie8\ieui.dll
+ 2008-08-23 06:56:16 635,848 ------w C:\WINDOWS\ie8\iexplore.exe
+ 2006-10-17 11:57:58 36,352 ------w C:\WINDOWS\ie8\imgutil.dll
+ 2006-10-27 01:44:08 92,672 ------w C:\WINDOWS\ie8\inseng.dll
+ 2008-05-09 11:55:00 512,000 ------w C:\WINDOWS\ie8\jscript.dll
+ 2008-08-26 09:11:50 27,648 ------w C:\WINDOWS\ie8\jsproxy.dll
+ 2006-10-17 12:05:10 40,960 ------w C:\WINDOWS\ie8\licmgr10.dll
+ 2008-08-26 09:11:50 459,264 ------w C:\WINDOWS\ie8\msfeeds.dll
+ 2008-08-26 09:11:50 52,224 ------w C:\WINDOWS\ie8\msfeedsbs.dll
+ 2006-10-17 11:58:32 12,288 ------w C:\WINDOWS\ie8\msfeedssync.exe
+ 2006-10-17 11:56:10 45,568 ------w C:\WINDOWS\ie8\mshta.exe
+ 2008-08-27 10:11:52 3,593,216 ------w C:\WINDOWS\ie8\mshtml.dll
+ 2008-08-26 09:11:52 477,696 ------w C:\WINDOWS\ie8\mshtmled.dll
+ 2006-10-17 11:28:56 48,128 ------w C:\WINDOWS\ie8\mshtmler.dll
+ 2006-10-27 14:09:58 156,160 ------w C:\WINDOWS\ie8\msls31.dll
+ 2008-08-26 09:11:52 193,024 ------w C:\WINDOWS\ie8\msrating.dll
+ 2008-08-26 09:11:52 671,232 ------w C:\WINDOWS\ie8\mstime.dll
+ 2008-08-26 09:11:52 102,912 ------w C:\WINDOWS\ie8\occache.dll
+ 2008-08-26 09:11:52 44,544 ------w C:\WINDOWS\ie8\pngfilt.dll
+ 2006-09-06 16:43:28 216,800 ------w C:\WINDOWS\ie8\spuninst.exe
+ 2008-09-08 23:26:14 49,736 ------w C:\WINDOWS\ie8\spuninst\iecustom.dll
+ 2008-06-12 10:28:06 235,040 ------w C:\WINDOWS\ie8\spuninst\spuninst.exe
+ 2008-06-12 10:28:08 406,048 ------w C:\WINDOWS\ie8\spuninst\updspapi.dll
+ 2008-08-26 09:11:52 105,984 ------w C:\WINDOWS\ie8\url.dll
+ 2008-08-26 09:11:54 1,159,680 ------w C:\WINDOWS\ie8\urlmon.dll
+ 2008-05-09 11:55:00 430,080 ------w C:\WINDOWS\ie8\vbscript.dll
+ 2007-07-13 00:30:52 765,952 ------w C:\WINDOWS\ie8\vgx.dll
+ 2008-08-26 09:11:54 233,472 ------w C:\WINDOWS\ie8\webcheck.dll
+ 2006-10-17 12:05:58 206,336 ------w C:\WINDOWS\ie8\winfxdocobj.exe
+ 2008-08-26 09:11:54 826,368 ------w C:\WINDOWS\ie8\wininet.dll
- 2006-10-27 01:44:26 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
+ 2008-08-22 02:06:30 72,704 ----a-w C:\WINDOWS\system32\admparse.dll
- 2008-08-26 09:11:46 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-08-22 02:06:16 128,512 ----a-w C:\WINDOWS\system32\advpack.dll
- 2006-10-27 01:44:26 71,680 ----a-w C:\WINDOWS\system32\dllcache\admparse.dll
+ 2008-08-22 02:06:30 72,704 ----a-w C:\WINDOWS\system32\dllcache\admparse.dll
- 2008-08-26 09:11:46 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-08-22 02:06:16 128,512 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-06-12 10:28:06 1,022,976 ------w C:\WINDOWS\system32\dllcache\browseui.dll
- 2008-08-26 09:11:46 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-08-22 02:05:16 346,624 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-08-26 09:11:46 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-08-22 02:05:10 217,088 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-08-26 09:11:46 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-08-22 02:05:20 61,952 ----a-w C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-08-25 09:39:40 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-08-22 02:06:24 162,304 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2008-08-26 09:11:46 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-08-22 02:06:36 124,928 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-08-26 09:11:46 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-08-22 02:06:40 228,864 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-08-23 06:54:52 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-08-22 02:06:24 163,840 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2007-04-17 10:32:38 2,455,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dat
+ 2008-07-29 21:58:08 3,670,112 ----a-w C:\WINDOWS\system32\dllcache\ieapfltr.dat
- 2008-08-26 09:11:46 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-08-22 02:06:44 385,024 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2006-10-27 14:09:58 191,488 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-08-22 02:05:24 186,880 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2008-08-26 09:11:48 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-08-22 02:06:20 55,808 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-08-26 09:11:48 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-08-22 02:06:02 1,778,688 ----a-w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2006-10-27 01:44:26 55,296 ----a-w C:\WINDOWS\system32\dllcache\iesetup.dll
+ 2008-08-22 02:06:24 71,680 ----a-w C:\WINDOWS\system32\dllcache\iesetup.dll
- 2006-10-17 11:57:58 36,352 ----a-w C:\WINDOWS\system32\dllcache\imgutil.dll
+ 2008-08-22 02:05:14 35,840 ----a-w C:\WINDOWS\system32\dllcache\imgutil.dll
- 2006-10-27 01:44:08 92,672 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-08-22 02:06:16 94,720 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2008-05-09 11:55:00 512,000 ------w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2008-08-22 02:06:30 552,960 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2008-08-26 09:11:50 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-08-22 02:06:58 28,672 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-08-26 09:11:50 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-08-22 02:05:48 580,608 ----a-w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-08-26 09:11:50 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-08-22 02:05:22 53,760 ----a-w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2006-10-17 11:28:56 48,128 ----a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
+ 2008-08-22 02:05:00 48,128 ----a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
- 2008-08-26 09:11:52 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-08-22 02:05:34 630,272 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-08-26 09:11:52 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-08-22 02:05:14 45,056 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-06-12 10:28:06 1,497,088 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-06-12 10:28:06 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-06-12 10:27:56 134,144 ------w C:\WINDOWS\system32\dllcache\sqmapi.dll
- 2008-05-09 11:55:00 430,080 ------w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2008-08-22 02:06:36 434,176 ----a-w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2008-08-26 09:11:46 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-08-22 02:05:16 346,624 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-08-26 09:11:46 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-08-22 02:05:10 217,088 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-08-26 09:11:46 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-08-22 02:05:20 61,952 ----a-w C:\WINDOWS\system32\icardie.dll
