Trojan downloader.zlob.czg

iwalg2 -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
mon antivirus detecte un trojan downloader.zlob.czg mais n'arrive pas a le nettoyer,je ne sais plus quoi faire !
quelqu'un a t'il une solution ?
merci
Configuration: Windows XP
Internet Explorer 7.0

7 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Slt,

    scan avec malwarebyte , fais un scan minutieux et colle le rapport obtenu et vire ce qui est trouvé:

    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/­

    ______________________

    Télécharge ici :

    http://images.malwareremoval.com/random/RSIT.exe

    random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

    Double-clique sur RSIT.exe afin de lancer RSIT.

    Clique Continue à l'écran Disclaimer.

    Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

    Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

    NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    0
    1. iwalg2
       
      voila,j'ai reussi quelques unes des operations

      Malwarebytes' Anti-Malware 1.35
      Version de la base de données: 1904
      Windows 5.1.2600 Service Pack 3

      31/03/2009 23:27:35
      mbam-log-2009-03-31 (23-27-24).txt

      Type de recherche: Examen complet (C:\|D:\|)
      Eléments examinés: 261739
      Temps écoulé: 1 hour(s), 19 minute(s), 59 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 0
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 2
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 1

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> No action taken.

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      C:\Program Files\Peer2Peer-FR\Peer2Peer-FRToolbarHelper.exe (Adware.Speedapps) -> No action taken.

      Logfile of random's system information tool 1.06 (written by random/random)
      Run by STEPHANE at 2009-03-31 23:53:02
      Microsoft Windows XP Professionnel Service Pack 3
      System drive C: has 36 GB (31%) free of 117 GB
      Total RAM: 1023 MB (49% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 23:53:10, on 31/03/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16791)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\eHome\ehSched.exe
      C:\Program Files\ESET\ESET Smart Security\ekrn.exe
      C:\Program Files\Windows Live\Family Safety\fsssvc.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
      C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\userinit.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\ehome\ehtray.exe
      C:\WINDOWS\eHome\ehmsas.exe
      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
      C:\Program Files\Acer\eRecovery\Monitor.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\Windows Live\Family Safety\fsui.exe
      C:\Program Files\Logitech\QuickCam\Quickcam.exe
      C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
      C:\Program Files\ESET\ESET Smart Security\egui.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 Mon Edition Spéciale\CalCheck.exe
      C:\Program Files\WinZip\WZQKPICK.EXE
      C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
      C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
      C:\Program Files\Windows Live\Toolbar\wltuser.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\Documents and Settings\STEPHANE\Mes documents\RSIT.exe
      C:\Program Files\Trend Micro\HijackThis\STEPHANE.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
      R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
      R3 - URLSearchHook: Peer2Peer-FR Toolbar - {b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d} - C:\Program Files\Peer2Peer-FR\tbPee1.dll
      O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
      O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL (file missing)
      O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
      O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
      O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
      O2 - BHO: Peer2Peer-FR Toolbar - {b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d} - C:\Program Files\Peer2Peer-FR\tbPee1.dll
      O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
      O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\RXToolBar\RXToolBar.dll (file missing)
      O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: Internet Service - {E43B6656-814B-4839-8FF8-AFFDE0DA9A3F} - C:\Program Files\Applications\iebr.dll (file missing)
      O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
      O3 - Toolbar: Peer2Peer-FR Toolbar - {b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d} - C:\Program Files\Peer2Peer-FR\tbPee1.dll
      O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
      O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
      O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
      O4 - HKLM\..\Run: [LaunchApp] Alaunch
      O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
      O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
      O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
      O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
      O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Controleur de calendrier pour Mon Edition personnalisee de Ulead Photo Express 4.0.lnk = ?
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
      O4 - Global Startup: Wireless 802.11g USB Adapter.lnk = C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe
      O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
      O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
      O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
      O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
      O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
      O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
      O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
      O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
      O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
      0
  2. iwalg2
     
    je n'arrive plus a demarrer le pc ! windows s'ouvre mais une fois que je tombe sur la page ou on doit choisir la cession ,ca me met "cargement en cours " et il revient au depart
    je ne peux plus ouvrir ma cession
    0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt peux tu aller en mode sans echec pour faire ce qui est demandé?

    http://forum.telecharger.01net.com/forum/high-tech/SECURITE/Securite/redemarrer-mode-echec-sujet_1526_1.htm
    0
  4. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    vire ce qui a été trouvé par malwarebyte

    _______________

    vire toutes ces taches plannifiées en allant dans poste de travail puis

    C:\WINDOWS\tasks\At1.job
    C:\WINDOWS\tasks\At10.job
    C:\WINDOWS\tasks\At11.job
    C:\WINDOWS\tasks\At12.job
    C:\WINDOWS\tasks\At13.job
    C:\WINDOWS\tasks\At14.job
    C:\WINDOWS\tasks\At15.job
    C:\WINDOWS\tasks\At16.job
    C:\WINDOWS\tasks\At17.job
    C:\WINDOWS\tasks\At18.job
    C:\WINDOWS\tasks\At19.job
    C:\WINDOWS\tasks\At2.job
    C:\WINDOWS\tasks\At20.job
    C:\WINDOWS\tasks\At21.job
    C:\WINDOWS\tasks\At22.job
    C:\WINDOWS\tasks\At23.job
    C:\WINDOWS\tasks\At24.job
    C:\WINDOWS\tasks\At3.job
    C:\WINDOWS\tasks\At4.job
    C:\WINDOWS\tasks\At5.job
    C:\WINDOWS\tasks\At6.job
    C:\WINDOWS\tasks\At7.job
    C:\WINDOWS\tasks\At8.job
    C:\WINDOWS\tasks\At9.job
    C:\WINDOWS\tasks\Norton Security Scan for STEPHANE.job
    _________________

    Pour fusionner:

    http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

    _______________

    telecharge combofix:

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    _________________

    Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    File::
    F:\Programs\nu2menu\nu2menu.exe
    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d420ece-0f90-11db-b6dc-00142a422ba4}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1079c6a-1bd2-11de-bf63-00142a422ba4}]

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    _________________

    Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

    * Lance l'installation du programme en exécutant le fichier téléchargé.
    * Double-clique maintenant sur le raccourci de Toolbar-S&D.
    * Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
    * Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
    * Poste le rapport généré. (C:\TB.txt)
    0
    1. iwalg2
       
