Votre question

pubs (par dizaines), plus de gestionnaire de taches, plus de regedit!!

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
2 Octobre 2008 19:17:24

Bonjour, j'ai attrapé un virus qui me bloque mon gestionnaire de taches (rien ne se passe quand je fais ctrl+alt+suppr), j'ai des fenêtres intempestives par dizaines qui me bloque complètement ma connexion et qui font tout ramer (casino, virus remover2008, new offer, servedby) et je n'est plus "regedit" quand je l'écris dans éxécuter... J'aimerais de l'aide si vous pouvez, j'ai déjà essayé beaucoup de choses rien ne change...Voici mon rapport Hijackthis :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:56:35, on 02/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ffpsrv] c:\windows\ffpext\ffpsrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Printer Driver] C:\WINDOWS\system32\PRINTDRV.EXE
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [WindowFX] C:\PROGRA~1\Stardock\OBJECT~1\WindowFX\\wfxload.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [L08FXLRD_3281062] "C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
O4 - HKLM\..\Policies\Explorer\Run: [PrinterSecurityLayer] C:\WINDOWS\LSPRN.EXE
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 7024 bytes


Autres pages sur : pubs dizaines gestionnaire taches regedit

2 Octobre 2008 19:21:15

bonsoir

Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

viens sur le forum et édition "coller"

ajoute un nouveau rapport Hijackthis.
2 Octobre 2008 19:51:08

Merci de me répondre c'est très gentil!
Rapport combofix :

ComboFix 08-10-01.06 - Maxou 2008-10-02 19:33:16.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1000 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Maxou\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Maxou\Cookies\maxou@ad.yieldmanager[3].txt
C:\WINDOWS\system32\apibsc32.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-02 au 2008-10-02 ))))))))))))))))))))))))))))))))))))
.