- 2006-06-29 07:05:44 26,112 ------w C:\WINDOWS\system32\idndl.dll
+ 2008-06-12 10:27:42 26,112 ----a-w C:\WINDOWS\system32\idndl.dll
- 2008-08-25 09:39:40 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-08-22 02:06:24 162,304 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2008-08-26 09:11:46 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-08-22 02:06:36 124,928 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2008-08-26 09:11:46 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-08-22 02:06:40 228,864 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2008-08-23 06:54:52 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-08-22 02:06:24 163,840 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2007-04-17 10:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
+ 2008-07-29 21:58:08 3,670,112 ----a-w C:\WINDOWS\system32\ieapfltr.dat
- 2008-08-26 09:11:46 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-08-22 01:42:22 443,392 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-08-26 09:11:46 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-08-22 02:06:44 385,024 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2008-10-03 18:12:28 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-08-22 02:10:34 11,985,408 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2006-10-27 14:09:58 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-08-22 02:05:24 186,880 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2008-08-26 09:11:48 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-08-22 02:06:20 55,808 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2008-08-26 09:11:48 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-08-22 02:06:02 1,778,688 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2006-10-27 01:44:26 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2008-08-22 02:06:24 71,680 ----a-w C:\WINDOWS\system32\iesetup.dll
- 2008-08-25 09:38:00 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-08-22 02:06:24 36,864 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2006-10-27 14:09:58 180,736 ------w C:\WINDOWS\system32\ieui.dll
+ 2008-08-22 01:58:12 181,760 ----a-w C:\WINDOWS\system32\ieui.dll
- 2006-10-17 11:57:58 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
+ 2008-08-22 02:05:14 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
- 2006-10-27 01:44:08 92,672 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-08-22 02:06:16 94,720 ----a-w C:\WINDOWS\system32\inseng.dll
- 2008-05-09 11:55:00 512,000 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2008-08-22 02:06:30 552,960 ----a-w C:\WINDOWS\system32\jscript.dll
- 2008-08-26 09:11:50 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-08-22 02:06:58 28,672 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2007-03-15 17:19:28 1,476,992 ------w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2008-03-20 17:06:36 1,480,232 ------w C:\WINDOWS\system32\LegitCheckControl.dll
- 2008-08-26 09:11:50 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-08-22 02:05:48 580,608 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-08-26 09:11:50 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-08-22 02:05:22 53,760 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2006-10-17 11:58:32 12,288 ------w C:\WINDOWS\system32\msfeedssync.exe
+ 2008-08-22 02:05:22 13,312 ----a-w C:\WINDOWS\system32\msfeedssync.exe
- 2008-08-27 10:11:52 3,593,216 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-08-22 02:09:32 5,699,584 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-08-26 09:11:52 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-08-22 02:05:08 70,656 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2006-10-17 11:28:56 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
+ 2008-08-22 02:05:00 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
- 2008-08-26 09:11:52 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-08-22 02:07:50 193,536 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-08-26 09:11:52 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-08-22 02:05:34 630,272 ----a-w C:\WINDOWS\system32\mstime.dll
- 2008-04-14 03:33:34 337,408 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2008-10-15 16:35:44 337,408 ----a-w C:\WINDOWS\system32\netapi32.dll
- 2006-06-28 16:59:26 24,576 ------w C:\WINDOWS\system32\nlsdl.dll
+ 2008-06-12 10:27:44 24,576 ----a-w C:\WINDOWS\system32\nlsdl.dll
- 2006-06-29 07:05:44 23,552 ------w C:\WINDOWS\system32\normaliz.dll
+ 2008-06-12 10:27:42 23,552 ----a-w C:\WINDOWS\system32\normaliz.dll
- 2008-08-26 09:11:52 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-08-22 02:07:50 116,224 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-08-26 09:11:52 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-08-22 02:05:14 45,056 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-08-22 02:05:00 48,640 ------w C:\WINDOWS\system32\PrivacIE.dll
- 2007-11-30 12:19:06 18,296 ------w C:\WINDOWS\system32\spmsg.dll
+ 2008-06-12 10:28:06 17,952 ------w C:\WINDOWS\system32\spmsg.dll
- 2007-08-10 07:18:14 26,488 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2008-06-12 10:28:06 26,144 ----a-w C:\WINDOWS\system32\spupdsvc.exe
- 2008-08-26 09:11:52 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-08-22 02:07:58 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-08-26 09:11:54 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-08-22 02:08:22 1,206,784 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-05-09 11:55:00 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2008-08-22 02:06:36 434,176 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2008-08-26 09:11:54 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-08-22 02:08:08 236,544 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2006-10-17 12:05:58 206,336 ------w C:\WINDOWS\system32\WinFXDocObj.exe
+ 2008-08-22 02:08:22 208,384 ----a-w C:\WINDOWS\system32\WinFXDocObj.exe
- 2008-04-14 03:33:52 121,856 ------w C:\WINDOWS\system32\xmllite.dll
+ 2008-06-12 10:28:02 121,856 ----a-w C:\WINDOWS\system32\xmllite.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40e55190-8c1f-4d8e-aee8-4577713abc27}]
C:\WINDOWS\system32\wcwhog.dll [BU]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~3\wcescomm.exe" [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-01-13 5525504]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 688218]
