Lecture résumé HIJACKTHIS

ROSALLY Messages postés 80 Statut Membre -
ROSALLY Messages postés 80 Statut Membre - 6 mars 2009 à 15:16

Bonjour,
pourriez vous lire mon resumé suite à un scan avec hijackthis
et me dire s'il y a reparation a faire, je pense que oui, parce que j'ai tjrs le meme probleme a savoir site Chinois en page d'accueil au lancement de internet explorer... suivi par d'autres sans les avoir ouvert...
j'ai l'impression qu'il prend possession de mon pc et je ne peux rie n faire j'ai beau instalé des anti virus, anti spam, rien a faire...
merci d'avance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:39:13, on 20/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system\rund1132.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system\rund1132.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\common32.exe
C:\WINDOWS\WinShell.\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Fichiers communs\Goto Software\Vaderetro_Mgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\sys1E.tmp
C:\WINDOWS\Fonts\TIMPIatform.exe
C:\WINDOWS\system32\wauafe.exe
C:\WINDOWS\system32\wauafe.exe
C:\WINDOWS\system32\wauafe.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wauafe.exe
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temporary Internet Files\Content.IE5\3J3A4KDM\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://luck114.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
F3 - REG:win.ini: load=C:\WINDOWS\system\rund1132.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system\rund1132.exe,
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Fichiers communs\PushWare\cpush0.dll
O2 - BHO: Info cache - {296AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\WINDOWS\Intel\baiduc.dll
O2 - BHO: IETimber - {489873CE-F3E1-44A3-8E89-04BE26BE4446} - C:\Program Files\Internet Explorer\IETimber\IETimber.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [fenaffiche] C:\Program Files\FenAffiche\FenUnika.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [OaZeC] C:\WINDOWS\hxyjlul.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Á³# L"h'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\hxyjlul.exe
O4 - HKLM\..\Run: [Yhyjczvn] C:\Program Files\Xkljec\Bsnub.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [VadeRetro Outlook] C:\Program Files\Goto Software\Vade Retro\VrMoRegister.exe -s
O4 - HKLM\..\Run: [VRManager] C:\Program Files\Fichiers communs\Goto Software\Vaderetro_Mgr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [Livecom] "C:\PROGRA~1\Livecom\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [cmdhlpadm] C:\WINDOWS\system32\vkvadezy.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKLM\..\Policies\Explorer\Run: [mysys] C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\common32.exe
O4 - HKLM\..\Policies\Explorer\Run: [user] C:\WINDOWS\WinShell..\daemon.exe
O4 - HKLM\..\Policies\Explorer\Run: [360safe] C:\WINDOWS\Fonts\wuauclt.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: karna.dat
O20 - Winlogon Notify: xrkfgusi - xrkfgusi32.dll (file missing)
O23 - Service: Securitoo AntiVirus (BackWeb Client - 174112) - Unknown owner - C:\PROGRA~1\SECURI~1\174112\Program\SERVIC~1.EXE (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PsShutdown (PsShutdownSvc) - Systems Internals - C:\WINDOWS\System32\PSSDNSVC.EXE

Afficher la suite

A voir également:

Lecture résumé HIJACKTHIS
Hijackthis - Télécharger - Antivirus & Antimalwares
Lecture epub sur pc - Guide
Accusé de lecture gmail - Guide
Confirmation de lecture whatsapp - Guide
Télécharger livre de lecture ce2 gratuit pdf - Télécharger - Éducatifs

123 réponses

Réponse 81 / 123

ROSALLY Messages postés 80 Statut Membre

Par la même occasion Rapport de Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:43:03, on 27/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\sys157.tmp
C:\WINDOWS\Fonts\note.exe
C:\WINDOWS\Fonts\TIMPIatform.exe
C:\WINDOWS\system32\waudfe.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temporary Internet Files\Content.IE5\XQXV6VWG\HiJackThis[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.6700.cn?tn=1027251
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O1 - Hosts: 127.0.0.2 localhost
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Fichiers communs\PushWare\cpush0.dll
O2 - BHO: Info cache - {296AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\WINDOWS\Intel\baiduc.dll
O2 - BHO: IETimber - {489873CE-F3E1-44A3-8E89-04BE26BE4446} - C:\Program Files\Internet Explorer\IETimber\IETimber.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {912F6837-CCB6-424B-BC9C-8BB5541AFB54} - C:\Program Files\Internet Explorer\PowerJv.ask (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Rankey Toolbar(&N) - {C4672F26-5862-40FE-94B8-7B35285DAF82} - C:\Program Files\MediaChannel\Navvy 5.2\NavvyTB.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Rankey Toolbar(&N) - {C4672F26-5862-40FE-94B8-7B35285DAF82} - C:\Program Files\MediaChannel\Navvy 5.2\NavvyTB.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [fenaffiche] C:\Program Files\FenAffiche\FenUnika.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [Á³# L"h'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\hxyjlul.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [msexe.exe] C:\WINDOWS\system32\msexe.exe
O4 - HKLM\..\Run: [zxexe.exe] C:\WINDOWS\system32\zxexe.exe
O4 - HKLM\..\Run: [UUSEE] "C:\Program Files\Fichiers communs\uusee\UUSeeMediaCenter.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [Livecom] "C:\PROGRA~1\Livecom\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [user] C:\WINDOWS\WinShell..\daemon.exe
O4 - HKLM\..\Policies\Explorer\Run: [stup] C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\3010780
O4 - HKLM\..\Policies\Explorer\Run: [360safe] C:\WINDOWS\Fonts\wuauclt.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ê¹ÓÃUUSee¼ÓËÙ²¥·Å - C:\Program Files\uusee\geturltoplay.htm
O8 - Extra context menu item: Ê¹ÓÃUUSeeÏÂÔØ - C:\Program Files\uusee\geturltodown.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: ºÜ¿ìÊÓÆµËÑË÷ - {998A88A0-A355-809B-831C-B83A80000991} - http://www.henkuai.com/?from=iebannel (file missing)
O9 - Extra 'Tools' menuitem: ºÜ¿ìÊÓÆµËÑË÷ - {998A88A0-A355-809B-831C-B83A80000991} - http://www.henkuai.com/?from=iebannel (file missing)
O9 - Extra button: Æô¶¯UUSee ÍøÂçµçÊÓ - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files\uusee\UUSeePlayer.exe
O9 - Extra 'Tools' menuitem: Æô¶¯UUSee ÍøÂçµçÊÓ - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files\uusee\UUSeePlayer.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: hbfbmhof.dll
O21 - SSODL: B3DDF3DF - {B3DDF3DF-0A05-4BE9-B37D-7021BD501C7A} - C:\WINDOWS\system32\bjddfjdf.dll (file missing)
O21 - SSODL: A9386267 - {A9386267-1CF0-48EC-9DBA-412A44C76334} - C:\WINDOWS\system32\apjomimn.dll (file missing)
O21 - SSODL: 9B8978FE - {9B8978FE-5B0E-476D-8F15-3FB5119A42F3} - C:\WINDOWS\system32\pbopnofe.dll (file missing)
O21 - SSODL: FE494031 - {FE494031-756B-4865-99B4-4DE92DDCF609} - C:\WINDOWS\system32\fekpkgjh.dll (file missing)
O21 - SSODL: 46184B86 - {46184B86-19FF-4A37-9167-4C538027CEBC} - C:\WINDOWS\system32\kmhokbom.dll (file missing)
O21 - SSODL: AC9A4670 - {AC9A4670-B0B6-4EC7-B6A5-B29FA3530420} - C:\WINDOWS\system32\acpakmng.dll (file missing)
O21 - SSODL: 9B3DC09A - {9B3DC09A-2613-4613-96F8-F8E305BFF825} - C:\WINDOWS\system32\pbjdcgpa.dll (file missing)
O21 - SSODL: C13945CA - {C13945CA-D00B-4474-B105-3838809607EA} - C:\WINDOWS\system32\chjpklca.dll (file missing)
O21 - SSODL: 1BFB618F - {1BFB618F-82C7-45DE-A0B9-F76FACE92F32} - C:\WINDOWS\system32\hbfbmhof.dll
O21 - SSODL: 22EC45F3 - {22EC45F3-1651-409E-8273-6D80E39B4549} - C:\WINDOWS\system32\iiecklfj.dll (file missing)
O21 - SSODL: 391597A0 - {391597A0-67FF-4D4F-9AFF-8471E5D0D3C9} - C:\WINDOWS\system32\jphlpnag.dll (file missing)
O21 - SSODL: BA9620A6 - {BA9620A6-68E8-492D-9B28-7B7416F69673} - C:\WINDOWS\system32\bapmigam.dll (file missing)
O21 - SSODL: 04D3233B - {04D3233B-EC1F-44B3-BBE4-9D76438EEC1E} - C:\WINDOWS\system32\gkdjijjb.dll (file missing)
O21 - SSODL: 51E74159 - {51E74159-54A6-4355-A78F-55998328FC07} - C:\WINDOWS\system32\lhenkhlp.dll (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PsShutdown (PsShutdownSvc) - Systems Internals - C:\WINDOWS\System32\PSSDNSVC.EXE

Réponse 82 / 123

ROSALLY Messages postés 80 Statut Membre

bonjour Lyonnais92
ci-après rapport de ToolBar S&D

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 3.06GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : CKS Andre SNEYAERT ( Administrator )
BOOT : Normal boot
Antivirus : ZoneAlarm Security Suite Antivirus 8.0.298.000 (Activated)
Firewall : ZoneAlarm Security Suite Firewall 8.0.298.000 (Activated)
C:\ (Local Disk) - NTFS - Total:176 Go (Free:142 Go)
D:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 2009-03-01|12:09 )

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ Extensions

(All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(CKS Andre SNEYAERT) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.google.com/?gws_rd=ssl"

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\CKSAND~1\Cookies\cks_andre_sneyaert@captaincrackwhore[2].txt
C:\DOCUME~1\CKSAND~1\Cookies\cks_andre_sneyaert@likecrack[1].txt
C:\DOCUME~1\CKSAND~1\Cookies\cks_andre_sneyaert@www.captaincrackwhore[1].txt

1 - "C:\ToolBar SD\TB_1.txt" - 20/02/2009|22:26 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 20/02/2009|23:00 - Option : [2]
3 - "C:\ToolBar SD\TB_3.txt" - 2009-03-01|12:13 - Option : [2]

-----------\\ Fin du rapport a 12:13:08.79

Réponse 83 / 123

ROSALLY Messages postés 80 Statut Membre

Rapport de ComboFix

ComboFix 09-02-28.01 - CKS Andre SNEYAERT 2009-03-01 12:57:24.11 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.894.458 [GMT 1:00]
Lancé depuis: c:\documents and settings\CKS Andre SNEYAERT\Bureau\Fixfix.exe
Commutateurs utilisés :: c:\documents and settings\CKS Andre SNEYAERT\Bureau\CFscript.txt
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\bccd.pif
c:\program files\Fichiers communs\PushWare
c:\program files\Fichiers communs\PushWare\cpush0.dll
c:\program files\Fichiers communs\PushWare\Uninst.exe
c:\program files\Fichiers communs\qybabiqylo.dl
c:\program files\Fichiers communs\vexomigaga._sy
c:\program files\Fichiers communs\vodeqet.ban
c:\program files\Internet Explorer\IETimber\IETimber.dll
c:\program files\internet explorer\plugins\icwres.dll
c:\program files\Internet Explorer\PowerJo.ase
c:\program files\Internet Explorer\PowerJv.ask
c:\program files\MediaChannel\Navvy 5.2\NavvyUp.exe
c:\windows\Downloaded Program Files\explorer.exe
c:\windows\Fonts\TIMPIatform.exe
c:\windows\Fonts\wuauclt.exe
c:\windows\Intel\baiduc.dll
c:\windows\struct~.ini
c:\windows\sys.ini
c:\windows\sysinfo.tmp
c:\windows\system\rund1132.exe
c:\windows\system32\16AF66EB.cfg
c:\windows\system32\16AF66EB.dll
c:\windows\system32\16BC0F81.cfg
c:\windows\system32\16BC0F81.dll
c:\windows\system32\1957817A.cfg
c:\windows\system32\1957817A.dll
c:\windows\system32\198FF3D8.cfg
c:\windows\system32\198FF3D8.dll
c:\windows\system32\201476D0.cfg
c:\windows\system32\4FBFD5A4.cfg
c:\windows\system32\4FBFD5A4.dll
c:\windows\system32\704C3595.cfg
c:\windows\system32\704C3595.dll
c:\windows\system32\A1A6BC2E.cfg
c:\windows\system32\A1A6BC2E.dll
c:\windows\system32\ali96f96.dll
c:\windows\system32\alimoto32.exe
c:\windows\system32\ambiojfn.dll
c:\windows\system32\asdfasdf
c:\windows\system32\B4eocaps.SRG
c:\windows\system32\cciieood.dll
c:\windows\system32\cockgddc.dll
c:\windows\system32\dafln.dll
c:\windows\system32\dfln.dll
c:\windows\system32\drivers\52438666.txt
c:\windows\system32\drivers\acpidisk.sys
c:\windows\system32\drivers\ati4twxx.sys
c:\windows\system32\drivers\ati8quxx.sys
c:\windows\system32\drivers\ethcjxre.sys
c:\windows\system32\drivers\jme.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\drivers\pnpmem.sys
c:\windows\system32\drivers\winyyy.sys
c:\windows\system32\ebhpliad.dll
c:\windows\system32\exlds.ini
c:\windows\system32\F65BDEC7.cfg
c:\windows\system32\F65BDEC7.dll
c:\windows\system32\fasadf.dll
c:\windows\system32\flzaitian.dll
c:\windows\system32\gprmsgse.axz
c:\windows\system32\gscpx32r.det
c:\windows\system32\homegdpk.dll
c:\windows\system32\kdexe.exe
c:\windows\system32\mprmsgse.axz
c:\windows\system32\msexe.exe
c:\windows\system32\MSPolicyAgent.dll
c:\windows\system32\npptools.dll
c:\windows\system32\odgildpe.dll
c:\windows\system32\ojdnnlnf.dll
c:\windows\system32\ormsgse.axz
c:\windows\system32\Packet.dll
c:\windows\system32\RamrtwC.dll
c:\windows\system32\registryboosterppcg15.exe
c:\windows\system32\romarshal.dat
c:\windows\system32\somspring.dat
c:\windows\system32\types.tmp
c:\windows\system32\WanPacket.dll
c:\windows\system32\wauafe.exe
c:\windows\system32\waubfe.exe
c:\windows\system32\waukafe.exe
c:\windows\system32\waulafe.exe
c:\windows\system32\waumafe.exe
c:\windows\system32\waunafe.exe
c:\windows\system32\wpcap.dll
c:\windows\system32\zxexe.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At49.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At50.job
c:\windows\Tasks\At51.job
c:\windows\Tasks\At52.job
c:\windows\Tasks\At53.job
c:\windows\Tasks\At54.job
c:\windows\Tasks\At55.job
c:\windows\Tasks\At56.job
c:\windows\Tasks\At57.job
c:\windows\Tasks\At58.job
c:\windows\Tasks\At59.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At60.job
c:\windows\Tasks\At61.job
c:\windows\Tasks\At62.job
c:\windows\Tasks\At63.job
c:\windows\Tasks\At64.job
c:\windows\Tasks\At65.job
c:\windows\Tasks\At66.job
c:\windows\Tasks\At67.job
c:\windows\Tasks\At68.job
c:\windows\Tasks\At69.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At70.job
c:\windows\Tasks\At71.job
c:\windows\Tasks\At72.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
c:\windows\tmp.dat
c:\windows\WinShell..\daemon.exe
c:\windows\WinShell.\daemon.exe
c:\windows\winsscoo.exe
C:\WINDOWSupdate.dll
.
---- Exécution préalable -------
.
c:\program files\bccd.pif
c:\program files\Fichiers communs\PushWare
c:\program files\Fichiers communs\PushWare\Uninst.exe
c:\windows\struct~.ini
c:\windows\system32\B4eocaps.SRG
c:\windows\system32\drivers\npf.sys
c:\windows\system32\gprmsgse.axz
c:\windows\system32\gscpx32r.det
c:\windows\system32\Packet.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ACPIDISK
-------\Legacy_NPF
-------\Service_npf
-------\Legacy_ACPIDISK
-------\Legacy_NPF
-------\Legacy_PNPMEM
-------\Legacy_RNIEYS
-------\Legacy_ZG
-------\Service_acpidisk
-------\Service_aliimz
-------\Service_npf
-------\Service_pnpmem
-------\Service_rnieys

((((((((((((((((((((((((((((( Fichiers créés du 2009-02-01 au 2009-03-01 ))))))))))))))))))))))))))))))))))))
.

2009-03-01 12:56 . 2009-03-01 12:56 14,998 --ahs---- c:\windows\system32\201476D0.dll
2009-03-01 12:52 . 2009-03-01 12:52 13,926 --ahs---- c:\windows\system32\72B29486.dll
2009-03-01 12:49 . 2009-03-01 12:49 14,444 --ahs---- c:\windows\system32\91C7DF6D.dll
2009-03-01 12:49 . 2009-03-01 12:49 212 --ahs---- c:\windows\system32\91C7DF6D.cfg
2009-03-01 12:20 . 2009-03-01 12:46 13,531 --a------ c:\windows\system32\wauefe.exe
2009-03-01 12:19 . 2009-03-01 12:19 401,720 --a------ C:\HiJackThis.exe
2009-02-28 19:16 . 2009-02-28 19:17 13,531 --a------ c:\windows\system32\waudfe.exe
2009-02-27 15:37 . 2009-03-01 12:50 <REP> d-------- c:\program files\uusee
2009-02-25 23:29 . 2009-03-01 12:07 2,879 --a------ C:\rollback.ini
2009-02-25 20:26 . 2009-02-25 20:26 <REP> d-------- c:\program files\SonicWallES
2009-02-25 19:09 . 2009-02-25 19:26 <REP> d-------- C:\Combo-Fix
2009-02-25 17:25 . 2009-02-25 17:25 200 --ahs---- c:\windows\system32\72B29486.cfg
2009-02-25 13:58 . 2009-03-01 12:44 <REP> d-------- c:\windows\system32\ZoneLabs
2009-02-25 13:58 . 2009-02-25 13:58 <REP> d-------- c:\program files\Zone Labs
2009-02-25 13:58 . 2009-02-27 16:43 4,212 --ah----- c:\windows\system32\zllictbl.dat
2009-02-25 13:56 . 2009-03-01 12:44 <REP> d-------- c:\windows\Internet Logs
2009-02-24 19:17 . 2009-02-26 19:06 2,681 --a------ c:\windows\winsys.inf
2009-02-24 18:55 . 2009-02-24 18:55 1,811 --a------ c:\windows\ACROREAD.INI
2009-02-23 16:50 . 2004-08-05 13:00 4,224 --a------ c:\windows\system32\drivers\beep.sys
2009-02-23 16:50 . 2004-08-05 13:00 4,224 --a--c--- c:\windows\system32\dllcache\beep.sys
2009-02-21 00:01 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-21 00:00 . 2009-02-21 00:01 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-21 00:00 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-20 23:13 . 2009-02-20 23:13 396,288 --a------ c:\windows\HijackThis.exe
2009-02-20 22:23 . 2009-03-01 12:13 <REP> d-------- C:\ToolBar SD
2009-02-20 21:43 . 2009-02-20 21:43 16,656 --a------ C:\mbam-log-2009-02-20 (21-42-58)VIRUS
2009-02-20 19:50 . 2009-02-20 19:50 15,069 --a------ c:\windows\system32\telechargement-159-hijackthis.htm
2009-02-20 19:04 . 2009-02-20 19:04 <REP> d-------- c:\program files\MediaChannel
2009-02-20 16:08 . 2009-02-20 16:08 <REP> d-------- c:\documents and settings\CKS Andre SNEYAERT\Application Data\Malwarebytes
2009-02-20 16:08 . 2009-02-20 16:08 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-20 13:11 . 2003-03-18 21:20 1,060,864 --a------ c:\windows\system32\mfc71.dll
2009-02-20 13:01 . 2009-02-20 13:01 520,052 --a------ c:\windows\system32\mfc71.7z
2009-02-20 12:55 . 2009-02-20 13:00 <REP> d-------- c:\windows\system32\mfc71
2009-02-20 12:01 . 2009-02-20 12:02 514,940 -rah----- c:\windows\system32\mfc71.zip
2009-02-20 11:31 . 2009-02-20 11:31 <REP> d-------- c:\documents and settings\CKS Andre SNEYAERT\Application Data\Uniblue
2009-02-19 18:50 . <REP> c:\windows\$WIND$
2009-02-19 18:45 . 2009-02-20 22:16 <REP> d-------- c:\program files\Goto Software
2009-02-19 18:45 . 2009-02-20 22:16 <REP> d-------- c:\program files\Fichiers communs\Goto Software
2009-02-19 18:45 . 2009-02-19 18:45 <REP> d-------- c:\documents and settings\CKS Andre SNEYAERT\Application Data\VadeRetro
2009-02-19 18:45 . 2009-02-20 22:16 <REP> d-------- c:\documents and settings\All Users\Application Data\VadeRetro
2009-02-19 16:43 . <REP> c:\windows\WinShell
2009-02-18 19:42 . 2009-02-18 19:42 31,232 --a------ C:\Relevé de compte LAW YAT au 31.12.2008.doc
2009-02-17 14:47 . 2009-03-01 12:57 <REP> d-------- c:\windows\Intel
2009-02-17 14:45 . 2008-04-14 03:33 19,968 --a--c--- c:\windows\system32\dllcache\linkinfo.dll
2009-02-07 23:10 . 2009-02-07 23:10 170,496 --a------ C:\FINE CRUSH LTD.doc
2009-02-04 10:50 . 2009-02-04 10:50 24,576 --a------ c:\windows\system32\nsis_loader.dll
2009-02-02 21:59 . 2009-02-02 21:59 66,048 --a------ C:\Proposition APOLLO pour Ile MAURICE.doc
2009-02-02 17:57 . 2009-02-02 17:57 48,640 --a------ C:\Clients Ile MAURICE.doc
2009-02-02 12:23 . 2009-02-05 11:49 25,088 --a------ C:\A T T E S T A T I O N Impotsssssssssss.doc
2009-02-02 10:47 . 2009-02-02 10:47 30,720 --a------ C:\A T T E S T A T I O N - I m p o t s.doc

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-01 12:04 --------- d-----w c:\program files\Wanadoo
2009-03-01 11:45 --------- d-----w c:\documents and settings\CKS Andre SNEYAERT\Application Data\Skype
2009-02-28 20:38 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-27 19:26 --------- d-----w c:\program files\SurfingEnhancer
2009-02-26 10:44 --------- d-----w c:\program files\FenAffiche
2009-02-25 17:50 --------- d-----w c:\program files\Common
2009-02-25 17:40 24,576 ----a-w c:\windows\TEMPIadHide3.dll
2009-02-23 22:43 431,922 ----a-w c:\program files\HJTInstall.7z
2009-02-18 18:10 --------- d-----w c:\program files\Google
2009-01-23 20:21 --------- d-----w c:\documents and settings\All Users\Application Data\288537758
2009-01-21 19:07 --------- d-----w c:\program files\EnveloppesEditor1.09
2009-01-21 16:56 --------- d-----w c:\documents and settings\CKS Andre SNEYAERT\Application Data\PC-FAX TX
2009-01-16 17:15 137,664 ----a-w c:\windows\system32\drivers\adiusbaw.sys
2008-09-22 09:52 85,504 ----a-w c:\documents and settings\CKS Andre SNEYAERT\Application Data\GDIPFONTCACHEV1.DAT
2008-09-04 14:43 1,940 ----a-w c:\documents and settings\CKS Andre SNEYAERT\Application Data\ViewerApp.dat
2008-09-27 10:02 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

