Infecté, demande de l'aide

Abdullahrocks -  
 gen-hackman -
Bonjour,

Voilà, je crois que j'ai attrapé quelques vilains virus, j'ai besoin de quelqu'un qui peut lire mon rapport Hijack:) Merci
J'ai lancé CCcleaner, et lancer Hijack voici mon rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:45:26, on 2009-01-29
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HijackThis\MonJack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PimpFish Toolbar Opcode Handler - {29C88E20-4234-41B9-A9DB-982958C95FB1} - C:\Program Files\PimpFish\PimpFish.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: PimpFish FloatBar - {75B1A646-CDCE-4C06-B52F-84F4463B4FC8} - C:\Program Files\PimpFish\FloatBar.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: {09f5fdae-af74-ef3b-ebd4-660730ee2818} - {8182ee03-7066-4dbe-b3fe-47faeadf5f90} - C:\WINDOWS\system32\tndcth.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {e98e3450-dcbe-48f3-847a-0b2478ccb24f} - C:\WINDOWS\system32\puhelero.dll (file missing)
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll (file missing)
O3 - Toolbar: PimpFish - {D593DE91-7B41-45C2-830E-E9A99AB142AA} - C:\Program Files\PimpFish\PimpFish.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /systrayIcon:on
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [WIPE MORE DART AMEN] C:\Documents and Settings\All Users\Application Data\Slow eggs wipe more\Base Second.exe
O4 - HKLM\..\Run: [CPMef0dcf0b] Rundll32.exe "c:\windows\system32\demojesa.dll",a
O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [Stupid joy] C:\DOCUME~1\Melanie\APPLIC~1\FLAGSU~1\forkfree.exe
O4 - HKUS\S-1-5-19\..\Run: [sosibagayo] Rundll32.exe "C:\WINDOWS\system32\tuhenato.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [sosibagayo] Rundll32.exe "C:\WINDOWS\system32\tuhenato.dll",s (User 'SERVICE RÉSEAU')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: PimpFish Grab movies on this page - res://C:\Program Files\PimpFish\PimpFish.dll/GRABPAGEMOVIES.HTM
O8 - Extra context menu item: PimpFish Grab pictures on this page - res://C:\Program Files\PimpFish\PimpFish.dll/GRABPAGEPICS.HTM
O8 - Extra context menu item: PimpFish Grab pictures this page links to - res://C:\Program Files\PimpFish\PimpFish.dll/GRABPAGELINKS.HTM
O8 - Extra context menu item: PimpFish Grab Target File - res://C:\Program Files\PimpFish\PimpFish.dll/GRABLINK.HTM
O8 - Extra context menu item: PimpFish Grab This Picture - res://C:\Program Files\PimpFish\PimpFish.dll/GRABPIC.HTM
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\gerabuse.dll lndmkp.dll c:\windows\system32\demojesa.dll tndcth.dll c:\windows\system32\jiremeye.dll
O21 - SSODL: webcmdset - {6AC8EA66-4784-1394-6F4C-07E4FCD7F9F1} - C:\Program Files\yhcswpd\webcmdset.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\demojesa.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\demojesa.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 13766 bytes

Apres qu'est-ce que je fais? Merci beaucoup :)
Configuration: Windows XP
Internet Explorer 7.0

3 réponses

  1. gen-hackman
     
    bonsoir ca c est un sacre lot de virus :-))tu fais elevage ?

    on va deja degrossir :

    -- Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.
    -- Ne pas utiliser en dehors de ce cas de figure : dangereux!

    Lors de son exécution,
    ComboFix va vérifier si la Console de récupération Microsoft Windows est installée.
    Avec des infections comme celles d'aujourd'hui, il est fortement conseillé de l'avoir pré-installée sur votre PC avant toute suppression de nuisibles.
    Elle vous permettra de démarrer dans un mode spécial, de récupération (réparation), qui nous permet de vous aider plus facilement si jamais votre ordinateur rencontre un problème après une tentative de nettoyage.