"TMEPROP"="C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe" [2005-01-19 253952]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2005-01-14 352256]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2004-12-21 118784]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 1077327]
"DockMsgFrom"="C:\Program Files\Toshiba\Toshiba Applet\DockMsgFrom.exe" [2004-11-11 114688]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 122939]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-11-14 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 286720]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-10-23 1655552]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-06-12 266497]
"TPSMain"="TPSMain.exe" [2005-01-21 C:\WINDOWS\system32\TPSMain.exe]
"TFncKy"="TFncKy.exe" [BU]
"nwiz"="nwiz.exe" [2005-01-13 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2005-01-13 C:\WINDOWS\system32\nvmctray.dll]
"NDSTray.exe"="NDSTray.exe" [BU]
"CFSServ.exe"="CFSServ.exe" [BU]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-07 C:\WINDOWS\agrsmmsg.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-02-02 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= guard32.dll dzdqoe.dll wcwhog.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.VP40"= vp4vfw.dll
"MSACM.CEGSM"= mobilev.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TrayMin210.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\TrayMin210.exe.lnk
backup=C:\WINDOWS\pss\TrayMin210.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^KAREEM^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=C:\Documents and Settings\KAREEM\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2008-04-23 02:08 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
--a------ 2007-03-22 14:02 2663480 C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
--a------ 2004-06-09 15:37 40960 C:\WINDOWS\VM_STI.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 14:07 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-06-17 16:00 1249280 C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ppmate]
--a------ 2006-11-23 03:45 1495123 C:\Program Files\PPMate\PPMate\ppmate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-14 23:43 286720 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
--a------ 2004-11-12 17:57 73728 C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--a------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2004-12-20 15:41 33792 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SPTISRV"=3 (0x3)
"iPod Service"=3 (0x3)
"McRedirector"=2 (0x2)
"McAfee HackerWatch Service"=2 (0x2)
"Emproxy"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
"SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"Babylon Client"=C:\Program Files\Babylon\Babylon.exe -AutoStart
"MSKDetectorExe"=C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
"MSKAGENTEXE"=C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
"MWLExe"=C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\tvants\\Tvants.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"C:\\WINDOWS\\System32\\dpvsetup.exe"=
"C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Fichiers communs\\Synacast\\SynaLive\\PE.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\PPMate\\PPMate\\ppmate.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6828:TCP"= 6828:TCP![:p]( ":p")
pLive
"4277:UDP"= 4277:UDP![:p]( ":p")
pLive
"13764:TCP"= 13764:TCP:BitComet 13764 TCP
"13764:UDP"= 13764:UDP:BitComet 13764 UDP
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"15080:TCP"= 15080:TCP:NortonAV
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-10-23 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-10-23 24208]
R2 AVEService;Avira AntiVir Premium MailGuard helper service;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-05-09 41217]
S0 dibeajxh;dibeajxh;C:\WINDOWS\system32\drivers\earktxv.sys [ ]
S2 AntiVirMailService;Avira AntiVir Premium MailGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2008-07-11 164097]
S2 antivirwebservice;Avira AntiVir Premium WebGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE [2008-06-12 258305]
S3 GOBBLER;GOBBLER;C:\WINDOWS\system32\drivers\GOBBLER.SYS [ ]
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2004-07-14 31547]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 20096]
S3 PEEK5;PEEK5 Protocol Driver;C:\DOCUME~1\KAREEM\Bureau\WINAIR~1\WINAIR~1\PEEK5.SYS [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{175d5ea0-7bfe-11db-995b-000e35eb802d}]
\shell\sorthb\command - "C:\Program Files\PSP Brew\PSPbrew.exe" /sorthb
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bb99a60-7419-11dc-9b19-000e35eb802d}]
\Shell\AutoRun\command - setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b5041d0-7a8e-11dc-9b25-000e35eb802d}]
\shell\sorthb\command - "C:\Program Files\PSP Brew\PSPbrew.exe" /sorthb
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0c350d0-d8eb-11dc-9c1f-000e35eb802d}]
\shell\sorthb\command - "C:\Program Files\PSP Brew\PSPbrew.exe" /sorthb
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1d1bf31-b6af-11db-99c4-000e35eb802d}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8f86fd0-7b4e-11db-9959-000e35eb802d}]
\shell\sorthb\command - "C:\Program Files\PSP Brew\PSPbrew.exe" /sorthb
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7cc0190-71b3-11da-973b-000e35eb802d}]
\Shell\AutoRun\command - F:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd74b500-eec0-11db-9a1d-000e35eb802d}]
\Shell\AutoRun\command - G:\setupSNK.exe
.
Contenu du dossier 'Tâches planifiées'
2008-10-24 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe []
2007-09-30 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
2008-10-24 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-30 10:15:34
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll
PROCESSUS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\guard32.dll
.
Heure de fin: 2008-10-30 10:16:25
ComboFix-quarantined-files.txt 2008-10-30 09:16:22
ComboFix3.txt 2008-10-29 12:10:08
ComboFix2.txt 2008-10-29 19:36:42
Avant-CF: 15 369 404 416 octets libres
Après-CF: 15,403,876,352 octets libres
527 --- E O F --- 2008-10-30 00:21:39
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.623 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\KAREEM\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\KAREEM\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
C:\WINDOWS\system32\efcDSJDU.dll
C:\WINDOWS\system32\ssqNExUn.dll
C:\WINDOWS\system32\tmp.reg
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\efcDSJDU.dll
C:\WINDOWS\system32\tmp.reg
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-30 ))))))))))))))))))))))))))))))))))))
.