------- Sigcheck -------

2004-08-05 13:00 15360 5584247b568c2e53934873f4b655fe6a c:\windows\$NtServicePackUninstall$\ctfmon.exe
2008-04-14 03:33 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-14 03:33 15360 595ada5ffb66e3e309eb0e5aecbc607b c:\windows\system32\ctfmon.exe
2008-04-14 03:33 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 c:\windows\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((( SnapShot_2009-02-28_18.48.18.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-28 17:40:51 2,356 ----a-w c:\windows\Fonts\note.exe
+ 2009-03-01 10:56:42 2,356 ----a-w c:\windows\Fonts\note.exe
+ 2008-08-14 13:23:49 49,152 ----a-w c:\windows\system32\cklfknnl.dll
+ 2008-08-14 13:23:49 45,056 ----a-w c:\windows\system32\eljmkpai.dll
+ 2008-08-14 13:23:49 45,056 ----a-w c:\windows\system32\fdgdbfpe.dll
+ 2008-08-14 13:23:49 40,960 ----a-w c:\windows\system32\hojolkkm.dll
+ 2008-08-14 13:23:49 32,256 ----a-w c:\windows\system32\kfbbconb.dll
+ 2008-08-14 13:23:49 40,960 ----a-w c:\windows\system32\kkhdmlij.dll
+ 2008-08-14 13:23:49 229,376 ----a-w c:\windows\system32\komdjcho.dll
+ 2008-08-14 13:23:49 34,304 ----a-w c:\windows\system32\lmkpocbn.dll
+ 2008-08-14 13:23:49 28,672 ----a-w c:\windows\system32\mlidhbhc.dll
+ 2008-08-14 13:23:49 34,816 ----a-w c:\windows\system32\nbfhfljg.dll
+ 2008-08-14 13:23:49 45,056 ----a-w c:\windows\system32\obafafeo.dll
+ 2008-08-14 13:23:49 45,056 ----a-w c:\windows\system32\ppblkjjp.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}]
2009-02-10 04:30 196608 --a------ c:\program files\Fichiers communs\PushWare\cpush.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{296AB8C6-FB22-4D17-8834-064E2BA0A6F0}]
2009-03-09 04:43 155648 -ra------ c:\windows\Intel\baiduc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{489873CE-F3E1-44A3-8E89-04BE26BE4446}]
2009-02-10 05:14 193912 --a------ c:\program files\Internet Explorer\IETimber\IETimber.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"Livecom"="c:\progra~1\Livecom\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" [2006-02-23 237568]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-02-09 25388584]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-01 68856]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2002-07-17 204863]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fenaffiche"="c:\program files\FenAffiche\FenUnika.exe" [BU]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Microsoft Works Update Detection"="c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-18 28672]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-20 136600]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CAMTRAY.EXE" [2003-10-13 184320]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-27 29744]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-23 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"SiSPower"="SiSPower.dll" [2005-04-12 c:\windows\system32\SiSPower.dll]
"SoundMan"="SOUNDMAN.EXE" [2005-03-24 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9d.exe" [2007-06-11 190696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"360safe"="c:\windows\Fonts\wuauclt.exe" [2009-03-01 19968]

c:\documents and settings\CKS Andre SNEYAERT\Menu D‚marrer\Programmes\D‚marrage\
Outil de d‚tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-07-19 385024]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2006-04-28 151552]
Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2006-04-28 106496]
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe [2007-04-20 835584]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{8D025D9E-A5AC-49DB-968D-1F2A3C030840}"= "c:\windows\system32\odgildpe.dll" [BU]
"{EB1952AD-75E8-4E4E-B626-2C415DA35709}"= "c:\windows\system32\ebhpliad.dll" [BU]
"{186E0D94-F863-43EF-9B43-38DAC43C064B}"= "c:\windows\system32\homegdpk.dll" [BU]
"{C8C40DDC-9B46-4266-BA0B-5AF248442C3B}"= "c:\windows\system32\cockgddc.dll" [BU]
"{83D7757F-4582-4300-9F03-C3D1A544A9D0}"= "c:\windows\system32\ojdnnlnf.dll" [BU]
"{A6B283F7-EAC4-4110-ACAA-A2D0B85466B7}"= "c:\windows\system32\ambiojfn.dll" [BU]
"{16BC0F81-410C-41DF-A902-1B04368BA8AE}"= "16BC0F81.dll" [BU]
"{704C3595-DB85-40F6-A601-8D6F346907BD}"= "704C3595.dll" [BU]
"{72B29486-39B6-4241-B234-B57DEF78302F}"= "72B29486.dll" [BU]
"{56498CB7-D245-41A3-9DD9-7872D9D4836F}"= "c:\windows\system32\lmkpocbn.dll" [2008-08-14 34304]
"{C45F4775-961F-451D-9490-42CC1F2C960B}"= "c:\windows\system32\cklfknnl.dll" [2008-08-14 49152]
"{7BF1F530-0717-4520-89D2-95FC5BA900F8}"= "c:\windows\system32\nbfhfljg.dll" [2008-08-14 34816]
"{8BAFAFE8-D7A8-4F77-B9D6-B6CBFDC1B106}"= "c:\windows\system32\obafafeo.dll" [2008-08-14 45056]
"{652D1B1C-11CB-450E-8675-5DD5296E279B}"= "c:\windows\system32\mlidhbhc.dll" [2008-08-14 28672]
"{486D3C18-A727-47BC-BF24-53324841C5AE}"= "c:\windows\system32\komdjcho.dll" [2008-08-14 229376]
"{441D6523-5F45-46C1-9B82-3768B03C7728}"= "c:\windows\system32\kkhdmlij.dll" [2008-08-14 40960]
"{4FBBC87B-C53B-460A-BDC8-65E85BDEDA48}"= "c:\windows\system32\kfbbconb.dll" [2008-08-14 32256]
"{18385446-70ED-4AC2-B0C5-70BB0D26A3DF}"= "c:\windows\system32\hojolkkm.dll" [2008-08-14 40960]
"{FD0DBF9E-7000-438E-B9E5-0C8C4F0732D5}"= "c:\windows\system32\fdgdbfpe.dll" [2008-08-14 45056]
"{E53649A2-CB52-47DD-9C51-02B35F8F9DFE}"= "c:\windows\system32\eljmkpai.dll" [2008-08-14 45056]
"{99B54339-0B20-4C87-B238-379CB58ADFF9}"= "c:\windows\system32\ppblkjjp.dll" [2008-08-14 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"56498CB7"= {56498CB7-D245-41A3-9DD9-7872D9D4836F} - c:\windows\system32\lmkpocbn.dll [2008-08-14 34304]
"C45F4775"= {C45F4775-961F-451D-9490-42CC1F2C960B} - c:\windows\system32\cklfknnl.dll [2008-08-14 49152]
"7BF1F530"= {7BF1F530-0717-4520-89D2-95FC5BA900F8} - c:\windows\system32\nbfhfljg.dll [2008-08-14 34816]
"8BAFAFE8"= {8BAFAFE8-D7A8-4F77-B9D6-B6CBFDC1B106} - c:\windows\system32\obafafeo.dll [2008-08-14 45056]
"652D1B1C"= {652D1B1C-11CB-450E-8675-5DD5296E279B} - c:\windows\system32\mlidhbhc.dll [2008-08-14 28672]
"486D3C18"= {486D3C18-A727-47BC-BF24-53324841C5AE} - c:\windows\system32\komdjcho.dll [2008-08-14 229376]
"441D6523"= {441D6523-5F45-46C1-9B82-3768B03C7728} - c:\windows\system32\kkhdmlij.dll [2008-08-14 40960]
"4FBBC87B"= {4FBBC87B-C53B-460A-BDC8-65E85BDEDA48} - c:\windows\system32\kfbbconb.dll [2008-08-14 32256]
"18385446"= {18385446-70ED-4AC2-B0C5-70BB0D26A3DF} - c:\windows\system32\hojolkkm.dll [2008-08-14 40960]
"FD0DBF9E"= {FD0DBF9E-7000-438E-B9E5-0C8C4F0732D5} - c:\windows\system32\fdgdbfpe.dll [2008-08-14 45056]
"E53649A2"= {E53649A2-CB52-47DD-9C51-02B35F8F9DFE} - c:\windows\system32\eljmkpai.dll [2008-08-14 45056]
"99B54339"= {99B54339-0B20-4C87-B238-379CB58ADFF9} - c:\windows\system32\ppblkjjp.dll [2008-08-14 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360rpt.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360safe.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360safebox.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360tray.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a.exe]
"Debugger"=c:\windows\system32\keepSafe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ANTIARP.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ArSwp.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Ast.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AutoRun.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AutoRunKiller.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AvMonitor.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVP.COM]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVP.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CCenter.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Frameworkservice.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GFUpd.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GuardField.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\HijackThis.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IceSword.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Iparmor.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KASARP.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kav32.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVPFW.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavstart.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kissvc.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kmailmon.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPfwSvc.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KRegEx.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVMonxp.KXP]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVSrvXP.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVWSC.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kwatch.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Mmsk.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Navapsvc.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32krn.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nod32kui.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PFW.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QQDoctor.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAV.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavMon.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavMonD.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Ravservice.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavStub.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavTask.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAVTRAY.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Regedit.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwmain.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwProxy.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwsrv.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rfwstub.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RsAgent.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rsaupd.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RsMain.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rsnetsvr.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RSTray.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Runiep.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\safeboxTray.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ScanFrm.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SREngLdr.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojanDetector.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Trojanwall.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojDie.KXP]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VPC32.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VPTRAY.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WOPTILITIES.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Livecom\\Application\\eConfv4\\livecomp.exe"=
"c:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=

S2 MSPolicyAgent;Microsoft IPsec Policy Agent;c:\windows\System32\svchost.exe -k MSPolicyAgent [2008-04-14 14336]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-11-21 29744]
S3 myprotector;myprotector;\??\c:\windows\battc.sys --> c:\windows\battc.sys [?]
S3 P1120VID;Creative WebCam NX Ultra;c:\windows\system32\drivers\P1120Vid.sys [2006-02-01 1252474]
S3 PsShutdownSvc;PsShutdown;c:\windows\system32\PSSDNSVC.EXE [2005-08-22 65536]
S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;c:\windows\system32\drivers\WlanUZXP.sys [2007-04-20 260608]
S3 UPDATEDATA;UPDATEDATA;c:\windows\system32\drivers\acpiec.sys [2001-08-23 12032]
S3 ZDCndis5;ZDCndis5 Protocol Driver;c:\windows\system32\zdcndis5.sys [2009-01-16 137664]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - NPF
*NewlyCreated* - ZDPNDIS5

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
MSPolicyAgent REG_MULTI_SZ MSPolicyAgent

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c984ab7c-e6f0-11dd-8d9e-00142a50775a}]
\shell\explore\command - E:\CC.PIF
\shell\open\Command - E:\CC.PIF
.
Contenu du dossier 'Tâches planifiées'

2009-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 14:21]

2009-03-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-23 15:32]

2009-03-01 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-Á³# Lh'þ9Óœð3rÅWc:\program files\ISTsvc\istsvc.exe - c:\windows\hxyjlul.exe
ShellExecuteHooks-{B3DDF3DF-0A05-4BE9-B37D-7021BD501C7A} - (no file)
ShellExecuteHooks-{A9386267-1CF0-48EC-9DBA-412A44C76334} - (no file)
ShellExecuteHooks-{9B8978FE-5B0E-476D-8F15-3FB5119A42F3} - (no file)
ShellExecuteHooks-{FE494031-756B-4865-99B4-4DE92DDCF609} - (no file)
ShellExecuteHooks-{46184B86-19FF-4A37-9167-4C538027CEBC} - (no file)
ShellExecuteHooks-{AC9A4670-B0B6-4EC7-B6A5-B29FA3530420} - (no file)
ShellExecuteHooks-{9B3DC09A-2613-4613-96F8-F8E305BFF825} - (no file)
ShellExecuteHooks-{C13945CA-D00B-4474-B105-3838809607EA} - (no file)
ShellExecuteHooks-{22EC45F3-1651-409E-8273-6D80E39B4549} - (no file)
ShellExecuteHooks-{391597A0-67FF-4D4F-9AFF-8471E5D0D3C9} - (no file)
ShellExecuteHooks-{BA9620A6-68E8-492D-9B28-7B7416F69673} - (no file)
ShellExecuteHooks-{04D3233B-EC1F-44B3-BBE4-9D76438EEC1E} - (no file)
ShellExecuteHooks-{51E74159-54A6-4355-A78F-55998328FC07} - (no file)
ShellExecuteHooks-{91C7DF6D-AEF5-4136-9252-AF030D7A5931} - 91C7DF6D.dll
ShellExecuteHooks-{201476D0-2B18-462E-AB9F-3E2B0CC8732B} - 201476D0.dll

.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://07129.com
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
FF - ProfilePath - c:\documents and settings\CKS Andre SNEYAERT\Application Data\Mozilla\Firefox\Profiles\h6n3nsr0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-01 13:04:06
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

c:\windows\system32\wpcap.dll 240496 bytes executable
c:\windows\system32\Packet.dll 88952 bytes executable
c:\windows\system32\exlds.ini 141 bytes
c:\windows\system32\WanPacket.dll 68480 bytes executable

Scan terminé avec succès
Fichiers cachés: 4

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Á³# L\"h'þ9Óœð3rÅWc:\\Program Files\\ISTsvc\\istsvc.exe"="c:\\WINDOWS\\hxyjlul.exe"
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\FTRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Wanadoo\TaskBarIcon.exe
c:\program files\Brother\ControlCenter3\BrccMCtl.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\progra~1\Wanadoo\Toaster.exe
c:\progra~1\Wanadoo\Inactivity.exe
c:\progra~1\Wanadoo\PollingModule.exe
c:\program files\Brother\Brmfcmon\BrMfcMon.exe
c:\docume~1\CKSAND~1\LOCALS~1\temp\sys26.tmp
c:\windows\Fonts\TIMPIatform.exe
c:\windows\system32\wauefe.exe
c:\windows\system32\wauefe.exe
c:\windows\system32\wauefe.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Heure de fin: 2009-03-01 13:12:05 - La machine a redémarré [CKS Andre SNEYAERT]
ComboFix-quarantined-files.txt 2009-03-01 12:12:02
ComboFix2.txt 2009-02-27 14:30:13
ComboFix3.txt 2009-02-24 17:40:00
ComboFix4.txt 2009-02-24 01:05:33
ComboFix5.txt 2009-02-28 17:29:52

Avant-CF: 152,876,441,600 octets libres
Après-CF: 152,886,173,696 octets libres

630 --- E O F --- 2009-03-01 11:00:54

Réponse 84 / 123

ROSALLY Messages postés 80 Statut Membre

ci-après rapport de Hijackthis
merci d'avance
Rosally

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:45:05, on 01/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\sys13.tmp
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\WINDOWS\Fonts\TIMPIatform.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\177910
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\Fichiers Internet temporaires\Content.IE5\LAEUATD3\HiJackThis[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\481015

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://07129.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O1 - Hosts: 127.0.0.2 ymsdasdw1.cn
O1 - Hosts: 127.0.0.3 h96b.info
O1 - Hosts: 127.0.0.0 fuck.zttwp.cn
O1 - Hosts: 127.0.0.0 www.hackerbf.cn
O1 - Hosts: 127.0.0.0 zzz.2008wyt.net
O1 - Hosts: 127.1.1.1 999.2005wyt.com
O1 - Hosts: 127.1.1.1 219.152.120.240
O1 - Hosts: 127.0.0.0 ww.popdm.cn
O1 - Hosts: 127.1.1.1 bbt.etimes888.com
O1 - Hosts: 127.1.1.1 219.147.13.53
O1 - Hosts: 127.1.1.1 dl.360safe.com
O1 - Hosts: 127.1.1.1 www.sunlight.org.cn
O1 - Hosts: 127.1.1.1 w.wonthe.cn
O1 - Hosts: 127.1.1.1 20068080.cn
O1 - Hosts: 127.1.1.1 l.neter888.cn
O1 - Hosts: 127.1.1.1 stat.untang.com
O1 - Hosts: 127.1.1.1 www.ikdy.cn
O1 - Hosts: 127.0.0.0 geekbyfeng.cn
O1 - Hosts: 127.0.0.0 121.14.101.68
O1 - Hosts: 127.0.0.0 ppp.etimes888.com
O1 - Hosts: 127.0.0.0 www.bypk.com
O1 - Hosts: 127.0.0.0 CSC3-2004-crl.verisign.com
O1 - Hosts: 127.0.0.0 udp.hjob123.com
O1 - Hosts: 127.1.1.1 999.hfdy2828.com
O1 - Hosts: 127.1.1.1 www.hfdy2929.com
O1 - Hosts: 127.1.1.1 www.xiazaide1.cn
O1 - Hosts: 127.1.1.1 www.vuf51579.cn
O1 - Hosts: 127.1.1.1 wm.eo2q.cn
O1 - Hosts: 127.1.1.1 d.www-263.com
O1 - Hosts: 127.1.1.1 www.ssy1688.cn
O1 - Hosts: 127.1.1.1 121.12.173.218
O1 - Hosts: 127.1.1.1 qq.18i16.net
O1 - Hosts: 127.1.1.1 a.baidu-6661.com
O1 - Hosts: 127.1.1.1 www.vuf51579.cn
O1 - Hosts: 127.1.1.1 www.1079223105.cn
O1 - Hosts: 127.1.1.1 home.xzx6.cn
O1 - Hosts: 127.1.1.1 top.fgc3.cn
O1 - Hosts: 127.1.1.1 165.246.44.228
O1 - Hosts: 127.1.1.1 wwww.ttfafa.com
O1 - Hosts: 127.1.1.1 pa.tt-09.com
O1 - Hosts: 127.0.0.2 bnasnd83nd.cn
O1 - Hosts: 127.0.0.0 www.gamehacker.com.cn
O1 - Hosts: 127.0.0.0 gamehacker.com.cn
O1 - Hosts: 127.1.1.1 www.cctv-100008.cn
O1 - Hosts: 127.1.1.1 222.73.208.141
O1 - Hosts: 127.0.0.3 adlaji.cn
O1 - Hosts: 127.1.1.1 aiyyw.com
O1 - Hosts: 127.1.1.1 bnasnd83nd.cn
O1 - Hosts: 127.0.0.0 user1.12-27.net
O1 - Hosts: 127.0.0.0 fengent.cn
O1 - Hosts: 127.0.0.0 www.sony888.cn
O1 - Hosts: 127.0.0.0 user1.asp-33.cn
O1 - Hosts: 127.0.0.0 www.netkwek.cn
O1 - Hosts: 127.0.0.0 ymsdkad6.cn
O1 - Hosts: 127.0.0.0 www.lkwueir.cn
O1 - Hosts: 127.0.1.1 user1.23-17.net
O1 - Hosts: 127.0.0.0 upa.luzhiai.net
O1 - Hosts: 127.0.0.0 www.guccia.net
O1 - Hosts: 127.0.0.0 4m9mnlmi.cn
O1 - Hosts: 127.0.0.0 mm119mkssd.cn
O1 - Hosts: 127.0.0.0 61.128.171.115:8080
O1 - Hosts: 127.0.0.0 www.1119111.com
O1 - Hosts: 127.0.0.0 win.nihao69.cn
O1 - Hosts: 127.0.0.0 puc.lianxiac.net
O1 - Hosts: 127.0.0.0 pud.lianxiac.net
O1 - Hosts: 127.0.0.0 210.76.0.133
O1 - Hosts: 127.0.0.0 61.166.32.2
O1 - Hosts: 127.0.0.0 218.92.186.27
O1 - Hosts: 127.0.0.0 www.fsfsfag.cn
O1 - Hosts: 127.0.0.0 ovo.ovovov.cn
O1 - Hosts: 127.0.0.0 dw.com.com
O1 - Hosts: 127.0.0.0 t.myblank.cn
O1 - Hosts: 127.0.0.0 x.myblank.cn
O1 - Hosts: 127.0.0.0 qq-xing.com.cn
O1 - Hosts: 127.0.0.0 59.125.231.177:17777
O1 - Hosts: 222.189.238.6 biz5c.sandai.net
O1 - Hosts: 222.189.238.6 recommend.xunlei.com
O1 - Hosts: 222.189.238.6 news.51uc.com
O1 - Hosts: 222.189.238.6 chat.sina.com.cn
O1 - Hosts: 222.189.238.6 hallcenter.ourgame.com
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Fichiers communs\PushWare\cpush0.dll
O2 - BHO: Info cache - {296AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\WINDOWS\Intel\baiduc.dll
O2 - BHO: IETimber - {489873CE-F3E1-44A3-8E89-04BE26BE4446} - C:\Program Files\Internet Explorer\IETimber\IETimber.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Rankey Toolbar(&N) - {C4672F26-5862-40FE-94B8-7B35285DAF82} - C:\Program Files\MediaChannel\Navvy 5.2\NavvyTB.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Rankey Toolbar(&N) - {C4672F26-5862-40FE-94B8-7B35285DAF82} - C:\Program Files\MediaChannel\Navvy 5.2\NavvyTB.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [fenaffiche] C:\Program Files\FenAffiche\FenUnika.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [Á³# L"h'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\hxyjlul.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [msexe.exe] C:\WINDOWS\system32\msexe.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [Livecom] "C:\PROGRA~1\Livecom\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [360safe] C:\WINDOWS\Fonts\wuauclt.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: fdgdbfpe.dll,eljmkpai.dll,hojolkkm.dll,kfbbconb.dll,ppblkjjp.dll,pcmpmfid.dll,gddhbneo.dll,pjhimbeh.dll,hkdhmobo.dll,oacmhclb.dll,ohlaaeam.dll,obpghmoi.dll
O21 - SSODL: 4FBBC87B - {4FBBC87B-C53B-460A-BDC8-65E85BDEDA48} - C:\WINDOWS\system32\kfbbconb.dll
O21 - SSODL: 18385446 - {18385446-70ED-4AC2-B0C5-70BB0D26A3DF} - C:\WINDOWS\system32\hojolkkm.dll
O21 - SSODL: FD0DBF9E - {FD0DBF9E-7000-438E-B9E5-0C8C4F0732D5} - C:\WINDOWS\system32\fdgdbfpe.dll
O21 - SSODL: E53649A2 - {E53649A2-CB52-47DD-9C51-02B35F8F9DFE} - C:\WINDOWS\system32\eljmkpai.dll
O21 - SSODL: 99B54339 - {99B54339-0B20-4C87-B238-379CB58ADFF9} - C:\WINDOWS\system32\ppblkjjp.dll
O21 - SSODL: 9C696F2D - {9C696F2D-465C-48CB-B406-0517E00C2005} - C:\WINDOWS\system32\pcmpmfid.dll
O21 - SSODL: 0DD1B7E8 - {0DD1B7E8-CDBA-4672-A720-22536AED2EB7} - C:\WINDOWS\system32\gddhbneo.dll
O21 - SSODL: 93126BE1 - {93126BE1-B668-436C-9ABD-494BD8B5D113} - C:\WINDOWS\system32\pjhimbeh.dll
O21 - SSODL: 14D168B8 - {14D168B8-9D3D-43EF-81B1-B0C05EA800C9} - C:\WINDOWS\system32\hkdhmobo.dll
O21 - SSODL: 8AC61C5B - {8AC61C5B-2B8B-45C3-9762-F855B06DA270} - C:\WINDOWS\system32\oacmhclb.dll
O21 - SSODL: 815AAEA6 - {815AAEA6-0D7A-4FF5-87EA-5803B20C45D4} - C:\WINDOWS\system32\ohlaaeam.dll
O21 - SSODL: 8B901682 - {8B901682-8CC1-4406-95DD-A2C7DE66099B} - C:\WINDOWS\system32\obpghmoi.dll
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PsShutdown (PsShutdownSvc) - Systems Internals - C:\WINDOWS\System32\PSSDNSVC.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 85 / 123