    Suivez les invites pour <gras>permettre à ComboFix de télécharger et installer la Console de récupération Microsoft Windows</gras>

    et lorsque cela vous est demandé, acceptez le Contrat de Licence Utilisateur Final pour installer la Console de récupération Microsoft Windows.
    Sous XP
    https://support.microsoft.com/en-us/help/310994
    Sous Vista
    https://www.commentcamarche.net/list 13735 console de recuperation vista sur cd bootable
    **Note importante: Si la Console de récupération Microsoft Windows est déjà installée, ComboFix continuera ses procédures de suppression de nuisibles.

    Télécharges ComboFix à partir d'un de ces liens :
    En premier
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    A lire
    http://www.bleepingcomputer.com/combofix/fr/comment-utiliser­-combofix

    Et important, enregistre le sous...."moi.exe"sur le bureau.

    Avant d'utiliser ComboFix :

    ? Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    ? Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur moi.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    ? Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    ? Reviens sur le forum, et

    copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
    0
  2. Abdullahrocks
     
    Voilà c'est ce que ComboFix me donne: et je vais le suivre d'un rapport Hijack this:

    ComboFix 09-01-21.04 - Melanie 2009-01-29 21:58:36.6 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.3071.2497 [GMT -5:00]
    Lancé depuis: c:\downloads\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Exécution préalable -------
    .
    c:\windows\system32\demojesa.dll.vir
    c:\windows\system32\jiremeye.dll.vir
    c:\windows\system32\jkkkifDW.dll
    c:\windows\system32\ljJcYPFU.dll
    c:\windows\system32\lndmkp.dll.vir
    c:\windows\system32\osulamuy.ini
    c:\windows\system32\ozeheviw.ini
    c:\windows\system32\tadeyike.dll
    c:\windows\system32\tndcth.dll.vir
    c:\windows\system32\tomavita.dll
    c:\windows\system32\wivehezo.dll
    c:\windows\system32\yumaluso.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NETCOM3
    -------\Service_Netcom3

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-28 au 2009-01-30 ))))))))))))))))))))))))))))))))))))
    .