2008-10-02 18:59 . 2008-10-02 18:59 <REP> d-------- C:\Program Files\Safer Networking
2008-10-02 18:55 . 2008-10-02 18:55 <REP> d-------- C:\Program Files\Trend Micro
2008-10-01 23:46 . 2008-10-01 23:47 4,566 --a------ C:\WINDOWS\imsins.BAK
2008-10-01 20:23 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-10-01 20:22 . 2008-10-01 20:22 <REP> d-------- C:\Program Files\Panda Security
2008-10-01 20:06 . 2008-10-01 15:35 541,934 --a------ C:\WINDOWS\system32\PRINTDRV.EXE
2008-10-01 19:53 . 2008-10-01 19:53 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-01 19:53 . 2008-10-01 19:53 <REP> d-------- C:\Documents and Settings\Maxou\Application Data\Malwarebytes
2008-10-01 19:53 . 2008-10-01 19:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-01 19:53 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-01 19:53 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-01 19:47 . 2008-10-01 19:52 <REP> d-------- C:\Program Files\Spyware Terminator
2008-10-01 19:47 . 2008-10-01 19:47 <REP> d-------- C:\Documents and Settings\Maxou\Application Data\Spyware Terminator
2008-10-01 19:47 . 2008-10-02 00:37 <REP> d-------- C:\Documents and Settings\All Users\Bureau
2008-10-01 19:47 . 2008-10-01 19:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-10-01 19:47 . 2008-10-01 19:47 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-10-01 15:59 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-10-01 15:59 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\o4Patch.exe
2008-10-01 15:59 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-10-01 15:59 . 2008-10-01 23:34 752 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-01 15:55 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-10-01 15:55 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-10-01 15:55 . 2008-09-02 16:51 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-10-01 15:55 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-10-01 15:55 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-10-01 15:55 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-10-01 15:55 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-10-01 15:38 . 2008-10-02 19:35 2,171 --a------ C:\WINDOWS\iexplore.html
2008-10-01 15:37 . 2008-10-02 18:25 2,208 --a------ C:\WINDOWS\system32\apisc32.dll
2008-10-01 15:35 . 2008-10-01 15:35 541,934 --a------ C:\WINDOWS\shapi32.dll
2008-10-01 15:35 . 2008-10-01 15:35 16,896 --a------ C:\WINDOWS\system32\divxdrv32.exe
2008-10-01 15:35 . 2008-10-01 15:35 16,896 --a------ C:\WINDOWS\LSPRN.EXE
2008-10-01 15:32 . 2008-10-01 15:32 <REP> d-------- C:\Program Files\NFO viewer
2008-10-01 01:25 . 2008-10-01 01:25 <REP> d-------- C:\Documents and Settings\Maxou\Application Data\InstallShield
2008-10-01 00:49 . 2008-10-01 00:49 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-10-01 00:35 . 2008-10-01 01:25 <REP> d-------- C:\Program Files\Avanquest update
2008-10-01 00:33 . 2008-10-01 09:46 <REP> d-------- C:\Program Files\Motorola Phone Tools
2008-10-01 00:28 . 2008-10-01 00:28 <REP> d-------- C:\Program Files\Common Files
2008-10-01 00:13 . 2008-10-01 00:13 56 --a------ C:\WINDOWS\system32\S-1-5-21-0094400A
2008-09-29 20:55 . 2008-10-01 01:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-09-29 20:07 . 2008-09-29 20:07 0 --a------ C:\WINDOWS\PanelExe.INI
2008-09-29 20:07 . 2008-09-29 20:07 0 --a------ C:\WINDOWS\EngineExe.INI
2008-09-29 20:00 . 2008-09-29 20:00 0 --a------ C:\WINDOWS\FileMgrExe.INI
2008-09-29 19:34 . 2007-02-02 16:57 49,377 --a------ C:\WINDOWS\system32\drivers\mamotou.sys
2008-09-29 19:33 . 2005-08-18 11:44 49,867 --a------ C:\WINDOWS\system32\drivers\mardp2k.sys
2008-09-29 19:33 . 2005-08-18 11:44 49,484 --a------ C:\WINDOWS\system32\drivers\MARDPNP.SYS
2008-09-29 19:33 . 2007-01-16 11:46 25,302 --a------ C:\WINDOWS\system32\drivers\MaVctrl.sys
2008-09-29 19:33 . 2007-01-16 11:44 11,986 --a------ C:\WINDOWS\system32\drivers\MaVc2K.sys
2008-09-29 19:32 . 2008-09-29 19:32 <REP> d-------- C:\WINDOWS\Application Data
2008-09-28 16:07 . 2008-10-01 00:32 24,192 --a------ C:\Documents and Settings\Maxou\usbsermptxp.sys
2008-09-28 16:07 . 2008-09-28 16:07 22,768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys
2008-09-28 16:07 . 2008-10-01 00:32 22,768 --a------ C:\Documents and Settings\Maxou\usbsermpt.sys
2008-09-28 13:36 . 2003-05-14 21:07 389,120 --a------ C:\WINDOWS\system32\actskn43.ocx
2008-09-28 13:20 . 2007-06-18 15:18 23,680 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2008-09-28 12:20 . 2006-10-04 16:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-09-28 12:20 . 2006-10-04 16:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-09-28 12:20 . 2006-10-04 16:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-09-28 12:19 . 2008-09-28 12:20 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-09-28 12:04 . 2008-09-28 12:04 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-09-28 12:04 . 2008-09-28 12:04 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-09-28 12:03 . 2006-11-13 14:45 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-09-28 02:21 . 2008-09-28 02:21 <REP> d-------- C:\Program Files\Fichiers communs\Motorola Shared
2008-09-23 00:30 . 2008-09-23 00:35 5,684 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-09-22 22:38 . 2008-09-22 22:40 <REP> d-------- C:\Program Files\Post-me
2008-09-22 22:38 . 1998-08-26 00:00 1,045,776 --a------ C:\WINDOWS\system32\MSJet35.dll
2008-09-22 22:38 . 1998-08-11 00:00 407,312 --a------ C:\WINDOWS\system32\MsRepl35.dll
2008-09-22 22:38 . 2002-02-13 12:27 252,176 --a------ C:\WINDOWS\system32\MSRD2x35.dll
2008-09-22 22:38 . 2002-02-13 12:27 149,776 --a------ C:\WINDOWS\system32\MSJInt35.dll
2008-09-22 22:38 . 1998-05-31 00:00 72,704 --a------ C:\WINDOWS\system32\ODBCTL32.dll
2008-09-22 22:38 . 1998-04-25 00:00 24,848 --a------ C:\WINDOWS\system32\MSJtEr35.dll
2008-09-22 22:29 . 2008-09-22 22:29 <REP> d-------- C:\Documents and Settings\Maxou\Application Data\3M
2008-09-14 13:44 . 2008-09-14 13:45 <REP> d-------- C:\Program Files\iTunes
2008-09-14 13:44 . 2008-09-14 13:44 <REP> d-------- C:\Program Files\iPod
2008-09-14 13:44 . 2008-09-14 13:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-14 13:41 . 2008-09-14 13:41 <REP> d-------- C:\Program Files\Bonjour
2008-09-14 13:39 . 2008-09-14 13:40 <REP> d-------- C:\Program Files\QuickTime
2008-09-10 19:39 . 2005-01-22 19:05 20,480 --a------ C:\WINDOWS\system32\wbload.dll
2008-09-10 18:15 . 2008-09-10 22:49 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-09-10 18:00 . 2008-09-10 22:47 84 --------- C:\WINDOWS\WB.ini
2008-09-10 17:53 . 2007-07-11 14:06 42,672 --------- C:\WINDOWS\system32\wbsys.dll
2008-09-10 16:48 . 2008-09-10 16:48 <REP> d-------- C:\Documents and Settings\Maxou\Application Data\Styler
2008-09-10 16:17 . 2008-06-08 01:15 216 -rahs---- C:\BOOT.BKK
2008-09-10 15:52 . 2008-09-10 15:52 <REP> d-------- C:\Program Files\TGTSoft
2008-09-10 15:30 . 2008-09-10 15:36 <REP> d-------- C:\Documents and Settings\Maxou\Application Data\Stardock
2008-09-10 15:28 . 2008-09-10 15:28 0 --a------ C:\WINDOWS\windowfx3.ini
2008-09-10 15:28 . 2008-09-10 15:28 0 --a------ C:\WINDOWS\windowfx2.ini
2008-09-10 15:02 . 2008-03-12 22:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Stardock
2008-09-08 12:21 . 2008-09-08 12:21 <REP> d-------- C:\Program Files\Apple Software Update
2008-09-07 20:35 . 2008-09-10 23:03 <REP> d-------- C:\Program Files\Stardock
2008-09-07 20:35 . 2008-09-22 23:52 <REP> d-------- C:\Program Files\Fichiers communs\Stardock
2008-09-07 19:36 . 2008-09-07 19:36 <REP> d-------- C:\Program Files\Plus!
2008-09-07 19:22 . 2008-09-10 16:24 <REP> d-------- C:\Program Files\UberIcon
2008-09-07 18:22 . 2008-09-23 00:35 71,786 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-09-07 18:21 . 2008-09-23 00:35 3,932,214 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-09-07 18:18 . 2008-09-23 00:29 <REP> d-------- C:\WINDOWS\BricoPacks
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-09-02 23:21 . 2008-09-07 18:27 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2008-09-02 17:03 . 2008-09-02 17:03 <REP> d-------- C:\Documents and Settings\Maxou\Application Data\Nubs
2008-09-02 16:58 . 2008-09-10 17:43 <REP> d-------- C:\Documents and Settings\Maxou\Application Data\IconTweaker
2008-09-02 16:58 . 2008-09-10 17:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\IconTweaker
2008-09-02 16:45 . 2008-09-02 16:45 <REP> d-------- C:\WINDOWS\system32\inook2008 dir
2008-09-02 16:45 . 2008-09-02 16:45 201,728 --a------ C:\WINDOWS\system32\inook2008.scr
2008-09-02 14:36 . 2008-09-02 14:36 <REP> d-------- C:\WINDOWS\Downloaded Installations