      voici le rapport combofix:
      ComboFix 09-04-01.01 - STEPHANE 2009-04-02 0:21:55.1 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1023.515 [GMT 2:00]
      Lancé depuis: c:\documents and settings\STEPHANE\Bureau\ComboFix.exe
      AV: Bitdefender Antivirus *On-access scanning disabled* (Updated)
      AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
      FW: Bitdefender Firewall *disabled*
      FW: Pare-feu personnel d'ESET *enabled*
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\kmd.exe
      c:\program files\Altnet
      c:\program files\Altnet\DBBackup\Sigfiles.db
      c:\program files\Altnet\Download Manager\dminfo3.cab
      c:\program files\Altnet\Download Manager\dminstall7.cab
      c:\program files\Altnet\Download Manager\dmsetup.bmp
      c:\program files\Altnet\Download Manager\dmsetupbig.bmp
      c:\program files\Altnet\Download Manager\jsinstall.cab
      c:\program files\Altnet\Download Manager\jslegals.txt
      c:\program files\Altnet\Download Manager\selectdir.txt
      c:\program files\Altnet\Download Manager\selectdir1st.txt
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab.cab
      c:\program files\Altnet\Points Manager\LocalPages\altnet.css
      c:\program files\Altnet\Points Manager\LocalPages\gradient.gif
      c:\program files\Altnet\Points Manager\LocalPages\local_firstuse.html
      c:\program files\Altnet\Points Manager\LocalPages\local_points.html
      c:\program files\Altnet\Points Manager\LocalPages\local_redeem.html
      c:\program files\Altnet\Points Manager\LocalPages\local_start.html
      c:\program files\Altnet\Points Manager\LocalPages\local_wallet.html
      c:\program files\Altnet\Points Manager\LocalPages\notconnected.gif
      c:\program files\Altnet\Points Manager\LocalPages\offline.gif
      c:\program files\Altnet\Points Manager\LocalPages\pixel.gif
      c:\program files\Altnet\Points Manager\Points Manager.exe.Manifest
      c:\program files\Altnet\Points Manager\settings.cab
      c:\program files\Altnet\Points Manager\setup.cab
      c:\program files\Altnet\Points Manager\Skin\back-over.bmp
      c:\program files\Altnet\Points Manager\Skin\back.bmp
      c:\program files\Altnet\Points Manager\Skin\bottom.bmp
      c:\program files\Altnet\Points Manager\Skin\bottomleft.bmp
      c:\program files\Altnet\Points Manager\Skin\bottomright.bmp
      c:\program files\Altnet\Points Manager\Skin\close-over.bmp
      c:\program files\Altnet\Points Manager\Skin\close.bmp
      c:\program files\Altnet\Points Manager\Skin\forward-over.bmp
      c:\program files\Altnet\Points Manager\Skin\forward.bmp
      c:\program files\Altnet\Points Manager\Skin\help-bottom.bmp
      c:\program files\Altnet\Points Manager\Skin\help-over.bmp
      c:\program files\Altnet\Points Manager\Skin\help-sel.bmp
      c:\program files\Altnet\Points Manager\Skin\help-top.bmp
      c:\program files\Altnet\Points Manager\Skin\help-topleft.bmp
      c:\program files\Altnet\Points Manager\Skin\help-topright.bmp
      c:\program files\Altnet\Points Manager\Skin\help.bmp
      c:\program files\Altnet\Points Manager\Skin\Help.xml
      c:\program files\Altnet\Points Manager\Skin\left.bmp
      c:\program files\Altnet\Points Manager\Skin\maximise-over.bmp
      c:\program files\Altnet\Points Manager\Skin\maximise.bmp
      c:\program files\Altnet\Points Manager\Skin\mb_bottom.bmp
      c:\program files\Altnet\Points Manager\Skin\mb_bottomleft.bmp
      c:\program files\Altnet\Points Manager\Skin\mb_bottomright.bmp
      c:\program files\Altnet\Points Manager\Skin\mb_left.bmp
      c:\program files\Altnet\Points Manager\Skin\mb_right.bmp
      c:\program files\Altnet\Points Manager\Skin\mb_top.bmp
      c:\program files\Altnet\Points Manager\Skin\mb_topleft.bmp
      c:\program files\Altnet\Points Manager\Skin\mb_topright.bmp
      c:\program files\Altnet\Points Manager\Skin\message.xml
      c:\program files\Altnet\Points Manager\Skin\minimise-over.bmp
      c:\program files\Altnet\Points Manager\Skin\minimise.bmp
      c:\program files\Altnet\Points Manager\Skin\points-disabled.bmp
      c:\program files\Altnet\Points Manager\Skin\points-over.bmp
      c:\program files\Altnet\Points Manager\Skin\points-sel.bmp
      c:\program files\Altnet\Points Manager\Skin\points.bmp
      c:\program files\Altnet\Points Manager\Skin\redeem-disabled.bmp
      c:\program files\Altnet\Points Manager\Skin\redeem-over.bmp
      c:\program files\Altnet\Points Manager\Skin\redeem-sel.bmp
      c:\program files\Altnet\Points Manager\Skin\redeem.bmp
      c:\program files\Altnet\Points Manager\Skin\refresh-over.bmp
      c:\program files\Altnet\Points Manager\Skin\refresh.bmp
      c:\program files\Altnet\Points Manager\Skin\right.bmp
      c:\program files\Altnet\Points Manager\Skin\Sav3BD.tmp
      c:\program files\Altnet\Points Manager\Skin\settings-disabled.bmp
      c:\program files\Altnet\Points Manager\Skin\settings-over.bmp
      c:\program files\Altnet\Points Manager\Skin\settings-sel.bmp
      c:\program files\Altnet\Points Manager\Skin\settings.bmp
      c:\program files\Altnet\Points Manager\Skin\Skin.xml
      c:\program files\Altnet\Points Manager\Skin\start-disabled.bmp
      c:\program files\Altnet\Points Manager\Skin\start-over.bmp
      c:\program files\Altnet\Points Manager\Skin\start-sel.bmp
      c:\program files\Altnet\Points Manager\Skin\start.bmp
      c:\program files\Altnet\Points Manager\Skin\top.bmp
      c:\program files\Altnet\Points Manager\Skin\topleft-pro.bmp
      c:\program files\Altnet\Points Manager\Skin\topleft-reg.bmp
      c:\program files\Altnet\Points Manager\Skin\topleft.bmp
      c:\program files\Altnet\Points Manager\Skin\topright.bmp
      c:\program files\Altnet\Points Manager\Skin\wallet-disabled.bmp
      c:\program files\Altnet\Points Manager\Skin\wallet-over.bmp
      c:\program files\Altnet\Points Manager\Skin\wallet-sel.bmp
      c:\program files\Altnet\Points Manager\Skin\wallet.bmp
      c:\program files\Need2Find
      c:\program files\Need2Find\bar\1.bin\N2FFXTBR.JAR
      c:\program files\Need2Find\bar\1.bin\N2NTSTBR.JAR
      c:\program files\Need2Find\bar\1.bin\PARTNER.DAT
      c:\program files\Need2Find\bar\Cache\[u]0/u01EB0A0
      c:\program files\Need2Find\bar\Cache\files.ini
      c:\program files\Need2Find\bar\History\search
      c:\program files\Need2Find\bar\Settings\prevcfg.htm
      c:\windows\cdmxtras
      c:\windows\pack.epk
      c:\windows\system32\AdCache
      c:\windows\system32\AdCache\B_329_0_0_105300.htm
      c:\windows\system32\AdCache\B_329_0_0_106800.htm
      c:\windows\system32\AdCache\B_329_0_0_107400.htm
      c:\windows\system32\AdCache\B_329_1_0_449200.gif
      c:\windows\system32\AdCache\B_329_1_0_449600.gif
      c:\windows\system32\AdCache\B_329_1_0_454300.gif
      c:\windows\system32\AdCache\B_329_2_0_105300.htm
      c:\windows\system32\AdCache\B_329_2_0_106800.htm
      c:\windows\system32\AdCache\B_329_2_0_107400.htm
      c:\windows\system32\AdCache\B_329_3_0_105300.htm
      c:\windows\system32\AdCache\B_329_3_0_106800.htm
      c:\windows\system32\AdCache\B_329_3_0_107400.htm
      c:\windows\system32\AdCache\B_329_4_0_111600.htm
      c:\windows\system32\AdCache\B_329_4_0_152400.htm
      c:\windows\system32\AdCache\B_329_4_0_155300.htm
      c:\windows\system32\AdCache\B_329_4_0_164100.htm
      c:\windows\system32\autorun.ini
      c:\windows\system32\cache329
      c:\windows\system32\cache329\B_329_0_0_105300.htm
      c:\windows\system32\cache329\B_329_0_0_106800.htm
      c:\windows\system32\cache329\B_329_0_0_107400.htm
      c:\windows\system32\cache329\B_329_1_0_449200.gif
      c:\windows\system32\cache329\B_329_1_0_449600.gif
      c:\windows\system32\cache329\B_329_1_0_454300.gif
      c:\windows\system32\cache329\B_329_2_0_105300.htm
      c:\windows\system32\cache329\B_329_2_0_106800.htm
      c:\windows\system32\cache329\B_329_2_0_107400.htm
      c:\windows\system32\cache329\B_329_3_0_105300.htm
      c:\windows\system32\cache329\B_329_3_0_106800.htm
      c:\windows\system32\cache329\B_329_3_0_107400.htm
      c:\windows\system32\cache329\B_329_4_0_111600.htm
      c:\windows\system32\cache329\B_329_4_0_152400.htm
      c:\windows\system32\cache329\B_329_4_0_155300.htm
      c:\windows\system32\cache329\B_329_4_0_164100.htm
      c:\windows\system32\cache329\t_B_329_0_0_106800.htm
      c:\windows\system32\cache329\t_B_329_0_0_107400.htm
      c:\windows\system32\cache329\t_B_329_2_0_106800.htm
      c:\windows\system32\cache329\t_B_329_2_0_107400.htm
      c:\windows\system32\cache329\t_B_329_3_0_106800.htm
      c:\windows\system32\cache329\t_B_329_3_0_107400.htm
      c:\windows\system32\cache329\t_B_329_4_0_111600.htm
      c:\windows\system32\cache329\t_B_329_4_0_152400.htm
      c:\windows\system32\cache329\t_B_329_4_0_155300.htm
      c:\windows\system32\cache329\t_B_329_4_0_164100.htm
      c:\windows\system32\P2P Networking
      c:\windows\system32\P2P Networking\Cache\Database\file-10001-120.sig
      c:\windows\system32\P2P Networking\Cache\Database\file-10001-2615170992.sig
      c:\windows\system32\P2P Networking\Cache\Database\file-1001-597.sig
      c:\windows\system32\P2P Networking\Cache\Database\index256.dbb
      c:\windows\system32\P2P Networking\P2P Networking.eng
      c:\windows\system32\sohovaha.dll
      c:\windows\system32\vekukedu.dll

      [COLOR=RED] c:\windows\system32\userinit.exe . . . est infecté!!/COLOR

      [COLOR=RED] c:\windows\system32\userinit.exe . . . est infecté!!/COLOR

      .
      ((((((((((((((((((((((((((((( Fichiers créés du 2009-03-01 au 2009-04-01 ))))))))))))))))))))))))))))))))))))
      .