ROSALLY Messages postés 80 Statut Membre

Bonsoir
ci-après la rapport de ComboFix

ComboFix 09-02-28.01 - CKS Andre SNEYAERT 2009-03-01 19:01:19.12 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.894.397 [GMT 1:00]
Lancé depuis: c:\documents and settings\CKS Andre SNEYAERT\Bureau\Fixfix.exe
Commutateurs utilisés :: c:\documents and settings\CKS Andre SNEYAERT\Bureau\CFscript.txt
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\bccd.pif
c:\program files\Fichiers communs\PushWare
c:\program files\Fichiers communs\PushWare\cpush.dll
c:\program files\Fichiers communs\PushWare\cpush0.dll
c:\program files\Fichiers communs\PushWare\Uninst.exe
c:\program files\Fichiers communs\qybabiqylo.dl
c:\program files\Fichiers communs\vexomigaga._sy
c:\program files\Fichiers communs\vodeqet.ban
c:\program files\Internet Explorer\IETimber\IETimber.dll
c:\program files\internet explorer\plugins\icwres.dll
c:\program files\Internet Explorer\PowerJo.ase
c:\program files\Internet Explorer\PowerJv.ask
c:\program files\uusee
c:\program files\uusee\henkuai.ico
c:\program files\uusee\uusee.ico
c:\windows\Downloaded Program Files\explorer.exe
c:\windows\Fonts\TIMPIatform.exe
c:\windows\Fonts\wuauclt.exe
c:\windows\Intel\baiduc.dll
c:\windows\KB611311.log
c:\windows\smss.exe
c:\windows\sys.ini
c:\windows\sysinfo.tmp
c:\windows\system\rund1132.exe
c:\windows\system32\16AF66EB.cfg
c:\windows\system32\16AF66EB.dll
c:\windows\system32\16BC0F81.cfg
c:\windows\system32\16BC0F81.dll
c:\windows\system32\1957817A.cfg
c:\windows\system32\1957817A.dll
c:\windows\system32\198FF3D8.cfg
c:\windows\system32\198FF3D8.dll
c:\windows\system32\201476D0.cfg
c:\windows\system32\4FBFD5A4.cfg
c:\windows\system32\4FBFD5A4.dll
c:\windows\system32\704C3595.cfg
c:\windows\system32\704C3595.dll
c:\windows\system32\A1A6BC2E.cfg
c:\windows\system32\A1A6BC2E.dll
c:\windows\system32\ali106d1.dll
c:\windows\system32\ali53f71.dll
c:\windows\system32\ali90a83.dll
c:\windows\system32\alimoto32.exe
c:\windows\system32\ambiojfn.dll
c:\windows\system32\asdfasdf
c:\windows\system32\B4eocaps.SRG
c:\windows\system32\cciieood.dll
c:\windows\system32\cockgddc.dll
c:\windows\system32\dafln.dll
c:\windows\system32\dfln.dll
c:\windows\system32\drivers\52438666.txt
c:\windows\system32\drivers\acpidisk.sys
c:\windows\system32\drivers\ati4twxx.sys
c:\windows\system32\drivers\ati8quxx.sys
c:\windows\system32\drivers\ethcjxre.sys
c:\windows\system32\drivers\jme.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\drivers\pnpmem.sys
c:\windows\system32\drivers\winyyy.sys
c:\windows\system32\ebhpliad.dll
c:\windows\system32\exlds.ini
c:\windows\system32\F65BDEC7.cfg
c:\windows\system32\F65BDEC7.dll
c:\windows\system32\fasadf.dll
c:\windows\system32\flzaitian.dll
c:\windows\system32\gprmsgse.axz
c:\windows\system32\gscpx32r.det
c:\windows\system32\homegdpk.dll
c:\windows\system32\kdexe.exe
c:\windows\system32\mprmsgse.axz
c:\windows\system32\mscpx32r.det
c:\windows\system32\msexe.exe
c:\windows\system32\MSPolicyAgent.dll
c:\windows\system32\npptools.dll
c:\windows\system32\odgildpe.dll
c:\windows\system32\ojdnnlnf.dll
c:\windows\system32\ormsgse.axz
c:\windows\system32\Packet.dll
c:\windows\system32\RamrtwC.dll
c:\windows\system32\registryboosterppcg15.exe
c:\windows\system32\romarshal.dat
c:\windows\system32\somspring.dat
c:\windows\system32\types.tmp
c:\windows\system32\WanPacket.dll
c:\windows\system32\wauafe.exe
c:\windows\system32\waubfe.exe
c:\windows\system32\waukafe.exe
c:\windows\system32\waulafe.exe
c:\windows\system32\waumafe.exe
c:\windows\system32\waunafe.exe
c:\windows\system32\wpcap.dll
c:\windows\system32\zxexe.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At49.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At50.job
c:\windows\Tasks\At51.job
c:\windows\Tasks\At52.job
c:\windows\Tasks\At53.job
c:\windows\Tasks\At54.job
c:\windows\Tasks\At55.job
c:\windows\Tasks\At56.job
c:\windows\Tasks\At57.job
c:\windows\Tasks\At58.job
c:\windows\Tasks\At59.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At60.job
c:\windows\Tasks\At61.job
c:\windows\Tasks\At62.job
c:\windows\Tasks\At63.job
c:\windows\Tasks\At64.job
c:\windows\Tasks\At65.job
c:\windows\Tasks\At66.job
c:\windows\Tasks\At67.job
c:\windows\Tasks\At68.job
c:\windows\Tasks\At69.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At70.job
c:\windows\Tasks\At71.job
c:\windows\Tasks\At72.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
c:\windows\tmp.dat
c:\windows\WinShell..\daemon.exe
c:\windows\WinShell.\daemon.exe
c:\windows\winsscoo.exe
c:\windows\winsys.exe
C:\WINDOWSupdate.dll

.
--------------- FCopy ---------------

c:\windows\system32\dllcache\ctfmon.exe --> c:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ACPIDISK
-------\Legacy_MSPOLICYAGENT
-------\Legacy_NPF
-------\Legacy_PNPMEM
-------\Legacy_WINSSCOM
-------\Legacy_ZG
-------\Service_acpidisk
-------\Service_aliimz
-------\Service_MSPolicyAgent
-------\Service_npf
-------\Service_pnpmem

((((((((((((((((((((((((((((( Fichiers créés du 2009-02-01 au 2009-03-01 ))))))))))))))))))))))))))))))))))))
.

2009-03-01 18:55 . 2009-03-01 18:55 13,944 --ahs---- c:\windows\system32\D64374E8.dll
2009-03-01 18:55 . 2009-03-01 18:55 236 --ahs---- c:\windows\system32\D64374E8.cfg
2009-03-01 13:51 . 2009-03-01 19:01 21,248 --a------ c:\windows\winyyy.sys
2009-03-01 13:15 . 2009-03-01 13:15 267,152 --a------ C:\zasuiteSetup_en.exe
2009-03-01 12:56 . 2009-03-01 12:56 14,998 --ahs---- c:\windows\system32\201476D0.dll
2009-03-01 12:52 . 2009-03-01 12:52 13,926 --ahs---- c:\windows\system32\72B29486.dll
2009-03-01 12:49 . 2009-03-01 12:49 14,444 --ahs---- c:\windows\system32\91C7DF6D.dll
2009-03-01 12:49 . 2009-03-01 16:20 388 --ahs---- c:\windows\system32\91C7DF6D.cfg
2009-03-01 12:20 . 2009-03-01 18:49 13,531 --a------ c:\windows\system32\wauefe.exe
2009-03-01 12:19 . 2009-03-01 12:19 401,720 --a------ C:\HiJackThis.exe
2009-02-28 19:16 . 2009-02-28 19:17 13,531 --a------ c:\windows\system32\waudfe.exe
2009-02-26 00:55 . 2009-03-01 18:50 1,354,483 --a------ c:\windows\setupapi.log.3.old
2009-02-25 23:29 . 2009-03-01 12:07 2,879 --a------ C:\rollback.ini
2009-02-25 20:26 . 2009-02-25 20:26 <REP> d-------- c:\program files\SonicWallES
2009-02-25 19:09 . 2009-02-25 19:26 <REP> d-------- C:\Combo-Fix
2009-02-25 17:25 . 2009-02-25 17:25 200 --ahs---- c:\windows\system32\72B29486.cfg
2009-02-25 13:58 . 2009-02-25 13:58 <REP> d-------- c:\program files\Zone Labs
2009-02-25 13:58 . 2009-03-01 13:35 4,212 --ah----- c:\windows\system32\zllictbl.dat
2009-02-25 13:56 . 2009-03-01 18:48 <REP> d-------- c:\windows\Internet Logs
2009-02-24 19:17 . 2009-03-01 19:01 2,681 --a------ c:\windows\winsys.inf
2009-02-24 18:55 . 2009-02-24 18:55 1,811 --a------ c:\windows\ACROREAD.INI
2009-02-23 16:50 . 2004-08-05 13:00 4,224 --a------ c:\windows\system32\drivers\beep.sys
2009-02-23 16:50 . 2004-08-05 13:00 4,224 --a--c--- c:\windows\system32\dllcache\beep.sys
2009-02-21 00:01 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-21 00:00 . 2009-02-21 00:01 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-21 00:00 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-20 23:13 . 2009-02-20 23:13 396,288 --a------ c:\windows\HijackThis.exe
2009-02-20 22:23 . 2009-03-01 12:13 <REP> d-------- C:\ToolBar SD
2009-02-20 21:43 . 2009-02-20 21:43 16,656 --a------ C:\mbam-log-2009-02-20 (21-42-58)VIRUS
2009-02-20 19:50 . 2009-02-20 19:50 15,069 --a------ c:\windows\system32\telechargement-159-hijackthis.htm
2009-02-20 19:04 . 2009-02-20 19:04 <REP> d-------- c:\program files\MediaChannel
2009-02-20 16:08 . 2009-02-20 16:08 <REP> d-------- c:\documents and settings\CKS Andre SNEYAERT\Application Data\Malwarebytes
2009-02-20 16:08 . 2009-02-20 16:08 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-20 13:11 . 2003-03-18 21:20 1,060,864 --a------ c:\windows\system32\mfc71.dll
2009-02-20 13:01 . 2009-02-20 13:01 520,052 --a------ c:\windows\system32\mfc71.7z
2009-02-20 12:55 . 2009-02-20 13:00 <REP> d-------- c:\windows\system32\mfc71
2009-02-20 12:01 . 2009-02-20 12:02 514,940 -rah----- c:\windows\system32\mfc71.zip
2009-02-20 11:31 . 2009-02-20 11:31 <REP> d-------- c:\documents and settings\CKS Andre SNEYAERT\Application Data\Uniblue
2009-02-19 18:50 . <REP> c:\windows\$WIND$
2009-02-19 18:45 . 2009-02-20 22:16 <REP> d-------- c:\program files\Goto Software
2009-02-19 18:45 . 2009-02-20 22:16 <REP> d-------- c:\program files\Fichiers communs\Goto Software
2009-02-19 18:45 . 2009-02-19 18:45 <REP> d-------- c:\documents and settings\CKS Andre SNEYAERT\Application Data\VadeRetro
2009-02-19 18:45 . 2009-02-20 22:16 <REP> d-------- c:\documents and settings\All Users\Application Data\VadeRetro
2009-02-19 16:43 . <REP> c:\windows\WinShell
2009-02-18 19:42 . 2009-02-18 19:42 31,232 --a------ C:\Relevé de compte LAW YAT au 31.12.2008.doc
2009-02-17 14:47 . 2009-03-01 19:01 <REP> d-------- c:\windows\Intel
2009-02-17 14:45 . 2008-04-14 03:33 19,968 --a--c--- c:\windows\system32\dllcache\linkinfo.dll
2009-02-07 23:10 . 2009-02-07 23:10 170,496 --a------ C:\FINE CRUSH LTD.doc
2009-02-04 10:50 . 2009-02-04 10:50 24,576 --a------ c:\windows\system32\nsis_loader.dll
2009-02-02 21:59 . 2009-02-02 21:59 66,048 --a------ C:\Proposition APOLLO pour Ile MAURICE.doc
2009-02-02 17:57 . 2009-02-02 17:57 48,640 --a------ C:\Clients Ile MAURICE.doc
2009-02-02 12:23 . 2009-02-05 11:49 25,088 --a------ C:\A T T E S T A T I O N Impotsssssssssss.doc
2009-02-02 10:47 . 2009-02-02 10:47 30,720 --a------ C:\A T T E S T A T I O N - I m p o t s.doc

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-01 18:14 --------- d-----w c:\program files\Wanadoo
2009-03-01 17:50 42 ----a-w c:\windows\Fonts\gzdnf01.dat
2009-03-01 17:50 42 ----a-w c:\windows\Fonts\GBUNHAK.nls
2009-03-01 17:48 --------- d-----w c:\documents and settings\CKS Andre SNEYAERT\Application Data\Skype
2009-02-28 20:38 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-27 19:26 --------- d-----w c:\program files\SurfingEnhancer
2009-02-26 10:44 --------- d-----w c:\program files\FenAffiche
2009-02-25 17:50 --------- d-----w c:\program files\Common
2009-02-25 17:40 24,576 ----a-w c:\windows\TEMPIadHide3.dll
2009-02-23 22:43 431,922 ----a-w c:\program files\HJTInstall.7z
2009-02-18 18:10 --------- d-----w c:\program files\Google
2009-01-23 20:21 --------- d-----w c:\documents and settings\All Users\Application Data\288537758
2009-01-21 19:07 --------- d-----w c:\program files\EnveloppesEditor1.09
2009-01-21 16:56 --------- d-----w c:\documents and settings\CKS Andre SNEYAERT\Application Data\PC-FAX TX
2009-01-16 17:15 137,664 ----a-w c:\windows\system32\drivers\adiusbaw.sys
2008-09-22 09:52 85,504 ----a-w c:\documents and settings\CKS Andre SNEYAERT\Application Data\GDIPFONTCACHEV1.DAT
2008-09-04 14:43 1,940 ----a-w c:\documents and settings\CKS Andre SNEYAERT\Application Data\ViewerApp.dat
2008-09-27 10:02 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\windows\$WIND$ ----

c:\windows\$WIND$\

---- Directory of c:\windows\WinShell ----

c:\windows\WinShell\

((((((((((((((((((((((((((((( SnapShot_2009-02-28_18.48.18.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-01 14:21:11 53,248 ----a-w c:\windows\Fonts\guhfpzpq.dll
- 2009-02-28 17:40:51 2,356 ----a-w c:\windows\Fonts\note.exe
+ 2009-03-01 10:56:42 2,356 ----a-w c:\windows\Fonts\note.exe
+ 2009-03-01 17:50:33 53,248 ----a-w c:\windows\Fonts\trjrzgeb.dll
+ 2008-08-14 13:23:49 40,960 ----a-w c:\windows\system32\aihoacbh.dll
+ 2008-08-14 13:23:49 49,152 ----a-w c:\windows\system32\caoabcob.dll
+ 2008-08-14 13:23:49 45,056 ----a-w c:\windows\system32\cpkhiooa.dll
+ 2008-08-14 13:23:49 40,960 ----a-w c:\windows\system32\eojcjojj.dll
+ 2008-08-14 13:23:49 28,672 ----a-w c:\windows\system32\fmbiohna.dll
+ 2008-08-14 13:23:49 45,056 ----a-w c:\windows\system32\haoddjme.dll
+ 2008-08-14 13:23:49 49,152 ----a-w c:\windows\system32\hbofjcgd.dll
+ 2008-08-14 13:23:49 229,376 ----a-w c:\windows\system32\hkncnkoh.dll
+ 2008-08-14 13:23:49 34,816 ----a-w c:\windows\system32\iapngipd.dll
+ 2008-08-14 13:23:49 45,056 ----a-w c:\windows\system32\kkpdiamf.dll
+ 2008-08-14 13:23:49 32,256 ----a-w c:\windows\system32\okgciood.dll
+ 2008-08-14 13:23:49 34,304 ----a-w c:\windows\system32\pllmeenf.dll
+ 2009-03-01 18:13:46 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7f8.dat
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08CBFE20-8DC8-4195-B8E2-DD66F860469D}]
2009-03-01 18:56 70788 --ahs---- c:\program files\Internet Explorer\PowerJa.ask

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}]
2009-02-10 04:30 196608 --a------ c:\program files\Fichiers communs\PushWare\cpush.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{296AB8C6-FB22-4D17-8834-064E2BA0A6F0}]
2009-03-09 04:43 155648 -ra------ c:\windows\Intel\baiduc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{489873CE-F3E1-44A3-8E89-04BE26BE4446}]
2009-02-10 05:14 193912 --a------ c:\program files\Internet Explorer\IETimber\IETimber.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"Livecom"="c:\progra~1\Livecom\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" [2006-02-23 237568]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-02-09 25388584]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-01 68856]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2002-07-17 204863]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fenaffiche"="c:\program files\FenAffiche\FenUnika.exe" [BU]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Microsoft Works Update Detection"="c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-18 28672]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-20 136600]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CAMTRAY.EXE" [2003-10-13 184320]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-27 29744]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-23 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"SiSPower"="SiSPower.dll" [2005-04-12 c:\windows\system32\SiSPower.dll]
"SoundMan"="SOUNDMAN.EXE" [2005-03-24 c:\windows\SOUNDMAN.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"CPushSetup"="c:\program files\Fichiers communs\PushWare\cpush.dll" [2009-02-10 196608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9d.exe" [2007-06-11 190696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"360safe"="c:\windows\Fonts\wuauclt.exe" [2009-03-01 19968]

c:\documents and settings\CKS Andre SNEYAERT\Menu D‚marrer\Programmes\D‚marrage\
Outil de d‚tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-07-19 385024]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2006-04-28 151552]
Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2006-04-28 106496]
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe [2007-04-20 835584]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{91C7DF6D-AEF5-4136-9252-AF030D7A5931}"= "91C7DF6D.dll" [BU]
"{1957817A-94B2-4CAC-B113-A331809B5730}"= "1957817A.dll" [BU]
"{08CBFE20-8DC8-4195-B8E2-DD66F860469D}"= "c:\program files\Internet Explorer\PowerJa.ask" [2009-03-01 70788]
"{815EDE81-767D-4636-80F5-141578667A98}"= "c:\windows\fonts\uulozjer.dll" [2009-03-01 53248]
"{CA8ABC8B-93B1-4818-ACA5-37131E0523D8}"= "c:\windows\system32\caoabcob.dll" [2008-08-14 49152]
"{9556EE7F-D5B7-4DE4-819F-90B9408AF39E}"= "c:\windows\system32\pllmeenf.dll" [2008-08-14 34304]
"{2A97029D-5F87-40B7-AC87-BDFC8BE941E3}"= "c:\windows\system32\iapngipd.dll" [2008-08-14 34816]
"{1A8DD36E-3DE4-484B-B498-51E0F66688E6}"= "c:\windows\system32\haoddjme.dll" [2008-08-14 45056]
"{F6B2817A-4836-4870-928F-236264E3AF32}"= "c:\windows\system32\fmbiohna.dll" [2008-08-14 28672]
"{147C7481-5793-4972-A433-C7C6DCB2A4DA}"= "c:\windows\system32\hkncnkoh.dll" [2008-08-14 229376]
"{A218ACB1-0EC2-413A-B72D-5411FBC6193F}"= "c:\windows\system32\aihoacbh.dll" [2008-08-14 40960]
"{840C288D-33C2-4932-846F-5B3A1FC6FCAD}"= "c:\windows\system32\okgciood.dll" [2008-08-14 32256]
"{E83C3833-A1EE-4C18-B34E-ACD20C0A646C}"= "c:\windows\system32\eojcjojj.dll" [2008-08-14 40960]
"{1B8F3C0D-D80F-428C-BBE1-013634121393}"= "c:\windows\system32\hbofjcgd.dll" [2008-08-14 49152]
"{449D2A6F-94FC-40BF-A260-6968AC4B060B}"= "c:\windows\system32\kkpdiamf.dll" [2008-08-14 45056]
"{C941288A-27FC-484E-AC78-BA04CB41FD53}"= "c:\windows\system32\cpkhiooa.dll" [2008-08-14 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"c:\windows\fonts\guhfpzpq.dll"= {815EDE81-767D-4636-80F5-141578667A98} - c:\windows\fonts\uulozjer.dll [2009-03-01 53248]
"c:\windows\fonts\nhdysbau.dll"= {815EDE81-767D-4636-80F5-141578667A98} - c:\windows\fonts\uulozjer.dll [2009-03-01 53248]
"c:\windows\fonts\onpdjbiu.dll"= {815EDE81-767D-4636-80F5-141578667A98} - c:\windows\fonts\uulozjer.dll [2009-03-01 53248]
"c:\windows\fonts\vhxdhadf.dll"= {815EDE81-767D-4636-80F5-141578667A98} - c:\windows\fonts\uulozjer.dll [2009-03-01 53248]
"c:\windows\fonts\cjxcnzxr.dll"= {815EDE81-767D-4636-80F5-141578667A98} - c:\windows\fonts\uulozjer.dll [2009-03-01 53248]
"CA8ABC8B"= {CA8ABC8B-93B1-4818-ACA5-37131E0523D8} - c:\windows\system32\caoabcob.dll [2008-08-14 49152]
"c:\windows\fonts\fecmencv.dll"= {815EDE81-767D-4636-80F5-141578667A98} - c:\windows\fonts\uulozjer.dll [2009-03-01 53248]
"9556EE7F"= {9556EE7F-D5B7-4DE4-819F-90B9408AF39E} - c:\windows\system32\pllmeenf.dll [2008-08-14 34304]
"c:\windows\fonts\wxluanmz.dll"= {815EDE81-767D-4636-80F5-141578667A98} - c:\windows\fonts\uulozjer.dll [2009-03-01 53248]
"c:\windows\fonts\trjrzgeb.dll"= {815EDE81-767D-4636-80F5-141578667A98} - c:\windows\fonts\uulozjer.dll [2009-03-01 53248]
"2A97029D"= {2A97029D-5F87-40B7-AC87-BDFC8BE941E3} - c:\windows\system32\iapngipd.dll [2008-08-14 34816]
"1A8DD36E"= {1A8DD36E-3DE4-484B-B498-51E0F66688E6} - c:\windows\system32\haoddjme.dll [2008-08-14 45056]
"F6B2817A"= {F6B2817A-4836-4870-928F-236264E3AF32} - c:\windows\system32\fmbiohna.dll [2008-08-14 28672]
"147C7481"= {147C7481-5793-4972-A433-C7C6DCB2A4DA} - c:\windows\system32\hkncnkoh.dll [2008-08-14 229376]
"A218ACB1"= {A218ACB1-0EC2-413A-B72D-5411FBC6193F} - c:\windows\system32\aihoacbh.dll [2008-08-14 40960]
"840C288D"= {840C288D-33C2-4932-846F-5B3A1FC6FCAD} - c:\windows\system32\okgciood.dll [2008-08-14 32256]
"E83C3833"= {E83C3833-A1EE-4C18-B34E-ACD20C0A646C} - c:\windows\system32\eojcjojj.dll [2008-08-14 40960]
"1B8F3C0D"= {1B8F3C0D-D80F-428C-BBE1-013634121393} - c:\windows\system32\hbofjcgd.dll [2008-08-14 49152]
"449D2A6F"= {449D2A6F-94FC-40BF-A260-6968AC4B060B} - c:\windows\system32\kkpdiamf.dll [2008-08-14 45056]
"C941288A"= {C941288A-27FC-484E-AC78-BA04CB41FD53} - c:\windows\system32\cpkhiooa.dll [2008-08-14 45056]
"c:\windows\fonts\ktuxlvyx.dll"= {815EDE81-767D-4636-80F5-141578667A98} - c:\windows\fonts\uulozjer.dll [2009-03-01 53248]
"c:\windows\fonts\ovokwwqi.dll"= {815EDE81-767D-4636-80F5-141578667A98} - c:\windows\fonts\uulozjer.dll [2009-03-01 53248]
"c:\windows\fonts\uulozjer.dll"= {815EDE81-767D-4636-80F5-141578667A98} - c:\windows\fonts\uulozjer.dll [2009-03-01 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360rpt.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360safe.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360safebox.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360tray.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a.exe]
"Debugger"=c:\windows\system32\keepSafe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ANTIARP.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ArSwp.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Ast.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AutoRun.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AutoRunKiller.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AvMonitor.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVP.COM]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVP.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CCenter.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DrRtp.exe]
"Debugger"=c:\windows\system32\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Frameworkservice.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GFUpd.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GuardField.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\HijackThis.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IceSword.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Iparmor.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KASARP.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kav32.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVPFW.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavstart.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kissvc.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kmailmon.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPfwSvc.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KRegEx.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVMonxp.KXP]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVSrvXP.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVWSC.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kwatch.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Mmsk.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Navapsvc.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32krn.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nod32kui.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PFW.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QQDoctor.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAV.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavMon.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavMonD.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Ravservice.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavStub.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavTask.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAVTRAY.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Regedit.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwmain.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwProxy.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwsrv.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rfwstub.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RsAgent.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rsaupd.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RsMain.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rsnetsvr.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RSTray.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Runiep.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\safeboxTray.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ScanFrm.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SREngLdr.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojanDetector.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Trojanwall.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojDie.KXP]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VPC32.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VPTRAY.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WOPTILITIES.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Livecom\\Application\\eConfv4\\livecomp.exe"=
"c:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=

S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-11-21 29744]
S3 myprotector;myprotector;\??\c:\windows\battc.sys --> c:\windows\battc.sys [?]
S3 P1120VID;Creative WebCam NX Ultra;c:\windows\system32\drivers\P1120Vid.sys [2006-02-01 1252474]
S3 PsShutdownSvc;PsShutdown;c:\windows\system32\PSSDNSVC.EXE [2005-08-22 65536]
S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;c:\windows\system32\drivers\WlanUZXP.sys [2007-04-20 260608]
S3 UPDATEDATA;UPDATEDATA;c:\windows\system32\drivers\acpiec.sys [2001-08-23 12032]
S3 ZDCndis5;ZDCndis5 Protocol Driver;c:\windows\system32\zdcndis5.sys [2009-01-16 137664]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - NPF
*NewlyCreated* - ZDPNDIS5

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
MSPolicyAgent REG_MULTI_SZ MSPolicyAgent

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c984ab7c-e6f0-11dd-8d9e-00142a50775a}]
\shell\explore\command - E:\CC.PIF
\shell\open\Command - E:\CC.PIF
.
Contenu du dossier 'Tâches planifiées'

2009-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 14:21]

2009-03-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-23 15:32]

2009-03-01 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHELINS SUPPRIMES - - - -