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-01 23:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-01 17:09 --------- d-----w C:\Program Files\eMule
2008-09-30 23:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-25 20:02 --------- d-----w C:\Documents and Settings\Maxou\Application Data\U3
2008-09-22 22:45 --------- d-----w C:\Program Files\RocketDock
2008-09-14 11:40 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-09-10 23:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-08 16:21 --------- d-----w C:\Documents and Settings\Maxou\Application Data\Apple Computer
2008-09-07 11:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-09-02 15:45 --------- d-----w C:\Program Files\Winamp
2008-09-02 15:42 --------- d-----w C:\Documents and Settings\Maxou\Application Data\Winamp
2008-09-02 13:32 --------- d-----w C:\Documents and Settings\Maxou\Application Data\OtakuSoftware
2008-08-31 01:14 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-30 20:31 --------- d-----w C:\Program Files\Messenger Plus! Live
.

------- Sigcheck -------

2008-02-16 11:32 670208 dcb8a9f102663d962be60cde38a6c1d7 C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\wininet.dll
2008-04-21 08:57 670720 f2f343d7ed0223645ba773b840eb4993 C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\wininet.dll
2008-04-21 08:43 670208 7af7d7d178f2863e7e7c880b55c88b76 C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\wininet.dll
2008-04-21 08:30 670720 82b3264706b9921c67b196319fda51de C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\wininet.dll
2008-06-23 18:15 671232 8ca18fd7cccabff7e84702bc1bbf5dcb C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\wininet.dll
2008-06-23 17:10 670208 d2177655bc338a07b99913f6a4bed52d C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\wininet.dll
2008-06-23 16:56 670720 4e00327da458beffea8f4b222f466b20 C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\wininet.dll
2001-08-28 14:00 598016 ea72e6aab27289c10edce06f4af91557 C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
2004-08-19 16:09 660480 4e958b97efc3d801f49283d1820f48b7 C:\WINDOWS\$NtUninstallKB947864$\wininet.dll
2008-02-16 11:02 663552 c9218cd3cd93586ffe9ae789282cae63 C:\WINDOWS\$NtUninstallKB950759$\wininet.dll
2008-04-21 09:02 663552 355a69cc05045428ce6b9e6bfbd4b74b C:\WINDOWS\$NtUninstallKB953838$\wininet.dll
2008-06-23 17:40 697856 08478bc046ae9381d9eb4883dd48f93a C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2008-04-14 04:33 670208 4a6e04ea20f48d750d9bfed8600d516b C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\wininet.dll
2008-04-14 04:33 670208 4a6e04ea20f48d750d9bfed8600d516b C:\WINDOWS\SoftwareDistribution\Download\bba2f670a60f4e414c2e1208f91a7749\wininet.dll
2008-04-21 09:02 663552 355a69cc05045428ce6b9e6bfbd4b74b C:\WINDOWS\SoftwareDistribution\Download\f13b1130c899601342787d172211ab01\sp2gdr\wininet.dll
2008-04-21 08:57 670720 f2f343d7ed0223645ba773b840eb4993 C:\WINDOWS\SoftwareDistribution\Download\f13b1130c899601342787d172211ab01\sp2qfe\wininet.dll
2008-04-21 08:43 670208 7af7d7d178f2863e7e7c880b55c88b76 C:\WINDOWS\SoftwareDistribution\Download\f13b1130c899601342787d172211ab01\sp3gdr\wininet.dll
2008-04-21 08:30 670720 82b3264706b9921c67b196319fda51de C:\WINDOWS\SoftwareDistribution\Download\f13b1130c899601342787d172211ab01\sp3qfe\wininet.dll
2008-06-23 17:40 697856 08478bc046ae9381d9eb4883dd48f93a C:\WINDOWS\system32\wininet.dll
2008-06-23 17:40 663552 95d92788889b847309c63e2ec287d1c0 C:\WINDOWS\system32\dllcache\wininet.dll