2008-10-30 09:47 . 2008-10-30 09:47 <REP> d--h----- C:\WINDOWS\ie8
2008-10-30 01:21 . 2008-10-30 01:21 1,393 --a------ C:\WINDOWS\imsins.BAK
2008-10-29 17:31 . 2008-10-15 17:35 337,408 --------- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-29 12:50 . 2008-10-29 12:50 <REP> d--hs---- C:\FOUND.001
2008-10-27 13:10 . 2008-10-27 13:10 <REP> d-------- C:\Documents and Settings\KAREEM\Application Data\Avira
2008-10-27 13:03 . 2008-10-27 13:03 <REP> d-------- C:\Program Files\Avira
2008-10-27 13:03 . 2008-10-27 13:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-10-24 22:59 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-10-24 22:59 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-10-24 22:59 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-10-24 22:59 . 2008-10-01 15:51 87,552 --a------ C:\WINDOWS\system32\VACFix.exe
2008-10-24 22:59 . 2008-10-10 08:58 82,944 --a------ C:\WINDOWS\system32\o4Patch.exe
2008-10-24 22:59 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-10-24 22:59 . 2008-10-10 08:58 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-10-24 22:59 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-10-24 22:59 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-10-24 22:59 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-10-24 22:59 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-10-23 11:07 . 2008-10-23 11:07 <REP> d-------- C:\Program Files\COMODO
2008-10-23 11:07 . 2008-10-23 11:07 <REP> d-------- C:\Documents and Settings\KAREEM\Application Data\Comodo
2008-10-23 11:07 . 2008-10-23 11:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-10-23 11:07 . 2008-10-23 11:29 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-10-23 11:07 . 2008-10-23 11:29 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-10-23 11:07 . 2008-10-23 11:29 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-10-22 11:55 . 2008-10-22 11:55 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-22 11:55 . 2008-10-22 11:55 <REP> d-------- C:\Documents and Settings\KAREEM\Application Data\Malwarebytes
2008-10-22 11:55 . 2008-10-22 11:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-22 11:55 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-22 11:55 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-22 10:19 . 2008-10-22 10:19 <REP> d-------- C:\Program Files\Navilog1
2008-10-21 21:34 . 2008-10-21 21:34 <REP> d-------- C:\Program Files\a-squared Free
2008-10-21 21:31 . 2008-10-21 21:31 <REP> d-------- C:\Program Files\Trend Micro
2008-10-21 19:32 . 2006-10-26 09:56 168,392 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-10-21 19:32 . 2006-10-26 09:56 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-10-21 19:32 . 2006-10-26 09:56 35,048 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-10-21 19:32 . 2006-10-26 09:56 34,120 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-10-21 19:32 . 2006-10-26 09:56 31,944 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-10-21 19:31 . 2006-10-30 12:04 100,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-10-21 19:31 . 2006-11-23 15:54 1,808 --a------ C:\WINDOWS\system32\subst.inf
2008-10-21 19:26 . 2008-10-21 19:26 <REP> d-------- C:\Program Files\Fichiers communs\McAfee
2008-10-20 09:45 . 2008-10-20 09:45 <REP> d-------- C:\Program Files\CCleaner
2008-10-19 18:05 . 2008-10-19 18:05 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
2008-10-19 18:05 . 2008-10-19 18:05 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
2008-10-19 18:00 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-10-19 17:58 . 2008-10-19 17:58 <REP> d-------- C:\Program Files\PC Connectivity Solution
2008-10-17 22:40 . 2008-10-17 22:40 <REP> d-------- C:\Documents and Settings\KAREEM\Application Data\ESET
2008-10-16 00:45 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-16 00:44 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-16 00:44 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-16 00:44 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-16 00:44 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-16 00:44 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-03 22:54 . 2008-10-03 22:54 45,768 --a------ C:\WINDOWS\system32\drivers\MiniIcpt.sys
2008-10-02 23:34 . 2008-10-02 23:34 <REP> d--hs---- C:\FOUND.000
2008-09-24 13:41 . 2008-10-19 18:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-24 13:41 . 2008-09-24 13:41 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-17 20:57 . 2008-09-17 20:57 <REP> d-------- C:\Program Files\PPMate
2008-09-17 20:57 . 2008-09-17 20:57 <REP> d-------- C:\Documents and Settings\KAREEM\Application Data\PPMate
2008-09-12 17:09 . 2008-09-12 17:09 <REP> d-------- C:\WINDOWS\system32\fr
2008-09-12 17:09 . 2008-09-12 17:09 <REP> d-------- C:\WINDOWS\system32\bits
2008-09-12 17:09 . 2008-09-12 17:09 <REP> d-------- C:\WINDOWS\l2schemas
2008-09-12 17:05 . 2008-09-12 17:05 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-09-12 16:53 . 2008-09-12 16:53 <REP> d-------- C:\WINDOWS\EHome
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-15 16:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 23:23 637,984 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-09-08 11:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-26 09:11 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2008-08-25 09:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-22 02:10 11,985,408 ----a-w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-22 02:09 5,699,584 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-22 02:08 878,592 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-22 02:08 878,592 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2008-08-22 02:08 43,008 ----a-w C:\WINDOWS\system32\licmgr10.dll
2008-08-22 02:08 43,008 ----a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
2008-08-22 02:08 236,544 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2008-08-22 02:08 1,206,784 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2008-08-22 02:07 755,200 ----a-w C:\WINDOWS\system32\dllcache\VGX.dll
2008-08-22 02:07 193,536 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2008-08-22 02:07 18,944 ----a-w C:\WINDOWS\system32\corpol.dll
2008-08-22 02:07 18,944 ------w C:\WINDOWS\system32\dllcache\corpol.dll
2008-08-22 02:07 116,224 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2008-08-22 02:07 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2008-08-22 02:05 70,656 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2008-08-22 02:04 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2008-08-22 02:04 45,568 ----a-w C:\WINDOWS\system32\dllcache\mshta.exe
2008-08-22 02:00 68,608 ----a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
2008-08-22 01:57 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2008-08-22 01:57 156,160 ----a-w C:\WINDOWS\system32\dllcache\msls31.dll
2008-08-22 01:42 443,392 ----a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-14 14:23 2,191,232 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 14:23 2,068,096 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 11:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-08-05 16:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 21:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 21:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 21:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 21:28 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2006-12-29 14:15 626,688 ----a-w C:\Program Files\Fichiers communs\sapconsaccess.dll
2006-12-29 14:15 40,960 ----a-w C:\Program Files\Fichiers communs\DigitalSignature.ocx
2006-12-29 14:15 3,100,672 ----a-w C:\Program Files\Fichiers communs\sapxlhelper.dll
2006-12-29 14:15 192,512 ----a-w C:\Program Files\Fichiers communs\sapconsr3.dll
2006-12-07 09:26 1,129,984 ----a-w C:\Program Files\Fichiers communs\SAPActiveXL.xlt
2006-12-07 09:26 1,124,864 ----a-w C:\Program Files\Fichiers communs\SAPActiveXL_nosig.xlt
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
.