    2009-01-29 18:41 . 2009-01-29 18:41 <REP> d-------- c:\program files\Trend Micro
    2009-01-29 18:38 . 2009-01-29 18:38 <REP> d-------- c:\program files\CCleaner
    2009-01-27 19:23 . 2009-01-27 19:23 <REP> d-------- c:\program files\Flag support
    2009-01-27 19:23 . 2009-01-27 19:24 <REP> d-------- c:\documents and settings\Melanie\Application Data\Flag support
    2009-01-27 19:23 . 2009-01-27 19:23 <REP> d-------- c:\documents and settings\All Users\Application Data\Slow eggs wipe more
    2009-01-27 19:22 . 2009-01-27 19:22 <REP> d-------- c:\program files\Circle Developement
    2009-01-27 19:10 . 2009-01-27 19:22 <REP> d-------- c:\program files\Messenger Plus! Live
    2009-01-26 21:52 . 2009-01-26 21:52 <REP> d-------- c:\windows\system32\XPSViewer
    2009-01-26 21:52 . 2009-01-26 21:52 <REP> d-------- c:\program files\Reference Assemblies
    2009-01-26 21:51 . 2006-06-29 13:07 14,048 --a------ c:\windows\system32\spmsg2.dll
    2009-01-20 19:17 . 2009-01-20 19:17 <REP> d-------- c:\program files\Adobe Media Player
    2009-01-20 19:13 . 2009-01-20 19:13 <REP> d-------- c:\program files\Fichiers communs\Adobe AIR
    2009-01-20 18:58 . 2009-01-20 18:58 <REP> d-------- c:\program files\Adobe CS4
    2009-01-20 18:38 . 2009-01-20 18:56 <REP> d-------- c:\documents and settings\Melanie\Application Data\Download Manager
    2009-01-12 17:44 . 2009-01-19 18:13 434 --a------ c:\windows\BRWMARK.INI
    2009-01-12 17:44 . 2009-01-19 18:13 27 --a------ c:\windows\BRPP2KA.INI
    2009-01-09 22:56 . 2007-09-14 20:01 386 -ra------ c:\windows\Uninstsxga.reg
    2009-01-09 22:56 . 2007-09-14 20:01 384 -ra------ c:\windows\Uninstvga.reg
    2009-01-09 22:56 . 2007-09-14 20:22 372 -ra------ c:\windows\Uninstsxga.bat
    2009-01-09 20:43 . 2001-03-16 16:59 <REP> d-------- c:\program files\Taunt
    2009-01-09 20:43 . 2001-03-16 16:59 <REP> d-------- c:\program files\Support
    2009-01-09 20:43 . 2001-03-16 16:57 <REP> d-------- c:\program files\Sound
    2009-01-09 20:43 . 2001-03-16 16:57 <REP> d-------- c:\program files\Scenario
    2009-01-09 20:43 . 2001-03-16 16:57 <REP> d-------- c:\program files\SaveGame
    2009-01-09 20:43 . 2001-03-16 16:57 <REP> d-------- c:\program files\Random
    2009-01-09 20:43 . 2001-03-16 16:57 <REP> d-------- c:\program files\Learn
    2009-01-09 20:43 . 2001-03-16 16:57 <REP> d-------- c:\program files\History
    2009-01-09 20:43 . 2001-03-16 16:57 <REP> d-------- c:\program files\Goodies
    2009-01-09 20:43 . 2001-03-16 16:57 <REP> d-------- c:\program files\FONTS
    2009-01-09 20:43 . 2001-03-16 16:57 <REP> d-------- c:\program files\DOCS
    2009-01-09 20:43 . 2001-03-16 16:54 <REP> d-------- c:\program files\Data
    2009-01-09 20:43 . 2001-03-16 16:53 <REP> d-------- c:\program files\Campaign
    2009-01-09 20:43 . 2001-03-16 16:53 <REP> d-------- c:\program files\Avi
    2009-01-09 20:43 . 2001-03-16 16:53 <REP> d-------- c:\program files\AI
    2009-01-09 17:32 . 2007-10-01 01:59 1,769,984 -ra------ c:\windows\system32\drivers\snp2uvc.sys
    2009-01-09 17:32 . 2007-05-09 02:16 28,160 -ra------ c:\windows\system32\drivers\sncduvc.sys
    2009-01-09 17:32 . 2006-11-23 09:20 11,776 -ra------ c:\windows\DrvInst.exe
    2009-01-09 17:23 . 2009-01-09 17:23 <REP> d-------- c:\program files\asus
    2009-01-09 17:13 . 2009-01-09 17:13 <REP> d-------- c:\program files\My Company Name
    2009-01-09 17:13 . 2009-01-09 17:13 <REP> d-------- c:\documents and settings\Melanie\Application Data\InstallShield
    2009-01-09 17:09 . 2009-01-09 17:09 <REP> d-------- c:\documents and settings\Melanie\Application Data\ArcSoft
    2009-01-09 17:08 . 2006-12-07 09:22 49,152 --a------ c:\windows\system32\ArcFakeCapture.dll
    2009-01-09 17:08 . 2007-07-02 15:08 15,616 --a------ c:\windows\system32\drivers\ArcSoftVirtualCapture.sys
    2008-12-26 11:36 . 2008-12-26 11:36 0 --a------ c:\windows\nsreg.dat
    2008-12-24 14:00 . 2008-12-24 14:00 <REP> d-------- c:\program files\Moyea
    2008-12-24 14:00 . 2008-12-24 14:00 <REP> d-------- c:\documents and settings\Melanie\Application Data\Moyea
    2008-12-24 14:00 . 2008-10-08 09:25 606,208 --a------ c:\windows\system32\xvidcore.dll
    2008-12-24 14:00 . 2008-10-08 09:21 139,264 --a------ c:\windows\system32\xvid.ax
    2008-12-24 14:00 . 2008-07-21 10:34 75,264 --a------ c:\windows\system32\zlib1.dll
    2008-12-24 14:00 . 2008-09-04 15:34 53,248 --a------ c:\windows\system32\MyFlashZip0.ax
    2008-12-21 23:41 . 2008-12-21 23:40 410,984 --a------ c:\windows\system32\deploytk.dll
    2008-12-20 16:51 . 2008-12-20 16:51 <REP> d-------- C:\Nexon
    2008-12-20 16:51 . 2008-12-20 17:13 <REP> d-------- c:\documents and settings\All Users\Application Data\NexonUS
    2008-12-20 16:30 . 2008-12-20 16:30 <REP> d-------- c:\program files\Pando Networks
    2008-12-20 16:30 . 2008-12-20 16:32 <REP> d-------- c:\documents and settings\All Users\Application Data\PMB Files
    2008-12-20 16:30 . 2008-12-20 16:30 204 --a------ C:\Plugins
    2008-12-20 10:22 . 2008-12-20 10:22 <REP> d-------- c:\program files\Microsoft Silverlight
    2008-12-20 10:22 . 2008-12-20 10:22 <REP> d-------- c:\program files\Microsoft Office Outlook Connector
    2008-12-20 10:21 . 2008-12-08 17:01 55,136 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys
    2008-12-20 10:20 . 2008-12-20 10:20 <REP> d-------- c:\program files\Microsoft Sync Framework
    2008-12-20 10:18 . 2008-12-20 10:18 <REP> d-------- c:\program files\Windows Live SkyDrive
    2008-12-12 17:55 . 2008-12-12 17:55 <REP> d-------- c:\program files\DComSoft
    2008-12-12 11:18 . 2008-12-12 11:18 87,336 --a------ c:\windows\system32\dns-sd.exe
    2008-12-12 11:11 . 2008-12-12 11:11 61,440 --a------ c:\windows\system32\dnssd.dll
    2008-12-12 07:46 . 2008-10-23 07:36 286,720 -----c--- c:\windows\system32\dllcache\gdi32.dll
    2008-12-08 18:36 . 2008-12-08 18:36 <REP> d-------- c:\program files\WinPcap
    2008-12-08 18:35 . 2008-12-08 18:35 <REP> d-------- c:\program files\WC3Banlist
    2008-12-04 22:55 . 2008-12-04 22:55 307,560 --a------ c:\windows\WLXPGSS.SCR
    2008-12-02 22:37 . 2008-12-02 22:37 49,480 --a------ c:\windows\system32\sirenacm.dll
    2008-12-02 18:35 . 2008-12-02 18:37 <REP> d-------- c:\program files\DicoRime