2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2001-08-28 14:00 1005056 9e20a8ef0ca524446afee29f4423cc8f C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\explorer.exe
2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\SoftwareDistribution\Download\bba2f670a60f4e414c2e1208f91a7749\explorer.exe
2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\system32\dllcache\explorer.exe

2002-08-29 20:45 142848 9882731639c71c93bf88e445add89aba C:\WINDOWS\$NtServicePackUninstall$\wuauclt.exe
2008-07-18 22:10 68808 136896c2cdc3f689876e0d44485153ea C:\WINDOWS\ServicePackFiles\i386\wuauclt.exe
2008-04-14 04:34 112640 7e3defe771cb451b0ff630bfa435417e C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\wuauclt.exe
2008-04-14 04:34 112640 7e3defe771cb451b0ff630bfa435417e C:\WINDOWS\SoftwareDistribution\Download\bba2f670a60f4e414c2e1208f91a7749\wuauclt.exe
2008-07-18 22:10 68808 136896c2cdc3f689876e0d44485153ea C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10 53448 d316e28958873859b88d72cf47ad1ea5 C:\WINDOWS\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-07-17 122880]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"WindowFX"="C:\PROGRA~1\Stardock\OBJECT~1\WindowFX\\wfxload.exe" [2003-09-29 524288]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-11-07 3739672]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ffpsrv"="c:\windows\ffpext\ffpsrv.exe" [2006-04-11 82432]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-10 7286784]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-07-18 185896]
"Printer Driver"="C:\WINDOWS\system32\PRINTDRV.EXE" [2008-10-01 541934]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"PrinterSecurityLayer"="C:\WINDOWS\LSPRN.EXE" [2008-10-01 16896]

C:\Documents and Settings\Maxou\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regedit.exe]
"Debugger"=0

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe]
"Debugger"=0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FDCDNT.SYS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FileAndFolderProtector_S]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"D:\\JEUX\\jeux action\\Counter Strike\\hl.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"D:\\JEUX\\jeux strategie\\Warcraft III\\Frozen Throne.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"D:\\JEUX\\jeux strategie\\EE2\\EE2.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9868:TCP"= 9868:TCP:BitComet 9868 TCP
"9868:UDP"= 9868:UDP:BitComet 9868 UDP

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-31 97928]
R1 FDCDNT;FDCDNT;C:\WINDOWS\system32\drivers\FDCDNT.SYS [2005-06-02 47662]
R1 SSHDRV65;SSHDRV65;C:\WINDOWS\system32\drivers\SSHDRV65.sys [2008-06-08 120320]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-31 231704]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-06-29 147456]
R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [ ]
S3 mamotou;mamotou;C:\WINDOWS\system32\DRIVERS\mamotou.sys [2007-02-02 49377]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30f61572-54bd-11dd-b910-001c10e6445b}]
\Shell\AutoRun\command - I:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7289a458-34c6-11dd-b8e7-001c10e6445b}]
\Shell\AutoRun\command - setupSNK.exe

*Newly Created Service* - GTNDIS5
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-L08FXLRD_3281062 - C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE


.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Maxou\Application Data\Mozilla\Firefox\Profiles\26xrc4t4.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.fr
FF -: plugin - C:\Documents and Settings\Maxou\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-02 19:38:18
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


C:\Documents and Settings\Maxou\Local Settings\Application Data\Microsoft\Windows Live Contacts\{2e78404f-3c30-4217-997b-61469ea785b7}\DBStore\tempedb.edb 131072 bytes
C:\Documents and Settings\Maxou\Local Settings\Application Data\Microsoft\Windows Live Contacts\{d9d7cca6-417c-4c8a-9ae9-ae7ed7ca0ed7}\DBStore\tempedb.edb

Scan terminé avec succès
Fichiers cachés: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

PROCESSUS: C:\WINDOWS\explorer.exe
-> C:\Program Files\RocketDock\RocketDock.dll
-> C:\Program Files\UberIcon\UberIcon.dll
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\PROGRA~1\Stardock\OBJECT~1\WindowFX\wfxload.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Heure de fin: 2008-10-02 19:47:27 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-02 17:47:15

Avant-CF: 18ÿ163ÿ982ÿ336 octets libres
Après-CF: 18,175,913,984 octets libres

295 --- E O F --- 2008-09-28 22:33:01



RAPPORT HIJACKTHIS :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:49:15, on 02/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\WINDOWS\LSPRN.EXE
C:\windows\ffpext\ffpsrv.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\PRINTDRV.EXE
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\PROGRA~1\Stardock\OBJECT~1\WindowFX\wfxload.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ffpsrv] c:\windows\ffpext\ffpsrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Printer Driver] C:\WINDOWS\system32\PRINTDRV.EXE
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [WindowFX] C:\PROGRA~1\Stardock\OBJECT~1\WindowFX\\wfxload.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [L08FXLRD_3281062] "C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
O4 - HKLM\..\Policies\Explorer\Run: [PrinterSecurityLayer] C:\WINDOWS\LSPRN.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 8682 bytes