      2009-04-02 00:17 . 2009-04-02 00:14 401,408 --a------ c:\windows\system32\CF8706.exe
      2009-04-01 00:47 . 2009-04-01 00:48 <REP> d-------- c:\program files\QuickTime
      2009-03-31 23:53 . 2009-03-31 23:53 <REP> d-------- C:\rsit
      2009-03-29 10:30 . 2009-03-29 10:30 <REP> d-------- c:\documents and settings\STEPHANE\Application Data\ESET
      2009-03-29 10:29 . 2009-03-29 10:29 <REP> d-------- c:\program files\ESET
      2009-03-29 10:29 . 2009-03-29 10:29 <REP> d-------- c:\documents and settings\All Users\Application Data\ESET
      2009-03-28 21:58 . 2009-03-28 21:58 <REP> d-------- c:\program files\Enigma Software Group
      2009-03-27 18:04 . 2009-03-27 18:04 <REP> d-------- c:\documents and settings\NetworkService\Application Data\Yahoo!
      2009-03-27 18:00 . 2009-03-27 18:00 <REP> dr------- c:\documents and settings\NetworkService\Favoris
      2009-03-27 00:54 . 2009-03-27 00:54 71,680 --a------ c:\windows\system32\XSyK2uln.exe
      2009-03-26 18:48 . 2009-03-26 18:48 <REP> d-------- c:\documents and settings\ESTELLE\Tracing
      2009-03-11 16:54 . 2009-03-11 16:54 341,752 --a------ C:\Topsearch.dll

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-04-01 21:56 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
      2009-04-01 17:08 87,552 --sha-w c:\windows\system32\hodajupi.dll
      2009-03-31 22:46 61,440 --sha-w c:\windows\system32\palozora.exe
      2009-03-31 21:34 --------- d-----w c:\program files\Peer2Peer-FR
      2009-03-29 08:16 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
      2009-03-28 21:08 --------- d-----w c:\program files\Applications
      2009-03-28 20:32 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
      2009-03-27 17:06 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
      2009-03-27 17:00 --------- d-----w c:\program files\Norton Security Scan
      2009-03-26 22:54 59,904 ----a-w c:\windows\system32\userinit.exe
      2009-03-26 15:49 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
      2009-03-26 15:49 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
      2009-03-24 21:05 --------- d-----w c:\documents and settings\STEPHANE\Application Data\Canon
      2009-03-24 17:30 --------- d-----w c:\documents and settings\CELIA\Application Data\OpenOffice.org2
      2009-03-22 16:40 --------- d-----w c:\program files\myphotobook
      2009-03-11 14:58 --------- d-----w c:\program files\eMule
      2009-02-27 05:38 --------- d-----w c:\program files\Microsoft Silverlight
      2009-02-21 06:49 --------- d-----w c:\program files\Windows Live
      2009-02-14 12:50 --------- d-----w c:\program files\Micro Application
      2009-02-14 11:43 --------- d-----w c:\program files\Safari
      2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys
      2009-02-09 14:05 1,846,912 ------w c:\windows\system32\dllcache\win32k.sys
      2009-02-08 20:05 --------- d-----w c:\program files\eBay
      2009-02-06 18:39 308,600 ----a-w c:\windows\WLXPGSS.SCR
      2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
      2009-02-05 12:37 49,152 ----a-r c:\windows\system32\inetwh32.dll
      2009-02-05 12:37 1,044,480 ----a-r c:\windows\system32\roboex32.dll
      2009-01-16 20:15 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
      2006-09-09 10:45 774,144 ----a-w c:\program files\RngInterstitial.dll
      1999-04-30 14:00 98,304 ----a-w c:\program files\internet explorer\plugins\UPjpeg.dll
      2008-12-13 10:44 60,526 ----a-w c:\program files\mozilla firefox\components\jar50.dll
      2008-12-13 10:44 49,256 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
      2008-12-13 10:44 166,000 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
      2008-09-07 18:42 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008090720080908\index.dat
      .

      ------- Sigcheck -------

      2004-08-10 20:00 14336 1bd6c2f707a275cb7c16fd99fe0f31ca c:\windows\$NtServicePackUninstall$\svchost.exe
      2008-04-14 04:34 14336 e4bdf223cd75478bf44567b4d5c2634d c:\windows\ServicePackFiles\i386\svchost.exe
      2008-04-14 04:34 14336 e4bdf223cd75478bf44567b4d5c2634d c:\windows\system32\svchost.exe

      2005-03-02 20:20 578048 c34920eb988ce98910bd6b0417f334eb c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
      2007-03-08 17:50 579072 4d88aaf39adabfe45958ea1384e2c4ff c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
      2007-03-08 17:37 578560 753354f594809a9b96f73999b435a533 c:\windows\$NtServicePackUninstall$\user32.dll
      2004-08-10 20:00 578048 e46fb493e3b33704f0715020cf52106b c:\windows\$NtUninstallKB890859$\user32.dll
      2005-03-02 20:10 578048 0df75fb73f705b011630159a43d7c354 c:\windows\$NtUninstallKB925902$\user32.dll
      2008-04-14 04:33 579584 e853f84d3ce2faa2a802e33cf89ac023 c:\windows\ServicePackFiles\i386\user32.dll
      2008-04-14 04:33 579584 e853f84d3ce2faa2a802e33cf89ac023 c:\windows\system32\user32.dll

      2004-08-10 20:00 82944 bc41f51a39d3b255805fdb759b7814ae c:\windows\$NtServicePackUninstall$\ws2_32.dll
      2008-04-14 04:33 82432 fb836f9e62d82904c983ad21296a5d9c c:\windows\ServicePackFiles\i386\ws2_32.dll
      2008-04-14 04:33 82432 fb836f9e62d82904c983ad21296a5d9c c:\windows\system32\ws2_32.dll

      2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
      2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
      2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
      2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
      2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
      2008-06-20 12:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\$NtServicePackUninstall$\tcpip.sys
      2004-08-10 20:00 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB917953$\tcpip.sys
      2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys
      2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\$NtUninstallKB951748$\tcpip.sys
      2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
      2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\tcpip.sys
      2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\dllcache\tcpip.sys
      2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\drivers\tcpip.sys

      2004-08-10 20:00 506368 d2de785aeab0bb8ca4c14a8a199dbe4e c:\windows\$NtServicePackUninstall$\winlogon.exe
      2008-04-14 04:34 512000 dd73d6b9f6b4cb630cf35b438b540174 c:\windows\ServicePackFiles\i386\winlogon.exe
      2008-04-14 04:34 512000 dd73d6b9f6b4cb630cf35b438b540174 c:\windows\system32\winlogon.exe

      2004-08-10 20:00 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\$NtServicePackUninstall$\ndis.sys
      2008-04-13 21:20 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys
      2008-04-13 21:20 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys

      2004-08-10 20:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
      2008-04-13 20:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\ServicePackFiles\i386\ip6fw.sys
      2008-04-13 20:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\system32\drivers\ip6fw.sys

      2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd c:\windows\explorer.exe
      2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
      2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 c:\windows\$NtServicePackUninstall$\explorer.exe
      2004-08-10 20:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa c:\windows\$NtUninstallKB938828$\explorer.exe
      2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd c:\windows\ServicePackFiles\i386\explorer.exe

      2004-08-10 20:00 108544 732e0b1abaace15d80ec19056b0a2af9 c:\windows\$NtServicePackUninstall$\services.exe
      2008-04-14 04:34 109056 54cb50058851d95e56ec70d09f70857f c:\windows\ServicePackFiles\i386\services.exe
      2008-04-14 04:34 109056 54cb50058851d95e56ec70d09f70857f c:\windows\system32\services.exe