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-30 02:31 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
    2009-01-27 02:55 --------- d-----w c:\program files\MSBuild
    2009-01-27 02:38 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-01-27 02:33 --------- d-----w c:\program files\__MACOSX
    2009-01-21 00:58 --------- d-----w c:\program files\Fichiers communs\Adobe
    2009-01-18 21:44 --------- d-----w c:\program files\Warcraft III
    2009-01-17 00:46 --------- d-----w c:\program files\Bonjour
    2009-01-10 03:53 --------- d-----w c:\program files\ManyCam 2.3
    2009-01-09 22:15 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-01-09 22:07 --------- d-----w c:\program files\Cam
    2008-12-26 16:04 --------- d-----w c:\program files\DivX
    2008-12-26 02:58 --------- d-----w c:\documents and settings\Melanie\Application Data\Apple Computer
    2008-12-23 17:44 --------- d-----w c:\program files\Fichiers communs\DVDVideoSoft
    2008-12-23 17:44 --------- d-----w c:\program files\DVDVideoSoft
    2008-12-22 04:40 --------- d-----w c:\program files\Java
    2008-12-21 04:29 --------- d-----w c:\documents and settings\Melanie\Application Data\LimeWire
    2008-12-21 04:06 --------- d-----w c:\program files\LimeWire
    2008-12-20 15:22 --------- d-----w c:\program files\Microsoft
    2008-12-20 15:21 --------- d-----w c:\program files\Windows Live
    2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
    2008-12-01 18:28 --------- d-----w c:\program files\Network Stumbler
    2008-11-30 02:49 --------- d-----w c:\program files\Google
    2008-11-28 21:48 --------- d-----w c:\program files\America's Army
    2008-11-22 00:36 2,829 ----a-w c:\windows\War3Unin.pif
    2008-11-22 00:36 139,264 ----a-w c:\windows\War3Unin.exe
    2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll
    2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll
    2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
    2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx07.dll
    2008-10-28 22:35 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
    2008-10-28 22:35 802,816 ----a-w c:\windows\system32\divx_xx11.dll
    2008-10-28 22:35 684,032 ----a-w c:\windows\system32\DivX.dll
    2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
    2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll
    2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
    2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
    2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
    2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
    2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
    2005-05-15 22:11 546 ----a-w c:\program files\@PSC_ReadMe_3595_10.txt
    2008-08-25 19:56 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008082520080826\index.dat
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8182ee03-7066-4dbe-b3fe-47faeadf5f90}]
    c:\windows\system32\tndcth.dll [BU]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e98e3450-dcbe-48f3-847a-0b2478ccb24f}]
    c:\windows\system32\puhelero.dll [BU]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]
    "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
    "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
    "Gestionnaire Antidote.exe"="c:\program files\Druide\Antidote\Gestionnaire Antidote.exe" [2007-09-23 533944]
    "Stupid joy"="c:\docume~1\Melanie\APPLIC~1\FLAGSU~1\forkfree.exe" [2009-01-27 659456]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
    "ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2005-11-21 45056]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-21 136600]
    "NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
    "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
    "AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
    "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2008-12-08 453984]
    "AdobeCS4ServiceManager"="c:\program files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "WIPE MORE DART AMEN"="c:\documents and settings\All Users\Application Data\Slow eggs wipe more\Base Second.exe" [2009-01-29 888832]
    "CPMef0dcf0b"="c:\windows\system32\demojesa.dll" [BU]
    "RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2007-06-15 c:\windows\SkyTel.exe]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "webcmdset"= {6AC8EA66-4784-1394-6F4C-07E4FCD7F9F1} - c:\program files\yhcswpd\webcmdset.dll [2008-09-01 118784]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
    "MSVideo"= CxCap.drv
    "VIDC.MFZ0"= MyFlashZip0.ax