ShellExecuteHooks-{B3DDF3DF-0A05-4BE9-B37D-7021BD501C7A} - (no file)
ShellExecuteHooks-{A9386267-1CF0-48EC-9DBA-412A44C76334} - (no file)
ShellExecuteHooks-{9B8978FE-5B0E-476D-8F15-3FB5119A42F3} - (no file)
ShellExecuteHooks-{FE494031-756B-4865-99B4-4DE92DDCF609} - (no file)
ShellExecuteHooks-{46184B86-19FF-4A37-9167-4C538027CEBC} - (no file)
ShellExecuteHooks-{AC9A4670-B0B6-4EC7-B6A5-B29FA3530420} - (no file)
ShellExecuteHooks-{9B3DC09A-2613-4613-96F8-F8E305BFF825} - (no file)
ShellExecuteHooks-{C13945CA-D00B-4474-B105-3838809607EA} - (no file)
ShellExecuteHooks-{22EC45F3-1651-409E-8273-6D80E39B4549} - (no file)
ShellExecuteHooks-{391597A0-67FF-4D4F-9AFF-8471E5D0D3C9} - (no file)
ShellExecuteHooks-{BA9620A6-68E8-492D-9B28-7B7416F69673} - (no file)
ShellExecuteHooks-{04D3233B-EC1F-44B3-BBE4-9D76438EEC1E} - (no file)
ShellExecuteHooks-{51E74159-54A6-4355-A78F-55998328FC07} - (no file)
ShellExecuteHooks-{8342F32F-896F-4EDF-9E97-60E84C02EB9A} - (no file)
ShellExecuteHooks-{D64374E8-8B1D-49AB-9284-5072687B6BD3} - D64374E8.dll
SSODL-c:\windows\fonts\kpmtusce.nls-{8342F32F-896F-4EDF-9E97-60E84C02EB9A} - (no file)
SSODL-c:\windows\fonts\naognsup.nls-{8342F32F-896F-4EDF-9E97-60E84C02EB9A} - (no file)
SSODL-c:\windows\fonts\fxcuiwpw.nls-{8342F32F-896F-4EDF-9E97-60E84C02EB9A} - (no file)
SSODL-c:\windows\fonts\yzdocyfg.nls-{8342F32F-896F-4EDF-9E97-60E84C02EB9A} - (no file)
SSODL-c:\windows\fonts\ffdharkf.nls-{8342F32F-896F-4EDF-9E97-60E84C02EB9A} - (no file)
SSODL-c:\windows\fonts\jziarnpj.nls-{8342F32F-896F-4EDF-9E97-60E84C02EB9A} - (no file)
SSODL-c:\windows\fonts\ckzndpxu.nls-{8342F32F-896F-4EDF-9E97-60E84C02EB9A} - (no file)
SSODL-c:\windows\fonts\zmfbkipx.nls-{8342F32F-896F-4EDF-9E97-60E84C02EB9A} - (no file)
SSODL-c:\windows\fonts\enjtdsws.nls-{8342F32F-896F-4EDF-9E97-60E84C02EB9A} - (no file)
SSODL-c:\windows\fonts\ibeanmaq.nls-{8342F32F-896F-4EDF-9E97-60E84C02EB9A} - (no file)

.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://07129.com
mStart Page = hxxp://www.google.com
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
FF - ProfilePath - c:\documents and settings\CKS Andre SNEYAERT\Application Data\Mozilla\Firefox\Profiles\h6n3nsr0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-01 19:13:53
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

c:\windows\Fonts\ktuxlvyx.dll 53248 bytes executable
c:\windows\Fonts\trjrzgeb.dll.dat 53248 bytes executable
c:\windows\Fonts\ovokwwqi.dll 53248 bytes executable
c:\windows\system32\wpcap.dll 240496 bytes executable
c:\windows\system32\Packet.dll 88952 bytes executable
c:\windows\system32\exlds.ini 201 bytes
c:\windows\system32\WanPacket.dll 68480 bytes executable

Scan terminé avec succès
Fichiers cachés: 7

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\FTRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Wanadoo\TaskBarIcon.exe
c:\program files\Brother\ControlCenter3\BrccMCtl.exe
c:\program files\Brother\Brmfcmon\BrMfcMon.exe
c:\docume~1\CKSAND~1\LOCALS~1\temp\sys23.tmp
c:\windows\Fonts\TIMPIatform.exe
c:\windows\system32\wauefe.exe
c:\windows\system32\wauefe.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Heure de fin: 2009-03-01 19:21:14 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-01 18:21:12
ComboFix2.txt 2009-03-01 12:12:08
ComboFix3.txt 2009-02-27 14:30:13
ComboFix4.txt 2009-02-24 17:40:00
ComboFix5.txt 2009-03-01 18:00:22

Avant-CF: 152 568 872 960 octets libres
Après-CF: 152,652,505,088 octets libres

649 --- E O F --- 2009-03-01 11:00:54

Réponse 86 / 123

ROSALLY Messages postés 80 Statut Membre

Ci-après rapport HijackThis
Mille merci Lyonnais pour ton soutiens

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:00:52, on 01/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\sys13.tmp
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\WINDOWS\Fonts\TIMPIatform.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\Fichiers Internet temporaires\Content.IE5\W4OODWWT\HiJackThis[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://07129.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {08CBFE20-8DC8-4195-B8E2-DD66F860469D} - C:\Program Files\Internet Explorer\PowerJa.ask
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Fichiers communs\PushWare\cpush.dll
O2 - BHO: Info cache - {296AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\WINDOWS\Intel\baiduc.dll
O2 - BHO: IETimber - {489873CE-F3E1-44A3-8E89-04BE26BE4446} - C:\Program Files\Internet Explorer\IETimber\IETimber.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Rankey Toolbar(&N) - {C4672F26-5862-40FE-94B8-7B35285DAF82} - C:\Program Files\MediaChannel\Navvy 5.2\NavvyTB.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Rankey Toolbar(&N) - {C4672F26-5862-40FE-94B8-7B35285DAF82} - C:\Program Files\MediaChannel\Navvy 5.2\NavvyTB.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [fenaffiche] C:\Program Files\FenAffiche\FenUnika.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [Livecom] "C:\PROGRA~1\Livecom\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [360safe] C:\WINDOWS\Fonts\wuauclt.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: kkpdiamf.dll,hbofjcgd.dll,cpkhiooa.dll,eojcjojj.dll,okgciood.dll,aihoacbh.dll,hkncnkoh.dll,fmbiohna.dll,haoddjme.dll,iapngipd.dll,pllmeenf.dll,caoabcob.dll
O21 - SSODL: C:\WINDOWS\fonts\guhfpzpq.dll - {815EDE81-767D-4636-80F5-141578667A98} - C:\WINDOWS\fonts\rzzfxhlh.dll
O21 - SSODL: C:\WINDOWS\fonts\nhdysbau.dll - {815EDE81-767D-4636-80F5-141578667A98} - C:\WINDOWS\fonts\rzzfxhlh.dll
O21 - SSODL: C:\WINDOWS\fonts\onpdjbiu.dll - {815EDE81-767D-4636-80F5-141578667A98} - C:\WINDOWS\fonts\rzzfxhlh.dll
O21 - SSODL: C:\WINDOWS\fonts\vhxdhadf.dll - {815EDE81-767D-4636-80F5-141578667A98} - C:\WINDOWS\fonts\rzzfxhlh.dll
O21 - SSODL: C:\WINDOWS\fonts\cjxcnzxr.dll - {815EDE81-767D-4636-80F5-141578667A98} - C:\WINDOWS\fonts\rzzfxhlh.dll
O21 - SSODL: CA8ABC8B - {CA8ABC8B-93B1-4818-ACA5-37131E0523D8} - C:\WINDOWS\system32\caoabcob.dll
O21 - SSODL: C:\WINDOWS\fonts\fecmencv.dll - {815EDE81-767D-4636-80F5-141578667A98} - C:\WINDOWS\fonts\rzzfxhlh.dll
O21 - SSODL: 9556EE7F - {9556EE7F-D5B7-4DE4-819F-90B9408AF39E} - C:\WINDOWS\system32\pllmeenf.dll
O21 - SSODL: C:\WINDOWS\fonts\wxluanmz.dll - {815EDE81-767D-4636-80F5-141578667A98} - C:\WINDOWS\fonts\rzzfxhlh.dll
O21 - SSODL: C:\WINDOWS\fonts\trjrzgeb.dll - {815EDE81-767D-4636-80F5-141578667A98} - C:\WINDOWS\fonts\rzzfxhlh.dll
O21 - SSODL: 2A97029D - {2A97029D-5F87-40B7-AC87-BDFC8BE941E3} - C:\WINDOWS\system32\iapngipd.dll
O21 - SSODL: 1A8DD36E - {1A8DD36E-3DE4-484B-B498-51E0F66688E6} - C:\WINDOWS\system32\haoddjme.dll
O21 - SSODL: F6B2817A - {F6B2817A-4836-4870-928F-236264E3AF32} - C:\WINDOWS\system32\fmbiohna.dll
O21 - SSODL: 147C7481 - {147C7481-5793-4972-A433-C7C6DCB2A4DA} - C:\WINDOWS\system32\hkncnkoh.dll
O21 - SSODL: A218ACB1 - {A218ACB1-0EC2-413A-B72D-5411FBC6193F} - C:\WINDOWS\system32\aihoacbh.dll
O21 - SSODL: 840C288D - {840C288D-33C2-4932-846F-5B3A1FC6FCAD} - C:\WINDOWS\system32\okgciood.dll
O21 - SSODL: E83C3833 - {E83C3833-A1EE-4C18-B34E-ACD20C0A646C} - C:\WINDOWS\system32\eojcjojj.dll
O21 - SSODL: 1B8F3C0D - {1B8F3C0D-D80F-428C-BBE1-013634121393} - C:\WINDOWS\system32\hbofjcgd.dll
O21 - SSODL: 449D2A6F - {449D2A6F-94FC-40BF-A260-6968AC4B060B} - C:\WINDOWS\system32\kkpdiamf.dll
O21 - SSODL: C941288A - {C941288A-27FC-484E-AC78-BA04CB41FD53} - C:\WINDOWS\system32\cpkhiooa.dll
O21 - SSODL: C:\WINDOWS\fonts\ktuxlvyx.dll - {815EDE81-767D-4636-80F5-141578667A98} - C:\WINDOWS\fonts\rzzfxhlh.dll
O21 - SSODL: C:\WINDOWS\fonts\ovokwwqi.dll - {815EDE81-767D-4636-80F5-141578667A98} - C:\WINDOWS\fonts\rzzfxhlh.dll
O21 - SSODL: C:\WINDOWS\fonts\uulozjer.dll - {815EDE81-767D-4636-80F5-141578667A98} - C:\WINDOWS\fonts\rzzfxhlh.dll
O21 - SSODL: C:\WINDOWS\fonts\ejkfoyrw.dll - {815EDE81-767D-4636-80F5-141578667A98} - C:\WINDOWS\fonts\rzzfxhlh.dll
O21 - SSODL: C:\WINDOWS\fonts\utxnvcfx.nls - {8342F32F-896F-4EDF-9E97-60E84C02EB9A} - (no file)
O21 - SSODL: C:\WINDOWS\fonts\uxulezvn.dll - {815EDE81-767D-4636-80F5-141578667A98} - C:\WINDOWS\fonts\rzzfxhlh.dll
O21 - SSODL: C:\WINDOWS\fonts\bjqdhbgi.nls - {8342F32F-896F-4EDF-9E97-60E84C02EB9A} - (no file)
O21 - SSODL: C:\WINDOWS\fonts\qgzjfbmt.dll - {815EDE81-767D-4636-80F5-141578667A98} - C:\WINDOWS\fonts\rzzfxhlh.dll
O21 - SSODL: C:\WINDOWS\fonts\xizilahe.nls - {8342F32F-896F-4EDF-9E97-60E84C02EB9A} - (no file)
O21 - SSODL: C:\WINDOWS\fonts\nixfntfw.nls - {8342F32F-896F-4EDF-9E97-60E84C02EB9A} - (no file)
O21 - SSODL: C:\WINDOWS\fonts\rzzfxhlh.dll - {815EDE81-767D-4636-80F5-141578667A98} - C:\WINDOWS\fonts\rzzfxhlh.dll
O21 - SSODL: C:\WINDOWS\fonts\vvflczyv.nls - {8342F32F-896F-4EDF-9E97-60E84C02EB9A} - (no file)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PsShutdown (PsShutdownSvc) - Systems Internals - C:\WINDOWS\System32\PSSDNSVC.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Réponse 87 / 123

ROSALLY Messages postés 80 Statut Membre

re bonsoi
j'ai pas mal de messages qui m'empeche de travail, constament sur l'ecran

Erreur d'application :
sys57.tmp
regsvr32.exe
sys5B.tmp
mbam.exe
GestMAJ.exe
shell.exe
Toaster.exe
Inactivity.exe
.
.
.
.
.
.etc

Réponse 88 / 123

Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537

Re,

changement de tactique.

=================

Supprime Combofix.exe sur ton Bureau et télécharge ici la dernière version :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le Bureau.

Ne l'exécute pas.

==================

Tesefo

Copie ou imprime les instructions avant

Déconnecte toi d'internet et ferme toutes tes applications.

Désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

Killall::

Driver::
Network Monitor Protocol Driver

File::
%Windir%\inf\oem8.inf
%Windir%\inf\oem8.PNF
%System%\drivers\winyyy.sys

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{3A45FFFA-5F36-4A18-A3C7-0990EC4E9662}]
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MYPROT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MyProt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{3A45FFFA-5F36-4A18-A3C7-0990EC4E9662}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYPROT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyProt

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe

Clique sur le fichier CFscript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscrïpt vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Réactive ton parefeu, ton antivirus, la garde de ton antispyware

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation.

Réponse 89 / 123

ROSALLY Messages postés 80 Statut Membre

bonjour Lyonnais
ci-après le rapport de ComboFix
ça m'a été très difficile de travailler avec les messages d'Erreur d'aplication qui n'arrêtent pas de s'afficher
sur l'ecran et du coup m'empeche ou me bloque d'avancer...

ComboFix 09-03-01.01 - CKS Andre SNEYAERT 2009-03-02 16:40:36.13 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.894.474 [GMT 1:00]
Lancé depuis: c:\documents and settings\CKS Andre SNEYAERT\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\CKS Andre SNEYAERT\Bureau\CFscript.txt
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\bccd.pif
c:\program files\Fichiers communs\PushWare
c:\program files\Fichiers communs\PushWare\cpush.dll
c:\program files\Fichiers communs\PushWare\cpush0.dll
c:\program files\Fichiers communs\PushWare\Uninst.exe
c:\windows\Downloaded Program Files\explorer.exe
c:\windows\Intel\baiduc.dll
c:\windows\KB611311.log
c:\windows\system32\B4eocaps.SRG
c:\windows\system32\drivers\acpidisk.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\gprmsgse.axz
c:\windows\system32\gscpx32r.det
c:\windows\system32\mprmsgse.axz
c:\windows\system32\mscpx32r.det
c:\windows\system32\Packet.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ACPIDISK
-------\Legacy_NPF
-------\Service_acpidisk
-------\Service_npf

((((((((((((((((((((((((((((( Fichiers créés du 2009-02-02 au 2009-03-02 ))))))))))))))))))))))))))))))))))))
.

2009-03-02 16:47 . 2009-03-02 16:47 35,538 --a------ c:\program files\bccd.pif
2009-03-02 16:36 . 2009-03-02 16:36 13,531 --a------ c:\windows\system32\wauefe.exe
2009-03-02 15:45 . 2009-03-02 16:21 13,531 --a------ c:\windows\system32\wauefe.exe.vzr
2009-03-02 11:38 . 2009-03-02 11:38 40 --a------ c:\windows\tmp.dat
2009-03-02 11:38 . 2009-03-02 11:38 37 --a------ c:\windows\sys.ini
2009-03-01 19:56 . 2009-02-04 07:58 121,604 --a------ c:\windows\system32\drivers\pnpmem.sys
2009-03-01 19:56 . 2009-03-01 19:56 32 --a------ c:\windows\system32\ormsgse.axz
2009-03-01 19:42 . 2009-03-02 16:33 <REP> d-------- c:\windows\system32\ZoneLabs
2009-03-01 19:15 . 2009-03-02 16:47 143 --a------ c:\windows\system32\exlds.ini
2009-03-01 19:00 . 2009-03-01 19:21 <REP> d-------- C:\Fixfix
2009-03-01 18:55 . 2009-03-01 18:55 13,944 --ahs---- c:\windows\system32\D64374E8.dll
2009-03-01 18:55 . 2009-03-01 18:55 236 --ahs---- c:\windows\system32\D64374E8.cfg
2009-03-01 13:51 . 2009-03-01 19:01 21,248 --a------ c:\windows\winyyy.sys
2009-03-01 13:15 . 2009-03-01 13:15 267,152 --a------ C:\zasuiteSetup_en.exe
2009-03-01 12:56 . 2009-03-01 12:56 14,998 --ahs---- c:\windows\system32\201476D0.dll
2009-03-01 12:52 . 2009-03-01 12:52 13,926 --ahs---- c:\windows\system32\72B29486.dll
2009-03-01 12:49 . 2009-03-01 12:49 14,444 --a------ c:\windows\system32\91C7DF6D.dll.vzr
2009-03-01 12:49 . 2009-03-01 16:20 388 --ahs---- c:\windows\system32\91C7DF6D.cfg
2009-03-01 12:19 . 2009-03-01 12:19 401,720 --a------ C:\HiJackThis.exe
2009-02-28 19:16 . 2009-02-28 19:17 13,531 --a------ c:\windows\system32\waudfe.exe
2009-02-26 00:55 . 2009-03-01 18:50 1,354,483 --a------ c:\windows\setupapi.log.3.old
2009-02-25 23:29 . 2009-03-02 15:41 2,354 --a------ C:\rollback.ini
2009-02-25 20:26 . 2009-02-25 20:26 <REP> d-------- c:\program files\SonicWallES
2009-02-25 19:09 . 2009-02-25 19:26 <REP> d-------- C:\Combo-Fix
2009-02-25 17:25 . 2009-02-25 17:25 200 --ahs---- c:\windows\system32\72B29486.cfg
2009-02-25 13:58 . 2009-02-25 13:58 <REP> d-------- c:\program files\Zone Labs
2009-02-25 13:58 . 2009-03-01 19:44 4,212 --ah----- c:\windows\system32\zllictbl.dat
2009-02-25 13:56 . 2009-03-02 16:33 <REP> d-------- c:\windows\Internet Logs
2009-02-24 19:17 . 2009-03-01 19:01 2,681 --a------ c:\windows\winsys.inf
2009-02-24 18:55 . 2009-02-24 18:55 1,811 --a------ c:\windows\ACROREAD.INI
2009-02-23 16:50 . 2004-08-05 13:00 4,224 --a------ c:\windows\system32\drivers\beep.sys
2009-02-23 16:50 . 2004-08-05 13:00 4,224 --a--c--- c:\windows\system32\dllcache\beep.sys
2009-02-21 00:01 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-21 00:00 . 2009-02-21 00:01 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-21 00:00 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-20 23:13 . 2009-02-20 23:13 396,288 --a------ c:\windows\HijackThis.exe
2009-02-20 22:23 . 2009-03-01 12:13 <REP> d-------- C:\ToolBar SD
2009-02-20 21:43 . 2009-02-20 21:43 16,656 --a------ C:\mbam-log-2009-02-20 (21-42-58)VIRUS
2009-02-20 19:50 . 2009-02-20 19:50 15,069 --a------ c:\windows\system32\telechargement-159-hijackthis.htm
2009-02-20 19:04 . 2009-02-20 19:04 <REP> d-------- c:\program files\MediaChannel
2009-02-20 16:08 . 2009-02-20 16:08 <REP> d-------- c:\documents and settings\CKS Andre SNEYAERT\Application Data\Malwarebytes
2009-02-20 16:08 . 2009-02-20 16:08 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-20 13:11 . 2003-03-18 21:20 1,060,864 --a------ c:\windows\system32\mfc71.dll
2009-02-20 13:01 . 2009-02-20 13:01 520,052 --a------ c:\windows\system32\mfc71.7z
2009-02-20 12:55 . 2009-02-20 13:00 <REP> d-------- c:\windows\system32\mfc71
2009-02-20 12:01 . 2009-02-20 12:02 514,940 -rah----- c:\windows\system32\mfc71.zip
2009-02-20 11:31 . 2009-02-20 11:31 <REP> d-------- c:\documents and settings\CKS Andre SNEYAERT\Application Data\Uniblue
2009-02-19 18:50 . <REP> c:\windows\$WIND$
2009-02-19 18:45 . 2009-02-20 22:16 <REP> d-------- c:\program files\Goto Software
2009-02-19 18:45 . 2009-02-20 22:16 <REP> d-------- c:\program files\Fichiers communs\Goto Software
2009-02-19 18:45 . 2009-02-19 18:45 <REP> d-------- c:\documents and settings\CKS Andre SNEYAERT\Application Data\VadeRetro
2009-02-19 18:45 . 2009-02-20 22:16 <REP> d-------- c:\documents and settings\All Users\Application Data\VadeRetro
2009-02-19 16:43 . <REP> c:\windows\WinShell
2009-02-18 19:42 . 2009-02-18 19:42 31,232 --a------ C:\Relevé de compte LAW YAT au 31.12.2008.doc
2009-02-17 14:47 . 2009-03-02 16:47 <REP> d-------- c:\windows\Intel
2009-02-17 14:45 . 2008-04-14 03:33 19,968 --a--c--- c:\windows\system32\dllcache\linkinfo.dll
2009-02-07 23:10 . 2009-02-07 23:10 170,496 --a------ C:\FINE CRUSH LTD.doc
2009-02-04 10:50 . 2009-02-04 10:50 24,576 --a------ c:\windows\system32\nsis_loader.dll
2009-02-02 21:59 . 2009-02-02 21:59 66,048 --a------ C:\Proposition APOLLO pour Ile MAURICE.doc
2009-02-02 17:57 . 2009-02-02 17:57 48,640 --a------ C:\Clients Ile MAURICE.doc
2009-02-02 12:23 . 2009-02-05 11:49 25,088 --a------ C:\A T T E S T A T I O N Impotsssssssssss.doc
2009-02-02 10:47 . 2009-02-02 10:47 30,720 --a------ C:\A T T E S T A T I O N - I m p o t s.doc