      2004-08-10 20:00 13312 9f3744a5c6f49291a7a685040a013399 c:\windows\$NtServicePackUninstall$\lsass.exe
      2008-04-14 04:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb c:\windows\ServicePackFiles\i386\lsass.exe
      2008-04-14 04:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb c:\windows\system32\lsass.exe

      2004-08-10 20:00 15360 5584247b568c2e53934873f4b655fe6a c:\windows\$NtServicePackUninstall$\ctfmon.exe
      2008-04-14 04:33 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 c:\windows\ServicePackFiles\i386\ctfmon.exe
      2008-04-14 04:33 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 c:\windows\system32\ctfmon.exe

      2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
      2005-06-11 01:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f c:\windows\$NtServicePackUninstall$\spoolsv.exe
      2004-08-10 20:00 57856 b4ef928e4fad79364a80acba6d999934 c:\windows\$NtUninstallKB896423$\spoolsv.exe
      2008-04-14 04:34 57856 460e4ce148bd07218da0b6a3d31885a9 c:\windows\ServicePackFiles\i386\spoolsv.exe
      2008-04-14 04:34 57856 460e4ce148bd07218da0b6a3d31885a9 c:\windows\system32\spoolsv.exe

      2004-08-10 20:00 25088 d6d65ea32b190401b57edb6706f29669 c:\windows\$NtServicePackUninstall$\userinit.exe
      2008-04-14 04:34 26624 e74ddb12188c2ff57a78624dbf7332fc c:\windows\ServicePackFiles\i386\userinit.exe
      2009-03-27 00:54 59904 4058d000a87af8a3e7b34f9d91619e90 c:\windows\system32\userinit.exe

      2004-08-10 20:00 297984 7d521b8cf926459e270d18c559323815 c:\windows\$NtServicePackUninstall$\termsrv.dll
      2008-04-14 04:33 297984 710bc85a8c22626ee094439e3ea0d38c c:\windows\ServicePackFiles\i386\termsrv.dll
      2008-04-14 04:33 297984 710bc85a8c22626ee094439e3ea0d38c c:\windows\system32\termsrv.dll

      2006-07-05 12:58 1050112 fb85ef2a6713e3a58a497e093626b93c c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
      2007-04-16 18:11 1051136 62e3f0e9abfcbcee62c51546f622c455 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
      2007-04-16 17:53 1049600 6f1fe2ae7b22eb9ced1bff533c9455ea c:\windows\$NtServicePackUninstall$\kernel32.dll
      2004-08-10 20:00 1048576 7830e20c74611281b1bdae5888cd50f5 c:\windows\$NtUninstallKB917422$\kernel32.dll
      2006-07-05 12:56 1049088 ce4af1fa47a29adf97cb107775ce395c c:\windows\$NtUninstallKB935839$\kernel32.dll
      2008-04-14 04:33 1054720 3ac8886dfa5ab641417df4d3b7f5512e c:\windows\ServicePackFiles\i386\kernel32.dll
      2008-04-14 04:33 1054720 3ac8886dfa5ab641417df4d3b7f5512e c:\windows\system32\kernel32.dll

      2004-08-10 20:00 17408 b02e4ddbe0e98f42f3b61292ddb3a104 c:\windows\$NtServicePackUninstall$\powrprof.dll
      2008-04-14 04:33 17408 9f2c862e39bf8e8fc51c3f6a6bceb415 c:\windows\ServicePackFiles\i386\powrprof.dll
      2008-04-14 04:33 17408 9f2c862e39bf8e8fc51c3f6a6bceb415 c:\windows\system32\powrprof.dll

      2004-08-10 20:00 110080 39ee5faf56260ebb8d77a08f525ebbb4 c:\windows\$NtServicePackUninstall$\imm32.dll
      2008-04-14 04:33 110080 0469b73db32e5520f342c5e163aa3cca c:\windows\ServicePackFiles\i386\imm32.dll
      2008-04-14 04:33 110080 0469b73db32e5520f342c5e163aa3cca c:\windows\system32\imm32.dll
      .
      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
      "{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]
      "{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}"= "c:\program files\Peer2Peer-FR\tbPee1.dll" [2009-02-16 1882136]

      [HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
      [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
      [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
      [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

      [HKEY_CLASSES_ROOT\clsid\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]
      2009-02-16 23:26 1882136 --a------ c:\program files\Peer2Peer-FR\tbPee1.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
      2008-10-08 13:22 1172792 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
      "{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}"= "c:\program files\Peer2Peer-FR\tbPee1.dll" [2009-02-16 1882136]

      [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
      [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
      [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
      [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

      [HKEY_CLASSES_ROOT\clsid\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
      "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
      "{B00F3D7D-ECAD-4A3B-BCF7-BA5FC1FD0F8D}"= "c:\program files\Peer2Peer-FR\tbPee1.dll" [2009-02-16 1882136]

      [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
      [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
      [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
      [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

      [HKEY_CLASSES_ROOT\clsid\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
      "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-05 67128]
      "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 68856]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "LaunchApp"="Alaunch" [X]
      "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
      "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768]
      "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
      "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
      "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
      "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
      "eRecoveryService"="c:\program files\Acer\eRecovery\Monitor.exe" [2005-06-20 352256]
      "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-11 136600]
      "Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152]
      "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
      "Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
      "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-07 1838592]
      "SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-12-02 111928]
      "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
      "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-12-13 185872]
      "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
      "AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]
      "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
      "LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
      "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-08-18 1447168]
      "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
      "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
      "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

      c:\documents and settings\CELIA\Menu D‚marrer\Programmes\D‚marrage\
      OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

      c:\documents and settings\STEPHANE\Menu D‚marrer\Programmes\D‚marrage\
      Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

      c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
      Controleur de calendrier pour Mon Edition personnalisee de Ulead Photo Express 4.0.lnk - c:\program files\Ulead Systems\Ulead Photo Express 4.0 Mon Edition Sp‚ciale\CalCheck.exe [2006-08-25 57344]
      Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-05 67128]
      WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-08-09 106561]
      Wireless 802.11g USB Adapter.lnk - c:\program files\Wireless 802.11g USB Adapter\ZDWlan.exe [2004-11-19 425984]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "msacm.enc"= ITIG726.acm

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\Messenger\\msmsgs.exe"=
      "c:\\kazaa.exe"=
      "c:\\Program Files\\eMule\\emule.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
      "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
      "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
      "c:\\Program Files\\iTunes\\iTunes.exe"=
      "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
      "c:\\WINDOWS\\system32\\XSyK2uln.exe"=

      R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [1980-01-01 76544]
      R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\system32\drivers\hcw88aud.sys [1980-01-01 11970]
      R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-08-18 468224]
      R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2008-12-28 55136]
      R2 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
      R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
      R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [1980-01-01 130112]
      R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [2005-08-08 296259]
      R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [1980-01-01 137793]
      R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [1980-01-01 611444]
      R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\hcw88bar.sys [1980-01-01 27984]
      S0 gdbmv;gdbmv;c:\windows\system32\drivers\wykxikds.sys --> c:\windows\system32\drivers\wykxikds.sys [?]
      S2 hcw88ts;Hauppauge WinTV 88x TS Capture;c:\windows\system32\drivers\hcw88ts.sys [1980-01-01 14528]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1079c6a-1bd2-11de-bf63-00142a422ba4}]
      \Shell\AutoRun\command - f:\programs\nu2menu\nu2menu.exe
      .
      Contenu du dossier 'Tâches planifiées'

      2009-03-21 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
      .
      - - - - ORPHELINS SUPPRIMES - - - -

      BHO-{4E7BD74F-2B8D-469E-90F0-F66AB581A933} - c:\progra~1\INSTAF~1\INSTAF~1.DLL
      HKCU-Run-MsnMsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe
      HKCU-Run-tbon - c:\program files\TBONBin\tbon.exe


      .
      ------- Examen supplémentaire -------
      .
      uStart Page = hxxp://www.google.fr/
      uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
      mStart Page = hxxp://home.sweetim.com
      uInternet Connection Wizard,ShellNext = iexplore
      uInternet Settings,ProxyOverride = localhost;*.local
      uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
      IE: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
      IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
      IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
      IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
      IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
      Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
      FF - ProfilePath -

      ---- PARAMETRES FIREFOX ----
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
      .

      **************************************************************************

      catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-04-02 00:28:40
      Windows 5.1.2600 Service Pack 3 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      HKCU\Software\Microsoft\Windows\CurrentVersion\Run
      MsnMsgr = ~"c:\program files\Windows Live\Messenger\msnmsgr.exe" /background?