Contenus similaires
2 Octobre 2008 21:46:29

re

1

Copie (Ctrl+C) le texte ci-dessous :
File::
C:\WINDOWS\system32\PRINTDRV.EXE
C:\WINDOWS\LSPRN.EXE
C:\WINDOWS\system32\divxdrv32.exe
C:\WINDOWS\shapi32.dll
C:\WINDOWS\system32\apisc32.dll
C:\WINDOWS\iexplore.html

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Printer Driver"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"PrinterSecurityLayer"=-



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
Sauvegarde ce fichier sous le nom de CFScript.txt

Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


    2

    ~Fais une analyse antivirus en ligne sur le site de Kaspersky
    http://www.kaspersky.com/kos/eng/partner/default/kavweb...

    * Clique sur Accept
    * Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
    * clique une nouvelle fois sur "Accept"
    * Les bases de mises à jour vont s'installer, patiente un moment
    * Clique sur Next.
    * Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.
    * Poste le rapport de scan.
    2 Octobre 2008 22:03:19

    déjà le rapport de combofix (kaspersky est en route) :


    ComboFix 08-10-01.06 - Maxou 2008-10-02 21:55:26.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.988 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\Maxou\Bureau\ComboFix.exe
    Commutateurs utilisés :: C:\Documents and Settings\Maxou\CFScript.txt
    * Un nouveau point de restauration a été créé

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\WINDOWS\iexplore.html
    C:\WINDOWS\LSPRN.EXE
    C:\WINDOWS\shapi32.dll
    C:\WINDOWS\system32\apisc32.dll
    C:\WINDOWS\system32\divxdrv32.exe
    C:\WINDOWS\system32\PRINTDRV.EXE
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Maxou\Cookies\maxou@ad.yieldmanager[3].txt
    C:\Documents and Settings\Maxou\Cookies\maxou@adsrevenue[2].txt
    C:\WINDOWS\iexplore.html
    C:\WINDOWS\LSPRN.EXE
    C:\WINDOWS\shapi32.dll
    C:\WINDOWS\system32\apisc32.dll
    C:\WINDOWS\system32\divxdrv32.exe
    C:\WINDOWS\system32\PRINTDRV.EXE