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-02 15:47 --------- d-----w c:\program files\Wanadoo
2009-03-02 15:46 10,356 ----a-w c:\windows\Fonts\TIMPIatform.exe
2009-03-02 15:34 --------- d-----w c:\documents and settings\CKS Andre SNEYAERT\Application Data\Skype
2009-03-02 14:27 53,248 ----a-w c:\windows\Fonts\hdvlediv.dll
2009-03-02 14:19 19,968 ----a-w c:\windows\Fonts\wuauclt.exe
2009-03-02 11:28 53,248 ----a-w c:\windows\Fonts\zwkytzhe.dll
2009-03-02 11:28 53,248 ----a-w c:\windows\Fonts\qwinvafv.dll
2009-03-02 10:23 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-03-01 21:32 42 ----a-w c:\windows\Fonts\gzdnf01.dat
2009-03-01 21:32 42 ----a-w c:\windows\Fonts\GBUNHAK.nls
2009-03-01 18:16 53,248 ----a-w c:\windows\Fonts\ktuxlvyx.dll
2009-03-01 14:21 53,248 ----a-w c:\windows\Fonts\guhfpzpq.dll
2009-03-01 10:56 2,356 ----a-w c:\windows\Fonts\note.exe
2009-02-27 19:26 --------- d-----w c:\program files\SurfingEnhancer
2009-02-26 10:44 --------- d-----w c:\program files\FenAffiche
2009-02-25 17:50 --------- d-----w c:\program files\Common
2009-02-25 17:40 24,576 ----a-w c:\windows\TEMPIadHide3.dll
2009-02-23 22:43 431,922 ----a-w c:\program files\HJTInstall.7z
2009-02-18 18:10 --------- d-----w c:\program files\Google
2009-01-23 20:21 --------- d-----w c:\documents and settings\All Users\Application Data\288537758
2009-01-21 19:07 --------- d-----w c:\program files\EnveloppesEditor1.09
2009-01-21 16:56 --------- d-----w c:\documents and settings\CKS Andre SNEYAERT\Application Data\PC-FAX TX
2009-01-16 17:15 137,664 ----a-w c:\windows\system32\drivers\adiusbaw.sys
2008-09-22 09:52 85,504 ----a-w c:\documents and settings\CKS Andre SNEYAERT\Application Data\GDIPFONTCACHEV1.DAT
2008-09-04 14:43 1,940 ----a-w c:\documents and settings\CKS Andre SNEYAERT\Application Data\ViewerApp.dat
2008-09-27 10:02 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-03-01_19.19.27.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-01 18:15:49 49,152 ----a-w c:\windows\system32\npptools.dll
+ 2008-04-14 02:33:36 55,296 ----a-w c:\windows\system32\npptools.dll
+ 2009-03-02 15:45:45 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6e8.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}]
2009-02-24 03:08 196608 --a------ c:\program files\Fichiers communs\PushWare\cpush.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{296AB8C6-FB22-4D17-8834-064E2BA0A6F0}]
2009-03-09 04:43 155648 -ra------ c:\windows\Intel\baiduc.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"Livecom"="c:\progra~1\Livecom\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" [2006-02-23 237568]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-02-09 25388584]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-01 68856]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2002-07-17 204863]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fenaffiche"="c:\program files\FenAffiche\FenUnika.exe" [BU]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Microsoft Works Update Detection"="c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-18 28672]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-20 136600]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CAMTRAY.EXE" [2003-10-13 184320]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-27 29744]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-23 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"SiSPower"="SiSPower.dll" [2005-04-12 c:\windows\system32\SiSPower.dll]
"SoundMan"="SOUNDMAN.EXE" [2005-03-24 c:\windows\SOUNDMAN.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"CPushSetup"="c:\program files\Fichiers communs\PushWare\cpush.dll" [2009-02-24 196608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 36040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9d.exe" [2007-06-11 190696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"360safe"="c:\windows\Fonts\wuauclt.exe" [2009-03-02 19968]

c:\documents and settings\CKS Andre SNEYAERT\Menu D‚marrer\Programmes\D‚marrage\
Outil de d‚tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-07-19 385024]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2006-04-28 151552]
Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2006-04-28 106496]
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe [2007-04-20 835584]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{91C7DF6D-AEF5-4136-9252-AF030D7A5931}"= "91C7DF6D.dll" [BU]
"{1957817A-94B2-4CAC-B113-A331809B5730}"= "1957817A.dll" [BU]
"{E83C3833-A1EE-4C18-B34E-ACD20C0A646C}"= "c:\windows\system32\eojcjojj.dll" [2008-08-14 40960]
"{1B8F3C0D-D80F-428C-BBE1-013634121393}"= "c:\windows\system32\hbofjcgd.dll" [2008-08-14 49152]
"{C941288A-27FC-484E-AC78-BA04CB41FD53}"= "c:\windows\system32\cpkhiooa.dll" [2008-08-14 45056]
"{D64374E8-8B1D-49AB-9284-5072687B6BD3}"= "D64374E8.dll" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"E83C3833"= {E83C3833-A1EE-4C18-B34E-ACD20C0A646C} - c:\windows\system32\eojcjojj.dll [2008-08-14 40960]
"1B8F3C0D"= {1B8F3C0D-D80F-428C-BBE1-013634121393} - c:\windows\system32\hbofjcgd.dll [2008-08-14 49152]
"C941288A"= {C941288A-27FC-484E-AC78-BA04CB41FD53} - c:\windows\system32\cpkhiooa.dll [2008-08-14 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=hbofjcgd.dll cpkhiooa.dll eojcjojj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360rpt.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360safe.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360safebox.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360tray.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a.exe]
"Debugger"=c:\windows\system32\keepSafe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ANTIARP.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ArSwp.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Ast.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AutoRun.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AutoRunKiller.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AvMonitor.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVP.COM]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVP.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CCenter.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DrRtp.exe]
"Debugger"=c:\windows\system32\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Frameworkservice.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GFUpd.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GuardField.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\HijackThis.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IceSword.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Iparmor.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KASARP.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kav32.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVPFW.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavstart.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kissvc.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kmailmon.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPfwSvc.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KRegEx.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVMonxp.KXP]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVSrvXP.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVWSC.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kwatch.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Mmsk.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Navapsvc.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32krn.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nod32kui.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PFW.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QQDoctor.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAV.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavMon.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavMonD.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Ravservice.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavStub.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavTask.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAVTRAY.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Regedit.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwmain.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwProxy.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwsrv.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rfwstub.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RsAgent.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rsaupd.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RsMain.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rsnetsvr.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RSTray.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Runiep.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\safeboxTray.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ScanFrm.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SREngLdr.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojanDetector.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Trojanwall.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojDie.KXP]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VPC32.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VPTRAY.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WOPTILITIES.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Livecom\\Application\\eConfv4\\livecomp.exe"=
"c:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=

R2 pnpmem;pnpmem;c:\windows\system32\drivers\pnpmem.sys [2009-03-01 121604]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-11-21 29744]
S3 myprotector;myprotector;\??\c:\windows\battc.sys --> c:\windows\battc.sys [?]
S3 P1120VID;Creative WebCam NX Ultra;c:\windows\system32\drivers\P1120Vid.sys [2006-02-01 1252474]
S3 PsShutdownSvc;PsShutdown;c:\windows\system32\PSSDNSVC.EXE [2005-08-22 65536]
S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;c:\windows\system32\drivers\WlanUZXP.sys [2007-04-20 260608]
S3 UPDATEDATA;UPDATEDATA;c:\windows\system32\drivers\acpiec.sys [2001-08-23 12032]
S3 ZDCndis5;ZDCndis5 Protocol Driver;c:\windows\system32\zdcndis5.sys [2009-01-16 137664]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - NPF

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
MSPolicyAgent REG_MULTI_SZ MSPolicyAgent

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c984ab7c-e6f0-11dd-8d9e-00142a50775a}]
\shell\explore\command - E:\CC.PIF
\shell\open\Command - E:\CC.PIF
.
Contenu du dossier 'Tâches planifiées'

2009-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 14:21]

2009-03-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-23 15:32]

2009-03-02 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{08CBFE20-8DC8-4195-B8E2-DD66F860469D} - c:\program files\Internet Explorer\PowerJa.ask
BHO-{489873CE-F3E1-44A3-8E89-04BE26BE4446} - (no file)
ShellExecuteHooks-{B3DDF3DF-0A05-4BE9-B37D-7021BD501C7A} - (no file)
ShellExecuteHooks-{A9386267-1CF0-48EC-9DBA-412A44C76334} - (no file)
ShellExecuteHooks-{9B8978FE-5B0E-476D-8F15-3FB5119A42F3} - (no file)
ShellExecuteHooks-{FE494031-756B-4865-99B4-4DE92DDCF609} - (no file)
ShellExecuteHooks-{46184B86-19FF-4A37-9167-4C538027CEBC} - (no file)
ShellExecuteHooks-{AC9A4670-B0B6-4EC7-B6A5-B29FA3530420} - (no file)
ShellExecuteHooks-{9B3DC09A-2613-4613-96F8-F8E305BFF825} - (no file)
ShellExecuteHooks-{C13945CA-D00B-4474-B105-3838809607EA} - (no file)
ShellExecuteHooks-{22EC45F3-1651-409E-8273-6D80E39B4549} - (no file)
ShellExecuteHooks-{391597A0-67FF-4D4F-9AFF-8471E5D0D3C9} - (no file)
ShellExecuteHooks-{BA9620A6-68E8-492D-9B28-7B7416F69673} - (no file)
ShellExecuteHooks-{04D3233B-EC1F-44B3-BBE4-9D76438EEC1E} - (no file)
ShellExecuteHooks-{51E74159-54A6-4355-A78F-55998328FC07} - (no file)
ShellExecuteHooks-{08CBFE20-8DC8-4195-B8E2-DD66F860469D} - c:\program files\Internet Explorer\PowerJa.ask
ShellExecuteHooks-{815EDE81-767D-4636-80F5-141578667A98} - c:\windows\fonts\spswdgis.dll
ShellExecuteHooks-{8342F32F-896F-4EDF-9E97-60E84C02EB9A} - (no file)
ShellExecuteHooks-{CA8ABC8B-93B1-4818-ACA5-37131E0523D8} - c:\windows\system32\caoabcob.dll
ShellExecuteHooks-{9556EE7F-D5B7-4DE4-819F-90B9408AF39E} - c:\windows\system32\pllmeenf.dll
ShellExecuteHooks-{2A97029D-5F87-40B7-AC87-BDFC8BE941E3} - c:\windows\system32\iapngipd.dll
ShellExecuteHooks-{1A8DD36E-3DE4-484B-B498-51E0F66688E6} - c:\windows\system32\haoddjme.dll
ShellExecuteHooks-{F6B2817A-4836-4870-928F-236264E3AF32} - c:\windows\system32\fmbiohna.dll
ShellExecuteHooks-{147C7481-5793-4972-A433-C7C6DCB2A4DA} - c:\windows\system32\hkncnkoh.dll
ShellExecuteHooks-{A218ACB1-0EC2-413A-B72D-5411FBC6193F} - c:\windows\system32\aihoacbh.dll
ShellExecuteHooks-{840C288D-33C2-4932-846F-5B3A1FC6FCAD} - c:\windows\system32\okgciood.dll
ShellExecuteHooks-{449D2A6F-94FC-40BF-A260-6968AC4B060B} - c:\windows\system32\kkpdiamf.dll
SSODL-c:\windows\fonts\guhfpzpq.dll-{815EDE81-767D-4636-80F5-141578667A98} - c:\windows\fonts\spswdgis.dll
SSODL-c:\windows\fonts\nhdysbau.dll-{815EDE81-767D-4636-80F5-141578667A98} - c:\windows\fonts\spswdgis.dll
SSODL-c:\windows\fonts\onpdjbiu.dll-{815EDE81-767D-4636-80F5-141578667A98} - c:\windows\fonts\spswdgis.dll
SSODL-c:\windows\fonts\vhxdhadf.dll-{815EDE81-767D-4636-80F5-141578667A98} - c:\windows\fonts\spswdgis.dll
SSODL-c:\windows\fonts\cjxcnzxr.dll-{815EDE81-767D-4636-80F5-141578667A98} - c:\windows\fonts\spswdgis.dll
SSODL-CA8ABC8B-{CA8ABC8B-93B1-4818-ACA5-37131E0523D8} - c:\windows\system32\caoabcob.dll
SSODL-c:\windows\fonts\fecmencv.dll-{815EDE81-767D-4636-80F5-141578667A98} - c:\windows\fonts\spswdgis.dll
SSODL-9556EE7F-{9556EE7F-D5B7-4DE4-819F-90B9408AF39E} - c:\windows\system32\pllmeenf.dll
SSODL-c:\windows\fonts\wxluanmz.dll-{815EDE81-767D-4636-80F5-141578667A98} - c:\windows\fonts\spswdgis.dll
SSODL-c:\windows\fonts\trjrzgeb.dll-{815EDE81-767D-4636-80F5-141578667A98} - c:\windows\fonts\spswdgis.dll
SSODL-2A97029D-{2A97029D-5F87-40B7-AC87-BDFC8BE941E3} - c:\windows\system32\iapngipd.dll
SSODL-1A8DD36E-{1A8DD36E-3DE4-484B-B498-51E0F66688E6} - c:\windows\system32\haoddjme.dll
SSODL-F6B2817A-{F6B2817A-4836-4870-928F-236264E3AF32} - c:\windows\system32\fmbiohna.dll
SSODL-147C7481-{147C7481-5793-4972-A433-C7C6DCB2A4DA} - c:\windows\system32\hkncnkoh.dll
SSODL-A218ACB1-{A218ACB1-0EC2-413A-B72D-5411FBC6193F} - c:\windows\system32\aihoacbh.dll
SSODL-840C288D-{840C288D-33C2-4932-846F-5B3A1FC6FCAD} - c:\windows\system32\okgciood.dll
SSODL-449D2A6F-{449D2A6F-94FC-40BF-A260-6968AC4B060B} - c:\windows\system32\kkpdiamf.dll
SSODL-c:\windows\fonts\ktuxlvyx.dll-{815EDE81-767D-4636-80F5-141578667A98} - c:\windows\fonts\spswdgis.dll
SSODL-c:\windows\fonts\ovokwwqi.dll-{815EDE81-767D-4636-80F5-141578667A98} - c:\windows\fonts\spswdgis.dll
SSODL-c:\windows\fonts\uulozjer.dll-{815EDE81-767D-4636-80F5-141578667A98} - c:\windows\fonts\spswdgis.dll
SSODL-c:\windows\fonts\ejkfoyrw.dll-{815EDE81-767D-4636-80F5-141578667A98} - c:\windows\fonts\spswdgis.dll
SSODL-c:\windows\fonts\utxnvcfx.nls-{8342F32F-896F-4EDF-9E97-60E84C02EB9A} - (no file)
SSODL-c:\windows\fonts\uxulezvn.dll-{815EDE81-767D-4636-80F5-141578667A98} - c:\windows\fonts\spswdgis.dll
SSODL-c:\windows\fonts\bjqdhbgi.nls-{8342F32F-896F-4EDF-9E97-60E84C02EB9A} - (no file)
SSODL-c:\windows\fonts\qgzjfbmt.dll-{815EDE81-767D-4636-80F5-141578667A98} - c:\windows\fonts\spswdgis.dll
SSODL-c:\windows\fonts\xizilahe.nls-{8342F32F-896F-4EDF-9E97-60E84C02EB9A} - (no file)
SSODL-c:\windows\fonts\nixfntfw.nls-{8342F32F-896F-4EDF-9E97-60E84C02EB9A} - (no file)
SSODL-c:\windows\fonts\rzzfxhlh.dll-{815EDE81-767D-4636-80F5-141578667A98} - c:\windows\fonts\spswdgis.dll
SSODL-c:\windows\fonts\vvflczyv.nls-{8342F32F-896F-4EDF-9E97-60E84C02EB9A} - (no file)
SSODL-c:\windows\fonts\zwkytzhe.dll-{815EDE81-767D-4636-80F5-141578667A98} - c:\windows\fonts\spswdgis.dll
SSODL-c:\windows\fonts\qwinvafv.dll-{815EDE81-767D-4636-80F5-141578667A98} - c:\windows\fonts\spswdgis.dll
SSODL-c:\windows\fonts\jfbphvnf.dll-{815EDE81-767D-4636-80F5-141578667A98} - c:\windows\fonts\spswdgis.dll
SSODL-c:\windows\fonts\daqdgrus.nls-{8342F32F-896F-4EDF-9E97-60E84C02EB9A} - (no file)
SSODL-c:\windows\fonts\qpuvpszy.nls-{8342F32F-896F-4EDF-9E97-60E84C02EB9A} - (no file)
SSODL-c:\windows\fonts\kqmpbmii.nls-{8342F32F-896F-4EDF-9E97-60E84C02EB9A} - (no file)
SSODL-c:\windows\fonts\hdvlediv.dll-{815EDE81-767D-4636-80F5-141578667A98} - c:\windows\fonts\spswdgis.dll
SSODL-c:\windows\fonts\uszvneoc.dll-{815EDE81-767D-4636-80F5-141578667A98} - c:\windows\fonts\spswdgis.dll
SSODL-c:\windows\fonts\feegguko.nls-{8342F32F-896F-4EDF-9E97-60E84C02EB9A} - (no file)
SSODL-c:\windows\fonts\yofiawbq.nls-{8342F32F-896F-4EDF-9E97-60E84C02EB9A} - (no file)
SSODL-c:\windows\fonts\spswdgis.dll-{815EDE81-767D-4636-80F5-141578667A98} - c:\windows\fonts\spswdgis.dll
SSODL-c:\windows\fonts\pbmehjif.nls-{8342F32F-896F-4EDF-9E97-60E84C02EB9A} - (no file)

.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://07129.com
mStart Page = hxxp://www.google.com
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
FF - ProfilePath - c:\documents and settings\CKS Andre SNEYAERT\Application Data\Mozilla\Firefox\Profiles\h6n3nsr0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 16:46:28
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

c:\docume~1\CKSAND~1\LOCALS~1\Temp\Fichiers Internet temporaires\Content.IE5\NNQXDYTF\10[1].exe 170576 bytes executable
c:\docume~1\CKSAND~1\LOCALS~1\Temp\Fichiers Internet temporaires\Content.IE5\NNQXDYTF\10[2].exe 141040 bytes executable
c:\windows\system32\wpcap.dll 240496 bytes executable
c:\windows\system32\Packet.dll 88952 bytes executable
c:\windows\system32\WanPacket.dll 68480 bytes executable

Scan terminé avec succès
Fichiers cachés: 5

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(540)
c:\windows\system32\syslib .dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\FTRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Wanadoo\TaskBarIcon.exe
c:\windows\Fonts\TIMPIatform.exe
c:\program files\Brother\ControlCenter3\BrccMCtl.exe
c:\windows\system32\ALERTM~1\ALERTM~1.EXE
c:\program files\Brother\Brmfcmon\BrMfcMon.exe
c:\progra~1\Wanadoo\EspaceWanadoo.exe
c:\progra~1\Wanadoo\ComComp.exe
c:\progra~1\Wanadoo\Toaster.exe
c:\progra~1\Wanadoo\Inactivity.exe
c:\progra~1\Wanadoo\PollingModule.exe
c:\windows\system32\wauefe.exe
.
**************************************************************************
.
Heure de fin: 2009-03-02 16:53:47 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-02 15:53:44
ComboFix2.txt 2009-03-01 18:21:17
ComboFix3.txt 2009-03-01 12:12:08
ComboFix4.txt 2009-02-27 14:30:13
ComboFix5.txt 2009-03-02 15:39:58

Avant-CF: 152 836 214 784 octets libres
Après-CF: 152,912,760,832 octets libres

499 --- E O F --- 2009-03-01 21:35:04

Réponse 90 / 123

ROSALLY Messages postés 80 Statut Membre

Ci-après rapport Hijackthis
merci Lyonnais

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:38:29, on 02/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Fonts\wuauclt.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\Fonts\TIMPIatform.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Livecom\Toaster\Toaster.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\internet explorer\iexplore.exe
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\Fichiers Internet temporaires\Content.IE5\O4IU0DY5\HiJackThis[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://07129.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {08CBFE20-8DC8-4195-B8E2-DD66F860469D} - C:\Program Files\Internet Explorer\PowerJa.ask (file missing)
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Fichiers communs\PushWare\cpush.dll
O2 - BHO: Info cache - {296AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\WINDOWS\Intel\baiduc.dll
O2 - BHO: IETimber - {489873CE-F3E1-44A3-8E89-04BE26BE4446} - C:\Program Files\Internet Explorer\IETimber\IETimber.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Rankey Toolbar(&N) - {C4672F26-5862-40FE-94B8-7B35285DAF82} - C:\Program Files\MediaChannel\Navvy 5.2\NavvyTB.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Rankey Toolbar(&N) - {C4672F26-5862-40FE-94B8-7B35285DAF82} - C:\Program Files\MediaChannel\Navvy 5.2\NavvyTB.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [fenaffiche] C:\Program Files\FenAffiche\FenUnika.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [Livecom] "C:\PROGRA~1\Livecom\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [360safe] C:\WINDOWS\Fonts\wuauclt.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: hbofjcgd.dll cpkhiooa.dll eojcjojj.dll
O21 - SSODL: E83C3833 - {E83C3833-A1EE-4C18-B34E-ACD20C0A646C} - C:\WINDOWS\system32\eojcjojj.dll
O21 - SSODL: 1B8F3C0D - {1B8F3C0D-D80F-428C-BBE1-013634121393} - C:\WINDOWS\system32\hbofjcgd.dll
O21 - SSODL: C941288A - {C941288A-27FC-484E-AC78-BA04CB41FD53} - C:\WINDOWS\system32\cpkhiooa.dll
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PsShutdown (PsShutdownSvc) - Systems Internals - C:\WINDOWS\System32\PSSDNSVC.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Réponse 91 / 123

ROSALLY Messages postés 80 Statut Membre

je reposte le rapport de Hijackthis
car je ne le vois pas s'affiche
excuses s'il s'affiche 2 fois
un Grand merci à toi Lyonnais

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:38:29, on 02/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Fonts\wuauclt.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\Fonts\TIMPIatform.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Livecom\Toaster\Toaster.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\internet explorer\iexplore.exe
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\Fichiers Internet temporaires\Content.IE5\O4IU0DY5\HiJackThis[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://07129.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {08CBFE20-8DC8-4195-B8E2-DD66F860469D} - C:\Program Files\Internet Explorer\PowerJa.ask (file missing)
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Fichiers communs\PushWare\cpush.dll
O2 - BHO: Info cache - {296AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\WINDOWS\Intel\baiduc.dll
O2 - BHO: IETimber - {489873CE-F3E1-44A3-8E89-04BE26BE4446} - C:\Program Files\Internet Explorer\IETimber\IETimber.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Rankey Toolbar(&N) - {C4672F26-5862-40FE-94B8-7B35285DAF82} - C:\Program Files\MediaChannel\Navvy 5.2\NavvyTB.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Rankey Toolbar(&N) - {C4672F26-5862-40FE-94B8-7B35285DAF82} - C:\Program Files\MediaChannel\Navvy 5.2\NavvyTB.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [fenaffiche] C:\Program Files\FenAffiche\FenUnika.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [Livecom] "C:\PROGRA~1\Livecom\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [360safe] C:\WINDOWS\Fonts\wuauclt.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: hbofjcgd.dll cpkhiooa.dll eojcjojj.dll
O21 - SSODL: E83C3833 - {E83C3833-A1EE-4C18-B34E-ACD20C0A646C} - C:\WINDOWS\system32\eojcjojj.dll
O21 - SSODL: 1B8F3C0D - {1B8F3C0D-D80F-428C-BBE1-013634121393} - C:\WINDOWS\system32\hbofjcgd.dll
O21 - SSODL: C941288A - {C941288A-27FC-484E-AC78-BA04CB41FD53} - C:\WINDOWS\system32\cpkhiooa.dll
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PsShutdown (PsShutdownSvc) - Systems Internals - C:\WINDOWS\System32\PSSDNSVC.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Réponse 92 / 123

Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537

Re,

Si c'est possible, tu déconnectes complètement l'ordi malade d'Internet (y compris en enlevant le cable si tu te connectes comme ça ou en désactivant le dispositif Wifi). Pour communiquer, tu utilises une clé USB. Tu n'y mets que les fichiers nécessaires (ce sera des fichiers textes qui ne transmettent pas l'infection)

on va essayer de bloquer les connexions avec les sites qui réinfectent.

Télécharge cet outil de SiRi:

http://siri.urz.free.fr/RHosts.php

Double cliquer dessus pour l'exécuter

et cliquer sur " Restore original Hosts "

ensuite, ouvre le fichier :

C:\Windows\System32\drivers\etc\Hosts

avec le Bloc-notes.