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************
      .
      --------------------- CLES DE REGISTRE BLOQUEES ---------------------

      [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
      "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
      .
      --------------------- DLLs chargées dans les processus actifs ---------------------

      - - - - - - - > 'winlogon.exe'(988)
      c:\windows\system32\Ati2evxx.dll
      .
      Heure de fin: 2009-04-02 0:32:05
      ComboFix-quarantined-files.txt 2009-04-01 22:32:00

      Avant-CF: 40,825,741,312 octets libres
      Après-CF: 44,915,892,224 octets libres

      455 --- E O F --- 2009-03-20 06:24:13
      et voici le rapport toolbar:

      -----------\\ ToolBar S&D 1.2.8 XP/Vista

      Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
      X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 3.00GHz )
      BIOS : Default System BIOS
      USER : STEPHANE ( Administrator )
      BOOT : Normal boot
      Antivirus : ESET Smart Security 3.0 3.0 (Activated)
      Firewall : Pare-feu personnel d'ESET 3.0.672.0 (Activated)
      C:\ (Local Disk) - NTFS - Total:114 Go (Free:41 Go)
      D:\ (Local Disk) - FAT32 - Total:115 Go (Free:115 Go)
      E:\ (CD or DVD)
      G:\ (USB)
      H:\ (USB)
      I:\ (USB)
      J:\ (USB)

      "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
      Option : [1] ( 02/04/2009| 0:37 )

      -----------\\ Recherche de Fichiers / Dossiers ...

      C:\Program Files\INSTAFINK
      C:\Program Files\INSTAFINK\Cache
      C:\Program Files\INSTAFINK\Uninstall.exe
      C:\Program Files\INSTAFINK\Cache\ErrorLog.txt
      C:\Program Files\INSTAFINK\Cache\instafinktb0302.cfg
      C:\Program Files\INSTAFINK\Cache\NewCfg
      C:\Program Files\KaZaA
      C:\Program Files\KaZaA\BGP2P
      C:\Program Files\KaZaA\Db
      C:\Program Files\KaZaA\Help
      C:\Program Files\KaZaA\Kazaa.url
      C:\Program Files\KaZaA\My Channels
      C:\Program Files\KaZaA\My Shared Folder
      C:\Program Files\KaZaA\Skins
      C:\Program Files\KaZaA\BGP2P\bdcore.dll
      C:\Program Files\KaZaA\BGP2P\bdupd.dll
      C:\Program Files\KaZaA\BGP2P\libfn.dll
      C:\Program Files\KaZaA\BGP2P\plugins
      C:\Program Files\KaZaA\BGP2P\plugins.htm
      C:\Program Files\KaZaA\BGP2P\versions.dat
      C:\Program Files\KaZaA\BGP2P\plugins\7zip.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\ace.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\adsntfs.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\alz.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\arc.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\arj.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\bach.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\boot.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\bzip2.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\cab.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\cevakrnl.cvd
      C:\Program Files\KaZaA\BGP2P\plugins\cevakrnl.ivd
      C:\Program Files\KaZaA\BGP2P\plugins\cevakrnl.rvd
      C:\Program Files\KaZaA\BGP2P\plugins\cevakrnl.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\ceva_dll.cvd
      C:\Program Files\KaZaA\BGP2P\plugins\ceva_emu.cvd
      C:\Program Files\KaZaA\BGP2P\plugins\ceva_vfs.cvd
      C:\Program Files\KaZaA\BGP2P\plugins\chm.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\cpio.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\cran.cvd
      C:\Program Files\KaZaA\BGP2P\plugins\cran.ivd
      C:\Program Files\KaZaA\BGP2P\plugins\cran.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\dbx.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\docfile.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\emalware.cvd
      C:\Program Files\KaZaA\BGP2P\plugins\emalware.i01
      C:\Program Files\KaZaA\BGP2P\plugins\emalware.i02
      C:\Program Files\KaZaA\BGP2P\plugins\emalware.i03
      C:\Program Files\KaZaA\BGP2P\plugins\emalware.i04
      C:\Program Files\KaZaA\BGP2P\plugins\emalware.i05
      C:\Program Files\KaZaA\BGP2P\plugins\emalware.i06
      C:\Program Files\KaZaA\BGP2P\plugins\emalware.i07
      C:\Program Files\KaZaA\BGP2P\plugins\emalware.i08
      C:\Program Files\KaZaA\BGP2P\plugins\emalware.i09
      C:\Program Files\KaZaA\BGP2P\plugins\emalware.ivd
      C:\Program Files\KaZaA\BGP2P\plugins\emalware.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\epoc.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\e_spyw.ivd
      C:\Program Files\KaZaA\BGP2P\plugins\gzip.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\ha.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\hlp.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\hpe.cvd
      C:\Program Files\KaZaA\BGP2P\plugins\hpe.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\hqx.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\html.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\imp.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\inno.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\instyler.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\iso.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\java.cvd
      C:\Program Files\KaZaA\BGP2P\plugins\java.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\jpeg.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\lha.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\lnk.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\mbox.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\mbx.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\mdx.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\mdx_97.cvd
      C:\Program Files\KaZaA\BGP2P\plugins\mdx_97.ivd
      C:\Program Files\KaZaA\BGP2P\plugins\mdx_w95.cvd
      C:\Program Files\KaZaA\BGP2P\plugins\mdx_x95.cvd
      C:\Program Files\KaZaA\BGP2P\plugins\mdx_xf.cvd
      C:\Program Files\KaZaA\BGP2P\plugins\mime.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\mso.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\na.cvd
      C:\Program Files\KaZaA\BGP2P\plugins\na.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\nelf.cvd
      C:\Program Files\KaZaA\BGP2P\plugins\nelf.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\nsis.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\objd.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\pdf.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\pst.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\rar.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\regscan.cvd
      C:\Program Files\KaZaA\BGP2P\plugins\rpm.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\rtf.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\rup.cvd
      C:\Program Files\KaZaA\BGP2P\plugins\rup.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\sdx.cvd
      C:\Program Files\KaZaA\BGP2P\plugins\sdx.ivd
      C:\Program Files\KaZaA\BGP2P\plugins\sdx.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\sfx.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\swf.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\tar.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\td0.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\thebat.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\tnef.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\unpack.cvd
      C:\Program Files\KaZaA\BGP2P\plugins\unpack.ivd
      C:\Program Files\KaZaA\BGP2P\plugins\unpack.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\update.txt
      C:\Program Files\KaZaA\BGP2P\plugins\uudecode.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\ve.cvd
      C:\Program Files\KaZaA\BGP2P\plugins\ve.ivd
      C:\Program Files\KaZaA\BGP2P\plugins\ve.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\vedata.cvd
      C:\Program Files\KaZaA\BGP2P\plugins\viza.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\wise.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\xishield.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\z.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\zip.xmd
      C:\Program Files\KaZaA\BGP2P\plugins\zoo.xmd
      C:\Program Files\KaZaA\Db\config.cab
      C:\Program Files\KaZaA\Db\ctx4-060630.cab
      C:\Program Files\KaZaA\Db\data1024.dbb
      C:\Program Files\KaZaA\Db\data256.dbb
      C:\Program Files\KaZaA\Db\k7tqkgkk_tssv125.dat
      C:\Program Files\KaZaA\Db\np.tmp
      C:\Program Files\KaZaA\Db\ova4-060412.cab
      C:\Program Files\KaZaA\Db\tsi4-060404a.cab
      C:\Program Files\KaZaA\Db\tsi4-060602b.cab
      C:\Program Files\KaZaA\Db\tss4.cab
      C:\Program Files\KaZaA\Help\arrow.gif
      C:\Program Files\KaZaA\Help\arrow_sml.gif
      C:\Program Files\KaZaA\Help\background.gif
      C:\Program Files\KaZaA\Help\h_mykazaa.gif
      C:\Program Files\KaZaA\Help\h_myMedia.gif
      C:\Program Files\KaZaA\Help\h_myplaylists.gif
      C:\Program Files\KaZaA\Help\icon_gold_kap.gif
      C:\Program Files\KaZaA\Help\myKapsules.gif
      C:\Program Files\KaZaA\Help\mykapsules.htm
      C:\Program Files\KaZaA\Help\mykazaa.css
      C:\Program Files\KaZaA\Help\mykazaa.htm
      C:\Program Files\KaZaA\Help\mymedia.htm
      C:\Program Files\KaZaA\Help\myplaylists.htm
      C:\Program Files\KaZaA\Help\spacer.gif
      C:\Program Files\KaZaA\Help\Thumbs.db
      C:\Program Files\KaZaA\My Channels\Bin
      C:\Program Files\KaZaA\My Channels\Images
      C:\Program Files\KaZaA\My Channels\Bin\dating.kcd
      C:\Program Files\KaZaA\My Channels\Bin\emerging_artists.kcd
      C:\Program Files\KaZaA\My Channels\Bin\g_spot.kcd
      C:\Program Files\KaZaA\My Channels\Bin\onelove_browse.kcd
      C:\Program Files\KaZaA\My Channels\Bin\ringtonechannel.kcd
      C:\Program Files\KaZaA\My Channels\Bin\rshiphop.kcd
      C:\Program Files\KaZaA\My Channels\Bin\skilledgames.kcd
      C:\Program Files\KaZaA\My Channels\Images\dating.bmp
      C:\Program Files\KaZaA\My Channels\Images\emerging_artists.bmp
      C:\Program Files\KaZaA\My Channels\Images\g_spot.bmp
      C:\Program Files\KaZaA\My Channels\Images\onelove_browse.bmp
      C:\Program Files\KaZaA\My Channels\Images\ringtonechannel.bmp
      C:\Program Files\KaZaA\My Channels\Images\rshiphop_browse.bmp
      C:\Program Files\KaZaA\My Channels\Images\skilledgames.bmp
      C:\Program Files\KaZaA\My Channels\Images\Thumbs.db
      C:\Program Files\KaZaA\My Shared Folder\Audio - Alternatie Rock.kpl
      C:\Program Files\KaZaA\My Shared Folder\Audio - Barrington Levy.kpl
      C:\Program Files\KaZaA\My Shared Folder\Audio - Electronica.kpl
      C:\Program Files\KaZaA\My Shared Folder\Audio - Fine Arts Militia Album.kpl
      C:\Program Files\KaZaA\My Shared Folder\Audio - Folk.kpl
      C:\Program Files\KaZaA\My Shared Folder\Audio - Funk.kpl
      C:\Program Files\KaZaA\My Shared Folder\Audio - Hip Hop.kpl
      C:\Program Files\KaZaA\My Shared Folder\Audio - Jazz.kpl
      C:\Program Files\KaZaA\My Shared Folder\Audio - Pop Rock.kpl
      C:\Program Files\KaZaA\My Shared Folder\Audio - Public Enemy Revolverlution Album.kpl
      C:\Program Files\KaZaA\My Shared Folder\Audio - R&B.kpl
      C:\Program Files\KaZaA\My Shared Folder\Audio - Reggae.kpl
      C:\Program Files\KaZaA\My Shared Folder\Audio - The Honey Palace Album.kpl
      C:\Program Files\KaZaA\My Shared Folder\download11531636766417015.dat
      C:\Program Files\KaZaA\My Shared Folder\download11531637076447828.dat
      C:\Program Files\KaZaA\My Shared Folder\download11531637506491171.dat
      C:\Program Files\KaZaA\My Shared Folder\download11531640176757859.dat
      C:\Program Files\KaZaA\My Shared Folder\download11531641866926906.dat
      C:\Program Files\KaZaA\My Shared Folder\download11531642326972984.dat
      C:\Program Files\KaZaA\My Shared Folder\kazaa267_fr.exe
      C:\Program Files\KaZaA\My Shared Folder\kazaa325_en.exe
      C:\Program Files\KaZaA\My Shared Folder\Promiscuous 1.kpl
      C:\Program Files\KaZaA\My Shared Folder\promisucous.kpl
      C:\DOCUME~1\STEPHANE\Bureau\Kazaa.lnk
      C:\DOCUME~1\STEPHANE\MENUDM~1\PROGRA~1\Kazaa
      C:\WINDOWS\Fonts\acrsec.fon