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\WINDOWS\\system32\\spoolsv.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\BitComet\\BitComet.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Druide\\Antidote\\antido32.exe"=
    "c:\\Program Files\\VirtualDJ\\virtualdj.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Warcraft III\\WarcraftIIIAutoRefresh\\WarcraftIIIAutoRefresh.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
    "c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
    "c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
    "c:\\Nexon\\Combat Arms\\NMService.exe"=
    "c:\\Program Files\\DivX\\DivX Codec\\DivX EKG.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Fichiers communs\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "23598:TCP"= 23598:TCP:BitComet 23598 TCP
    "23598:UDP"= 23598:UDP:BitComet 23598 UDP
    "6112:TCP"= 6112:TCP:6112
    "59050:TCP"= 59050:TCP:Pando Media Booster
    "59050:UDP"= 59050:UDP:Pando Media Booster
    "5353:TCP"= 5353:TCP:Adobe CSI CS4

    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-08-15 97928]
    R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-01-14 21632]
    R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-15 231704]
    R4 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2008-12-20 55136]
    R4 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
    R4 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
    S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\drivers\BUSB2902.sys [2008-08-20 110272]
    S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-07-25 191656]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
    .
    Contenu du dossier 'Tâches planifiées'

    2009-01-17 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2009-01-30 c:\windows\Tasks\B41F07F891B4B330.job
    - c:\docume~1\melanie\applic~1\flagsu~1\eachfivesettings.exe [2009-01-27 19:24]
    .
    .
    ------- Examen supplémentaire -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = hxxp://www.google.ca/
    uInternet Settings,ProxyOverride = *.local
    IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: PimpFish Grab movies on this page - c:\program files\PimpFish\PimpFish.dll/GRABPAGEMOVIES.HTM
    IE: PimpFish Grab pictures on this page - c:\program files\PimpFish\PimpFish.dll/GRABPAGEPICS.HTM
    IE: PimpFish Grab pictures this page links to - c:\program files\PimpFish\PimpFish.dll/GRABPAGELINKS.HTM
    IE: PimpFish Grab Target File - c:\program files\PimpFish\PimpFish.dll/GRABLINK.HTM
    IE: PimpFish Grab This Picture - c:\program files\PimpFish\PimpFish.dll/GRABPIC.HTM
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
    FF - ProfilePath -
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-29 21:59:39
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(872)
    c:\windows\system32\Ati2evxx.dll
    c:\program files\Fichiers communs\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
    .
    Heure de fin: 2009-01-29 22:00:59
    ComboFix-quarantined-files.txt 2009-01-30 03:00:57