((((((((((((((((((((((((((((( snapshot@2008-10-29_13.09.00.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-27 01:44:26 71,680 ------w C:\WINDOWS\ie8\admparse.dll
+ 2008-08-26 09:11:46 124,928 ------w C:\WINDOWS\ie8\advpack.dll
+ 2008-04-14 03:33:22 35,328 ------w C:\WINDOWS\ie8\corpol.dll
+ 2008-08-26 09:11:46 347,136 ------w C:\WINDOWS\ie8\dxtmsft.dll
+ 2008-08-26 09:11:46 214,528 ------w C:\WINDOWS\ie8\dxtrans.dll
+ 2006-10-17 11:44:36 60,416 ------w C:\WINDOWS\ie8\hmmapi.dll
+ 2008-08-26 09:11:46 63,488 ------w C:\WINDOWS\ie8\icardie.dll
+ 2008-08-25 09:39:40 70,656 ------w C:\WINDOWS\ie8\ie4uinit.exe
+ 2008-08-26 09:11:46 153,088 ------w C:\WINDOWS\ie8\ieakeng.dll
+ 2008-08-26 09:11:46 230,400 ------w C:\WINDOWS\ie8\ieaksie.dll
+ 2008-08-23 06:54:52 161,792 ------w C:\WINDOWS\ie8\ieakui.dll
+ 2007-04-17 10:32:38 2,455,488 ------w C:\WINDOWS\ie8\ieapfltr.dat
+ 2008-08-26 09:11:46 383,488 ------w C:\WINDOWS\ie8\ieapfltr.dll
+ 2008-08-26 09:11:46 384,512 ------w C:\WINDOWS\ie8\iedkcs32.dll
+ 2008-04-14 03:33:26 81,920 ------w C:\WINDOWS\ie8\ieencode.dll
+ 2008-10-03 18:12:28 6,066,176 ------w C:\WINDOWS\ie8\ieframe.dll
+ 2006-10-27 14:09:58 191,488 ------w C:\WINDOWS\ie8\iepeers.dll
+ 2006-10-27 14:09:58 287,744 ------w C:\WINDOWS\ie8\ieproxy.dll
+ 2008-08-26 09:11:48 44,544 ------w C:\WINDOWS\ie8\iernonce.dll
+ 2008-08-26 09:11:48 267,776 ------w C:\WINDOWS\ie8\iertutil.dll
+ 2006-10-27 01:44:26 55,296 ------w C:\WINDOWS\ie8\iesetup.dll
+ 2006-10-27 14:09:58 180,736 ------w C:\WINDOWS\ie8\ieui.dll
+ 2008-08-23 06:56:16 635,848 ------w C:\WINDOWS\ie8\iexplore.exe
+ 2006-10-17 11:57:58 36,352 ------w C:\WINDOWS\ie8\imgutil.dll
+ 2006-10-27 01:44:08 92,672 ------w C:\WINDOWS\ie8\inseng.dll
+ 2008-05-09 11:55:00 512,000 ------w C:\WINDOWS\ie8\jscript.dll
+ 2008-08-26 09:11:50 27,648 ------w C:\WINDOWS\ie8\jsproxy.dll
+ 2006-10-17 12:05:10 40,960 ------w C:\WINDOWS\ie8\licmgr10.dll
+ 2008-08-26 09:11:50 459,264 ------w C:\WINDOWS\ie8\msfeeds.dll
+ 2008-08-26 09:11:50 52,224 ------w C:\WINDOWS\ie8\msfeedsbs.dll
+ 2006-10-17 11:58:32 12,288 ------w C:\WINDOWS\ie8\msfeedssync.exe
+ 2006-10-17 11:56:10 45,568 ------w C:\WINDOWS\ie8\mshta.exe
+ 2008-08-27 10:11:52 3,593,216 ------w C:\WINDOWS\ie8\mshtml.dll
+ 2008-08-26 09:11:52 477,696 ------w C:\WINDOWS\ie8\mshtmled.dll
+ 2006-10-17 11:28:56 48,128 ------w C:\WINDOWS\ie8\mshtmler.dll
+ 2006-10-27 14:09:58 156,160 ------w C:\WINDOWS\ie8\msls31.dll
+ 2008-08-26 09:11:52 193,024 ------w C:\WINDOWS\ie8\msrating.dll
+ 2008-08-26 09:11:52 671,232 ------w C:\WINDOWS\ie8\mstime.dll
+ 2008-08-26 09:11:52 102,912 ------w C:\WINDOWS\ie8\occache.dll
+ 2008-08-26 09:11:52 44,544 ------w C:\WINDOWS\ie8\pngfilt.dll
+ 2006-09-06 16:43:28 216,800 ------w C:\WINDOWS\ie8\spuninst.exe
+ 2008-09-08 23:26:14 49,736 ------w C:\WINDOWS\ie8\spuninst\iecustom.dll
+ 2008-06-12 10:28:06 235,040 ------w C:\WINDOWS\ie8\spuninst\spuninst.exe
+ 2008-06-12 10:28:08 406,048 ------w C:\WINDOWS\ie8\spuninst\updspapi.dll
+ 2008-08-26 09:11:52 105,984 ------w C:\WINDOWS\ie8\url.dll
+ 2008-08-26 09:11:54 1,159,680 ------w C:\WINDOWS\ie8\urlmon.dll
+ 2008-05-09 11:55:00 430,080 ------w C:\WINDOWS\ie8\vbscript.dll
+ 2007-07-13 00:30:52 765,952 ------w C:\WINDOWS\ie8\vgx.dll
+ 2008-08-26 09:11:54 233,472 ------w C:\WINDOWS\ie8\webcheck.dll
+ 2006-10-17 12:05:58 206,336 ------w C:\WINDOWS\ie8\winfxdocobj.exe
+ 2008-08-26 09:11:54 826,368 ------w C:\WINDOWS\ie8\wininet.dll
- 2006-10-27 01:44:26 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
+ 2008-08-22 02:06:30 72,704 ----a-w C:\WINDOWS\system32\admparse.dll
- 2008-08-26 09:11:46 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-08-22 02:06:16 128,512 ----a-w C:\WINDOWS\system32\advpack.dll
- 2006-10-27 01:44:26 71,680 ----a-w C:\WINDOWS\system32\dllcache\admparse.dll
+ 2008-08-22 02:06:30 72,704 ----a-w C:\WINDOWS\system32\dllcache\admparse.dll
- 2008-08-26 09:11:46 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-08-22 02:06:16 128,512 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-06-12 10:28:06 1,022,976 ------w C:\WINDOWS\system32\dllcache\browseui.dll
- 2008-08-26 09:11:46 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-08-22 02:05:16 346,624 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-08-26 09:11:46 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-08-22 02:05:10 217,088 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-08-26 09:11:46 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-08-22 02:05:20 61,952 ----a-w C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-08-25 09:39:40 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-08-22 02:06:24 162,304 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2008-08-26 09:11:46 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-08-22 02:06:36 124,928 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-08-26 09:11:46 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-08-22 02:06:40 228,864 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-08-23 06:54:52 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-08-22 02:06:24 163,840 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2007-04-17 10:32:38 2,455,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dat
+ 2008-07-29 21:58:08 3,670,112 ----a-w C:\WINDOWS\system32\dllcache\ieapfltr.dat
- 2008-08-26 09:11:46 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-08-22 02:06:44 385,024 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2006-10-27 14:09:58 191,488 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-08-22 02:05:24 186,880 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2008-08-26 09:11:48 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-08-22 02:06:20 55,808 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-08-26 09:11:48 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-08-22 02:06:02 1,778,688 ----a-w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2006-10-27 01:44:26 55,296 ----a-w C:\WINDOWS\system32\dllcache\iesetup.dll
+ 2008-08-22 02:06:24 71,680 ----a-w C:\WINDOWS\system32\dllcache\iesetup.dll
- 2006-10-17 11:57:58 36,352 ----a-w C:\WINDOWS\system32\dllcache\imgutil.dll
+ 2008-08-22 02:05:14 35,840 ----a-w C:\WINDOWS\system32\dllcache\imgutil.dll
- 2006-10-27 01:44:08 92,672 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-08-22 02:06:16 94,720 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2008-05-09 11:55:00 512,000 ------w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2008-08-22 02:06:30 552,960 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2008-08-26 09:11:50 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-08-22 02:06:58 28,672 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-08-26 09:11:50 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-08-22 02:05:48 580,608 ----a-w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-08-26 09:11:50 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-08-22 02:05:22 53,760 ----a-w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2006-10-17 11:28:56 48,128 ----a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