Copie les lignes ci-dessous et ajoute les à la fin du fichier :

127.0.0.1 e.wuc8.com
127.0.0.1 m.wuc8.com
127.0.0.1 push.cpushpop.com
127.0.0.1 127.0.0.0
127.0.0.1 127.0.0.2
127.0.0.1 127.0.0.3
127.0.0.1 127.0.0.4
127.0.0.1 127.0.0.5
127.0.0.1 127.0.0.6
127.0.0.1 127.0.0.7
127.0.0.1 127.0.0.8
127.0.0.1 127.0.0.9
127.0.0.1 127.0.0.10
127.0.0.1 127.0.0.11
127.0.0.1 127.0.0.12
127.0.0.1 127.0.0.13
127.0.0.1 127.0.0.14
127.0.0.1 127.0.0.15
127.0.0.1 127.0.0.16
127.0.0.1 127.0.0.17
127.0.0.1 127.0.0.18
127.0.0.1 127.0.0.19
127.0.0.1 127.0.0.20
127.0.0.1 127.0.0.21
127.0.0.1 127.0.0.22
127.0.0.1 127.0.0.23
127.0.0.1 127.0.0.24
127.0.0.1 127.0.0.25
127.0.0.1 127.0.0.26
127.0.0.1 127.0.0.27
127.0.0.1 127.0.0.28
127.0.0.1 127.0.0.29
127.0.0.1 127.0.0.30
127.0.0.1 127.0.0.31
127.0.0.1 127.0.0.32
127.0.0.1 127.0.0.33
127.0.0.1 127.0.0.34
127.0.0.1 127.0.0.35
127.0.0.1 127.0.0.36
127.0.0.1 127.0.0.37
127.0.0.1 127.0.0.38
127.0.0.1 127.0.0.39
127.0.0.1 127.0.0.40
127.0.0.1 127.0.0.41
127.0.0.1 127.0.0.42
127.0.0.1 127.0.0.43
127.0.0.1 127.0.0.44
127.0.0.1 127.0.0.45
127.0.0.1 127.0.0.46
127.0.0.1 127.0.0.47
127.0.0.1 127.0.0.48
127.0.0.1 127.0.0.49
127.0.0.1 127.0.0.50
127.0.0.1 127.0.0.51
127.0.0.1 127.0.0.52
127.0.0.1 127.0.0.53
127.0.0.1 127.0.0.54
127.0.0.1 127.0.0.55
127.0.0.1 127.0.0.56
127.0.0.1 127.0.0.57
127.0.0.1 127.0.0.58
127.0.0.1 127.0.0.59
127.0.0.1 127.0.0.60
127.0.0.1 127.0.0.61
127.0.0.1 127.0.0.62
127.0.0.1 127.0.0.63
127.0.0.1 127.0.0.64
127.0.0.1 127.0.0.65
127.0.0.1 127.0.0.66
127.0.0.1 127.0.0.67
127.0.0.1 127.0.0.68
127.0.0.1 127.0.0.69
127.0.0.1 127.0.0.70
127.0.0.1 127.0.0.71
127.0.0.1 127.0.0.72
127.0.0.1 127.0.0.73
127.0.0.1 127.0.0.74
127.0.0.1 127.0.0.75
127.0.0.1 127.0.0.76
127.0.0.1 127.0.0.77
127.0.0.1 127.0.0.78
127.0.0.1 127.0.0.79
127.0.0.1 127.0.0.80
127.0.0.1 127.0.0.81
127.0.0.1 127.0.0.82
127.0.0.1 127.0.0.83
127.0.0.1 127.0.0.84
127.0.0.1 127.0.0.85
127.0.0.1 127.0.0.86
127.0.0.1 127.0.0.87
127.0.0.1 127.0.0.88
127.0.0.1 127.0.0.89
127.0.0.1 127.0.0.90
127.0.0.1 127.0.0.91
127.0.0.1 127.0.0.92
127.0.0.1 127.0.0.93
127.0.0.1 127.0.0.94
127.0.0.1 127.0.0.95
127.0.0.1 127.0.0.96
127.0.0.1 127.0.0.97
127.0.0.1 127.0.0.98
127.0.0.1 127.0.0.99
127.0.0.1 127.0.0.100
127.0.0.1 chat.5525liao.com
127.0.0.1 www.07129.com
127.0.0.1 07129.com
127.0.0.1 update.heishatu.cn
127.0.0.1 update.cpushpop.com
127.0.0.1 www.baidu.com
127.0.0.1 .baidu.com
127.0.0.1 www.sogou.com
127.0.0.1 sogou.com
127.0.0.1 testwww.sogou.com
127.0.0.1 sp.cpushpop.com
127.0.0.1 cpro.baidu.com
127.0.0.1 www.mfxhxs.com
127.0.0.1 mfxhxs.com
127.0.0.1 www.tomatolei.com
127.0.0.1 tomatolei.com
127.0.0.1 click.cpc.sogou.com
127.0.0.1 www.whthreestar.com
127.0.0.1 .whthreestar.com
127.0.0.1 cpc.brand.sogou.com
127.0.0.1 image.baidu.com
127.0.0.1 goto.sogou.com
127.0.0.1 ma.baidu.com
127.0.0.1 update.cpushpop.com
127.0.0.1 cf.cpushpop.com
127.0.0.1 sp.cpushpop.com
127.0.0.1 push.cpushpop.com
127.0.0.1 pingback.cpushpop.com
127.0.0.1 DXTNET
127.0.0.1 CENTEKNET

=============

Ensuite,

Copie ou imprime les instructions avant.

Déconnecte toi d'internet et ferme toutes tes applications.

Désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

KillAll::

RootKit::
c:\windows\Fonts\TIMPIatform.exe
c:\windows\Fonts\hdvlediv.dll
c:\windows\Fonts\wuauclt.exe
c:\windows\Fonts\zwkytzhe.dll
c:\windows\Fonts\qwinvafv.dll
c:\windows\Fonts\gzdnf01.dat
c:\windows\Fonts\GBUNHAK.nls
c:\windows\Fonts\ktuxlvyx.dll
c:\windows\Fonts\guhfpzpq.dll
c:\windows\Fonts\note.exe
c:\windows\TEMPIadHide3.dll
c:\program files\HJTInstall.7z
%System%\waudfe.exe
%System%\drivers\npf.sys
%System%\npptools.dll
%System%\Packet.dll
%System%\WanPacket.dll
%System%\wpcap.dll
%System%\dllcache\spoolsv.exe
c:\windows\system32\drivers\pnpmem.sys
c:\windows\battc.sys
c:\windows\system32\drivers\acpiec.sys
E:\CC.PIF
c:\program files\bccd.pif
c:\windows\system32\wauefe.exe
c:\windows\system32\wauefe.exe.vzr
c:\windows\tmp.dat
c:\windows\sys.ini
c:\windows\system32\drivers\pnpmem.s¬ys
c:\windows\system32\ormsgse.axz
c:\windows\system32\exlds.ini
c:\windows\system32\D64374E8.dll
c:\windows\system32\D64374E8.cfg
c:\windows\winyyy.sys
c:\windows\system32\201476D0.dll
c:\windows\system32\72B29486.dll
c:\windows\system32\91C7DF6D.dll.vzr
c:\windows\system32\91C7DF6D.cfg
c:\windows\system32\waudfe.exe
c:\windows\setupapi.log.3.old
c:\windows\system32\72B29486.cfg
c:\windows\winsys.inf
%FontsDir%\twabramn.nls
c:\windows\system32\eojcjojj.dll
c:\windows\system32\hbofjcgd.dll
c:\windows\system32\cpkhiooa.dll

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EF2D7A6-0B99-4C44-B04A-D47125B76424}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{74A92EE1-64BD-4233-90B8-2AEB715FBF2D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7E4329EB-0F3A-4FC6-BAED-5648F708D30C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ZX.ZXAAATL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{8342F32F-896F-4EDF-9E97-60E84C02EB9A} = -
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
%FontsDir%\twabramn.nls = -
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34A12A06-48C0-420D-8F11-73552EE9631A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{489873CE-F3E1-44A3-8E89-04BE26BE4446}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDE9EB54-A08E-4570-B748-13F5DDB5781C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0AD3AB16-6D0E-4F04-8660-FB1F36BC2DC0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2F685B36-C53A-4653-9231-1DAE5736DE45}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{50C4CDD9-22D7-49FF-AC6D-7D4D528A3AB2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8FF78EFD-0213-4A73-AC23-6A489190DBFB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{065683C4-C71A-47F1-830B-7D9309D3913D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE2267BD-B163-407F-9E8D-6ADEC771E7AB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MewBogoMediaPop.PopBogo]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MezsAdPopup.BWLogc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewAdPopup.ToolbarDetector]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Toolbar_bho.IeToolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{489873CE-F3E1-44A3-8E89-04BE26BE4446}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ContentMatch]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IETimber]
[-HKEY_LOCAL_MACHINE\SOFTWARE\cpush]
[-HKEY_LOCAL_MACHINE\SOFTWARE\IETimber]
[-HKEY_LOCAL_MACHINE\SOFTWARE\MicroPlugins]
[-HKEY_CURRENT_USER\Software\newpush]
[-HKEY_CURRENT_USER\Software\Sysisoft]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]
360safe = -
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360rpt.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360safe.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360safebox.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360tray.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ANTIARP.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ArSwp.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Ast.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AutoRun.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AutoRunKiller.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AvMonitor.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVP.COM]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVP.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CCenter.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Frameworkservice.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GFUpd.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GuardField.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IceSword.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Iparmor.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KASARP.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kav32.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVPFW.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavstart.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kissvc.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kmailmon.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPfwSvc.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KRegEx.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVMonxp.KXP]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVSrvXP.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVWSC.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kwatch.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Mmsk.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Navapsvc.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32krn.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nod32kui.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PFW.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QQDoctor.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAV.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavMon.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavMonD.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Ravservice.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavStub.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavTask.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAVTRAY.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Regedit.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwmain.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwProxy.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwsrv.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rfwstub.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RsAgent.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rsaupd.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RsMain.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rsnetsvr.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RSTray.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Runiep.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\safeboxTray.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ScanFrm.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SREngLdr.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojanDetector.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Trojanwall.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojDie.KXP]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VPC32.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VPTRAY.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WOPTILITIES.EXE]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{91C7DF6D-AEF5-4136-9252-AF030D7A5931}"= -
"{1957817A-94B2-4CAC-B113-A331809B5730}"=-
"{E83C3833-A1EE-4C18-B34E-ACD20C0A646C}"=-
"{1B8F3C0D-D80F-428C-BBE1-013634121393}"=-
"{C941288A-27FC-484E-AC78-BA04CB41FD53}"=-
"{D64374E8-8B1D-49AB-9284-5072687B6BD3}"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
"E83C3833"= -
"1B8F3C0D"= -
"C941288A"= -

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows
"AppInit_DLLs"=””

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c984ab7c-e6f0-11dd-8d9e-00142a50775a}]

Driver::
pnpmem
myprotector
UPDATEDATA

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe

Clique sur le fichier CFscript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscrïpt vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Réactive ton parefeu, ton antivirus, la garde de ton antispyware

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt

Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation.

Réponse 93 / 123

ROSALLY Messages postés 80 Statut Membre

bonjour Lyonnais
ci-aprèsn le rapport ComboFix

ComboFix 09-03-01.01 - CKS Andre SNEYAERT 2009-03-03 16:33:03.14 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.894.377 [GMT 1:00]
Lancé depuis: c:\documents and settings\CKS Andre SNEYAERT\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\CKS Andre SNEYAERT\Bureau\CFscript.txt
AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated)
FW: ZoneAlarm Security Suite Firewall *enabled*
* Un nouveau point de restauration a été créé
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\bccd.pif
c:\program files\Fichiers communs\PushWare
c:\program files\Fichiers communs\PushWare\cpush.dll.vzr
c:\program files\Fichiers communs\PushWare\Uninst.exe
c:\program files\HJTInstall.7z
c:\windows\Downloaded Program Files\explorer.exe
c:\windows\Fonts\GBUNHAK.nls
c:\windows\Fonts\gzdnf01.dat
c:\windows\Fonts\TIMPIatform.exe
c:\windows\Fonts\wuauclt.exe
c:\windows\system32\B4eocaps.SRG
c:\windows\system32\drivers\npf.sys
c:\windows\system32\gprmsgse.axz
c:\windows\system32\gscpx32r.det
c:\windows\system32\mprmsgse.axz
c:\windows\system32\mscpx32r.det
c:\windows\system32\Packet.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\TEMPIadHide3.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ACPIDISK
-------\Legacy_MYPROTECTOR
-------\Legacy_NPF
-------\Legacy_PNPMEM
-------\Legacy_UPDATEDATA
-------\Service_acpidisk
-------\Service_myprotector
-------\Service_npf
-------\Service_pnpmem
-------\Service_UPDATEDATA

((((((((((((((((((((((((((((( Fichiers créés du 2009-02-03 au 2009-03-03 ))))))))))))))))))))))))))))))))))))
.

2009-03-03 13:59 . 2009-03-03 13:59 30,720 --a------ C:\Correspondance TEM 2009.doc
2009-03-03 10:03 . 2009-03-03 12:45 26,624 --a------ C:\TEM Entête.doc
2009-03-02 17:27 . 2009-03-03 16:39 14,676,512 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-03-02 17:27 . 2009-03-03 16:39 144,884 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-03-02 15:45 . 2009-03-02 16:21 13,531 --a------ c:\windows\system32\wauefe.exe.vzr
2009-03-02 11:38 . 2009-03-02 11:38 40 --a------ c:\windows\tmp.dat
2009-03-02 11:38 . 2009-03-02 11:38 37 --a------ c:\windows\sys.ini
2009-03-01 19:56 . 2009-03-01 19:56 32 --a------ c:\windows\system32\ormsgse.axz
2009-03-01 19:42 . 2009-03-03 16:48 <REP> d-------- c:\windows\system32\ZoneLabs
2009-03-01 19:15 . 2009-03-02 17:28 143 --a------ c:\windows\system32\exlds.ini
2009-03-01 19:00 . 2009-03-01 19:21 <REP> d-------- C:\Fixfix
2009-03-01 18:55 . 2009-03-01 18:55 236 --ahs---- c:\windows\system32\D64374E8.cfg
2009-03-01 13:15 . 2009-03-01 13:15 267,152 --a------ C:\zasuiteSetup_en.exe
2009-03-01 12:49 . 2009-03-01 16:20 388 --ahs---- c:\windows\system32\91C7DF6D.cfg
2009-03-01 12:19 . 2009-03-01 12:19 401,720 --a------ C:\HiJackThis.exe
2009-02-26 00:55 . 2009-03-01 18:50 1,354,483 --a------ c:\windows\setupapi.log.3.old
2009-02-25 23:29 . 2009-03-03 07:56 2,233 --a------ C:\rollback.ini
2009-02-25 20:26 . 2009-02-25 20:26 <REP> d-------- c:\program files\SonicWallES
2009-02-25 19:09 . 2009-02-25 19:26 <REP> d-------- C:\Combo-Fix
2009-02-25 17:25 . 2009-02-25 17:25 200 --ahs---- c:\windows\system32\72B29486.cfg
2009-02-25 13:58 . 2009-02-25 13:58 <REP> d-------- c:\program files\Zone Labs
2009-02-25 13:58 . 2009-03-02 17:24 4,212 --ah----- c:\windows\system32\zllictbl.dat
2009-02-25 13:56 . 2009-03-03 16:52 <REP> d-------- c:\windows\Internet Logs
2009-02-24 19:17 . 2009-03-01 19:01 2,681 --a------ c:\windows\winsys.inf
2009-02-24 18:55 . 2009-02-24 18:55 1,811 --a------ c:\windows\ACROREAD.INI
2009-02-23 16:50 . 2004-08-05 13:00 4,224 --a------ c:\windows\system32\drivers\beep.sys
2009-02-23 16:50 . 2004-08-05 13:00 4,224 --a--c--- c:\windows\system32\dllcache\beep.sys
2009-02-21 00:01 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-21 00:00 . 2009-02-21 00:01 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-21 00:00 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-20 23:13 . 2009-02-20 23:13 396,288 --a------ c:\windows\HijackThis.exe
2009-02-20 22:23 . 2009-03-01 12:13 <REP> d-------- C:\ToolBar SD
2009-02-20 21:43 . 2009-02-20 21:43 16,656 --a------ C:\mbam-log-2009-02-20 (21-42-58)VIRUS
2009-02-20 19:50 . 2009-02-20 19:50 15,069 --a------ c:\windows\system32\telechargement-159-hijackthis.htm
2009-02-20 19:04 . 2009-02-20 19:04 <REP> d-------- c:\program files\MediaChannel
2009-02-20 16:08 . 2009-02-20 16:08 <REP> d-------- c:\documents and settings\CKS Andre SNEYAERT\Application Data\Malwarebytes
2009-02-20 16:08 . 2009-02-20 16:08 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-20 13:11 . 2003-03-18 21:20 1,060,864 --a------ c:\windows\system32\mfc71.dll
2009-02-20 13:01 . 2009-02-20 13:01 520,052 --a------ c:\windows\system32\mfc71.7z
2009-02-20 12:55 . 2009-02-20 13:00 <REP> d-------- c:\windows\system32\mfc71
2009-02-20 12:01 . 2009-02-20 12:02 514,940 -rah----- c:\windows\system32\mfc71.zip
2009-02-20 11:31 . 2009-02-20 11:31 <REP> d-------- c:\documents and settings\CKS Andre SNEYAERT\Application Data\Uniblue
2009-02-19 18:50 . <REP> c:\windows\$WIND$
2009-02-19 18:45 . 2009-02-20 22:16 <REP> d-------- c:\program files\Goto Software
2009-02-19 18:45 . 2009-02-20 22:16 <REP> d-------- c:\program files\Fichiers communs\Goto Software
2009-02-19 18:45 . 2009-02-19 18:45 <REP> d-------- c:\documents and settings\CKS Andre SNEYAERT\Application Data\VadeRetro
2009-02-19 18:45 . 2009-02-20 22:16 <REP> d-------- c:\documents and settings\All Users\Application Data\VadeRetro
2009-02-19 16:43 . <REP> c:\windows\WinShell
2009-02-18 19:42 . 2009-02-18 19:42 31,232 --a------ C:\Relevé de compte LAW YAT au 31.12.2008.doc
2009-02-17 14:47 . 2009-03-02 22:22 <REP> d-------- c:\windows\Intel
2009-02-17 14:45 . 2008-04-14 03:33 19,968 --a--c--- c:\windows\system32\dllcache\linkinfo.dll
2009-02-07 23:10 . 2009-02-07 23:10 170,496 --a------ C:\FINE CRUSH LTD.doc
2009-02-04 10:50 . 2009-02-04 10:50 24,576 --a------ c:\windows\system32\nsis_loader.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-03 15:43 --------- d-----w c:\program files\Wanadoo
2009-03-03 11:24 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-03-03 06:47 --------- d-----w c:\documents and settings\CKS Andre SNEYAERT\Application Data\Skype
2009-02-27 19:26 --------- d-----w c:\program files\SurfingEnhancer
2009-02-26 10:44 --------- d-----w c:\program files\FenAffiche
2009-02-25 17:50 --------- d-----w c:\program files\Common
2009-02-18 18:10 --------- d-----w c:\program files\Google
2009-01-23 20:21 --------- d-----w c:\documents and settings\All Users\Application Data\288537758
2009-01-21 19:07 --------- d-----w c:\program files\EnveloppesEditor1.09
2009-01-21 16:56 --------- d-----w c:\documents and settings\CKS Andre SNEYAERT\Application Data\PC-FAX TX
2009-01-16 17:15 137,664 ----a-w c:\windows\system32\drivers\adiusbaw.sys
2008-09-22 09:52 85,504 ----a-w c:\documents and settings\CKS Andre SNEYAERT\Application Data\GDIPFONTCACHEV1.DAT
2008-09-04 14:43 1,940 ----a-w c:\documents and settings\CKS Andre SNEYAERT\Application Data\ViewerApp.dat
2008-09-27 10:02 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-03-01_19.19.27.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-01 18:15:49 49,152 ----a-w c:\windows\system32\npptools.dll
+ 2008-04-14 02:33:36 55,296 ----a-w c:\windows\system32\npptools.dll
+ 2009-02-15 22:10:10 110,472 ----a-w c:\windows\system32\vsdata.dll
+ 2009-02-15 22:10:10 482,184 ----a-w c:\windows\system32\vsutil.dll
+ 2009-02-15 22:10:12 109,960 ----a-w c:\windows\system32\vsxml.dll
+ 2008-03-17 15:52:02 813,568 ------w c:\windows\system32\ZoneLabs\dbghelp.dll
+ 2009-02-15 22:10:06 98,184 ----a-w c:\windows\system32\ZoneLabs\fbl.dll
+ 2009-03-03 15:33:04 9,828,864 ----a-w c:\windows\system32\ZoneLabs\zlqrtdb.dat
+ 2009-03-03 15:40:33 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_75c.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08CBFE20-8DC8-4195-B8E2-DD66F860469D}]
c:\program files\Internet Explorer\PowerJa.ask [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"Livecom"="c:\progra~1\Livecom\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" [2006-02-23 237568]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-02-09 25388584]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-01 68856]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2002-07-17 204863]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fenaffiche"="c:\program files\FenAffiche\FenUnika.exe" [BU]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Microsoft Works Update Detection"="c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-18 28672]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-20 136600]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CAMTRAY.EXE" [2003-10-13 184320]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-27 29744]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-23 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"SiSPower"="SiSPower.dll" [2005-04-12 c:\windows\system32\SiSPower.dll]
"SoundMan"="SOUNDMAN.EXE" [2005-03-24 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 36040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9d.exe" [2007-06-11 190696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"360safe"="c:\windows\Fonts\wuauclt.exe" [BU]

c:\documents and settings\CKS Andre SNEYAERT\Menu D‚marrer\Programmes\D‚marrage\
Outil de d‚tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-07-19 385024]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2006-04-28 151552]
Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2006-04-28 106496]
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe [2007-04-20 835584]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{08CBFE20-8DC8-4195-B8E2-DD66F860469D}"= "c:\program files\Internet Explorer\PowerJa.ask" [BU]
"{815EDE81-767D-4636-80F5-141578667A98}"= "c:\windows\fonts\spswdgis.dll" [BU]
"{CA8ABC8B-93B1-4818-ACA5-37131E0523D8}"= "c:\windows\system32\caoabcob.dll" [BU]
"{9556EE7F-D5B7-4DE4-819F-90B9408AF39E}"= "c:\windows\system32\pllmeenf.dll" [BU]
"{2A97029D-5F87-40B7-AC87-BDFC8BE941E3}"= "c:\windows\system32\iapngipd.dll" [BU]
"{1A8DD36E-3DE4-484B-B498-51E0F66688E6}"= "c:\windows\system32\haoddjme.dll" [BU]
"{F6B2817A-4836-4870-928F-236264E3AF32}"= "c:\windows\system32\fmbiohna.dll" [BU]
"{147C7481-5793-4972-A433-C7C6DCB2A4DA}"= "c:\windows\system32\hkncnkoh.dll" [BU]
"{A218ACB1-0EC2-413A-B72D-5411FBC6193F}"= "c:\windows\system32\aihoacbh.dll" [BU]
"{840C288D-33C2-4932-846F-5B3A1FC6FCAD}"= "c:\windows\system32\okgciood.dll" [BU]
"{449D2A6F-94FC-40BF-A260-6968AC4B060B}"= "c:\windows\system32\kkpdiamf.dll" [BU]
"{1B8F3C0D-D80F-428C-BBE1-013634121393}"= "c:\windows\system32\hbofjcgd.dll" [2008-08-14 49152]
"{C941288A-27FC-484E-AC78-BA04CB41FD53}"= "c:\windows\system32\cpkhiooa.dll" [2008-08-14 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"1B8F3C0D"= {1B8F3C0D-D80F-428C-BBE1-013634121393} - c:\windows\system32\hbofjcgd.dll [2008-08-14 49152]
"C941288A"= {C941288A-27FC-484E-AC78-BA04CB41FD53} - c:\windows\system32\cpkhiooa.dll [2008-08-14 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=hbofjcgd.dll cpkhiooa.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360rpt.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360safe.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360safebox.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360tray.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a.exe]
"Debugger"=c:\windows\system32\keepSafe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ANTIARP.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ArSwp.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Ast.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AutoRun.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AutoRunKiller.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AvMonitor.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVP.COM]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVP.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CCenter.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DrRtp.exe]
"Debugger"=c:\windows\system32\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Frameworkservice.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GFUpd.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GuardField.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\HijackThis.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IceSword.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Iparmor.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KASARP.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kav32.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVPFW.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavstart.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kissvc.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kmailmon.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPfwSvc.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KRegEx.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVMonxp.KXP]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVSrvXP.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVWSC.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kwatch.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Mmsk.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Navapsvc.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32krn.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nod32kui.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PFW.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QQDoctor.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAV.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavMon.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavMonD.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Ravservice.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavStub.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavTask.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAVTRAY.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Regedit.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwmain.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwProxy.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwsrv.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rfwstub.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RsAgent.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rsaupd.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RsMain.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rsnetsvr.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RSTray.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Runiep.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\safeboxTray.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ScanFrm.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SREngLdr.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojanDetector.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Trojanwall.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojDie.KXP]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VPC32.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VPTRAY.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WOPTILITIES.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Livecom\\Application\\eConfv4\\livecomp.exe"=
"c:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=

S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-11-21 29744]
S3 P1120VID;Creative WebCam NX Ultra;c:\windows\system32\drivers\P1120Vid.sys [2006-02-01 1252474]
S3 PsShutdownSvc;PsShutdown;c:\windows\system32\PSSDNSVC.EXE [2005-08-22 65536]
S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;c:\windows\system32\drivers\WlanUZXP.sys [2007-04-20 260608]
S3 ZDCndis5;ZDCndis5 Protocol Driver;c:\windows\system32\zdcndis5.sys [2009-01-16 137664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
MSPolicyAgent REG_MULTI_SZ MSPolicyAgent
.
Contenu du dossier 'Tâches planifiées'

2009-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 14:21]

2009-03-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-23 15:32]

2009-03-03 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-RunOnce-<NO NAME> - (no file)
ShellExecuteHooks-{B3DDF3DF-0A05-4BE9-B37D-7021BD501C7A} - (no file)
ShellExecuteHooks-{A9386267-1CF0-48EC-9DBA-412A44C76334} - (no file)
ShellExecuteHooks-{9B8978FE-5B0E-476D-8F15-3FB5119A42F3} - (no file)
ShellExecuteHooks-{FE494031-756B-4865-99B4-4DE92DDCF609} - (no file)
ShellExecuteHooks-{46184B86-19FF-4A37-9167-4C538027CEBC} - (no file)
ShellExecuteHooks-{AC9A4670-B0B6-4EC7-B6A5-B29FA3530420} - (no file)
ShellExecuteHooks-{9B3DC09A-2613-4613-96F8-F8E305BFF825} - (no file)
ShellExecuteHooks-{C13945CA-D00B-4474-B105-3838809607EA} - (no file)
ShellExecuteHooks-{22EC45F3-1651-409E-8273-6D80E39B4549} - (no file)
ShellExecuteHooks-{391597A0-67FF-4D4F-9AFF-8471E5D0D3C9} - (no file)
ShellExecuteHooks-{BA9620A6-68E8-492D-9B28-7B7416F69673} - (no file)
ShellExecuteHooks-{04D3233B-EC1F-44B3-BBE4-9D76438EEC1E} - (no file)
ShellExecuteHooks-{51E74159-54A6-4355-A78F-55998328FC07} - (no file)
ShellExecuteHooks-{8342F32F-896F-4EDF-9E97-60E84C02EB9A} - (no file)
SSODL-E83C3833-{E83C3833-A1EE-4C18-B34E-ACD20C0A646C} - c:\windows\system32\eojcjojj.dll

.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://07129.com
mStart Page = hxxp://www.google.com
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
FF - ProfilePath - c:\documents and settings\CKS Andre SNEYAERT\Application Data\Mozilla\Firefox\Profiles\h6n3nsr0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-03 16:53:53
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(576)
c:\windows\system32\WINSPOOL.DRV
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\FTRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Wanadoo\TaskBarIcon.exe
c:\program files\Brother\ControlCenter3\BrccMCtl.exe
c:\program files\Brother\Brmfcmon\BrMfcMon.exe
.
**************************************************************************
.
Heure de fin: 2009-03-03 16:59:39 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-03 15:59:36
ComboFix2.txt 2009-03-02 15:53:50
ComboFix3.txt 2009-03-01 18:21:17
ComboFix4.txt 2009-03-01 12:12:08
ComboFix5.txt 2009-03-03 15:30:30

Avant-CF: 152 388 423 680 octets libres
Après-CF: 152,547,532,800 octets libres

427 --- E O F --- 2009-03-03 07:00:37

Réponse 94 / 123

Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537

Re,

on essaye comme ça :

1) Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

2) Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton Bureau à partir de ce lien :

https://download.cnet.com/Malwarebytes/3000-8022_4-10804572.html

3) A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.

4) Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.

5) Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.

6) MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue. La fenêtre principale de MBAM s'affiche :

7) Dans l'onglet analyse, vérifie que "Exécuter une analyse rapide" est coché et clique sur le bouton Rechercher pour démarrer l'analyse.

8) MBAM analyse ton ordinateur. L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.

9) A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.

10) Si des malwares ont été détectés, leur liste s'affiche.
En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

11) MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Ferme le Bloc-notes. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)

12) Ferme MBAM en cliquant sur Quitter.

13) Poste le rapport dans ta réponse

Réponse 95 / 123

ROSALLY Messages postés 80 Statut Membre

ci-après rapport Anti Malware

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1782
Windows 5.1.2600 Service Pack 3

03/03/2009 17:27:40
mbam-log-2009-03-03 (17-27-40).txt

Type de recherche: Examen rapide
Eléments examinés: 62191
Temps écoulé: 3 minute(s), 35 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 59
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\mewboiomediapop.popboio (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mewboiomediapop.popboio.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mezcadpopup.bylogc (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mezcadpopup.bylogc.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoRun.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVwsc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVmonD.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiArp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFWSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RfwMain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kissvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwstub.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icesword.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArSwp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPTray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AST.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavService.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFUpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GuardField.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DrRtp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPC32.exe (Security.Hijack) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Réponse 96 / 123

Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537

Re,

on va voir si on a avancé :

Copie ou imprime les instructions avant.

Déconnecte toi d'internet et ferme toutes tes applications.

Désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

KillAll::

RootKit::
c:\windows\Fonts\TIMPIatform.exe
c:\windows\Fonts\hdvlediv.dll
c:\windows\Fonts\wuauclt.exe
c:\windows\Fonts\zwkytzhe.dll
c:\windows\Fonts\qwinvafv.dll
c:\windows\Fonts\gzdnf01.dat
c:\windows\Fonts\GBUNHAK.nls
c:\windows\Fonts\ktuxlvyx.dll
c:\windows\Fonts\guhfpzpq.dll
c:\windows\Fonts\note.exe
c:\windows\TEMPIadHide3.dll
c:\program files\HJTInstall.7z
%System%\waudfe.exe
%System%\drivers\npf.sys
%System%\npptools.dll
%System%\Packet.dll
%System%\WanPacket.dll
%System%\wpcap.dll
%System%\dllcache\spoolsv.exe
c:\windows\system32\drivers\pnpmem.sys
c:\windows\battc.sys
c:\windows\system32\drivers\acpiec.sys
E:\CC.PIF
c:\program files\bccd.pif
c:\windows\system32\wauefe.exe
c:\windows\system32\wauefe.exe.vzr
c:\windows\tmp.dat
c:\windows\sys.ini
c:\windows\system32\drivers\pnpmem.s¬ys
c:\windows\system32\ormsgse.axz
c:\windows\system32\exlds.ini
c:\windows\system32\D64374E8.dll
c:\windows\system32\D64374E8.cfg
c:\windows\winyyy.sys
c:\windows\system32\201476D0.dll
c:\windows\system32\72B29486.dll
c:\windows\system32\91C7DF6D.dll.vzr
c:\windows\system32\91C7DF6D.cfg
c:\windows\system32\waudfe.exe
c:\windows\setupapi.log.3.old
c:\windows\system32\72B29486.cfg
c:\windows\winsys.inf
%FontsDir%\twabramn.nls
c:\windows\system32\eojcjojj.dll
c:\windows\system32\hbofjcgd.dll
c:\windows\system32\cpkhiooa.dll

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EF2D7A6-0B99-4C44-B04A-D47125B76424}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{74A92EE1-64BD-4233-90B8-2AEB715FBF2D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7E4329EB-0F3A-4FC6-BAED-5648F708D30C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ZX.ZXAAATL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{8342F32F-896F-4EDF-9E97-60E84C02EB9A} = -
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
%FontsDir%\twabramn.nls = -
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34A12A06-48C0-420D-8F11-73552EE9631A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{489873CE-F3E1-44A3-8E89-04BE26BE4446}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDE9EB54-A08E-4570-B748-13F5DDB5781C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0AD3AB16-6D0E-4F04-8660-FB1F36BC2DC0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2F685B36-C53A-4653-9231-1DAE5736DE45}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{50C4CDD9-22D7-49FF-AC6D-7D4D528A3AB2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8FF78EFD-0213-4A73-AC23-6A489190DBFB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{065683C4-C71A-47F1-830B-7D9309D3913D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE2267BD-B163-407F-9E8D-6ADEC771E7AB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MewBogoMediaPop.PopBogo]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MezsAdPopup.BWLogc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewAdPopup.ToolbarDetector]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Toolbar_bho.IeToolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{489873CE-F3E1-44A3-8E89-04BE26BE4446}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ContentMatch]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IETimber]
[-HKEY_LOCAL_MACHINE\SOFTWARE\cpush]
[-HKEY_LOCAL_MACHINE\SOFTWARE\IETimber]
[-HKEY_LOCAL_MACHINE\SOFTWARE\MicroPlugins]
[-HKEY_CURRENT_USER\Software\newpush]
[-HKEY_CURRENT_USER\Software\Sysisoft]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]
360safe = -
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360rpt.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360safe.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360safebox.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360tray.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ANTIARP.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ArSwp.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Ast.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AutoRun.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AutoRunKiller.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AvMonitor.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVP.COM]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVP.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CCenter.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Frameworkservice.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GFUpd.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GuardField.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IceSword.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Iparmor.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KASARP.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kav32.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVPFW.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavstart.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kissvc.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kmailmon.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPfwSvc.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KRegEx.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVMonxp.KXP]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVSrvXP.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVWSC.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kwatch.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Mmsk.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Navapsvc.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32krn.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nod32kui.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PFW.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QQDoctor.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAV.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavMon.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavMonD.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Ravservice.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavStub.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavTask.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAVTRAY.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Regedit.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwmain.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwProxy.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwsrv.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rfwstub.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RsAgent.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rsaupd.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RsMain.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rsnetsvr.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RSTray.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Runiep.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\safeboxTray.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ScanFrm.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SREngLdr.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojanDetector.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Trojanwall.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojDie.KXP]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VPC32.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VPTRAY.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WOPTILITIES.EXE]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{91C7DF6D-AEF5-4136-9252-AF030D7A5931}"= -
"{1957817A-94B2-4CAC-B113-A331809B5730}"=-
"{E83C3833-A1EE-4C18-B34E-ACD20C0A646C}"=-
"{1B8F3C0D-D80F-428C-BBE1-013634121393}"=-
"{C941288A-27FC-484E-AC78-BA04CB41FD53}"=-
"{D64374E8-8B1D-49AB-9284-5072687B6BD3}"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
"E83C3833"= -
"1B8F3C0D"= -
"C941288A"= -

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows
"AppInit_DLLs"=””

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c984ab7c-e6f0-11dd-8d9e-00142a50775a}]

Driver::
pnpmem
myprotector
UPDATEDATA

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe

Clique sur le fichier CFscript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscrïpt vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Réactive ton parefeu, ton antivirus, la garde de ton antispyware

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt

Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation.

Réponse 97 / 123

ROSALLY Messages postés 80 Statut Membre

Bonsoir
ci'après rapport ComboFix
j'espère qu'il y a du neuf
mais par contre tjrs le message Erreur d'aplication et ça concerne pas mal d'application
merci Lyonnais92

ComboFix 09-03-01.01 - CKS Andre SNEYAERT 2009-03-03 20:42:31.15 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.894.455 [GMT 1:00]
Lancé depuis: c:\documents and settings\CKS Andre SNEYAERT\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\CKS Andre SNEYAERT\Bureau\CFscript.txt
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\HJTInstall.7z
c:\windows\Fonts\GBUNHAK.nls
c:\windows\Fonts\gzdnf01.dat
c:\windows\Fonts\TIMPIatform.exe
c:\windows\Fonts\wuauclt.exe
c:\windows\TEMPIadHide3.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-03 au 2009-03-03 ))))))))))))))))))))))))))))))))))))
.

2009-03-03 13:59 . 2009-03-03 13:59 30,720 --a------ C:\Correspondance TEM 2009.doc
2009-03-03 10:03 . 2009-03-03 19:11 27,136 --a------ C:\TEM Entête.doc
2009-03-02 15:45 . 2009-03-02 16:21 13,531 --a------ c:\windows\system32\wauefe.exe.vzr
2009-03-02 11:38 . 2009-03-02 11:38 40 --a------ c:\windows\tmp.dat
2009-03-02 11:38 . 2009-03-02 11:38 37 --a------ c:\windows\sys.ini
2009-03-01 19:56 . 2009-03-01 19:56 32 --a------ c:\windows\system32\ormsgse.axz
2009-03-01 19:42 . 2009-03-03 20:47 <REP> d-------- c:\windows\system32\ZoneLabs
2009-03-01 19:15 . 2009-03-02 17:28 143 --a------ c:\windows\system32\exlds.ini
2009-03-01 19:00 . 2009-03-01 19:21 <REP> d-------- C:\Fixfix
2009-03-01 18:55 . 2009-03-01 18:55 236 --ahs---- c:\windows\system32\D64374E8.cfg
2009-03-01 13:15 . 2009-03-01 13:15 267,152 --a------ C:\zasuiteSetup_en.exe
2009-03-01 12:49 . 2009-03-01 16:20 388 --ahs---- c:\windows\system32\91C7DF6D.cfg
2009-03-01 12:19 . 2009-03-01 12:19 401,720 --a------ C:\HiJackThis.exe
2009-02-26 00:55 . 2009-03-01 18:50 1,354,483 --a------ c:\windows\setupapi.log.3.old
2009-02-25 23:29 . 2009-03-03 07:56 2,233 --a------ C:\rollback.ini
2009-02-25 20:26 . 2009-02-25 20:26 <REP> d-------- c:\program files\SonicWallES
2009-02-25 19:09 . 2009-02-25 19:26 <REP> d-------- C:\Combo-Fix
2009-02-25 17:25 . 2009-02-25 17:25 200 --ahs---- c:\windows\system32\72B29486.cfg
2009-02-25 13:58 . 2009-02-25 13:58 <REP> d-------- c:\program files\Zone Labs
2009-02-25 13:58 . 2009-03-02 17:24 4,212 --ah----- c:\windows\system32\zllictbl.dat
2009-02-25 13:56 . 2009-03-03 20:47 <REP> d-------- c:\windows\Internet Logs
2009-02-24 19:17 . 2009-03-01 19:01 2,681 --a------ c:\windows\winsys.inf
2009-02-24 18:55 . 2009-02-24 18:55 1,811 --a------ c:\windows\ACROREAD.INI
2009-02-23 16:50 . 2004-08-05 13:00 4,224 --a------ c:\windows\system32\drivers\beep.sys
2009-02-23 16:50 . 2004-08-05 13:00 4,224 --a--c--- c:\windows\system32\dllcache\beep.sys
2009-02-21 00:01 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-21 00:00 . 2009-02-21 00:01 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-21 00:00 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-20 23:13 . 2009-02-20 23:13 396,288 --a------ c:\windows\HijackThis.exe
2009-02-20 22:23 . 2009-03-01 12:13 <REP> d-------- C:\ToolBar SD
2009-02-20 21:43 . 2009-02-20 21:43 16,656 --a------ C:\mbam-log-2009-02-20 (21-42-58)VIRUS
2009-02-20 19:50 . 2009-02-20 19:50 15,069 --a------ c:\windows\system32\telechargement-159-hijackthis.htm
2009-02-20 19:04 . 2009-02-20 19:04 <REP> d-------- c:\program files\MediaChannel
2009-02-20 16:08 . 2009-02-20 16:08 <REP> d-------- c:\documents and settings\CKS Andre SNEYAERT\Application Data\Malwarebytes
2009-02-20 16:08 . 2009-02-20 16:08 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-20 13:11 . 2003-03-18 21:20 1,060,864 --a------ c:\windows\system32\mfc71.dll
2009-02-20 13:01 . 2009-02-20 13:01 520,052 --a------ c:\windows\system32\mfc71.7z
2009-02-20 12:55 . 2009-02-20 13:00 <REP> d-------- c:\windows\system32\mfc71
2009-02-20 12:01 . 2009-02-20 12:02 514,940 -rah----- c:\windows\system32\mfc71.zip
2009-02-20 11:31 . 2009-02-20 11:31 <REP> d-------- c:\documents and settings\CKS Andre SNEYAERT\Application Data\Uniblue
2009-02-19 18:50 . <REP> c:\windows\$WIND$
2009-02-19 18:45 . 2009-02-20 22:16 <REP> d-------- c:\program files\Goto Software
2009-02-19 18:45 . 2009-02-20 22:16 <REP> d-------- c:\program files\Fichiers communs\Goto Software
2009-02-19 18:45 . 2009-02-19 18:45 <REP> d-------- c:\documents and settings\CKS Andre SNEYAERT\Application Data\VadeRetro
2009-02-19 18:45 . 2009-02-20 22:16 <REP> d-------- c:\documents and settings\All Users\Application Data\VadeRetro
2009-02-19 16:43 . <REP> c:\windows\WinShell
2009-02-18 19:42 . 2009-02-18 19:42 31,232 --a------ C:\Relevé de compte LAW YAT au 31.12.2008.doc
2009-02-17 14:47 . 2009-03-02 22:22 <REP> d-------- c:\windows\Intel
2009-02-17 14:45 . 2008-04-14 03:33 19,968 --a--c--- c:\windows\system32\dllcache\linkinfo.dll
2009-02-07 23:10 . 2009-02-07 23:10 170,496 --a------ C:\FINE CRUSH LTD.doc
2009-02-04 10:50 . 2009-02-04 10:50 24,576 --a------ c:\windows\system32\nsis_loader.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-03 19:50 --------- d-----w c:\program files\Wanadoo
2009-03-03 11:24 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-03-03 06:47 --------- d-----w c:\documents and settings\CKS Andre SNEYAERT\Application Data\Skype
2009-02-27 19:26 --------- d-----w c:\program files\SurfingEnhancer
2009-02-26 10:44 --------- d-----w c:\program files\FenAffiche
2009-02-25 17:50 --------- d-----w c:\program files\Common
2009-02-18 18:10 --------- d-----w c:\program files\Google
2009-01-23 20:21 --------- d-----w c:\documents and settings\All Users\Application Data\288537758
2009-01-21 19:07 --------- d-----w c:\program files\EnveloppesEditor1.09
2009-01-21 16:56 --------- d-----w c:\documents and settings\CKS Andre SNEYAERT\Application Data\PC-FAX TX
2009-01-16 17:15 137,664 ----a-w c:\windows\system32\drivers\adiusbaw.sys
2008-09-22 09:52 85,504 ----a-w c:\documents and settings\CKS Andre SNEYAERT\Application Data\GDIPFONTCACHEV1.DAT
2008-09-04 14:43 1,940 ----a-w c:\documents and settings\CKS Andre SNEYAERT\Application Data\ViewerApp.dat
2008-09-27 10:02 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-03-01_19.19.27.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-01 18:15:49 49,152 ----a-w c:\windows\system32\npptools.dll
+ 2008-04-14 02:33:36 55,296 ----a-w c:\windows\system32\npptools.dll
+ 2009-03-03 15:33:04 9,828,864 ----a-w c:\windows\system32\ZoneLabs\zlqrtdb.dat
+ 2009-03-03 19:48:04 16,384 ----atw c:\windows\temp\Perflib_Perfdata_5a4.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08CBFE20-8DC8-4195-B8E2-DD66F860469D}]
c:\program files\Internet Explorer\PowerJa.ask [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"Livecom"="c:\progra~1\Livecom\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" [2006-02-23 237568]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-02-09 25388584]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-01 68856]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2002-07-17 204863]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fenaffiche"="c:\program files\FenAffiche\FenUnika.exe" [BU]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Microsoft Works Update Detection"="c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-18 28672]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-20 136600]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CAMTRAY.EXE" [2003-10-13 184320]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-27 29744]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-23 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"SiSPower"="SiSPower.dll" [2005-04-12 c:\windows\system32\SiSPower.dll]
"SoundMan"="SOUNDMAN.EXE" [2005-03-24 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 36040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9d.exe" [2007-06-11 190696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"360safe"="c:\windows\Fonts\wuauclt.exe" [BU]

c:\documents and settings\CKS Andre SNEYAERT\Menu D‚marrer\Programmes\D‚marrage\
Outil de d‚tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-07-19 385024]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2006-04-28 151552]
Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2006-04-28 106496]
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe [2007-04-20 835584]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{08CBFE20-8DC8-4195-B8E2-DD66F860469D}"= "c:\program files\Internet Explorer\PowerJa.ask" [BU]
"{815EDE81-767D-4636-80F5-141578667A98}"= "c:\windows\fonts\spswdgis.dll" [BU]
"{CA8ABC8B-93B1-4818-ACA5-37131E0523D8}"= "c:\windows\system32\caoabcob.dll" [BU]
"{9556EE7F-D5B7-4DE4-819F-90B9408AF39E}"= "c:\windows\system32\pllmeenf.dll" [BU]
"{2A97029D-5F87-40B7-AC87-BDFC8BE941E3}"= "c:\windows\system32\iapngipd.dll" [BU]
"{1A8DD36E-3DE4-484B-B498-51E0F66688E6}"= "c:\windows\system32\haoddjme.dll" [BU]
"{F6B2817A-4836-4870-928F-236264E3AF32}"= "c:\windows\system32\fmbiohna.dll" [BU]
"{147C7481-5793-4972-A433-C7C6DCB2A4DA}"= "c:\windows\system32\hkncnkoh.dll" [BU]
"{A218ACB1-0EC2-413A-B72D-5411FBC6193F}"= "c:\windows\system32\aihoacbh.dll" [BU]
"{840C288D-33C2-4932-846F-5B3A1FC6FCAD}"= "c:\windows\system32\okgciood.dll" [BU]
"{449D2A6F-94FC-40BF-A260-6968AC4B060B}"= "c:\windows\system32\kkpdiamf.dll" [BU]
"{1B8F3C0D-D80F-428C-BBE1-013634121393}"= "c:\windows\system32\hbofjcgd.dll" [2008-08-14 49152]
"{C941288A-27FC-484E-AC78-BA04CB41FD53}"= "c:\windows\system32\cpkhiooa.dll" [2008-08-14 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"1B8F3C0D"= {1B8F3C0D-D80F-428C-BBE1-013634121393} - c:\windows\system32\hbofjcgd.dll [2008-08-14 49152]
"C941288A"= {C941288A-27FC-484E-AC78-BA04CB41FD53} - c:\windows\system32\cpkhiooa.dll [2008-08-14 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=hbofjcgd.dll cpkhiooa.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360rpt.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360safe.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360safebox.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360tray.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a.exe]
"Debugger"=c:\windows\system32\keepSafe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ANTIARP.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ArSwp.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Ast.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AutoRun.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AutoRunKiller.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AvMonitor.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVP.COM]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVP.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CCenter.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Frameworkservice.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GFUpd.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GuardField.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\HijackThis.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IceSword.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Iparmor.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KASARP.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kav32.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVPFW.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavstart.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kissvc.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kmailmon.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPfwSvc.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KRegEx.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVMonxp.KXP]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVSrvXP.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVWSC.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kwatch.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Mmsk.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Navapsvc.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32krn.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nod32kui.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PFW.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QQDoctor.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAV.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavMon.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavMonD.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Ravservice.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavStub.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavTask.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAVTRAY.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Regedit.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwmain.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwProxy.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwsrv.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rfwstub.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RsAgent.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rsaupd.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RsMain.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rsnetsvr.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RSTray.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Runiep.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\safeboxTray.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ScanFrm.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SREngLdr.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojanDetector.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Trojanwall.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojDie.KXP]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VPC32.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VPTRAY.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WOPTILITIES.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Livecom\\Application\\eConfv4\\livecomp.exe"=
"c:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=

S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-11-21 29744]
S3 P1120VID;Creative WebCam NX Ultra;c:\windows\system32\drivers\P1120Vid.sys [2006-02-01 1252474]
S3 PsShutdownSvc;PsShutdown;c:\windows\system32\PSSDNSVC.EXE [2005-08-22 65536]
S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;c:\windows\system32\drivers\WlanUZXP.sys [2007-04-20 260608]
S3 ZDCndis5;ZDCndis5 Protocol Driver;c:\windows\system32\zdcndis5.sys [2009-01-16 137664]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - ZDPNDIS5

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
MSPolicyAgent REG_MULTI_SZ MSPolicyAgent
.
Contenu du dossier 'Tâches planifiées'

2009-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 14:21]

2009-03-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-23 15:32]

2009-03-03 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHELINS SUPPRIMES - - - -

ShellExecuteHooks-{B3DDF3DF-0A05-4BE9-B37D-7021BD501C7A} - (no file)
ShellExecuteHooks-{A9386267-1CF0-48EC-9DBA-412A44C76334} - (no file)
ShellExecuteHooks-{9B8978FE-5B0E-476D-8F15-3FB5119A42F3} - (no file)
ShellExecuteHooks-{FE494031-756B-4865-99B4-4DE92DDCF609} - (no file)
ShellExecuteHooks-{46184B86-19FF-4A37-9167-4C538027CEBC} - (no file)
ShellExecuteHooks-{AC9A4670-B0B6-4EC7-B6A5-B29FA3530420} - (no file)
ShellExecuteHooks-{9B3DC09A-2613-4613-96F8-F8E305BFF825} - (no file)
ShellExecuteHooks-{C13945CA-D00B-4474-B105-3838809607EA} - (no file)
ShellExecuteHooks-{22EC45F3-1651-409E-8273-6D80E39B4549} - (no file)
ShellExecuteHooks-{391597A0-67FF-4D4F-9AFF-8471E5D0D3C9} - (no file)
ShellExecuteHooks-{BA9620A6-68E8-492D-9B28-7B7416F69673} - (no file)
ShellExecuteHooks-{04D3233B-EC1F-44B3-BBE4-9D76438EEC1E} - (no file)
ShellExecuteHooks-{51E74159-54A6-4355-A78F-55998328FC07} - (no file)
ShellExecuteHooks-{8342F32F-896F-4EDF-9E97-60E84C02EB9A} - (no file)

.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://07129.com
mStart Page = hxxp://www.google.com
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
FF - ProfilePath - c:\documents and settings\CKS Andre SNEYAERT\Application Data\Mozilla\Firefox\Profiles\h6n3nsr0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-03 20:49:27
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

c:\windows\explorer.exe [1244] 0x850EAA68

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\FTRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Wanadoo\TaskBarIcon.exe
c:\program files\Brother\ControlCenter3\BrccMCtl.exe
c:\program files\Brother\Brmfcmon\BrMfcMon.exe
c:\progra~1\Wanadoo\Toaster.exe
c:\progra~1\Wanadoo\Inactivity.exe
c:\progra~1\Wanadoo\PollingModule.exe
.
**************************************************************************
.
Heure de fin: 2009-03-03 20:58:04 - La machine a redémarré [CKS Andre SNEYAERT]
ComboFix-quarantined-files.txt 2009-03-03 19:58:01
ComboFix2.txt 2009-03-03 15:59:43
ComboFix3.txt 2009-03-02 15:53:50
ComboFix4.txt 2009-03-01 18:21:17
ComboFix5.txt 2009-03-03 19:38:55

Avant-CF: 152 775 196 672 octets libres
Après-CF: 152,773,681,152 octets libres

389 --- E O F --- 2009-03-03 07:00:37

Réponse 98 / 123

Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537

Re,

toujours pas éradiqué;

tu pourrais copier dans ta réponse les 20 premières lignes du fichier Hosts.