    Avant-CF: 176,512,163,840 octets libres
    Après-CF: 176,499,376,128 octets libres

    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

    288 --- E O F --- 2009-01-15 05:20:05

    Hijack This:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:03:37, on 2009-01-29
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Windows Live\Family Safety\fsssvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Live\Family Safety\fsui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\Program Files\Trend Micro\HijackThis\MonJack.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.ca/?gws_rd=ssl
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: PimpFish Toolbar Opcode Handler - {29C88E20-4234-41B9-A9DB-982958C95FB1} - C:\Program Files\PimpFish\PimpFish.dll
    O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
    O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: PimpFish FloatBar - {75B1A646-CDCE-4C06-B52F-84F4463B4FC8} - C:\Program Files\PimpFish\FloatBar.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: {09f5fdae-af74-ef3b-ebd4-660730ee2818} - {8182ee03-7066-4dbe-b3fe-47faeadf5f90} - C:\WINDOWS\system32\tndcth.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: (no name) - {e98e3450-dcbe-48f3-847a-0b2478ccb24f} - C:\WINDOWS\system32\puhelero.dll (file missing)
    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll (file missing)
    O3 - Toolbar: PimpFish - {D593DE91-7B41-45C2-830E-E9A99AB142AA} - C:\Program Files\PimpFish\PimpFish.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /systrayIcon:on
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [WIPE MORE DART AMEN] C:\Documents and Settings\All Users\Application Data\Slow eggs wipe more\Base Second.exe
    O4 - HKLM\..\Run: [CPMef0dcf0b] Rundll32.exe "c:\windows\system32\demojesa.dll",a
    O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
    O4 - HKCU\..\Run: [Stupid joy] C:\DOCUME~1\Melanie\APPLIC~1\FLAGSU~1\forkfree.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: PimpFish Grab movies on this page - res://C:\Program Files\PimpFish\PimpFish.dll/GRABPAGEMOVIES.HTM
    O8 - Extra context menu item: PimpFish Grab pictures on this page - res://C:\Program Files\PimpFish\PimpFish.dll/GRABPAGEPICS.HTM
    O8 - Extra context menu item: PimpFish Grab pictures this page links to - res://C:\Program Files\PimpFish\PimpFish.dll/GRABPAGELINKS.HTM
    O8 - Extra context menu item: PimpFish Grab Target File - res://C:\Program Files\PimpFish\PimpFish.dll/GRABLINK.HTM
    O8 - Extra context menu item: PimpFish Grab This Picture - res://C:\Program Files\PimpFish\PimpFish.dll/GRABPIC.HTM
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/DivXBrowserPlugin.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O21 - SSODL: webcmdset - {6AC8EA66-4784-1394-6F4C-07E4FCD7F9F1} - C:\Program Files\yhcswpd\webcmdset.dll
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    0
  3. gen-hackman
     
    ---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

    ---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
    http://oldtimer.geekstogo.com/OTMoveIt3.exe

    ---> Double-clique sur OTMoveIt3.exe afin de le lancer.

    ---> Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :services
    Netcom3

    :files
    c:\docume~1\Melanie\APPLIC~1\FLAGSU~1\forkfree.exe

    :reg
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8182ee03-7066-4dbe-b3fe-47faeadf5f90}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e98e3450-dcbe-48f3-847a-0b2478ccb24f}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Stupid joy"=-

    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]


    ---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

    ---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

    ---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log

    ensuite :

    tu télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

    * Double-clique dessus pour lancer l'installation
    * Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
    * Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
    * Patiente jusqu'à la fin du scan
    * Poste le rapport généré (C:\lopR.txt)
    0