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-02 au 2008-10-02 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-02 19:41 . 2008-10-02 19:41 2,208 --a------ C:\WINDOWS\system32\apibsc32.dll
    2008-10-02 18:59 . 2008-10-02 18:59 <REP> d-------- C:\Program Files\Safer Networking
    2008-10-02 18:55 . 2008-10-02 18:55 <REP> d-------- C:\Program Files\Trend Micro
    2008-10-01 23:46 . 2008-10-01 23:47 4,566 --a------ C:\WINDOWS\imsins.BAK
    2008-10-01 20:23 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
    2008-10-01 20:22 . 2008-10-01 20:22 <REP> d-------- C:\Program Files\Panda Security
    2008-10-01 19:53 . 2008-10-01 19:53 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-01 19:53 . 2008-10-01 19:53 <REP> d-------- C:\Documents and Settings\Maxou\Application Data\Malwarebytes
    2008-10-01 19:53 . 2008-10-01 19:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-01 19:53 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-10-01 19:53 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-10-01 19:47 . 2008-10-01 19:52 <REP> d-------- C:\Program Files\Spyware Terminator
    2008-10-01 19:47 . 2008-10-01 19:47 <REP> d-------- C:\Documents and Settings\Maxou\Application Data\Spyware Terminator
    2008-10-01 19:47 . 2008-10-02 00:37 <REP> d-------- C:\Documents and Settings\All Users\Bureau
    2008-10-01 19:47 . 2008-10-01 19:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
    2008-10-01 19:47 . 2008-10-01 19:47 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
    2008-10-01 15:59 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
    2008-10-01 15:59 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\o4Patch.exe
    2008-10-01 15:59 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
    2008-10-01 15:59 . 2008-10-01 23:34 752 --a------ C:\WINDOWS\system32\tmp.reg
    2008-10-01 15:55 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-10-01 15:55 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-10-01 15:55 . 2008-09-02 16:51 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-10-01 15:55 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-10-01 15:55 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
    2008-10-01 15:55 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-10-01 15:55 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-10-01 15:32 . 2008-10-01 15:32 <REP> d-------- C:\Program Files\NFO viewer
    2008-10-01 01:25 . 2008-10-01 01:25 <REP> d-------- C:\Documents and Settings\Maxou\Application Data\InstallShield
    2008-10-01 00:49 . 2008-10-01 00:49 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
    2008-10-01 00:35 . 2008-10-01 01:25 <REP> d-------- C:\Program Files\Avanquest update
    2008-10-01 00:33 . 2008-10-01 09:46 <REP> d-------- C:\Program Files\Motorola Phone Tools
    2008-10-01 00:28 . 2008-10-01 00:28 <REP> d-------- C:\Program Files\Common Files
    2008-10-01 00:13 . 2008-10-01 00:13 56 --a------ C:\WINDOWS\system32\S-1-5-21-0094400A
    2008-09-29 20:55 . 2008-10-01 01:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
    2008-09-29 20:07 . 2008-09-29 20:07 0 --a------ C:\WINDOWS\PanelExe.INI
    2008-09-29 20:07 . 2008-09-29 20:07 0 --a------ C:\WINDOWS\EngineExe.INI
    2008-09-29 20:00 . 2008-09-29 20:00 0 --a------ C:\WINDOWS\FileMgrExe.INI
    2008-09-29 19:34 . 2007-02-02 16:57 49,377 --a------ C:\WINDOWS\system32\drivers\mamotou.sys
    2008-09-29 19:33 . 2005-08-18 11:44 49,867 --a------ C:\WINDOWS\system32\drivers\mardp2k.sys
    2008-09-29 19:33 . 2005-08-18 11:44 49,484 --a------ C:\WINDOWS\system32\drivers\MARDPNP.SYS
    2008-09-29 19:33 . 2007-01-16 11:46 25,302 --a------ C:\WINDOWS\system32\drivers\MaVctrl.sys
    2008-09-29 19:33 . 2007-01-16 11:44 11,986 --a------ C:\WINDOWS\system32\drivers\MaVc2K.sys
    2008-09-29 19:32 . 2008-09-29 19:32 <REP> d-------- C:\WINDOWS\Application Data
    2008-09-28 16:07 . 2008-10-01 00:32 24,192 --a------ C:\Documents and Settings\Maxou\usbsermptxp.sys
    2008-09-28 16:07 . 2008-09-28 16:07 22,768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys
    2008-09-28 16:07 . 2008-10-01 00:32 22,768 --a------ C:\Documents and Settings\Maxou\usbsermpt.sys
    2008-09-28 13:36 . 2003-05-14 21:07 389,120 --a------ C:\WINDOWS\system32\actskn43.ocx
    2008-09-28 13:20 . 2007-06-18 15:18 23,680 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
    2008-09-28 12:20 . 2006-10-04 16:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
    2008-09-28 12:20 . 2006-10-04 16:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
    2008-09-28 12:20 . 2006-10-04 16:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
    2008-09-28 12:19 . 2008-09-28 12:20 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
    2008-09-28 12:04 . 2008-09-28 12:04 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2008-09-28 12:04 . 2008-09-28 12:04 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
    2008-09-28 12:03 . 2006-11-13 14:45 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
    2008-09-28 02:21 . 2008-09-28 02:21 <REP> d-------- C:\Program Files\Fichiers communs\Motorola Shared
    2008-09-23 00:30 . 2008-09-23 00:35 5,684 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
    2008-09-22 22:38 . 2008-09-22 22:40 <REP> d-------- C:\Program Files\Post-me
    2008-09-22 22:38 . 1998-08-26 00:00 1,045,776 --a------ C:\WINDOWS\system32\MSJet35.dll
    2008-09-22 22:38 . 1998-08-11 00:00 407,312 --a------ C:\WINDOWS\system32\MsRepl35.dll
    2008-09-22 22:38 . 2002-02-13 12:27 252,176 --a------ C:\WINDOWS\system32\MSRD2x35.dll
    2008-09-22 22:38 . 2002-02-13 12:27 149,776 --a------ C:\WINDOWS\system32\MSJInt35.dll
    2008-09-22 22:38 . 1998-05-31 00:00 72,704 --a------ C:\WINDOWS\system32\ODBCTL32.dll
    2008-09-22 22:38 . 1998-04-25 00:00 24,848 --a------ C:\WINDOWS\system32\MSJtEr35.dll
    2008-09-22 22:29 . 2008-09-22 22:29 <REP> d-------- C:\Documents and Settings\Maxou\Application Data\3M
    2008-09-14 13:44 . 2008-09-14 13:45 <REP> d-------- C:\Program Files\iTunes
    2008-09-14 13:44 . 2008-09-14 13:44 <REP> d-------- C:\Program Files\iPod
    2008-09-14 13:44 . 2008-09-14 13:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-09-14 13:41 . 2008-09-14 13:41 <REP> d-------- C:\Program Files\Bonjour
    2008-09-14 13:39 . 2008-09-14 13:40 <REP> d-------- C:\Program Files\QuickTime
    2008-09-10 19:39 . 2005-01-22 19:05 20,480 --a------ C:\WINDOWS\system32\wbload.dll
    2008-09-10 18:15 . 2008-09-10 22:49 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
    2008-09-10 18:00 . 2008-09-10 22:47 84 --------- C:\WINDOWS\WB.ini
    2008-09-10 17:53 . 2007-07-11 14:06 42,672 --------- C:\WINDOWS\system32\wbsys.dll
    2008-09-10 16:48 . 2008-09-10 16:48 <REP> d-------- C:\Documents and Settings\Maxou\Application Data\Styler
    2008-09-10 16:17 . 2008-06-08 01:15 216 -rahs---- C:\BOOT.BKK
    2008-09-10 15:52 . 2008-09-10 15:52 <REP> d-------- C:\Program Files\TGTSoft
    2008-09-10 15:30 . 2008-09-10 15:36 <REP> d-------- C:\Documents and Settings\Maxou\Application Data\Stardock
    2008-09-10 15:28 . 2008-09-10 15:28 0 --a------ C:\WINDOWS\windowfx3.ini
    2008-09-10 15:28 . 2008-09-10 15:28 0 --a------ C:\WINDOWS\windowfx2.ini
    2008-09-10 15:02 . 2008-03-12 22:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Stardock
    2008-09-08 12:21 . 2008-09-08 12:21 <REP> d-------- C:\Program Files\Apple Software Update
    2008-09-07 20:35 . 2008-09-10 23:03 <REP> d-------- C:\Program Files\Stardock
    2008-09-07 20:35 . 2008-09-22 23:52 <REP> d-------- C:\Program Files\Fichiers communs\Stardock
    2008-09-07 19:36 . 2008-09-07 19:36 <REP> d-------- C:\Program Files\Plus!
    2008-09-07 19:22 . 2008-09-10 16:24 <REP> d-------- C:\Program Files\UberIcon
    2008-09-07 18:22 . 2008-09-23 00:35 71,786 --a------ C:\WINDOWS\BricoPackUninst.cmd
    2008-09-07 18:21 . 2008-09-23 00:35 3,932,214 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
    2008-09-07 18:18 . 2008-09-23 00:29 <REP> d-------- C:\WINDOWS\BricoPacks
    2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
    2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
    2008-09-02 23:21 . 2008-09-07 18:27 8,192 --ahs---- C:\WINDOWS\Thumbs.db
    2008-09-02 17:03 . 2008-09-02 17:03 <REP> d-------- C:\Documents and Settings\Maxou\Application Data\Nubs
    2008-09-02 16:58 . 2008-09-10 17:43 <REP> d-------- C:\Documents and Settings\Maxou\Application Data\IconTweaker
    2008-09-02 16:58 . 2008-09-10 17:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\IconTweaker
    2008-09-02 16:45 . 2008-09-02 16:45 <REP> d-------- C:\WINDOWS\system32\inook2008 dir
    2008-09-02 16:45 . 2008-09-02 16:45 201,728 --a------ C:\WINDOWS\system32\inook2008.scr
    2008-09-02 14:36 . 2008-09-02 14:36 <REP> d-------- C:\WINDOWS\Downloaded Installations