      -----------\\ [..\Internet Explorer\Main]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
      "Start Page"="https://www.google.fr/?gws_rd=ssl"
      "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
      "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
      "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
      "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
      "Start Page"="https://home.sweetim.com/"


      --------------------\\ Recherche d'autres infections

      --------------------\\ Cracks & Keygens ..

      C:\DOCUME~1\STEPHANE\Mes documents\PC GAME CALL OF DUTY 3 + serial + crack.zip
      C:\DOCUME~1\STEPHANE\Mes documents\programe\crack
      C:\DOCUME~1\STEPHANE\Mes documents\programe\crack\BdIS10kg.exe
      C:\DOCUME~1\STEPHANE\Mes documents\programe\crack\WinRAR 3_61 kg multiligual.rar



      1 - "C:\ToolBar SD\TB_1.txt" - 02/04/2009| 0:38 - Option : [1]

      -----------\\ Fin du rapport a 0:38:56,87
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ceci a virer:

    C:\DOCUME~1\STEPHANE\Mes documents\PC GAME CALL OF DUTY 3 + serial + crack.zip
    C:\DOCUME~1\STEPHANE\Mes documents\programe\crack
    C:\DOCUME~1\STEPHANE\Mes documents\programe\crack\BdIS10kg.exe
    C:\DOCUME~1\STEPHANE\Mes documents\programe\crack\WinRAR 3_61 kg multiligual.rar

    ______________

    refaire toolbar sd et choisi l'option 2 et mettre le rapport

    _________________

    ceci a refaire: et bien cette fois car le glissé a été mal fais!

    Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    File::
    F:\Programs\nu2menu\nu2menu.exe
    c:\program files\Peer2Peer-FR\tbPee1.dll
    c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    c:\program files\SweetIM\Messenger\SweetIM.exe
    c:\program files\SweetIM
    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d420ece-0f90-11db-b6dc-00142a422ba4}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1079c6a-1bd2-11de-bf63-00142a422ba4}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{EEE6C35D-6118-11DC-9C72-001320C79847}"=-
    "{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}"=-
    [-HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
    [-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
    [-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
    [-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
    [-HKEY_CLASSES_ROOT\clsid\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
    "{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}"=-
    [-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
    [-HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
    [-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
    [-HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
    [-HKEY_CLASSES_ROOT\clsid\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
    "{B00F3D7D-ECAD-4A3B-BCF7-BA5FC1FD0F8D}"=-
    [-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
    [-HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
    [-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
    [-HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
    [-HKEY_CLASSES_ROOT\clsid\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SweetIM"=-

    Enregistre ce fichier sous le nom CFscript (attention aux majuscules)

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    _______________

    Téléchargez Dr.Web CureIt! : ftp://ftp.drweb.com/pub/drweb/cureit/launch.exe
    lancer DR WEB ,Choisissez Désinfecter comme option!
    et coller le rapport

    a plus
    0
  7. iwalg2
     
    -----------\\ ToolBar S&D 1.2.8 XP/Vista

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 3.00GHz )
    BIOS : Default System BIOS
    USER : STEPHANE ( Administrator )
    BOOT : Normal boot
    Antivirus : ESET Smart Security 3.0 3.0 (Activated)
    Firewall : Pare-feu personnel d'ESET 3.0.672.0 (Activated)
    C:\ (Local Disk) - NTFS - Total:114 Go (Free:42 Go)
    D:\ (Local Disk) - FAT32 - Total:115 Go (Free:115 Go)
    E:\ (CD or DVD)
    G:\ (USB)
    H:\ (USB)
    I:\ (USB)
    J:\ (USB)

    "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
    Option : [2] ( 02/04/2009|23:04 )

    -----------\\ SUPPRESSION

    Supprime! - C:\Program Files\INSTAFINK\Cache
    Supprime! - C:\Program Files\INSTAFINK\Uninstall.exe
    Supprime! - C:\Program Files\KaZaA\BGP2P
    Supprime! - C:\Program Files\KaZaA\Db
    Supprime! - C:\Program Files\KaZaA\Help
    Supprime! - C:\Program Files\KaZaA\Kazaa.url
    Supprime! - C:\Program Files\KaZaA\My Channels
    Supprime! - C:\Program Files\KaZaA\My Shared Folder
    Supprime! - C:\Program Files\KaZaA\Skins
    Supprime! - C:\DOCUME~1\STEPHANE\Bureau\Kazaa.lnk
    Supprime! - C:\DOCUME~1\STEPHANE\MENUDM~1\PROGRA~1\Kazaa
    Supprime! - C:\WINDOWS\Fonts\acrsec.fon
    Supprime! - C:\Program Files\INSTAFINK
    Supprime! - C:\Program Files\KaZaA

    -----------\\ Recherche de Fichiers / Dossiers ...