+ 2008-08-22 02:05:00 48,128 ----a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
- 2008-08-26 09:11:52 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-08-22 02:05:34 630,272 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-08-26 09:11:52 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-08-22 02:05:14 45,056 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-06-12 10:28:06 1,497,088 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-06-12 10:28:06 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-06-12 10:27:56 134,144 ------w C:\WINDOWS\system32\dllcache\sqmapi.dll
- 2008-05-09 11:55:00 430,080 ------w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2008-08-22 02:06:36 434,176 ----a-w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2008-08-26 09:11:46 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-08-22 02:05:16 346,624 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-08-26 09:11:46 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-08-22 02:05:10 217,088 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-08-26 09:11:46 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-08-22 02:05:20 61,952 ----a-w C:\WINDOWS\system32\icardie.dll
- 2006-06-29 07:05:44 26,112 ------w C:\WINDOWS\system32\idndl.dll
+ 2008-06-12 10:27:42 26,112 ----a-w C:\WINDOWS\system32\idndl.dll
- 2008-08-25 09:39:40 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-08-22 02:06:24 162,304 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2008-08-26 09:11:46 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-08-22 02:06:36 124,928 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2008-08-26 09:11:46 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-08-22 02:06:40 228,864 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2008-08-23 06:54:52 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-08-22 02:06:24 163,840 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2007-04-17 10:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
+ 2008-07-29 21:58:08 3,670,112 ----a-w C:\WINDOWS\system32\ieapfltr.dat
- 2008-08-26 09:11:46 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-08-22 01:42:22 443,392 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-08-26 09:11:46 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-08-22 02:06:44 385,024 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2008-10-03 18:12:28 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-08-22 02:10:34 11,985,408 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2006-10-27 14:09:58 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-08-22 02:05:24 186,880 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2008-08-26 09:11:48 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-08-22 02:06:20 55,808 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2008-08-26 09:11:48 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-08-22 02:06:02 1,778,688 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2006-10-27 01:44:26 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2008-08-22 02:06:24 71,680 ----a-w C:\WINDOWS\system32\iesetup.dll
- 2008-08-25 09:38:00 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-08-22 02:06:24 36,864 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2006-10-27 14:09:58 180,736 ------w C:\WINDOWS\system32\ieui.dll
+ 2008-08-22 01:58:12 181,760 ----a-w C:\WINDOWS\system32\ieui.dll
- 2006-10-17 11:57:58 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
+ 2008-08-22 02:05:14 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
- 2006-10-27 01:44:08 92,672 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-08-22 02:06:16 94,720 ----a-w C:\WINDOWS\system32\inseng.dll
- 2008-05-09 11:55:00 512,000 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2008-08-22 02:06:30 552,960 ----a-w C:\WINDOWS\system32\jscript.dll
- 2008-08-26 09:11:50 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-08-22 02:06:58 28,672 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2007-03-15 17:19:28 1,476,992 ------w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2008-03-20 17:06:36 1,480,232 ------w C:\WINDOWS\system32\LegitCheckControl.dll
- 2008-08-26 09:11:50 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-08-22 02:05:48 580,608 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-08-26 09:11:50 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-08-22 02:05:22 53,760 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2006-10-17 11:58:32 12,288 ------w C:\WINDOWS\system32\msfeedssync.exe
+ 2008-08-22 02:05:22 13,312 ----a-w C:\WINDOWS\system32\msfeedssync.exe
- 2008-08-27 10:11:52 3,593,216 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-08-22 02:09:32 5,699,584 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-08-26 09:11:52 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-08-22 02:05:08 70,656 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2006-10-17 11:28:56 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
+ 2008-08-22 02:05:00 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
- 2008-08-26 09:11:52 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-08-22 02:07:50 193,536 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-08-26 09:11:52 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-08-22 02:05:34 630,272 ----a-w C:\WINDOWS\system32\mstime.dll
- 2008-04-14 03:33:34 337,408 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2008-10-15 16:35:44 337,408 ----a-w C:\WINDOWS\system32\netapi32.dll
- 2006-06-28 16:59:26 24,576 ------w C:\WINDOWS\system32\nlsdl.dll
+ 2008-06-12 10:27:44 24,576 ----a-w C:\WINDOWS\system32\nlsdl.dll
- 2006-06-29 07:05:44 23,552 ------w C:\WINDOWS\system32\normaliz.dll
+ 2008-06-12 10:27:42 23,552 ----a-w C:\WINDOWS\system32\normaliz.dll
- 2008-08-26 09:11:52 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-08-22 02:07:50 116,224 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-08-26 09:11:52 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-08-22 02:05:14 45,056 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-08-22 02:05:00 48,640 ------w C:\WINDOWS\system32\PrivacIE.dll
- 2007-11-30 12:19:06 18,296 ------w C:\WINDOWS\system32\spmsg.dll
+ 2008-06-12 10:28:06 17,952 ------w C:\WINDOWS\system32\spmsg.dll
- 2007-08-10 07:18:14 26,488 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2008-06-12 10:28:06 26,144 ----a-w C:\WINDOWS\system32\spupdsvc.exe