Ces fichiers sont à toi ?

2009-03-03 13:59 . 2009-03-03 13:59 30,720 --a------ C:\Correspondance TEM 2009.doc
2009-03-03 10:03 . 2009-03-03 12:45 26,624 --a------ C:\TEM Entête.doc
2009-02-18 19:42 . 2009-02-18 19:42 31,232 --a------ C:\Relevé de compte LAW YAT au 31.12.2008.doc
2009-02-07 23:10 . 2009-02-07 23:10 170,496 --a------ C:\FINE CRUSH LTD.doc

Ceci est utile

c:\program files\FenAffiche\FenUnika.exe ?

=================

==============

Copie ou imprime les instructions avant.

Déconnecte toi d'internet et ferme toutes tes applications.

Désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

KillAll::

RootKit::
c:\windows\Fonts\TIMPIatform.exe
c:\windows\Fonts\hdvlediv.dll
c:\windows\Fonts\wuauclt.exe
c:\windows\Fonts\zwkytzhe.dll
c:\windows\Fonts\qwinvafv.dll
c:\windows\Fonts\gzdnf01.dat
c:\windows\Fonts\GBUNHAK.nls
c:\windows\Fonts\ktuxlvyx.dll
c:\windows\Fonts\guhfpzpq.dll
c:\windows\Fonts\note.exe
c:\windows\TEMPIadHide3.dll
c:\program files\HJTInstall.7z
%System%\waudfe.exe
%System%\drivers\npf.sys
%System%\npptools.dll
%System%\Packet.dll
%System%\WanPacket.dll
%System%\wpcap.dll
%System%\dllcache\spoolsv.exe
c:\windows\system32\drivers\pnpmem.sys
c:\windows\battc.sys
c:\windows\system32\drivers\acpiec.sys
E:\CC.PIF
c:\program files\bccd.pif
c:\windows\system32\wauefe.exe
c:\windows\system32\wauefe.exe.vzr
c:\windows\tmp.dat
c:\windows\sys.ini
c:\windows\system32\drivers\pnpmem.s¬ys
c:\windows\system32\ormsgse.axz
c:\windows\system32\exlds.ini
c:\windows\system32\D64374E8.dll
c:\windows\system32\D64374E8.cfg
c:\windows\winyyy.sys
c:\windows\system32\201476D0.dll
c:\windows\system32\72B29486.dll
c:\windows\system32\91C7DF6D.dll.vzr
c:\windows\system32\91C7DF6D.cfg
c:\windows\system32\waudfe.exe
c:\windows\setupapi.log.3.old
c:\windows\system32\72B29486.cfg
c:\windows\winsys.inf
%FontsDir%\twabramn.nls
c:\windows\system32\eojcjojj.dll
c:\windows\system32\hbofjcgd.dll
c:\windows\system32\cpkhiooa.dll
c:\windows\system32\wauefe.exe.vzr
c:\windows\tmp.dat
c:\windows\sys.ini
c:\windows\system32\ormsgse.axz
c:\windows\system32\exlds.ini
c:\windows\system32\D64374E8.cfg
C:\zasuiteSetup_en.exe
c:\windows\system32\91C7DF6D.cfg
c:\windows\setupapi.log.3.old
c:\windows\system32\72B29486.cfg
c:\windows\winsys.inf
C:\mbam-log-2009-02-20 (21-42-58)VIRUS
c:\windows\system32\telechargement-159-hijackthis.htm

folder::
c:\windows\$WIND$
c:\windows\WinShell

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EF2D7A6-0B99-4C44-B04A-D47125B76424}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{74A92EE1-64BD-4233-90B8-2AEB715FBF2D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7E4329EB-0F3A-4FC6-BAED-5648F708D30C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ZX.ZXAAATL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{8342F32F-896F-4EDF-9E97-60E84C02EB9A} = -
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
%FontsDir%\twabramn.nls = -
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34A12A06-48C0-420D-8F11-73552EE9631A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{489873CE-F3E1-44A3-8E89-04BE26BE4446}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDE9EB54-A08E-4570-B748-13F5DDB5781C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0AD3AB16-6D0E-4F04-8660-FB1F36BC2DC0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2F685B36-C53A-4653-9231-1DAE5736DE45}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{50C4CDD9-22D7-49FF-AC6D-7D4D528A3AB2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8FF78EFD-0213-4A73-AC23-6A489190DBFB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{065683C4-C71A-47F1-830B-7D9309D3913D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE2267BD-B163-407F-9E8D-6ADEC771E7AB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MewBogoMediaPop.PopBogo]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MezsAdPopup.BWLogc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewAdPopup.ToolbarDetector]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Toolbar_bho.IeToolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{489873CE-F3E1-44A3-8E89-04BE26BE4446}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ContentMatch]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IETimber]
[-HKEY_LOCAL_MACHINE\SOFTWARE\cpush]
[-HKEY_LOCAL_MACHINE\SOFTWARE\IETimber]
[-HKEY_LOCAL_MACHINE\SOFTWARE\MicroPlugins]
[-HKEY_CURRENT_USER\Software\newpush]
[-HKEY_CURRENT_USER\Software\Sysisoft]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]
360safe = -
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360rpt.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360safe.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360safebox.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360tray.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ANTIARP.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ArSwp.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Ast.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AutoRun.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AutoRunKiller.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AvMonitor.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVP.COM]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVP.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CCenter.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Frameworkservice.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GFUpd.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GuardField.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IceSword.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Iparmor.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KASARP.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kav32.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVPFW.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavstart.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kissvc.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kmailmon.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPfwSvc.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KRegEx.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVMonxp.KXP]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVSrvXP.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVWSC.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kwatch.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Mmsk.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Navapsvc.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32krn.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nod32kui.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PFW.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QQDoctor.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAV.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavMon.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavMonD.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Ravservice.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavStub.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavTask.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAVTRAY.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Regedit.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwmain.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwProxy.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwsrv.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rfwstub.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RsAgent.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rsaupd.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RsMain.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rsnetsvr.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RSTray.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Runiep.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\safeboxTray.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ScanFrm.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SREngLdr.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojanDetector.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Trojanwall.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojDie.KXP]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VPC32.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VPTRAY.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WOPTILITIES.EXE]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{91C7DF6D-AEF5-4136-9252-AF030D7A5931}"= -
"{1957817A-94B2-4CAC-B113-A331809B5730}"=-
"{E83C3833-A1EE-4C18-B34E-ACD20C0A646C}"=-
"{1B8F3C0D-D80F-428C-BBE1-013634121393}"=-
"{C941288A-27FC-484E-AC78-BA04CB41FD53}"=-
"{D64374E8-8B1D-49AB-9284-5072687B6BD3}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
"E83C3833"= -
"1B8F3C0D"= -
"C941288A"= -
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows
"AppInit_DLLs"=””
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c984ab7c-e6f0-11dd-8d9e-00142a50775a}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"MSPolicyAgent"= -
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page" = ""

Driver::
pnpmem
myprotector
UPDATEDATA

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe

Clique sur le fichier CFscript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscrïpt vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Réactive ton parefeu, ton antivirus, la garde de ton antispyware

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt

Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation.

Réponse 99 / 123

ROSALLY Messages postés 80 Statut Membre

bonjour Lyonnais

je ne comprends pas ta phrase ci-dessous :
(tu pourrais copier dans ta réponse les 20 premières lignes du fichier Hosts. )

Ces fichiers sont à toi ? OUI c'est mes fichiers traitement de texte sous word

2009-03-03 13:59 . 2009-03-03 13:59 30,720 --a------ C:\Correspondance TEM 2009.doc
2009-03-03 10:03 . 2009-03-03 12:45 26,624 --a------ C:\TEM Entête.doc
2009-02-18 19:42 . 2009-02-18 19:42 31,232 --a------ C:\Relevé de compte LAW YAT au 31.12.2008.doc
2009-02-07 23:10 . 2009-02-07 23:10 170,496 --a------ C:\FINE CRUSH LTD.doc

que dois je faire de ça : Ceci est utile c:\program files\FenAffiche\FenUnika.exe ?

Je suis tjrs deconnecter d'internet concernant le PC infecter, j'attends le rapport Scan, je te le passe après,

Remarque: tjrs 54 fichiers infectés même on les suprimont, ils reviennent .........

Réponse 100 / 123

ROSALLY Messages postés 80 Statut Membre

bonjour
ci-après rapport ComboFix

ComboFix 09-03-01.01 - CKS Andre SNEYAERT 2009-03-04 10:51:36.16 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.894.448 [GMT 1:00]
Lancé depuis: c:\documents and settings\CKS Andre SNEYAERT\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\CKS Andre SNEYAERT\Bureau\CFscript.txt
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\HJTInstall.7z
c:\windows\Fonts\GBUNHAK.nls
c:\windows\Fonts\gzdnf01.dat
c:\windows\Fonts\TIMPIatform.exe
c:\windows\Fonts\wuauclt.exe
c:\windows\TEMPIadHide3.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-04 au 2009-03-04 ))))))))))))))))))))))))))))))))))))
.

2009-03-03 13:59 . 2009-03-03 13:59 30,720 --a------ C:\Correspondance TEM 2009.doc
2009-03-03 10:03 . 2009-03-03 19:11 27,136 --a------ C:\TEM Entête.doc
2009-03-02 15:45 . 2009-03-02 16:21 13,531 --a------ c:\windows\system32\wauefe.exe.vzr
2009-03-02 11:38 . 2009-03-02 11:38 40 --a------ c:\windows\tmp.dat
2009-03-02 11:38 . 2009-03-02 11:38 37 --a------ c:\windows\sys.ini
2009-03-01 19:56 . 2009-03-01 19:56 32 --a------ c:\windows\system32\ormsgse.axz
2009-03-01 19:42 . 2009-03-03 20:47 <REP> d-------- c:\windows\system32\ZoneLabs
2009-03-01 19:15 . 2009-03-02 17:28 143 --a------ c:\windows\system32\exlds.ini
2009-03-01 19:00 . 2009-03-01 19:21 <REP> d-------- C:\Fixfix
2009-03-01 18:55 . 2009-03-01 18:55 236 --ahs---- c:\windows\system32\D64374E8.cfg
2009-03-01 13:15 . 2009-03-01 13:15 267,152 --a------ C:\zasuiteSetup_en.exe
2009-03-01 12:49 . 2009-03-01 16:20 388 --ahs---- c:\windows\system32\91C7DF6D.cfg
2009-03-01 12:19 . 2009-03-01 12:19 401,720 --a------ C:\HiJackThis.exe
2009-02-26 00:55 . 2009-03-01 18:50 1,354,483 --a------ c:\windows\setupapi.log.3.old
2009-02-25 23:29 . 2009-03-03 07:56 2,233 --a------ C:\rollback.ini
2009-02-25 20:26 . 2009-02-25 20:26 <REP> d-------- c:\program files\SonicWallES
2009-02-25 19:09 . 2009-02-25 19:26 <REP> d-------- C:\Combo-Fix
2009-02-25 17:25 . 2009-02-25 17:25 200 --ahs---- c:\windows\system32\72B29486.cfg
2009-02-25 13:58 . 2009-02-25 13:58 <REP> d-------- c:\program files\Zone Labs
2009-02-25 13:58 . 2009-03-02 17:24 4,212 --ah----- c:\windows\system32\zllictbl.dat
2009-02-25 13:56 . 2009-03-03 20:47 <REP> d-------- c:\windows\Internet Logs
2009-02-24 19:17 . 2009-03-01 19:01 2,681 --a------ c:\windows\winsys.inf
2009-02-24 18:55 . 2009-02-24 18:55 1,811 --a------ c:\windows\ACROREAD.INI
2009-02-23 16:50 . 2004-08-05 13:00 4,224 --a------ c:\windows\system32\drivers\beep.sys
2009-02-23 16:50 . 2004-08-05 13:00 4,224 --a--c--- c:\windows\system32\dllcache\beep.sys
2009-02-21 00:01 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-21 00:00 . 2009-02-21 00:01 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-21 00:00 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-20 23:13 . 2009-02-20 23:13 396,288 --a------ c:\windows\HijackThis.exe
2009-02-20 22:23 . 2009-03-01 12:13 <REP> d-------- C:\ToolBar SD
2009-02-20 21:43 . 2009-02-20 21:43 16,656 --a------ C:\mbam-log-2009-02-20 (21-42-58)VIRUS
2009-02-20 19:50 . 2009-02-20 19:50 15,069 --a------ c:\windows\system32\telechargement-159-hijackthis.htm
2009-02-20 19:04 . 2009-02-20 19:04 <REP> d-------- c:\program files\MediaChannel
2009-02-20 16:08 . 2009-02-20 16:08 <REP> d-------- c:\documents and settings\CKS Andre SNEYAERT\Application Data\Malwarebytes
2009-02-20 16:08 . 2009-02-20 16:08 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-20 13:11 . 2003-03-18 21:20 1,060,864 --a------ c:\windows\system32\mfc71.dll
2009-02-20 13:01 . 2009-02-20 13:01 520,052 --a------ c:\windows\system32\mfc71.7z
2009-02-20 12:55 . 2009-02-20 13:00 <REP> d-------- c:\windows\system32\mfc71
2009-02-20 12:01 . 2009-02-20 12:02 514,940 -rah----- c:\windows\system32\mfc71.zip
2009-02-20 11:31 . 2009-02-20 11:31 <REP> d-------- c:\documents and settings\CKS Andre SNEYAERT\Application Data\Uniblue
2009-02-19 18:50 . <REP> c:\windows\$WIND$
2009-02-19 18:45 . 2009-02-20 22:16 <REP> d-------- c:\program files\Goto Software
2009-02-19 18:45 . 2009-02-20 22:16 <REP> d-------- c:\program files\Fichiers communs\Goto Software
2009-02-19 18:45 . 2009-02-19 18:45 <REP> d-------- c:\documents and settings\CKS Andre SNEYAERT\Application Data\VadeRetro
2009-02-19 18:45 . 2009-02-20 22:16 <REP> d-------- c:\documents and settings\All Users\Application Data\VadeRetro
2009-02-19 16:43 . <REP> c:\windows\WinShell
2009-02-18 19:42 . 2009-02-18 19:42 31,232 --a------ C:\Relevé de compte LAW YAT au 31.12.2008.doc
2009-02-17 14:47 . 2009-03-02 22:22 <REP> d-------- c:\windows\Intel
2009-02-17 14:45 . 2008-04-14 03:33 19,968 --a--c--- c:\windows\system32\dllcache\linkinfo.dll
2009-02-07 23:10 . 2009-02-07 23:10 170,496 --a------ C:\FINE CRUSH LTD.doc
2009-02-04 10:50 . 2009-02-04 10:50 24,576 --a------ c:\windows\system32\nsis_loader.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-04 09:56 --------- d-----w c:\program files\Wanadoo
2009-03-04 08:30 --------- d-----w c:\documents and settings\CKS Andre SNEYAERT\Application Data\Skype
2009-03-03 11:24 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-27 19:26 --------- d-----w c:\program files\SurfingEnhancer
2009-02-26 10:44 --------- d-----w c:\program files\FenAffiche
2009-02-25 17:50 --------- d-----w c:\program files\Common
2009-02-18 18:10 --------- d-----w c:\program files\Google
2009-01-23 20:21 --------- d-----w c:\documents and settings\All Users\Application Data\288537758
2009-01-21 19:07 --------- d-----w c:\program files\EnveloppesEditor1.09
2009-01-21 16:56 --------- d-----w c:\documents and settings\CKS Andre SNEYAERT\Application Data\PC-FAX TX
2009-01-16 17:15 137,664 ----a-w c:\windows\system32\drivers\adiusbaw.sys
2008-09-22 09:52 85,504 ----a-w c:\documents and settings\CKS Andre SNEYAERT\Application Data\GDIPFONTCACHEV1.DAT
2008-09-04 14:43 1,940 ----a-w c:\documents and settings\CKS Andre SNEYAERT\Application Data\ViewerApp.dat
2008-09-27 10:02 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-03-01_19.19.27.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-01 18:15:49 49,152 ----a-w c:\windows\system32\npptools.dll
+ 2008-04-14 02:33:36 55,296 ----a-w c:\windows\system32\npptools.dll
+ 2009-03-03 15:33:04 9,828,864 ----a-w c:\windows\system32\ZoneLabs\zlqrtdb.dat
+ 2009-03-04 09:54:38 16,384 ----atw c:\windows\temp\Perflib_Perfdata_5a0.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08CBFE20-8DC8-4195-B8E2-DD66F860469D}]
c:\program files\Internet Explorer\PowerJa.ask [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"Livecom"="c:\progra~1\Livecom\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" [2006-02-23 237568]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-02-09 25388584]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-01 68856]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2002-07-17 204863]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fenaffiche"="c:\program files\FenAffiche\FenUnika.exe" [BU]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Microsoft Works Update Detection"="c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-18 28672]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-20 136600]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CAMTRAY.EXE" [2003-10-13 184320]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-27 29744]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-23 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"SiSPower"="SiSPower.dll" [2005-04-12 c:\windows\system32\SiSPower.dll]
"SoundMan"="SOUNDMAN.EXE" [2005-03-24 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 36040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9d.exe" [2007-06-11 190696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"360safe"="c:\windows\Fonts\wuauclt.exe" [BU]

c:\documents and settings\CKS Andre SNEYAERT\Menu D‚marrer\Programmes\D‚marrage\
Outil de d‚tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-07-19 385024]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2006-04-28 151552]
Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2006-04-28 106496]
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe [2007-04-20 835584]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{08CBFE20-8DC8-4195-B8E2-DD66F860469D}"= "c:\program files\Internet Explorer\PowerJa.ask" [BU]
"{815EDE81-767D-4636-80F5-141578667A98}"= "c:\windows\fonts\spswdgis.dll" [BU]
"{CA8ABC8B-93B1-4818-ACA5-37131E0523D8}"= "c:\windows\system32\caoabcob.dll" [BU]
"{9556EE7F-D5B7-4DE4-819F-90B9408AF39E}"= "c:\windows\system32\pllmeenf.dll" [BU]
"{2A97029D-5F87-40B7-AC87-BDFC8BE941E3}"= "c:\windows\system32\iapngipd.dll" [BU]
"{1A8DD36E-3DE4-484B-B498-51E0F66688E6}"= "c:\windows\system32\haoddjme.dll" [BU]
"{F6B2817A-4836-4870-928F-236264E3AF32}"= "c:\windows\system32\fmbiohna.dll" [BU]
"{147C7481-5793-4972-A433-C7C6DCB2A4DA}"= "c:\windows\system32\hkncnkoh.dll" [BU]
"{A218ACB1-0EC2-413A-B72D-5411FBC6193F}"= "c:\windows\system32\aihoacbh.dll" [BU]
"{840C288D-33C2-4932-846F-5B3A1FC6FCAD}"= "c:\windows\system32\okgciood.dll" [BU]
"{449D2A6F-94FC-40BF-A260-6968AC4B060B}"= "c:\windows\system32\kkpdiamf.dll" [BU]
"{1B8F3C0D-D80F-428C-BBE1-013634121393}"= "c:\windows\system32\hbofjcgd.dll" [2008-08-14 49152]
"{C941288A-27FC-484E-AC78-BA04CB41FD53}"= "c:\windows\system32\cpkhiooa.dll" [2008-08-14 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"1B8F3C0D"= {1B8F3C0D-D80F-428C-BBE1-013634121393} - c:\windows\system32\hbofjcgd.dll [2008-08-14 49152]
"C941288A"= {C941288A-27FC-484E-AC78-BA04CB41FD53} - c:\windows\system32\cpkhiooa.dll [2008-08-14 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=hbofjcgd.dll cpkhiooa.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360rpt.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360safe.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360safebox.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360tray.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a.exe]
"Debugger"=c:\windows\system32\keepSafe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ANTIARP.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ArSwp.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Ast.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AutoRun.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AutoRunKiller.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AvMonitor.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVP.COM]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVP.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CCenter.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Frameworkservice.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GFUpd.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GuardField.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\HijackThis.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IceSword.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Iparmor.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KASARP.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kav32.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVPFW.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavstart.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kissvc.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kmailmon.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPfwSvc.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KRegEx.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVMonxp.KXP]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVSrvXP.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVWSC.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kwatch.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Mmsk.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Navapsvc.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32krn.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nod32kui.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PFW.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QQDoctor.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAV.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavMon.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavMonD.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Ravservice.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavStub.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavTask.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAVTRAY.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Regedit.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwmain.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwProxy.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwsrv.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rfwstub.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RsAgent.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rsaupd.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RsMain.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rsnetsvr.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RSTray.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Runiep.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\safeboxTray.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ScanFrm.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SREngLdr.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojanDetector.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Trojanwall.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojDie.KXP]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VPC32.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VPTRAY.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WOPTILITIES.EXE]
"debugger"=c:\windows\system32\dllcache\spoolsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Livecom\\Application\\eConfv4\\livecomp.exe"=
"c:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=

S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-11-21 29744]
S3 P1120VID;Creative WebCam NX Ultra;c:\windows\system32\drivers\P1120Vid.sys [2006-02-01 1252474]
S3 PsShutdownSvc;PsShutdown;c:\windows\system32\PSSDNSVC.EXE [2005-08-22 65536]
S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;c:\windows\system32\drivers\WlanUZXP.sys [2007-04-20 260608]
S3 ZDCndis5;ZDCndis5 Protocol Driver;c:\windows\system32\zdcndis5.sys [2009-01-16 137664]
.
Contenu du dossier 'Tâches planifiées'

2009-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 14:21]

2009-03-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-23 15:32]

2009-03-04 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHELINS SUPPRIMES - - - -

ShellExecuteHooks-{B3DDF3DF-0A05-4BE9-B37D-7021BD501C7A} - (no file)
ShellExecuteHooks-{A9386267-1CF0-48EC-9DBA-412A44C76334} - (no file)
ShellExecuteHooks-{9B8978FE-5B0E-476D-8F15-3FB5119A42F3} - (no file)
ShellExecuteHooks-{FE494031-756B-4865-99B4-4DE92DDCF609} - (no file)
ShellExecuteHooks-{46184B86-19FF-4A37-9167-4C538027CEBC} - (no file)
ShellExecuteHooks-{AC9A4670-B0B6-4EC7-B6A5-B29FA3530420} - (no file)
ShellExecuteHooks-{9B3DC09A-2613-4613-96F8-F8E305BFF825} - (no file)
ShellExecuteHooks-{C13945CA-D00B-4474-B105-3838809607EA} - (no file)
ShellExecuteHooks-{22EC45F3-1651-409E-8273-6D80E39B4549} - (no file)
ShellExecuteHooks-{391597A0-67FF-4D4F-9AFF-8471E5D0D3C9} - (no file)
ShellExecuteHooks-{BA9620A6-68E8-492D-9B28-7B7416F69673} - (no file)
ShellExecuteHooks-{04D3233B-EC1F-44B3-BBE4-9D76438EEC1E} - (no file)
ShellExecuteHooks-{51E74159-54A6-4355-A78F-55998328FC07} - (no file)
ShellExecuteHooks-{8342F32F-896F-4EDF-9E97-60E84C02EB9A} - (no file)

.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page =
mStart Page = hxxp://www.google.com
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
FF - ProfilePath - c:\documents and settings\CKS Andre SNEYAERT\Application Data\Mozilla\Firefox\Profiles\h6n3nsr0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-04 10:54:58
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\FTRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Wanadoo\TaskBarIcon.exe
c:\program files\Brother\ControlCenter3\BrccMCtl.exe
c:\program files\Brother\Brmfcmon\BrMfcMon.exe
.
**************************************************************************
.
Heure de fin: 2009-03-04 11:06:50 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-04 10:06:19
ComboFix2.txt 2009-03-03 19:58:06
ComboFix3.txt 2009-03-03 15:59:43
ComboFix4.txt 2009-03-02 15:53:50
ComboFix5.txt 2009-03-04 09:48:54

Avant-CF: 152 734 085 120 octets libres
Après-CF: 152,712,364,032 octets libres

381 --- E O F --- 2009-03-03 21:16:22

Discussions similaires

Erreur de lecture sur iptv smarters

Message "Un bloqueur de publicité empêche la lecture..."

Erreur de lecture des tv film et series sur mon appli iptv smarters pro

Lecture résumé HIJACKTHIS

123 réponses

Votre réponse

Discussions similaires

Newsletters