no save
Identification
Assistance
Achat
News

Forum | virus/sécurité
Fenetres message publicitaire
ROUTIERSYMPA01, le dim. 24 sept. 2006 à 09:43:46
Utilisateur1 - 06-09-24 9:39:22.09 Service Pack 2
ComboFix 06.09.23.2 - Running from: "C:\Program Files\Mozilla Firefox"

((((((((((((((((((((((((((((((( Files Created from 2006-08-24 to 2006-09-24 ))))))))))))))))))))))))))))))))))


2006-09-10 17:52 28,672 --a--c--- C:\WINDOWS\system32\f3PSSavr.scr


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-24 09:39 -------- d----c--- C:\Program Files\Mozilla Firefox
2006-09-23 12:40 -------- d----c--- C:\Program Files\OpenOffice.org1.1.2
2006-09-22 19:07 -------- d----c--- C:\Program Files\IncrediMail
2006-09-22 17:30 -------- d----c--- C:\Program Files\Softwin
2006-09-22 17:30 -------- d----c--- C:\Program Files\Fichiers communs\Softwin
2006-09-22 13:35 -------- d----c--- C:\Program Files\Winamp
2006-09-14 13:21 -------- d----c--- C:\Program Files\Win G‚n‚alogic
2006-09-11 09:45 -------- d----c--- C:\Program Files\MSN Messenger
2006-09-11 09:45 -------- d----c--- C:\Program Files\FunWebProducts
2006-09-10 17:53 -------- d----c--- C:\Program Files\MyWebSearch
2006-09-02 12:41 -------- d----c--- C:\Program Files\Windows Live Safety Center
2006-08-24 17:02 -------- d----c--- C:\Program Files\WIDCOMM
2006-08-22 12:25 -------- d----c--- C:\Program Files\Yahoo!
2006-08-21 14:26 16896 --a--c--- C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:14 23040 --a--c--- C:\WINDOWS\system32\fltmc.exe
2006-08-21 11:14 128896 --a--c--- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-21 10:05 -------- d---sc--- C:\Documents and Settings\Utilisateur1\Application Data\Microsoft
2006-08-18 16:43 -------- d----c--- C:\Program Files\Fichiers communs\BOONTY Shared
2006-08-18 16:43 -------- d----c--- C:\Program Files\Fichiers communs
2006-08-18 16:41 12464 --a--c--- C:\WINDOWS\system32\drivers\CdaC15BA.SYS
2006-08-18 16:39 -------- d----c--- C:\Program Files\Mes Jeux T‚l‚charg‚s
2006-08-18 16:39 -------- d----c--- C:\Program Files\BoontyGames
2006-08-18 16:37 711687 --a--c--- C:\WINDOWS\unins000.exe
2006-08-18 16:37 -------- d----c--- C:\Program Files\Boonty
2006-08-15 19:26 -------- d----c--- C:\Documents and Settings\Utilisateur1\Application Data\Identities
2006-08-15 13:08 -------- d----c--- C:\Program Files\Fichiers communs\Adobe
2006-08-15 11:06 -------- d----c--- C:\Documents and Settings\Utilisateur1\Application Data\Browsesignseek
2006-08-15 11:04 -------- d----c--- C:\Documents and Settings\Utilisateur1\Application Data\WMA ITCH
2006-08-15 11:03 -------- d----c--- C:\Program Files\Browsesignseek
2006-08-15 11:02 -------- d----c--- C:\Program Files\Messenger Plus! Live
2006-08-15 11:02 -------- d----c--- C:\Program Files\Adverts
2006-08-15 08:09 -------- d----c--- C:\Program Files\Fichiers communs\Microsoft Shared
2006-08-13 15:46 -------- d----c--- C:\Documents and Settings\Utilisateur1\Application Data\Image Zone Express
2006-08-13 15:07 -------- d----c--- C:\Program Files\HP
2006-08-13 15:07 -------- d----c--- C:\Program Files\Fichiers communs\HP
2006-08-13 14:52 7747 --a--c--- C:\Documents and Settings\Utilisateur1\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
2006-08-09 20:58 -------- d----c--- C:\Program Files\Internet Explorer
2006-08-03 18:14 -------- d----c--- C:\Program Files\WinZip
2006-07-29 19:32 48936 --a--c--- C:\WINDOWS\system32\sirenacm.dll
2006-07-27 15:26 679424 --a--c--- C:\WINDOWS\system32\inetcomm.dll
2006-07-21 10:27 72704 --a--c--- C:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Internet Security"="C:\\DOCUME~1\\UTILIS~1\\LOCALS~1\\Temp\\ins3.tmp\\is2004.exe -ReportOnly"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NVMCTRAY.DLL,NvTaskbarInit"
"NVIEW"="rundll32.exe nview.dll,nViewLoadHook"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Agendis"="C:\\Program Files\\Agendis\\Agendis.exe"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_5 -reboot 1"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"Phone Option"="C:\\DOCUME~1\\UTILIS~1\\APPLIC~1\\BROWSE~1\\help less meal.exe"
"MyWebSearch Email Plugin"="C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\mwsoemon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"F-Secure Manager"="\"C:\\Program Files\\F-Secure Internet Security\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Program Files\\F-Secure Internet Security\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Edition Découverte\\3.0\\Apps\\apdproxy.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"F-Secure Startup Wizard"="\"C:\\Program Files\\F-Secure Internet Security\\FSGUI\\FSSW.EXE\" /reboot"
"News Service"="\"C:\\Program Files\\F-Secure Internet Security\\FSGUI\\ispnews.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"AUDIOSURFFUNKPOLL"="C:\\Documents and Settings\\All Users\\Application Data\\InterDaleAudioSurf\\Eggs stupid.exe"
"SystemDoctor 2006 Free"="C:\\Program Files\\SystemDoctor 2006 Free\\sd2006.exe -scan"
"My Web Search Bar"="rundll32 C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\MWSBAR.DLL,S"
"MyWebSearch Email Plugin"="C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\mwsoemon.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,b0,00,00,00,00,00,00,00,70,02,00,00,3a,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,b0,00,00,00,00,00,00,00,70,02,00,00,3a,02,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NVMCTRAY.DLL,NvTaskbarInit"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NVMCTRAY.DLL,NvTaskbarInit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Scheduled scanning task.job

Completion time: 06-09-24 9:41:48.81
ComboFix.txt
ComboFix2.txt
Précédentboulepate62
sept. 06
boulepate62
sept. 06
Suivant
REPONSES
boulepate62
sept. 06
ROUTIERSYMPA01
sept. 06
Séb08
sept. 06
ROUTIERSYMPA01
sept. 06
boulepate62
sept. 06
ROUTIERSYMPA01
sept. 06
Séb08
sept. 06
ROUTIERSYMPA01
sept. 06
boulepate62
sept. 06
ROUTIERSYMPA01
sept. 06
Version Web
Mentions légales (c)2009
Réalisé par RedShift
no save