- 2008-08-26 09:11:52 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-08-22 02:07:58 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-08-26 09:11:54 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-08-22 02:08:22 1,206,784 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-05-09 11:55:00 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2008-08-22 02:06:36 434,176 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2008-08-26 09:11:54 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-08-22 02:08:08 236,544 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2006-10-17 12:05:58 206,336 ------w C:\WINDOWS\system32\WinFXDocObj.exe
+ 2008-08-22 02:08:22 208,384 ----a-w C:\WINDOWS\system32\WinFXDocObj.exe
- 2008-04-14 03:33:52 121,856 ------w C:\WINDOWS\system32\xmllite.dll
+ 2008-06-12 10:28:02 121,856 ----a-w C:\WINDOWS\system32\xmllite.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40e55190-8c1f-4d8e-aee8-4577713abc27}]
C:\WINDOWS\system32\wcwhog.dll [BU]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~3\wcescomm.exe" [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-01-13 5525504]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 688218]
"TMEPROP"="C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe" [2005-01-19 253952]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2005-01-14 352256]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2004-12-21 118784]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 1077327]
"DockMsgFrom"="C:\Program Files\Toshiba\Toshiba Applet\DockMsgFrom.exe" [2004-11-11 114688]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 122939]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-11-14 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 286720]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-10-23 1655552]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-06-12 266497]
"TPSMain"="TPSMain.exe" [2005-01-21 C:\WINDOWS\system32\TPSMain.exe]
"TFncKy"="TFncKy.exe" [BU]
"nwiz"="nwiz.exe" [2005-01-13 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2005-01-13 C:\WINDOWS\system32\nvmctray.dll]
"NDSTray.exe"="NDSTray.exe" [BU]
"CFSServ.exe"="CFSServ.exe" [BU]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-07 C:\WINDOWS\agrsmmsg.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-02-02 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= guard32.dll dzdqoe.dll wcwhog.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.VP40"= vp4vfw.dll
"MSACM.CEGSM"= mobilev.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TrayMin210.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\TrayMin210.exe.lnk
backup=C:\WINDOWS\pss\TrayMin210.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^KAREEM^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=C:\Documents and Settings\KAREEM\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2008-04-23 02:08 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
--a------ 2007-03-22 14:02 2663480 C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
--a------ 2004-06-09 15:37 40960 C:\WINDOWS\VM_STI.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 14:07 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-06-17 16:00 1249280 C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ppmate]
--a------ 2006-11-23 03:45 1495123 C:\Program Files\PPMate\PPMate\ppmate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-14 23:43 286720 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
--a------ 2004-11-12 17:57 73728 C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--a------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2004-12-20 15:41 33792 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SPTISRV"=3 (0x3)
"iPod Service"=3 (0x3)
"McRedirector"=2 (0x2)
"McAfee HackerWatch Service"=2 (0x2)
"Emproxy"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
"SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"Babylon Client"=C:\Program Files\Babylon\Babylon.exe -AutoStart
"MSKDetectorExe"=C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
"MSKAGENTEXE"=C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
"MWLExe"=C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\tvants\\Tvants.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"C:\\WINDOWS\\System32\\dpvsetup.exe"=
"C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Fichiers communs\\Synacast\\SynaLive\\PE.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\PPMate\\PPMate\\ppmate.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6828:TCP"= 6828:TCP
pLive"4277:UDP"= 4277:UDP
pLive"13764:TCP"= 13764:TCP:BitComet 13764 TCP
"13764:UDP"= 13764:UDP:BitComet 13764 UDP
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"15080:TCP"= 15080:TCP:NortonAV
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-10-23 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-10-23 24208]
R2 AVEService;Avira AntiVir Premium MailGuard helper service;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-05-09 41217]
S0 dibeajxh;dibeajxh;C:\WINDOWS\system32\drivers\earktxv.sys [ ]
S2 AntiVirMailService;Avira AntiVir Premium MailGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2008-07-11 164097]
S2 antivirwebservice;Avira AntiVir Premium WebGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE [2008-06-12 258305]
S3 GOBBLER;GOBBLER;C:\WINDOWS\system32\drivers\GOBBLER.SYS [ ]
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2004-07-14 31547]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 20096]
S3 PEEK5;PEEK5 Protocol Driver;C:\DOCUME~1\KAREEM\Bureau\WINAIR~1\WINAIR~1\PEEK5.SYS [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{175d5ea0-7bfe-11db-995b-000e35eb802d}]
\shell\sorthb\command - "C:\Program Files\PSP Brew\PSPbrew.exe" /sorthb
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bb99a60-7419-11dc-9b19-000e35eb802d}]
\Shell\AutoRun\command - setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b5041d0-7a8e-11dc-9b25-000e35eb802d}]
\shell\sorthb\command - "C:\Program Files\PSP Brew\PSPbrew.exe" /sorthb
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0c350d0-d8eb-11dc-9c1f-000e35eb802d}]
\shell\sorthb\command - "C:\Program Files\PSP Brew\PSPbrew.exe" /sorthb
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1d1bf31-b6af-11db-99c4-000e35eb802d}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8f86fd0-7b4e-11db-9959-000e35eb802d}]
\shell\sorthb\command - "C:\Program Files\PSP Brew\PSPbrew.exe" /sorthb
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7cc0190-71b3-11da-973b-000e35eb802d}]
\Shell\AutoRun\command - F:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd74b500-eec0-11db-9a1d-000e35eb802d}]
\Shell\AutoRun\command - G:\setupSNK.exe
.