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-02 19:52 --------- d-----w C:\Program Files\eMule
    2008-10-01 23:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-09-30 23:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-25 20:02 --------- d-----w C:\Documents and Settings\Maxou\Application Data\U3
    2008-09-22 22:45 --------- d-----w C:\Program Files\RocketDock
    2008-09-14 11:40 --------- d-----w C:\Program Files\Fichiers communs\Apple
    2008-09-10 23:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-09-08 16:21 --------- d-----w C:\Documents and Settings\Maxou\Application Data\Apple Computer
    2008-09-07 16:21 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
    2008-09-07 11:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-09-02 15:45 --------- d-----w C:\Program Files\Winamp
    2008-09-02 15:42 --------- d-----w C:\Documents and Settings\Maxou\Application Data\Winamp
    2008-09-02 13:32 --------- d-----w C:\Documents and Settings\Maxou\Application Data\OtakuSoftware
    2008-08-31 01:14 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
    2008-08-30 20:31 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-08-29 08:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
    2008-08-29 07:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 68,808 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-07-18 11:47 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
    2008-07-18 11:47 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-07-05 08:40 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
    .

    ------- Sigcheck -------

    2008-02-16 11:32 670208 dcb8a9f102663d962be60cde38a6c1d7 C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\wininet.dll
    2008-04-21 08:57 670720 f2f343d7ed0223645ba773b840eb4993 C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\wininet.dll
    2008-04-21 08:43 670208 7af7d7d178f2863e7e7c880b55c88b76 C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\wininet.dll
    2008-04-21 08:30 670720 82b3264706b9921c67b196319fda51de C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\wininet.dll
    2008-06-23 18:15 671232 8ca18fd7cccabff7e84702bc1bbf5dcb C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\wininet.dll
    2008-06-23 17:10 670208 d2177655bc338a07b99913f6a4bed52d C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\wininet.dll
    2008-06-23 16:56 670720 4e00327da458beffea8f4b222f466b20 C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\wininet.dll
    2001-08-28 14:00 598016 ea72e6aab27289c10edce06f4af91557 C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
    2004-08-19 16:09 660480 4e958b97efc3d801f49283d1820f48b7 C:\WINDOWS\$NtUninstallKB947864$\wininet.dll
    2008-02-16 11:02 663552 c9218cd3cd93586ffe9ae789282cae63 C:\WINDOWS\$NtUninstallKB950759$\wininet.dll
    2008-04-21 09:02 663552 355a69cc05045428ce6b9e6bfbd4b74b C:\WINDOWS\$NtUninstallKB953838$\wininet.dll
    2008-06-23 17:40 697856 08478bc046ae9381d9eb4883dd48f93a C:\WINDOWS\ServicePackFiles\i386\wininet.dll
    2008-04-14 04:33 670208 4a6e04ea20f48d750d9bfed8600d516b C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\wininet.dll
    2008-04-14 04:33 670208 4a6e04ea20f48d750d9bfed8600d516b C:\WINDOWS\SoftwareDistribution\Download\bba2f670a60f4e414c2e1208f91a7749\wininet.dll
    2008-04-21 09:02 663552 355a69cc05045428ce6b9e6bfbd4b74b C:\WINDOWS\SoftwareDistribution\Download\f13b1130c899601342787d172211ab01\sp2gdr\wininet.dll
    2008-04-21 08:57 670720 f2f343d7ed0223645ba773b840eb4993 C:\WINDOWS\SoftwareDistribution\Download\f13b1130c899601342787d172211ab01\sp2qfe\wininet.dll
    2008-04-21 08:43 670208 7af7d7d178f2863e7e7c880b55c88b76 C:\WINDOWS\SoftwareDistribution\Download\f13b1130c899601342787d172211ab01\sp3gdr\wininet.dll
    2008-04-21 08:30 670720 82b3264706b9921c67b196319fda51de C:\WINDOWS\SoftwareDistribution\Download\f13b1130c899601342787d172211ab01\sp3qfe\wininet.dll
    2008-06-23 17:40 697856 08478bc046ae9381d9eb4883dd48f93a C:\WINDOWS\system32\wininet.dll
    2008-06-23 17:40 663552 95d92788889b847309c63e2ec287d1c0 C:\WINDOWS\system32\dllcache\wininet.dll