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    "Start Page"="https://www.google.fr/?gws_rd=ssl"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
    "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Start Page"="https://www.msn.com/fr-fr/"

    --------------------\\ Recherche d'autres infections

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\STEPHANE\Recent\PC GAME CALL OF DUTY 3 + serial + crack.lnk

    1 - "C:\ToolBar SD\TB_1.txt" - 02/04/2009| 0:38 - Option : [1]
    2 - "C:\ToolBar SD\TB_2.txt" - 02/04/2009|23:08 - Option : [2]

    -----------\\ Fin du rapport a 23:08:36,70

    ComboFix 09-04-01.01 - STEPHANE 2009-04-02 23:16:28.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1023.518 [GMT 2:00]
    Lancé depuis: c:\documents and settings\STEPHANE\Bureau\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\STEPHANE\Bureau\CFscript.txt
    AV: Bitdefender Antivirus *On-access scanning disabled* (Updated)
    AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
    FW: Bitdefender Firewall *disabled*
    FW: Pare-feu personnel d'ESET *enabled*
    * Un nouveau point de restauration a été créé

    FILE ::
    c:\program files\Peer2Peer-FR\tbPee1.dll
    c:\program files\SweetIM
    c:\program files\SweetIM\Messenger\SweetIM.exe
    c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    f:\programs\nu2menu\nu2menu.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Peer2Peer-FR\tbPee1.dll
    c:\program files\SweetIM\Messenger\SweetIM.exe
    c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

    [COLOR=RED] c:\windows\system32\userinit.exe . . . est infecté!!/COLOR

    [COLOR=RED] c:\windows\system32\userinit.exe . . . est infecté!!/COLOR

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2009-03-02 au 2009-04-02 ))))))))))))))))))))))))))))))))))))
    .

    2009-04-02 00:36 . 2009-04-02 23:08 <REP> d-------- C:\ToolBar SD
    2009-04-01 00:47 . 2009-04-01 00:48 <REP> d-------- c:\program files\QuickTime
    2009-03-31 23:53 . 2009-03-31 23:53 <REP> d-------- C:\rsit
    2009-03-29 10:30 . 2009-03-29 10:30 <REP> d-------- c:\documents and settings\STEPHANE\Application Data\ESET
    2009-03-29 10:29 . 2009-03-29 10:29 <REP> d-------- c:\program files\ESET
    2009-03-29 10:29 . 2009-03-29 10:29 <REP> d-------- c:\documents and settings\All Users\Application Data\ESET
    2009-03-28 21:58 . 2009-03-28 21:58 <REP> d-------- c:\program files\Enigma Software Group
    2009-03-27 18:04 . 2009-03-27 18:04 <REP> d-------- c:\documents and settings\NetworkService\Application Data\Yahoo!
    2009-03-27 18:00 . 2009-03-27 18:00 <REP> dr------- c:\documents and settings\NetworkService\Favoris
    2009-03-27 00:54 . 2009-03-27 00:54 71,680 --a------ c:\windows\system32\XSyK2uln.exe
    2009-03-26 18:48 . 2009-03-26 18:48 <REP> d-------- c:\documents and settings\ESTELLE\Tracing
    2009-03-11 16:54 . 2009-03-11 16:54 341,752 --a------ C:\Topsearch.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-04-02 21:16 --------- d-----w c:\program files\Peer2Peer-FR
    2009-04-02 20:48 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
    2009-04-01 17:08 87,552 --sha-w c:\windows\system32\hodajupi.dll
    2009-03-29 08:16 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
    2009-03-28 21:08 --------- d-----w c:\program files\Applications
    2009-03-28 20:32 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2009-03-27 17:06 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
    2009-03-27 17:00 --------- d-----w c:\program files\Norton Security Scan
    2009-03-26 22:54 59,904 ----a-w c:\windows\system32\userinit.exe
    2009-03-26 15:49 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-03-26 15:49 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-03-24 21:05 --------- d-----w c:\documents and settings\STEPHANE\Application Data\Canon
    2009-03-24 17:30 --------- d-----w c:\documents and settings\CELIA\Application Data\OpenOffice.org2
    2009-03-22 16:40 --------- d-----w c:\program files\myphotobook
    2009-03-11 14:58 --------- d-----w c:\program files\eMule
    2009-02-27 05:38 --------- d-----w c:\program files\Microsoft Silverlight
    2009-02-21 06:49 --------- d-----w c:\program files\Windows Live
    2009-02-14 12:50 --------- d-----w c:\program files\Micro Application
    2009-02-14 11:43 --------- d-----w c:\program files\Safari
    2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys
    2009-02-09 14:05 1,846,912 ------w c:\windows\system32\dllcache\win32k.sys
    2009-02-08 20:05 --------- d-----w c:\program files\eBay
    2009-02-06 18:39 308,600 ----a-w c:\windows\WLXPGSS.SCR
    2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
    2009-02-05 12:37 49,152 ----a-r c:\windows\system32\inetwh32.dll
    2009-02-05 12:37 1,044,480 ----a-r c:\windows\system32\roboex32.dll
    2009-01-16 20:15 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
    2006-09-09 10:45 774,144 ----a-w c:\program files\RngInterstitial.dll
    1999-04-30 14:00 98,304 ----a-w c:\program files\internet explorer\plugins\UPjpeg.dll
    2008-12-13 10:44 60,526 ----a-w c:\program files\mozilla firefox\components\jar50.dll
    2008-12-13 10:44 49,256 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
    2008-12-13 10:44 166,000 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
    2008-09-07 18:42 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008090720080908\index.dat
    .

    ------- Sigcheck -------

    2004-08-10 20:00 14336 1bd6c2f707a275cb7c16fd99fe0f31ca c:\windows\$NtServicePackUninstall$\svchost.exe
    2008-04-14 04:34 14336 e4bdf223cd75478bf44567b4d5c2634d c:\windows\ServicePackFiles\i386\svchost.exe
    2008-04-14 04:34 14336 e4bdf223cd75478bf44567b4d5c2634d c:\windows\system32\svchost.exe

    2005-03-02 20:20 578048 c34920eb988ce98910bd6b0417f334eb c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
    2007-03-08 17:50 579072 4d88aaf39adabfe45958ea1384e2c4ff c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
    2007-03-08 17:37 578560 753354f594809a9b96f73999b435a533 c:\windows\$NtServicePackUninstall$\user32.dll
    2004-08-10 20:00 578048 e46fb493e3b33704f0715020cf52106b c:\windows\$NtUninstallKB890859$\user32.dll
    2005-03-02 20:10 578048 0df75fb73f705b011630159a43d7c354 c:\windows\$NtUninstallKB925902$\user32.dll
    2008-04-14 04:33 579584 e853f84d3ce2faa2a802e33cf89ac023 c:\windows\ServicePackFiles\i386\user32.dll
    2008-04-14 04:33 579584 e853f84d3ce2faa2a802e33cf89ac023 c:\windows\system32\user32.dll

    2004-08-10 20:00 82944 bc41f51a39d3b255805fdb759b7814ae c:\windows\$NtServicePackUninstall$\ws2_32.dll
    2008-04-14 04:33 82432 fb836f9e62d82904c983ad21296a5d9c c:\windows\ServicePackFiles\i386\ws2_32.dll
    2008-04-14 04:33 82432 fb836f9e62d82904c983ad21296a5d9c c:\windows\system32\ws2_32.dll

    2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
    2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
    2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
    2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
    2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    2008-06-20 12:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\$NtServicePackUninstall$\tcpip.sys
    2004-08-10 20:00 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB917953$\tcpip.sys
    2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys
    2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\$NtUninstallKB951748$\tcpip.sys
    2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
    2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\tcpip.sys
    2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\dllcache\tcpip.sys
    2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\drivers\tcpip.sys

    2004-08-10 20:00 506368 d2de785aeab0bb8ca4c14a8a199dbe4e c:\windows\$NtServicePackUninstall$\winlogon.exe
    2008-04-14 04:34 512000 dd73d6b9f6b4cb630cf35b438b540174 c:\windows\ServicePackFiles\i386\winlogon.exe
    2008-04-14 04:34 512000 dd73d6b9f6b4cb630cf35b438b540174 c:\windows\system32\winlogon.exe

    2004-08-10 20:00 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\$NtServicePackUninstall$\ndis.sys
    2008-04-13 21:20 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys
    2008-04-13 21:20 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys

    2004-08-10 20:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
    2008-04-13 20:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\ServicePackFiles\i386\ip6fw.sys
    2008-04-13 20:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\system32\drivers\ip6fw.sys

    2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd c:\windows\explorer.exe
    2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
    2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 c:\windows\$NtServicePackUninstall$\explorer.exe
    2004-08-10 20:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa c:\windows\$NtUninstallKB938828$\explorer.exe
    2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd c:\windows\ServicePackFiles\i386\explorer.exe

    2004-08-10 20:00 108544 732e0b1abaace15d80ec19056b0a2af9 c:\windows\$NtServicePackUninstall$\services.exe
    2008-04-14 04:34 109056 54cb50058851d95e56ec70d09f70857f c:\windows\ServicePackFiles\i386\services.exe
    2008-04-14 04:34 109056 54cb50058851d95e56ec70d09f70857f c:\windows\system32\services.exe

    2004-08-10 20:00 13312 9f3744a5c6f49291a7a685040a013399 c:\windows\$NtServicePackUninstall$\lsass.exe
    2008-04-14 04:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb c:\windows\ServicePackFiles\i386\lsass.exe
    2008-04-14 04:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb c:\windows\system32\lsass.exe

    2004-08-10 20:00 15360 5584247b568c2e53934873f4b655fe6a c:\windows\$NtServicePackUninstall$\ctfmon.exe
    2008-04-14 04:33 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 c:\windows\ServicePackFiles\i386\ctfmon.exe
    2008-04-14 04:33 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 c:\windows\system32\ctfmon.exe

    2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
    2005-06-11 01:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f c:\windows\$NtServicePackUninstall$\spoolsv.exe
    2004-08-10 20:00 57856 b4ef928e4fad79364a80acba6d999934 c:\windows\$NtUninstallKB896423$\spoolsv.exe
    2008-04-14 04:34 57856 460e4ce148bd07218da0b6a3d31885a9 c:\windows\ServicePackFiles\i386\spoolsv.exe
    2008-04-14 04:34 57856 460e4ce148bd07218da0b6a3d31885a9 c:\windows\system32\spoolsv.exe

    2004-08-10 20:00 25088 d6d65ea32b190401b57edb6706f29669 c:\windows\$NtServicePackUninstall$\userinit.exe
    2008-04-14 04:34 26624 e74ddb12188c2ff57a78624dbf7332fc c:\windows\ServicePackFiles\i386\userinit.exe
    2009-03-27 00:54 59904 4058d000a87af8a3e7b34f9d91619e90 c:\windows\system32\userinit.exe

    2004-08-10 20:00 297984 7d521b8cf926459e270d18c559323815 c:\windows\$NtServicePackUninstall$\termsrv.dll
    2008-04-14 04:33 297984 710bc85a8c22626ee094439e3ea0d38c c:\windows\ServicePackFiles\i386\termsrv.dll
    2008-04-14 04:33 297984 710bc85a8c22626ee094439e3ea0d38c c:\windows\system32\termsrv.dll

    2006-07-05 12:58 1050112 fb85ef2a6713e3a58a497e093626b93c c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
    2007-04-16 18:11 1051136 62e3f0e9abfcbcee62c51546f622c455 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
    2007-04-16 17:53 1049600 6f1fe2ae7b22eb9ced1bff533c9455ea c:\windows\$NtServicePackUninstall$\kernel32.dll
    2004-08-10 20:00 1048576 7830e20c74611281b1bdae5888cd50f5 c:\windows\$NtUninstallKB917422$\kernel32.dll
    2006-07-05 12:56 1049088 ce4af1fa47a29adf97cb107775ce395c c:\windows\$NtUninstallKB935839$\kernel32.dll
    2008-04-14 04:33 1054720 3ac8886dfa5ab641417df4d3b7f5512e c:\windows\ServicePackFiles\i386\kernel32.dll
    2008-04-14 04:33 1054720 3ac8886dfa5ab641417df4d3b7f5512e c:\windows\system32\kernel32.dll

    2004-08-10 20:00 17408 b02e4ddbe0e98f42f3b61292ddb3a104 c:\windows\$NtServicePackUninstall$\powrprof.dll
    2008-04-14 04:33 17408 9f2c862e39bf8e8fc51c3f6a6bceb415 c:\windows\ServicePackFiles\i386\powrprof.dll
    2008-04-14 04:33 17408 9f2c862e39bf8e8fc51c3f6a6bceb415 c:\windows\system32\powrprof.dll

    2004-08-10 20:00 110080 39ee5faf56260ebb8d77a08f525ebbb4 c:\windows\$NtServicePackUninstall$\imm32.dll
    2008-04-14 04:33 110080 0469b73db32e5520f342c5e163aa3cca c:\windows\ServicePackFiles\i386\imm32.dll
    2008-04-14 04:33 110080 0469b73db32e5520f342c5e163aa3cca c:\windows\system32\imm32.dll
    .
    ((((((((((((((((((((((((((((( SnapShot@2009-04-02_ 0.29.47.93 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-04-02 20:48:29 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_32c.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-05 67128]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 68856]
    "msnmsgr"="~c:\program files\Windows Live\Messenger\msnmsgr.exe" [BU]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="Alaunch" [X]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
    "eRecoveryService"="c:\program files\Acer\eRecovery\Monitor.exe" [2005-06-20 352256]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-11 136600]
    "Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152]
    "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-07 1838592]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
    "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-12-13 185872]
    "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
    "LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-08-18 1447168]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\CELIA\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

    c:\documents and settings\STEPHANE\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Controleur de calendrier pour Mon Edition personnalisee de Ulead Photo Express 4.0.lnk - c:\program files\Ulead Systems\Ulead Photo Express 4.0 Mon Edition Sp‚ciale\CalCheck.exe [2006-08-25 57344]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-05 67128]
    WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-08-09 106561]
    Wireless 802.11g USB Adapter.lnk - c:\program files\Wireless 802.11g USB Adapter\ZDWlan.exe [2004-11-19 425984]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.enc"= ITIG726.acm

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\kazaa.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\WINDOWS\\system32\\XSyK2uln.exe"=

    R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [1980-01-01 76544]
    R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\system32\drivers\hcw88aud.sys [1980-01-01 11970]
    R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-08-18 468224]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2008-12-28 55136]
    R2 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
    R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
    R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [1980-01-01 130112]
    R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [2005-08-08 296259]
    R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [1980-01-01 137793]
    R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [1980-01-01 611444]
    R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\hcw88bar.sys [1980-01-01 27984]
    S0 gdbmv;gdbmv;c:\windows\system32\drivers\wykxikds.sys --> c:\windows\system32\drivers\wykxikds.sys [?]
    S2 hcw88ts;Hauppauge WinTV 88x TS Capture;c:\windows\system32\drivers\hcw88ts.sys [1980-01-01 14528]
    .
    Contenu du dossier 'Tâches planifiées'

    2009-03-21 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mWindow Title =
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = localhost;*.local
    uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    FF - ProfilePath -

    ---- PARAMETRES FIREFOX ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
    .

    **************************************************************************

    catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-04-02 23:20:37
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    msnmsgr = ~"c:\program files\Windows Live\Messenger\msnmsgr.exe" /background?

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
    "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(988)
    c:\windows\system32\Ati2evxx.dll
    .
    Heure de fin: 2009-04-02 23:24:01
    ComboFix-quarantined-files.txt 2009-04-02 21:23:57
    ComboFix2.txt 2009-04-01 22:32:07

    Avant-CF: 46 029 180 928 octets libres
    Après-CF: 46,034,198,528 octets libres

    285 --- E O F --- 2009-03-20 06:24:13
    je n'arrive pas a sauvegardé le rapport de dr web mais voici le resultat:
    objet:userinit.exe
    chemin:c/windows/system32
    statut: trojan.fakealert.4130
    action:supprimé

    a+
    0
  8. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    je n'arrive pas a sauvegardé le rapport de dr web mais voici le resultat:
    objet:userinit.exe
    chemin:c/windows/system32
    statut: trojan.fakealert.4130
    action:supprimé

    ok pafait c'est ce que je voulais!

    ______________________

    vire le fichier Peer2Peer-FR en allant dans poste de travail puis

    c:\program files\Peer2Peer-FR
    ______________________

    Désactive ta restauration systeme puis redemarre ton ordi puis réactive là comme ceci:
    https://www.informatruc.com
    _______________________

    remets un rapport RSIT et dis nous si ton antivirus trouve encore cette infection
    _______________________

    a plus
    0