Contenu du dossier 'Tâches planifiées'
2008-10-24 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe []
2007-09-30 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
2008-10-24 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-30 10:15:34
Windows 5.1.2600 Service Pack 3 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll
PROCESSUS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\guard32.dll
.
Heure de fin: 2008-10-30 10:16:25
ComboFix-quarantined-files.txt 2008-10-30 09:16:22
ComboFix3.txt 2008-10-29 12:10:08
ComboFix2.txt 2008-10-29 19:36:42
Avant-CF: 15 369 404 416 octets libres
Après-CF: 15,403,876,352 octets libres
527 --- E O F --- 2008-10-30 00:21:39
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38:34, on 2008-10-30
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\tme3srv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Toshiba Applet\DockMsgFrom.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: {72cba317-7754-8eea-e8d4-f1c809155e04} - {40e55190-8c1f-4d8e-aee8-4577713abc27} - C:\WINDOWS\system32\wcwhog.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TMEPROP] C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe -S
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DockMsgFrom] C:\Program Files\Toshiba\Toshiba Applet\DockMsgFrom.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.downlo...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110w.bay110.mail.live.com/mail/resources/MsnPU...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {86992E9F-0414-40FD-B586-0E782A613504} - http://cpimg.msnplus.co.kr/_Download/ActiveX/WPCPackIns...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie0610100...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: guard32.dll dzdqoe.dll wcwhog.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6028\SAService.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TME3SRV - IEC - C:\Program Files\TOSHIBA\TOSHIBA Applet\tme3srv.exe
--
End of file - 14012 bytes
Scan saved at 10:38:34, on 2008-10-30
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\tme3srv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Toshiba Applet\DockMsgFrom.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: {72cba317-7754-8eea-e8d4-f1c809155e04} - {40e55190-8c1f-4d8e-aee8-4577713abc27} - C:\WINDOWS\system32\wcwhog.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TMEPROP] C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe -S
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DockMsgFrom] C:\Program Files\Toshiba\Toshiba Applet\DockMsgFrom.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.downlo...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110w.bay110.mail.live.com/mail/resources/MsnPU...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {86992E9F-0414-40FD-B586-0E782A613504} - http://cpimg.msnplus.co.kr/_Download/ActiveX/WPCPackIns...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie0610100...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: guard32.dll dzdqoe.dll wcwhog.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6028\SAService.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TME3SRV - IEC - C:\Program Files\TOSHIBA\TOSHIBA Applet\tme3srv.exe
--
End of file - 14012 bytes
O2 - BHO: {72cba317-7754-8eea-e8d4-f1c809155e04} - {40e55190-8c1f-4d8e-aee8-4577713abc27} - C:\WINDOWS\system32\wcwhog.dll (file missing)
O20 - AppInit_DLLs: guard32.dll dzdqoe.dll wcwhog.dll
Allez dans Démarrer Exécuter mettre: Regedit
Fichier et exporté pour sauvegarder.
Aller ici:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows
et double cliquer sur cette ligne et effacer ce qui est mauve: "AppInit_DLLs"= guard32.dll dzdqoe.dll wcwhog.dll
O20 - AppInit_DLLs: guard32.dll dzdqoe.dll wcwhog.dll
Allez dans Démarrer Exécuter mettre: Regedit
Fichier et exporté pour sauvegarder.
Aller ici:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows
et double cliquer sur cette ligne et effacer ce qui est mauve: "AppInit_DLLs"= guard32.dll dzdqoe.dll wcwhog.dll
Un ENNORME MERCI a toi G225, je suis enfin de retour avec des pages web moins sales.
J'ai vraiment galéré avec ce trojan de malheur. J'en ai profité pour passer sur bitdefender.
Et je confirme que mon trojan me faisait crashé l'ordi avec des vidages de memoire physique ecran avec texte blanc sur fond bleu, etc...
Je te remercie encore une fois.
Dommage que l'on puisse pas donner des évaluations sur les gens qui aident sur le forum.
J'ai vraiment galéré avec ce trojan de malheur. J'en ai profité pour passer sur bitdefender.
Et je confirme que mon trojan me faisait crashé l'ordi avec des vidages de memoire physique ecran avec texte blanc sur fond bleu, etc...
Je te remercie encore une fois.
Dommage que l'on puisse pas donner des évaluations sur les gens qui aident sur le forum.
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumSupprimer pub intempestives avec firefox
- ForumIexplore exe erreur application
- ForumIexplore exe a rencontré un probleme
- ForumErreur iexplore exe
- ForumPb internet explorer firefox
- ForumProbleme de fenetres intempestives a larret de xp
- ForumFenetres publicitaires intempestives internet explorer
- ForumProbleme avec exe explorer
- ForumFenetre explorer exe
- ForumProblã me explorer exe
- Voir plus