    2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe
    2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
    2001-08-28 14:00 1005056 9e20a8ef0ca524446afee29f4423cc8f C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    2004-08-19 16:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
    2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
    2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\explorer.exe
    2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\SoftwareDistribution\Download\bba2f670a60f4e414c2e1208f91a7749\explorer.exe
    2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\system32\dllcache\explorer.exe

    2002-08-29 20:45 142848 9882731639c71c93bf88e445add89aba C:\WINDOWS\$NtServicePackUninstall$\wuauclt.exe
    2008-07-18 22:10 68808 136896c2cdc3f689876e0d44485153ea C:\WINDOWS\ServicePackFiles\i386\wuauclt.exe
    2008-04-14 04:34 112640 7e3defe771cb451b0ff630bfa435417e C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\wuauclt.exe
    2008-04-14 04:34 112640 7e3defe771cb451b0ff630bfa435417e C:\WINDOWS\SoftwareDistribution\Download\bba2f670a60f4e414c2e1208f91a7749\wuauclt.exe
    2008-07-18 22:10 68808 136896c2cdc3f689876e0d44485153ea C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 22:10 53448 d316e28958873859b88d72cf47ad1ea5 C:\WINDOWS\system32\dllcache\wuauclt.exe
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-07-17 122880]
    "RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 495616]
    "WindowFX"="C:\PROGRA~1\Stardock\OBJECT~1\WindowFX\\wfxload.exe" [2003-09-29 524288]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-11-07 3739672]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
    "L08FXLRD_3281062"="C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" [BU]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ffpsrv"="c:\windows\ffpext\ffpsrv.exe" [2006-04-11 82432]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-10 7286784]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-07-18 185896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15360]

    C:\Documents and Settings\Maxou\Menu D‚marrer\Programmes\D‚marrage\
    RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]
    TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
    UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FDCDNT.SYS]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FileAndFolderProtector_S]
    @=""

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\BitComet\\BitComet.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "D:\\JEUX\\jeux action\\Counter Strike\\hl.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "D:\\JEUX\\jeux strategie\\Warcraft III\\Frozen Throne.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "D:\\JEUX\\jeux strategie\\EE2\\EE2.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "9868:TCP"= 9868:TCP:BitComet 9868 TCP
    "9868:UDP"= 9868:UDP:BitComet 9868 UDP

    R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
    R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-31 97928]
    R1 FDCDNT;FDCDNT;C:\WINDOWS\system32\drivers\FDCDNT.SYS [2005-06-02 47662]
    R1 SSHDRV65;SSHDRV65;C:\WINDOWS\system32\drivers\SSHDRV65.sys [2008-06-08 120320]
    R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-31 231704]
    R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-06-29 147456]
    R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]
    S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [ ]
    S3 mamotou;mamotou;C:\WINDOWS\system32\DRIVERS\mamotou.sys [2007-02-02 49377]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30f61572-54bd-11dd-b910-001c10e6445b}]
    \Shell\AutoRun\command - I:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7289a458-34c6-11dd-b8e7-001c10e6445b}]
    \Shell\AutoRun\command - setupSNK.exe

    *Newly Created Service* - GTNDIS5
    .
    Contenu du dossier 'Tâches planifiées'
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-02 21:57:45
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
    "ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
    .
    Heure de fin: 2008-10-02 22:00:57
    ComboFix-quarantined-files.txt 2008-10-02 20:00:18

    Avant-CF: 18ÿ138ÿ480ÿ640 octets libres
    Après-CF: 18,143,449,088 octets libres

    277 --- E O F --- 2008-09-28 22:33:01
    2 Octobre 2008 22:04:37

    Il y a l'air de n'avoir plus de pubs et j'ai retrouvé mon gestionnaire de tâches :) :) :)  j'attends le rapport de kaspersky.
    3 Octobre 2008 22:54:30

    maxbiloute a dit :
    Il y a l'air de n'avoir plus de pubs et j'ai retrouvé mon gestionnaire de tâches :) :) :)  j'attends le rapport de kaspersky.

    moi aussi :) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS