Sujet Précédent Sujet Suivant

Trojan downloader.zlob.czg

iwalg2 -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
mon antivirus detecte un trojan downloader.zlob.czg mais n'arrive pas a le nettoyer,je ne sais plus quoi faire !
quelqu'un a t'il une solution ?
merci
A voir également:

7 réponses

Réponse 1 / 7
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
Slt,

scan avec malwarebyte , fais un scan minutieux et colle le rapport obtenu et vire ce qui est trouvé:

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/­

______________________

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit
0
iwalg2
 
voila,j'ai reussi quelques unes des operations

Malwarebytes' Anti-Malware 1.35
Version de la base de données: 1904
Windows 5.1.2600 Service Pack 3

31/03/2009 23:27:35
mbam-log-2009-03-31 (23-27-24).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 261739
Temps écoulé: 1 hour(s), 19 minute(s), 59 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\Peer2Peer-FR\Peer2Peer-FRToolbarHelper.exe (Adware.Speedapps) -> No action taken.

Logfile of random's system information tool 1.06 (written by random/random)
Run by STEPHANE at 2009-03-31 23:53:02
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 36 GB (31%) free of 117 GB
Total RAM: 1023 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:53:10, on 31/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 Mon Edition Spéciale\CalCheck.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\STEPHANE\Mes documents\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\STEPHANE.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: Peer2Peer-FR Toolbar - {b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d} - C:\Program Files\Peer2Peer-FR\tbPee1.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL (file missing)
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Peer2Peer-FR Toolbar - {b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d} - C:\Program Files\Peer2Peer-FR\tbPee1.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\RXToolBar\RXToolBar.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Internet Service - {E43B6656-814B-4839-8FF8-AFFDE0DA9A3F} - C:\Program Files\Applications\iebr.dll (file missing)
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Peer2Peer-FR Toolbar - {b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d} - C:\Program Files\Peer2Peer-FR\tbPee1.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Controleur de calendrier pour Mon Edition personnalisee de Ulead Photo Express 4.0.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Wireless 802.11g USB Adapter.lnk = C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
0
Réponse 2 / 7
iwalg2
 
je n'arrive plus a demarrer le pc ! windows s'ouvre mais une fois que je tombe sur la page ou on doit choisir la cession ,ca me met "cargement en cours " et il revient au depart
je ne peux plus ouvrir ma cession
0
Réponse 3 / 7
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt peux tu aller en mode sans echec pour faire ce qui est demandé?

http://forum.telecharger.01net.com/forum/high-tech/SECURITE/Securite/redemarrer-mode-echec-sujet_1526_1.htm
0
Réponse 4 / 7
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
vire ce qui a été trouvé par malwarebyte

_______________

vire toutes ces taches plannifiées en allant dans poste de travail puis

C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\tasks\Norton Security Scan for STEPHANE.job
_________________

Pour fusionner:

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

_______________

telecharge combofix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

_________________

Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
F:\Programs\nu2menu\nu2menu.exe
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d420ece-0f90-11db-b6dc-00142a422ba4}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1079c6a-1bd2-11de-bf63-00142a422ba4}]

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

_________________

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
0
iwalg2
 
voici le rapport combofix:
ComboFix 09-04-01.01 - STEPHANE 2009-04-02 0:21:55.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1023.515 [GMT 2:00]
Lancé depuis: c:\documents and settings\STEPHANE\Bureau\ComboFix.exe
AV: Bitdefender Antivirus *On-access scanning disabled* (Updated)
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: Bitdefender Firewall *disabled*
FW: Pare-feu personnel d'ESET *enabled*
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\kmd.exe
c:\program files\Altnet
c:\program files\Altnet\DBBackup\Sigfiles.db
c:\program files\Altnet\Download Manager\dminfo3.cab
c:\program files\Altnet\Download Manager\dminstall7.cab
c:\program files\Altnet\Download Manager\dmsetup.bmp
c:\program files\Altnet\Download Manager\dmsetupbig.bmp
c:\program files\Altnet\Download Manager\jsinstall.cab
c:\program files\Altnet\Download Manager\jslegals.txt
c:\program files\Altnet\Download Manager\selectdir.txt
c:\program files\Altnet\Download Manager\selectdir1st.txt
c:\program files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab.cab
c:\program files\Altnet\Points Manager\LocalPages\altnet.css
c:\program files\Altnet\Points Manager\LocalPages\gradient.gif
c:\program files\Altnet\Points Manager\LocalPages\local_firstuse.html
c:\program files\Altnet\Points Manager\LocalPages\local_points.html
c:\program files\Altnet\Points Manager\LocalPages\local_redeem.html
c:\program files\Altnet\Points Manager\LocalPages\local_start.html
c:\program files\Altnet\Points Manager\LocalPages\local_wallet.html
c:\program files\Altnet\Points Manager\LocalPages\notconnected.gif
c:\program files\Altnet\Points Manager\LocalPages\offline.gif
c:\program files\Altnet\Points Manager\LocalPages\pixel.gif
c:\program files\Altnet\Points Manager\Points Manager.exe.Manifest
c:\program files\Altnet\Points Manager\settings.cab
c:\program files\Altnet\Points Manager\setup.cab
c:\program files\Altnet\Points Manager\Skin\back-over.bmp
c:\program files\Altnet\Points Manager\Skin\back.bmp
c:\program files\Altnet\Points Manager\Skin\bottom.bmp
c:\program files\Altnet\Points Manager\Skin\bottomleft.bmp
c:\program files\Altnet\Points Manager\Skin\bottomright.bmp
c:\program files\Altnet\Points Manager\Skin\close-over.bmp
c:\program files\Altnet\Points Manager\Skin\close.bmp
c:\program files\Altnet\Points Manager\Skin\forward-over.bmp
c:\program files\Altnet\Points Manager\Skin\forward.bmp
c:\program files\Altnet\Points Manager\Skin\help-bottom.bmp
c:\program files\Altnet\Points Manager\Skin\help-over.bmp
c:\program files\Altnet\Points Manager\Skin\help-sel.bmp
c:\program files\Altnet\Points Manager\Skin\help-top.bmp
c:\program files\Altnet\Points Manager\Skin\help-topleft.bmp
c:\program files\Altnet\Points Manager\Skin\help-topright.bmp
c:\program files\Altnet\Points Manager\Skin\help.bmp
c:\program files\Altnet\Points Manager\Skin\Help.xml
c:\program files\Altnet\Points Manager\Skin\left.bmp
c:\program files\Altnet\Points Manager\Skin\maximise-over.bmp
c:\program files\Altnet\Points Manager\Skin\maximise.bmp
c:\program files\Altnet\Points Manager\Skin\mb_bottom.bmp
c:\program files\Altnet\Points Manager\Skin\mb_bottomleft.bmp
c:\program files\Altnet\Points Manager\Skin\mb_bottomright.bmp
c:\program files\Altnet\Points Manager\Skin\mb_left.bmp
c:\program files\Altnet\Points Manager\Skin\mb_right.bmp
c:\program files\Altnet\Points Manager\Skin\mb_top.bmp
c:\program files\Altnet\Points Manager\Skin\mb_topleft.bmp
c:\program files\Altnet\Points Manager\Skin\mb_topright.bmp
c:\program files\Altnet\Points Manager\Skin\message.xml
c:\program files\Altnet\Points Manager\Skin\minimise-over.bmp
c:\program files\Altnet\Points Manager\Skin\minimise.bmp
c:\program files\Altnet\Points Manager\Skin\points-disabled.bmp
c:\program files\Altnet\Points Manager\Skin\points-over.bmp
c:\program files\Altnet\Points Manager\Skin\points-sel.bmp
c:\program files\Altnet\Points Manager\Skin\points.bmp
c:\program files\Altnet\Points Manager\Skin\redeem-disabled.bmp
c:\program files\Altnet\Points Manager\Skin\redeem-over.bmp
c:\program files\Altnet\Points Manager\Skin\redeem-sel.bmp
c:\program files\Altnet\Points Manager\Skin\redeem.bmp
c:\program files\Altnet\Points Manager\Skin\refresh-over.bmp
c:\program files\Altnet\Points Manager\Skin\refresh.bmp
c:\program files\Altnet\Points Manager\Skin\right.bmp
c:\program files\Altnet\Points Manager\Skin\Sav3BD.tmp
c:\program files\Altnet\Points Manager\Skin\settings-disabled.bmp
c:\program files\Altnet\Points Manager\Skin\settings-over.bmp
c:\program files\Altnet\Points Manager\Skin\settings-sel.bmp
c:\program files\Altnet\Points Manager\Skin\settings.bmp
c:\program files\Altnet\Points Manager\Skin\Skin.xml
c:\program files\Altnet\Points Manager\Skin\start-disabled.bmp
c:\program files\Altnet\Points Manager\Skin\start-over.bmp
c:\program files\Altnet\Points Manager\Skin\start-sel.bmp
c:\program files\Altnet\Points Manager\Skin\start.bmp
c:\program files\Altnet\Points Manager\Skin\top.bmp
c:\program files\Altnet\Points Manager\Skin\topleft-pro.bmp
c:\program files\Altnet\Points Manager\Skin\topleft-reg.bmp
c:\program files\Altnet\Points Manager\Skin\topleft.bmp
c:\program files\Altnet\Points Manager\Skin\topright.bmp
c:\program files\Altnet\Points Manager\Skin\wallet-disabled.bmp
c:\program files\Altnet\Points Manager\Skin\wallet-over.bmp
c:\program files\Altnet\Points Manager\Skin\wallet-sel.bmp
c:\program files\Altnet\Points Manager\Skin\wallet.bmp
c:\program files\Need2Find
c:\program files\Need2Find\bar\1.bin\N2FFXTBR.JAR
c:\program files\Need2Find\bar\1.bin\N2NTSTBR.JAR
c:\program files\Need2Find\bar\1.bin\PARTNER.DAT
c:\program files\Need2Find\bar\Cache\[u]0/u01EB0A0
c:\program files\Need2Find\bar\Cache\files.ini
c:\program files\Need2Find\bar\History\search
c:\program files\Need2Find\bar\Settings\prevcfg.htm
c:\windows\cdmxtras
c:\windows\pack.epk
c:\windows\system32\AdCache
c:\windows\system32\AdCache\B_329_0_0_105300.htm
c:\windows\system32\AdCache\B_329_0_0_106800.htm
c:\windows\system32\AdCache\B_329_0_0_107400.htm
c:\windows\system32\AdCache\B_329_1_0_449200.gif
c:\windows\system32\AdCache\B_329_1_0_449600.gif
c:\windows\system32\AdCache\B_329_1_0_454300.gif
c:\windows\system32\AdCache\B_329_2_0_105300.htm
c:\windows\system32\AdCache\B_329_2_0_106800.htm
c:\windows\system32\AdCache\B_329_2_0_107400.htm
c:\windows\system32\AdCache\B_329_3_0_105300.htm
c:\windows\system32\AdCache\B_329_3_0_106800.htm
c:\windows\system32\AdCache\B_329_3_0_107400.htm
c:\windows\system32\AdCache\B_329_4_0_111600.htm
c:\windows\system32\AdCache\B_329_4_0_152400.htm
c:\windows\system32\AdCache\B_329_4_0_155300.htm
c:\windows\system32\AdCache\B_329_4_0_164100.htm
c:\windows\system32\autorun.ini
c:\windows\system32\cache329
c:\windows\system32\cache329\B_329_0_0_105300.htm
c:\windows\system32\cache329\B_329_0_0_106800.htm
c:\windows\system32\cache329\B_329_0_0_107400.htm
c:\windows\system32\cache329\B_329_1_0_449200.gif
c:\windows\system32\cache329\B_329_1_0_449600.gif
c:\windows\system32\cache329\B_329_1_0_454300.gif
c:\windows\system32\cache329\B_329_2_0_105300.htm
c:\windows\system32\cache329\B_329_2_0_106800.htm
c:\windows\system32\cache329\B_329_2_0_107400.htm
c:\windows\system32\cache329\B_329_3_0_105300.htm
c:\windows\system32\cache329\B_329_3_0_106800.htm
c:\windows\system32\cache329\B_329_3_0_107400.htm
c:\windows\system32\cache329\B_329_4_0_111600.htm
c:\windows\system32\cache329\B_329_4_0_152400.htm
c:\windows\system32\cache329\B_329_4_0_155300.htm
c:\windows\system32\cache329\B_329_4_0_164100.htm
c:\windows\system32\cache329\t_B_329_0_0_106800.htm
c:\windows\system32\cache329\t_B_329_0_0_107400.htm
c:\windows\system32\cache329\t_B_329_2_0_106800.htm
c:\windows\system32\cache329\t_B_329_2_0_107400.htm
c:\windows\system32\cache329\t_B_329_3_0_106800.htm
c:\windows\system32\cache329\t_B_329_3_0_107400.htm
c:\windows\system32\cache329\t_B_329_4_0_111600.htm
c:\windows\system32\cache329\t_B_329_4_0_152400.htm
c:\windows\system32\cache329\t_B_329_4_0_155300.htm
c:\windows\system32\cache329\t_B_329_4_0_164100.htm
c:\windows\system32\P2P Networking
c:\windows\system32\P2P Networking\Cache\Database\file-10001-120.sig
c:\windows\system32\P2P Networking\Cache\Database\file-10001-2615170992.sig
c:\windows\system32\P2P Networking\Cache\Database\file-1001-597.sig
c:\windows\system32\P2P Networking\Cache\Database\index256.dbb
c:\windows\system32\P2P Networking\P2P Networking.eng
c:\windows\system32\sohovaha.dll
c:\windows\system32\vekukedu.dll

[COLOR=RED] c:\windows\system32\userinit.exe . . . est infecté!!/COLOR

[COLOR=RED] c:\windows\system32\userinit.exe . . . est infecté!!/COLOR

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-03-01 au 2009-04-01 ))))))))))))))))))))))))))))))))))))
.

2009-04-02 00:17 . 2009-04-02 00:14 401,408 --a------ c:\windows\system32\CF8706.exe
2009-04-01 00:47 . 2009-04-01 00:48 <REP> d-------- c:\program files\QuickTime
2009-03-31 23:53 . 2009-03-31 23:53 <REP> d-------- C:\rsit
2009-03-29 10:30 . 2009-03-29 10:30 <REP> d-------- c:\documents and settings\STEPHANE\Application Data\ESET
2009-03-29 10:29 . 2009-03-29 10:29 <REP> d-------- c:\program files\ESET
2009-03-29 10:29 . 2009-03-29 10:29 <REP> d-------- c:\documents and settings\All Users\Application Data\ESET
2009-03-28 21:58 . 2009-03-28 21:58 <REP> d-------- c:\program files\Enigma Software Group
2009-03-27 18:04 . 2009-03-27 18:04 <REP> d-------- c:\documents and settings\NetworkService\Application Data\Yahoo!
2009-03-27 18:00 . 2009-03-27 18:00 <REP> dr------- c:\documents and settings\NetworkService\Favoris
2009-03-27 00:54 . 2009-03-27 00:54 71,680 --a------ c:\windows\system32\XSyK2uln.exe
2009-03-26 18:48 . 2009-03-26 18:48 <REP> d-------- c:\documents and settings\ESTELLE\Tracing
2009-03-11 16:54 . 2009-03-11 16:54 341,752 --a------ C:\Topsearch.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-01 21:56 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-04-01 17:08 87,552 --sha-w c:\windows\system32\hodajupi.dll
2009-03-31 22:46 61,440 --sha-w c:\windows\system32\palozora.exe
2009-03-31 21:34 --------- d-----w c:\program files\Peer2Peer-FR
2009-03-29 08:16 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-03-28 21:08 --------- d-----w c:\program files\Applications
2009-03-28 20:32 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-27 17:06 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2009-03-27 17:00 --------- d-----w c:\program files\Norton Security Scan
2009-03-26 22:54 59,904 ----a-w c:\windows\system32\userinit.exe
2009-03-26 15:49 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 15:49 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-24 21:05 --------- d-----w c:\documents and settings\STEPHANE\Application Data\Canon
2009-03-24 17:30 --------- d-----w c:\documents and settings\CELIA\Application Data\OpenOffice.org2
2009-03-22 16:40 --------- d-----w c:\program files\myphotobook
2009-03-11 14:58 --------- d-----w c:\program files\eMule
2009-02-27 05:38 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-21 06:49 --------- d-----w c:\program files\Windows Live
2009-02-14 12:50 --------- d-----w c:\program files\Micro Application
2009-02-14 11:43 --------- d-----w c:\program files\Safari
2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys
2009-02-09 14:05 1,846,912 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-08 20:05 --------- d-----w c:\program files\eBay
2009-02-06 18:39 308,600 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-05 12:37 49,152 ----a-r c:\windows\system32\inetwh32.dll
2009-02-05 12:37 1,044,480 ----a-r c:\windows\system32\roboex32.dll
2009-01-16 20:15 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2006-09-09 10:45 774,144 ----a-w c:\program files\RngInterstitial.dll
1999-04-30 14:00 98,304 ----a-w c:\program files\internet explorer\plugins\UPjpeg.dll
2008-12-13 10:44 60,526 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-13 10:44 49,256 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-13 10:44 166,000 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-09-07 18:42 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008090720080908\index.dat
.

------- Sigcheck -------

2004-08-10 20:00 14336 1bd6c2f707a275cb7c16fd99fe0f31ca c:\windows\$NtServicePackUninstall$\svchost.exe
2008-04-14 04:34 14336 e4bdf223cd75478bf44567b4d5c2634d c:\windows\ServicePackFiles\i386\svchost.exe
2008-04-14 04:34 14336 e4bdf223cd75478bf44567b4d5c2634d c:\windows\system32\svchost.exe

2005-03-02 20:20 578048 c34920eb988ce98910bd6b0417f334eb c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 17:50 579072 4d88aaf39adabfe45958ea1384e2c4ff c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
2007-03-08 17:37 578560 753354f594809a9b96f73999b435a533 c:\windows\$NtServicePackUninstall$\user32.dll
2004-08-10 20:00 578048 e46fb493e3b33704f0715020cf52106b c:\windows\$NtUninstallKB890859$\user32.dll
2005-03-02 20:10 578048 0df75fb73f705b011630159a43d7c354 c:\windows\$NtUninstallKB925902$\user32.dll
2008-04-14 04:33 579584 e853f84d3ce2faa2a802e33cf89ac023 c:\windows\ServicePackFiles\i386\user32.dll
2008-04-14 04:33 579584 e853f84d3ce2faa2a802e33cf89ac023 c:\windows\system32\user32.dll

2004-08-10 20:00 82944 bc41f51a39d3b255805fdb759b7814ae c:\windows\$NtServicePackUninstall$\ws2_32.dll
2008-04-14 04:33 82432 fb836f9e62d82904c983ad21296a5d9c c:\windows\ServicePackFiles\i386\ws2_32.dll
2008-04-14 04:33 82432 fb836f9e62d82904c983ad21296a5d9c c:\windows\system32\ws2_32.dll

2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 12:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\$NtServicePackUninstall$\tcpip.sys
2004-08-10 20:00 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB917953$\tcpip.sys
2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys
2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\$NtUninstallKB951748$\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\dllcache\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\drivers\tcpip.sys

2004-08-10 20:00 506368 d2de785aeab0bb8ca4c14a8a199dbe4e c:\windows\$NtServicePackUninstall$\winlogon.exe
2008-04-14 04:34 512000 dd73d6b9f6b4cb630cf35b438b540174 c:\windows\ServicePackFiles\i386\winlogon.exe
2008-04-14 04:34 512000 dd73d6b9f6b4cb630cf35b438b540174 c:\windows\system32\winlogon.exe

2004-08-10 20:00 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\$NtServicePackUninstall$\ndis.sys
2008-04-13 21:20 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys
2008-04-13 21:20 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys

2004-08-10 20:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
2008-04-13 20:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\ServicePackFiles\i386\ip6fw.sys
2008-04-13 20:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\system32\drivers\ip6fw.sys

2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd c:\windows\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 c:\windows\$NtServicePackUninstall$\explorer.exe
2004-08-10 20:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa c:\windows\$NtUninstallKB938828$\explorer.exe
2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd c:\windows\ServicePackFiles\i386\explorer.exe

2004-08-10 20:00 108544 732e0b1abaace15d80ec19056b0a2af9 c:\windows\$NtServicePackUninstall$\services.exe
2008-04-14 04:34 109056 54cb50058851d95e56ec70d09f70857f c:\windows\ServicePackFiles\i386\services.exe
2008-04-14 04:34 109056 54cb50058851d95e56ec70d09f70857f c:\windows\system32\services.exe

2004-08-10 20:00 13312 9f3744a5c6f49291a7a685040a013399 c:\windows\$NtServicePackUninstall$\lsass.exe
2008-04-14 04:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb c:\windows\ServicePackFiles\i386\lsass.exe
2008-04-14 04:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb c:\windows\system32\lsass.exe

2004-08-10 20:00 15360 5584247b568c2e53934873f4b655fe6a c:\windows\$NtServicePackUninstall$\ctfmon.exe
2008-04-14 04:33 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-14 04:33 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 c:\windows\system32\ctfmon.exe

2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-11 01:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f c:\windows\$NtServicePackUninstall$\spoolsv.exe
2004-08-10 20:00 57856 b4ef928e4fad79364a80acba6d999934 c:\windows\$NtUninstallKB896423$\spoolsv.exe
2008-04-14 04:34 57856 460e4ce148bd07218da0b6a3d31885a9 c:\windows\ServicePackFiles\i386\spoolsv.exe
2008-04-14 04:34 57856 460e4ce148bd07218da0b6a3d31885a9 c:\windows\system32\spoolsv.exe

2004-08-10 20:00 25088 d6d65ea32b190401b57edb6706f29669 c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-14 04:34 26624 e74ddb12188c2ff57a78624dbf7332fc c:\windows\ServicePackFiles\i386\userinit.exe
2009-03-27 00:54 59904 4058d000a87af8a3e7b34f9d91619e90 c:\windows\system32\userinit.exe

2004-08-10 20:00 297984 7d521b8cf926459e270d18c559323815 c:\windows\$NtServicePackUninstall$\termsrv.dll
2008-04-14 04:33 297984 710bc85a8c22626ee094439e3ea0d38c c:\windows\ServicePackFiles\i386\termsrv.dll
2008-04-14 04:33 297984 710bc85a8c22626ee094439e3ea0d38c c:\windows\system32\termsrv.dll

2006-07-05 12:58 1050112 fb85ef2a6713e3a58a497e093626b93c c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
2007-04-16 18:11 1051136 62e3f0e9abfcbcee62c51546f622c455 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
2007-04-16 17:53 1049600 6f1fe2ae7b22eb9ced1bff533c9455ea c:\windows\$NtServicePackUninstall$\kernel32.dll
2004-08-10 20:00 1048576 7830e20c74611281b1bdae5888cd50f5 c:\windows\$NtUninstallKB917422$\kernel32.dll
2006-07-05 12:56 1049088 ce4af1fa47a29adf97cb107775ce395c c:\windows\$NtUninstallKB935839$\kernel32.dll
2008-04-14 04:33 1054720 3ac8886dfa5ab641417df4d3b7f5512e c:\windows\ServicePackFiles\i386\kernel32.dll
2008-04-14 04:33 1054720 3ac8886dfa5ab641417df4d3b7f5512e c:\windows\system32\kernel32.dll

2004-08-10 20:00 17408 b02e4ddbe0e98f42f3b61292ddb3a104 c:\windows\$NtServicePackUninstall$\powrprof.dll
2008-04-14 04:33 17408 9f2c862e39bf8e8fc51c3f6a6bceb415 c:\windows\ServicePackFiles\i386\powrprof.dll
2008-04-14 04:33 17408 9f2c862e39bf8e8fc51c3f6a6bceb415 c:\windows\system32\powrprof.dll

2004-08-10 20:00 110080 39ee5faf56260ebb8d77a08f525ebbb4 c:\windows\$NtServicePackUninstall$\imm32.dll
2008-04-14 04:33 110080 0469b73db32e5520f342c5e163aa3cca c:\windows\ServicePackFiles\i386\imm32.dll
2008-04-14 04:33 110080 0469b73db32e5520f342c5e163aa3cca c:\windows\system32\imm32.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]
"{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}"= "c:\program files\Peer2Peer-FR\tbPee1.dll" [2009-02-16 1882136]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_CLASSES_ROOT\clsid\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]
2009-02-16 23:26 1882136 --a------ c:\program files\Peer2Peer-FR\tbPee1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 13:22 1172792 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
"{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}"= "c:\program files\Peer2Peer-FR\tbPee1.dll" [2009-02-16 1882136]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CLASSES_ROOT\clsid\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
"{B00F3D7D-ECAD-4A3B-BCF7-BA5FC1FD0F8D}"= "c:\program files\Peer2Peer-FR\tbPee1.dll" [2009-02-16 1882136]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CLASSES_ROOT\clsid\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-05 67128]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"eRecoveryService"="c:\program files\Acer\eRecovery\Monitor.exe" [2005-06-20 352256]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-11 136600]
"Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-07 1838592]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-12-02 111928]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-12-13 185872]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-08-18 1447168]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\CELIA\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

c:\documents and settings\STEPHANE\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Controleur de calendrier pour Mon Edition personnalisee de Ulead Photo Express 4.0.lnk - c:\program files\Ulead Systems\Ulead Photo Express 4.0 Mon Edition Sp‚ciale\CalCheck.exe [2006-08-25 57344]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-05 67128]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-08-09 106561]
Wireless 802.11g USB Adapter.lnk - c:\program files\Wireless 802.11g USB Adapter\ZDWlan.exe [2004-11-19 425984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\kazaa.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\XSyK2uln.exe"=

R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [1980-01-01 76544]
R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\system32\drivers\hcw88aud.sys [1980-01-01 11970]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-08-18 468224]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2008-12-28 55136]
R2 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [1980-01-01 130112]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [2005-08-08 296259]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [1980-01-01 137793]
R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [1980-01-01 611444]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\hcw88bar.sys [1980-01-01 27984]
S0 gdbmv;gdbmv;c:\windows\system32\drivers\wykxikds.sys --> c:\windows\system32\drivers\wykxikds.sys [?]
S2 hcw88ts;Hauppauge WinTV 88x TS Capture;c:\windows\system32\drivers\hcw88ts.sys [1980-01-01 14528]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1079c6a-1bd2-11de-bf63-00142a422ba4}]
\Shell\AutoRun\command - f:\programs\nu2menu\nu2menu.exe
.
Contenu du dossier 'Tâches planifiées'

2009-03-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{4E7BD74F-2B8D-469E-90F0-F66AB581A933} - c:\progra~1\INSTAF~1\INSTAF~1.DLL
HKCU-Run-MsnMsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe
HKCU-Run-tbon - c:\program files\TBONBin\tbon.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
IE: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
FF - ProfilePath -

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-02 00:28:40
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr = ~"c:\program files\Windows Live\Messenger\msnmsgr.exe" /background?

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(988)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-04-02 0:32:05
ComboFix-quarantined-files.txt 2009-04-01 22:32:00

Avant-CF: 40,825,741,312 octets libres
Après-CF: 44,915,892,224 octets libres

455 --- E O F --- 2009-03-20 06:24:13
et voici le rapport toolbar:

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 3.00GHz )
BIOS : Default System BIOS
USER : STEPHANE ( Administrator )
BOOT : Normal boot
Antivirus : ESET Smart Security 3.0 3.0 (Activated)
Firewall : Pare-feu personnel d'ESET 3.0.672.0 (Activated)
C:\ (Local Disk) - NTFS - Total:114 Go (Free:41 Go)
D:\ (Local Disk) - FAT32 - Total:115 Go (Free:115 Go)
E:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 02/04/2009| 0:37 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\INSTAFINK
C:\Program Files\INSTAFINK\Cache
C:\Program Files\INSTAFINK\Uninstall.exe
C:\Program Files\INSTAFINK\Cache\ErrorLog.txt
C:\Program Files\INSTAFINK\Cache\instafinktb0302.cfg
C:\Program Files\INSTAFINK\Cache\NewCfg
C:\Program Files\KaZaA
C:\Program Files\KaZaA\BGP2P
C:\Program Files\KaZaA\Db
C:\Program Files\KaZaA\Help
C:\Program Files\KaZaA\Kazaa.url
C:\Program Files\KaZaA\My Channels
C:\Program Files\KaZaA\My Shared Folder
C:\Program Files\KaZaA\Skins
C:\Program Files\KaZaA\BGP2P\bdcore.dll
C:\Program Files\KaZaA\BGP2P\bdupd.dll
C:\Program Files\KaZaA\BGP2P\libfn.dll
C:\Program Files\KaZaA\BGP2P\plugins
C:\Program Files\KaZaA\BGP2P\plugins.htm
C:\Program Files\KaZaA\BGP2P\versions.dat
C:\Program Files\KaZaA\BGP2P\plugins\7zip.xmd
C:\Program Files\KaZaA\BGP2P\plugins\ace.xmd
C:\Program Files\KaZaA\BGP2P\plugins\adsntfs.xmd
C:\Program Files\KaZaA\BGP2P\plugins\alz.xmd
C:\Program Files\KaZaA\BGP2P\plugins\arc.xmd
C:\Program Files\KaZaA\BGP2P\plugins\arj.xmd
C:\Program Files\KaZaA\BGP2P\plugins\bach.xmd
C:\Program Files\KaZaA\BGP2P\plugins\boot.xmd
C:\Program Files\KaZaA\BGP2P\plugins\bzip2.xmd
C:\Program Files\KaZaA\BGP2P\plugins\cab.xmd
C:\Program Files\KaZaA\BGP2P\plugins\cevakrnl.cvd
C:\Program Files\KaZaA\BGP2P\plugins\cevakrnl.ivd
C:\Program Files\KaZaA\BGP2P\plugins\cevakrnl.rvd
C:\Program Files\KaZaA\BGP2P\plugins\cevakrnl.xmd
C:\Program Files\KaZaA\BGP2P\plugins\ceva_dll.cvd
C:\Program Files\KaZaA\BGP2P\plugins\ceva_emu.cvd
C:\Program Files\KaZaA\BGP2P\plugins\ceva_vfs.cvd
C:\Program Files\KaZaA\BGP2P\plugins\chm.xmd
C:\Program Files\KaZaA\BGP2P\plugins\cpio.xmd
C:\Program Files\KaZaA\BGP2P\plugins\cran.cvd
C:\Program Files\KaZaA\BGP2P\plugins\cran.ivd
C:\Program Files\KaZaA\BGP2P\plugins\cran.xmd
C:\Program Files\KaZaA\BGP2P\plugins\dbx.xmd
C:\Program Files\KaZaA\BGP2P\plugins\docfile.xmd
C:\Program Files\KaZaA\BGP2P\plugins\emalware.cvd
C:\Program Files\KaZaA\BGP2P\plugins\emalware.i01
C:\Program Files\KaZaA\BGP2P\plugins\emalware.i02
C:\Program Files\KaZaA\BGP2P\plugins\emalware.i03
C:\Program Files\KaZaA\BGP2P\plugins\emalware.i04
C:\Program Files\KaZaA\BGP2P\plugins\emalware.i05
C:\Program Files\KaZaA\BGP2P\plugins\emalware.i06
C:\Program Files\KaZaA\BGP2P\plugins\emalware.i07
C:\Program Files\KaZaA\BGP2P\plugins\emalware.i08
C:\Program Files\KaZaA\BGP2P\plugins\emalware.i09
C:\Program Files\KaZaA\BGP2P\plugins\emalware.ivd
C:\Program Files\KaZaA\BGP2P\plugins\emalware.xmd
C:\Program Files\KaZaA\BGP2P\plugins\epoc.xmd
C:\Program Files\KaZaA\BGP2P\plugins\e_spyw.ivd
C:\Program Files\KaZaA\BGP2P\plugins\gzip.xmd
C:\Program Files\KaZaA\BGP2P\plugins\ha.xmd
C:\Program Files\KaZaA\BGP2P\plugins\hlp.xmd
C:\Program Files\KaZaA\BGP2P\plugins\hpe.cvd
C:\Program Files\KaZaA\BGP2P\plugins\hpe.xmd
C:\Program Files\KaZaA\BGP2P\plugins\hqx.xmd
C:\Program Files\KaZaA\BGP2P\plugins\html.xmd
C:\Program Files\KaZaA\BGP2P\plugins\imp.xmd
C:\Program Files\KaZaA\BGP2P\plugins\inno.xmd
C:\Program Files\KaZaA\BGP2P\plugins\instyler.xmd
C:\Program Files\KaZaA\BGP2P\plugins\iso.xmd
C:\Program Files\KaZaA\BGP2P\plugins\java.cvd
C:\Program Files\KaZaA\BGP2P\plugins\java.xmd
C:\Program Files\KaZaA\BGP2P\plugins\jpeg.xmd
C:\Program Files\KaZaA\BGP2P\plugins\lha.xmd
C:\Program Files\KaZaA\BGP2P\plugins\lnk.xmd
C:\Program Files\KaZaA\BGP2P\plugins\mbox.xmd
C:\Program Files\KaZaA\BGP2P\plugins\mbx.xmd
C:\Program Files\KaZaA\BGP2P\plugins\mdx.xmd
C:\Program Files\KaZaA\BGP2P\plugins\mdx_97.cvd
C:\Program Files\KaZaA\BGP2P\plugins\mdx_97.ivd
C:\Program Files\KaZaA\BGP2P\plugins\mdx_w95.cvd
C:\Program Files\KaZaA\BGP2P\plugins\mdx_x95.cvd
C:\Program Files\KaZaA\BGP2P\plugins\mdx_xf.cvd
C:\Program Files\KaZaA\BGP2P\plugins\mime.xmd
C:\Program Files\KaZaA\BGP2P\plugins\mso.xmd
C:\Program Files\KaZaA\BGP2P\plugins\na.cvd
C:\Program Files\KaZaA\BGP2P\plugins\na.xmd
C:\Program Files\KaZaA\BGP2P\plugins\nelf.cvd
C:\Program Files\KaZaA\BGP2P\plugins\nelf.xmd
C:\Program Files\KaZaA\BGP2P\plugins\nsis.xmd
C:\Program Files\KaZaA\BGP2P\plugins\objd.xmd
C:\Program Files\KaZaA\BGP2P\plugins\pdf.xmd
C:\Program Files\KaZaA\BGP2P\plugins\pst.xmd
C:\Program Files\KaZaA\BGP2P\plugins\rar.xmd
C:\Program Files\KaZaA\BGP2P\plugins\regscan.cvd
C:\Program Files\KaZaA\BGP2P\plugins\rpm.xmd
C:\Program Files\KaZaA\BGP2P\plugins\rtf.xmd
C:\Program Files\KaZaA\BGP2P\plugins\rup.cvd
C:\Program Files\KaZaA\BGP2P\plugins\rup.xmd
C:\Program Files\KaZaA\BGP2P\plugins\sdx.cvd
C:\Program Files\KaZaA\BGP2P\plugins\sdx.ivd
C:\Program Files\KaZaA\BGP2P\plugins\sdx.xmd
C:\Program Files\KaZaA\BGP2P\plugins\sfx.xmd
C:\Program Files\KaZaA\BGP2P\plugins\swf.xmd
C:\Program Files\KaZaA\BGP2P\plugins\tar.xmd
C:\Program Files\KaZaA\BGP2P\plugins\td0.xmd
C:\Program Files\KaZaA\BGP2P\plugins\thebat.xmd
C:\Program Files\KaZaA\BGP2P\plugins\tnef.xmd
C:\Program Files\KaZaA\BGP2P\plugins\unpack.cvd
C:\Program Files\KaZaA\BGP2P\plugins\unpack.ivd
C:\Program Files\KaZaA\BGP2P\plugins\unpack.xmd
C:\Program Files\KaZaA\BGP2P\plugins\update.txt
C:\Program Files\KaZaA\BGP2P\plugins\uudecode.xmd
C:\Program Files\KaZaA\BGP2P\plugins\ve.cvd
C:\Program Files\KaZaA\BGP2P\plugins\ve.ivd
C:\Program Files\KaZaA\BGP2P\plugins\ve.xmd
C:\Program Files\KaZaA\BGP2P\plugins\vedata.cvd
C:\Program Files\KaZaA\BGP2P\plugins\viza.xmd
C:\Program Files\KaZaA\BGP2P\plugins\wise.xmd
C:\Program Files\KaZaA\BGP2P\plugins\xishield.xmd
C:\Program Files\KaZaA\BGP2P\plugins\z.xmd
C:\Program Files\KaZaA\BGP2P\plugins\zip.xmd
C:\Program Files\KaZaA\BGP2P\plugins\zoo.xmd
C:\Program Files\KaZaA\Db\config.cab
C:\Program Files\KaZaA\Db\ctx4-060630.cab
C:\Program Files\KaZaA\Db\data1024.dbb
C:\Program Files\KaZaA\Db\data256.dbb
C:\Program Files\KaZaA\Db\k7tqkgkk_tssv125.dat
C:\Program Files\KaZaA\Db\np.tmp
C:\Program Files\KaZaA\Db\ova4-060412.cab
C:\Program Files\KaZaA\Db\tsi4-060404a.cab
C:\Program Files\KaZaA\Db\tsi4-060602b.cab
C:\Program Files\KaZaA\Db\tss4.cab
C:\Program Files\KaZaA\Help\arrow.gif
C:\Program Files\KaZaA\Help\arrow_sml.gif
C:\Program Files\KaZaA\Help\background.gif
C:\Program Files\KaZaA\Help\h_mykazaa.gif
C:\Program Files\KaZaA\Help\h_myMedia.gif
C:\Program Files\KaZaA\Help\h_myplaylists.gif
C:\Program Files\KaZaA\Help\icon_gold_kap.gif
C:\Program Files\KaZaA\Help\myKapsules.gif
C:\Program Files\KaZaA\Help\mykapsules.htm
C:\Program Files\KaZaA\Help\mykazaa.css
C:\Program Files\KaZaA\Help\mykazaa.htm
C:\Program Files\KaZaA\Help\mymedia.htm
C:\Program Files\KaZaA\Help\myplaylists.htm
C:\Program Files\KaZaA\Help\spacer.gif
C:\Program Files\KaZaA\Help\Thumbs.db
C:\Program Files\KaZaA\My Channels\Bin
C:\Program Files\KaZaA\My Channels\Images
C:\Program Files\KaZaA\My Channels\Bin\dating.kcd
C:\Program Files\KaZaA\My Channels\Bin\emerging_artists.kcd
C:\Program Files\KaZaA\My Channels\Bin\g_spot.kcd
C:\Program Files\KaZaA\My Channels\Bin\onelove_browse.kcd
C:\Program Files\KaZaA\My Channels\Bin\ringtonechannel.kcd
C:\Program Files\KaZaA\My Channels\Bin\rshiphop.kcd
C:\Program Files\KaZaA\My Channels\Bin\skilledgames.kcd
C:\Program Files\KaZaA\My Channels\Images\dating.bmp
C:\Program Files\KaZaA\My Channels\Images\emerging_artists.bmp
C:\Program Files\KaZaA\My Channels\Images\g_spot.bmp
C:\Program Files\KaZaA\My Channels\Images\onelove_browse.bmp
C:\Program Files\KaZaA\My Channels\Images\ringtonechannel.bmp
C:\Program Files\KaZaA\My Channels\Images\rshiphop_browse.bmp
C:\Program Files\KaZaA\My Channels\Images\skilledgames.bmp
C:\Program Files\KaZaA\My Channels\Images\Thumbs.db
C:\Program Files\KaZaA\My Shared Folder\Audio - Alternatie Rock.kpl
C:\Program Files\KaZaA\My Shared Folder\Audio - Barrington Levy.kpl
C:\Program Files\KaZaA\My Shared Folder\Audio - Electronica.kpl
C:\Program Files\KaZaA\My Shared Folder\Audio - Fine Arts Militia Album.kpl
C:\Program Files\KaZaA\My Shared Folder\Audio - Folk.kpl
C:\Program Files\KaZaA\My Shared Folder\Audio - Funk.kpl
C:\Program Files\KaZaA\My Shared Folder\Audio - Hip Hop.kpl
C:\Program Files\KaZaA\My Shared Folder\Audio - Jazz.kpl
C:\Program Files\KaZaA\My Shared Folder\Audio - Pop Rock.kpl
C:\Program Files\KaZaA\My Shared Folder\Audio - Public Enemy Revolverlution Album.kpl
C:\Program Files\KaZaA\My Shared Folder\Audio - R&B.kpl
C:\Program Files\KaZaA\My Shared Folder\Audio - Reggae.kpl
C:\Program Files\KaZaA\My Shared Folder\Audio - The Honey Palace Album.kpl
C:\Program Files\KaZaA\My Shared Folder\download11531636766417015.dat
C:\Program Files\KaZaA\My Shared Folder\download11531637076447828.dat
C:\Program Files\KaZaA\My Shared Folder\download11531637506491171.dat
C:\Program Files\KaZaA\My Shared Folder\download11531640176757859.dat
C:\Program Files\KaZaA\My Shared Folder\download11531641866926906.dat
C:\Program Files\KaZaA\My Shared Folder\download11531642326972984.dat
C:\Program Files\KaZaA\My Shared Folder\kazaa267_fr.exe
C:\Program Files\KaZaA\My Shared Folder\kazaa325_en.exe
C:\Program Files\KaZaA\My Shared Folder\Promiscuous 1.kpl
C:\Program Files\KaZaA\My Shared Folder\promisucous.kpl
C:\DOCUME~1\STEPHANE\Bureau\Kazaa.lnk
C:\DOCUME~1\STEPHANE\MENUDM~1\PROGRA~1\Kazaa
C:\WINDOWS\Fonts\acrsec.fon

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://home.sweetim.com/"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\STEPHANE\Mes documents\PC GAME CALL OF DUTY 3 + serial + crack.zip
C:\DOCUME~1\STEPHANE\Mes documents\programe\crack
C:\DOCUME~1\STEPHANE\Mes documents\programe\crack\BdIS10kg.exe
C:\DOCUME~1\STEPHANE\Mes documents\programe\crack\WinRAR 3_61 kg multiligual.rar



1 - "C:\ToolBar SD\TB_1.txt" - 02/04/2009| 0:38 - Option : [1]

-----------\\ Fin du rapport a 0:38:56,87
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 7
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ceci a virer:

C:\DOCUME~1\STEPHANE\Mes documents\PC GAME CALL OF DUTY 3 + serial + crack.zip
C:\DOCUME~1\STEPHANE\Mes documents\programe\crack
C:\DOCUME~1\STEPHANE\Mes documents\programe\crack\BdIS10kg.exe
C:\DOCUME~1\STEPHANE\Mes documents\programe\crack\WinRAR 3_61 kg multiligual.rar

______________

refaire toolbar sd et choisi l'option 2 et mettre le rapport

_________________

ceci a refaire: et bien cette fois car le glissé a été mal fais!

Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
F:\Programs\nu2menu\nu2menu.exe
c:\program files\Peer2Peer-FR\tbPee1.dll
c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
c:\program files\SweetIM\Messenger\SweetIM.exe
c:\program files\SweetIM
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d420ece-0f90-11db-b6dc-00142a422ba4}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1079c6a-1bd2-11de-bf63-00142a422ba4}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"=-
"{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}"=-
[-HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[-HKEY_CLASSES_ROOT\clsid\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
"{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}"=-
[-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[-HKEY_CLASSES_ROOT\clsid\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
"{B00F3D7D-ECAD-4A3B-BCF7-BA5FC1FD0F8D}"=-
[-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[-HKEY_CLASSES_ROOT\clsid\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SweetIM"=-

Enregistre ce fichier sous le nom CFscript (attention aux majuscules)

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

_______________

Téléchargez Dr.Web CureIt! : ftp://ftp.drweb.com/pub/drweb/cureit/launch.exe
lancer DR WEB ,Choisissez Désinfecter comme option!
et coller le rapport

a plus
0
Réponse 6 / 7
iwalg2
 
-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 3.00GHz )
BIOS : Default System BIOS
USER : STEPHANE ( Administrator )
BOOT : Normal boot
Antivirus : ESET Smart Security 3.0 3.0 (Activated)
Firewall : Pare-feu personnel d'ESET 3.0.672.0 (Activated)
C:\ (Local Disk) - NTFS - Total:114 Go (Free:42 Go)
D:\ (Local Disk) - FAT32 - Total:115 Go (Free:115 Go)
E:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 02/04/2009|23:04 )

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\INSTAFINK\Cache
Supprime! - C:\Program Files\INSTAFINK\Uninstall.exe
Supprime! - C:\Program Files\KaZaA\BGP2P
Supprime! - C:\Program Files\KaZaA\Db
Supprime! - C:\Program Files\KaZaA\Help
Supprime! - C:\Program Files\KaZaA\Kazaa.url
Supprime! - C:\Program Files\KaZaA\My Channels
Supprime! - C:\Program Files\KaZaA\My Shared Folder
Supprime! - C:\Program Files\KaZaA\Skins
Supprime! - C:\DOCUME~1\STEPHANE\Bureau\Kazaa.lnk
Supprime! - C:\DOCUME~1\STEPHANE\MENUDM~1\PROGRA~1\Kazaa
Supprime! - C:\WINDOWS\Fonts\acrsec.fon
Supprime! - C:\Program Files\INSTAFINK
Supprime! - C:\Program Files\KaZaA

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\STEPHANE\Recent\PC GAME CALL OF DUTY 3 + serial + crack.lnk

1 - "C:\ToolBar SD\TB_1.txt" - 02/04/2009| 0:38 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 02/04/2009|23:08 - Option : [2]

-----------\\ Fin du rapport a 23:08:36,70

ComboFix 09-04-01.01 - STEPHANE 2009-04-02 23:16:28.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1023.518 [GMT 2:00]
Lancé depuis: c:\documents and settings\STEPHANE\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\STEPHANE\Bureau\CFscript.txt
AV: Bitdefender Antivirus *On-access scanning disabled* (Updated)
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: Bitdefender Firewall *disabled*
FW: Pare-feu personnel d'ESET *enabled*
* Un nouveau point de restauration a été créé

FILE ::
c:\program files\Peer2Peer-FR\tbPee1.dll
c:\program files\SweetIM
c:\program files\SweetIM\Messenger\SweetIM.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
f:\programs\nu2menu\nu2menu.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Peer2Peer-FR\tbPee1.dll
c:\program files\SweetIM\Messenger\SweetIM.exe
c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[COLOR=RED] c:\windows\system32\userinit.exe . . . est infecté!!/COLOR

[COLOR=RED] c:\windows\system32\userinit.exe . . . est infecté!!/COLOR

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-03-02 au 2009-04-02 ))))))))))))))))))))))))))))))))))))
.

2009-04-02 00:36 . 2009-04-02 23:08 <REP> d-------- C:\ToolBar SD
2009-04-01 00:47 . 2009-04-01 00:48 <REP> d-------- c:\program files\QuickTime
2009-03-31 23:53 . 2009-03-31 23:53 <REP> d-------- C:\rsit
2009-03-29 10:30 . 2009-03-29 10:30 <REP> d-------- c:\documents and settings\STEPHANE\Application Data\ESET
2009-03-29 10:29 . 2009-03-29 10:29 <REP> d-------- c:\program files\ESET
2009-03-29 10:29 . 2009-03-29 10:29 <REP> d-------- c:\documents and settings\All Users\Application Data\ESET
2009-03-28 21:58 . 2009-03-28 21:58 <REP> d-------- c:\program files\Enigma Software Group
2009-03-27 18:04 . 2009-03-27 18:04 <REP> d-------- c:\documents and settings\NetworkService\Application Data\Yahoo!
2009-03-27 18:00 . 2009-03-27 18:00 <REP> dr------- c:\documents and settings\NetworkService\Favoris
2009-03-27 00:54 . 2009-03-27 00:54 71,680 --a------ c:\windows\system32\XSyK2uln.exe
2009-03-26 18:48 . 2009-03-26 18:48 <REP> d-------- c:\documents and settings\ESTELLE\Tracing
2009-03-11 16:54 . 2009-03-11 16:54 341,752 --a------ C:\Topsearch.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-02 21:16 --------- d-----w c:\program files\Peer2Peer-FR
2009-04-02 20:48 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-04-01 17:08 87,552 --sha-w c:\windows\system32\hodajupi.dll
2009-03-29 08:16 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-03-28 21:08 --------- d-----w c:\program files\Applications
2009-03-28 20:32 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-27 17:06 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2009-03-27 17:00 --------- d-----w c:\program files\Norton Security Scan
2009-03-26 22:54 59,904 ----a-w c:\windows\system32\userinit.exe
2009-03-26 15:49 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 15:49 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-24 21:05 --------- d-----w c:\documents and settings\STEPHANE\Application Data\Canon
2009-03-24 17:30 --------- d-----w c:\documents and settings\CELIA\Application Data\OpenOffice.org2
2009-03-22 16:40 --------- d-----w c:\program files\myphotobook
2009-03-11 14:58 --------- d-----w c:\program files\eMule
2009-02-27 05:38 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-21 06:49 --------- d-----w c:\program files\Windows Live
2009-02-14 12:50 --------- d-----w c:\program files\Micro Application
2009-02-14 11:43 --------- d-----w c:\program files\Safari
2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys
2009-02-09 14:05 1,846,912 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-08 20:05 --------- d-----w c:\program files\eBay
2009-02-06 18:39 308,600 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-05 12:37 49,152 ----a-r c:\windows\system32\inetwh32.dll
2009-02-05 12:37 1,044,480 ----a-r c:\windows\system32\roboex32.dll
2009-01-16 20:15 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2006-09-09 10:45 774,144 ----a-w c:\program files\RngInterstitial.dll
1999-04-30 14:00 98,304 ----a-w c:\program files\internet explorer\plugins\UPjpeg.dll
2008-12-13 10:44 60,526 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-13 10:44 49,256 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-13 10:44 166,000 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-09-07 18:42 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008090720080908\index.dat
.

------- Sigcheck -------

2004-08-10 20:00 14336 1bd6c2f707a275cb7c16fd99fe0f31ca c:\windows\$NtServicePackUninstall$\svchost.exe
2008-04-14 04:34 14336 e4bdf223cd75478bf44567b4d5c2634d c:\windows\ServicePackFiles\i386\svchost.exe
2008-04-14 04:34 14336 e4bdf223cd75478bf44567b4d5c2634d c:\windows\system32\svchost.exe

2005-03-02 20:20 578048 c34920eb988ce98910bd6b0417f334eb c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 17:50 579072 4d88aaf39adabfe45958ea1384e2c4ff c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
2007-03-08 17:37 578560 753354f594809a9b96f73999b435a533 c:\windows\$NtServicePackUninstall$\user32.dll
2004-08-10 20:00 578048 e46fb493e3b33704f0715020cf52106b c:\windows\$NtUninstallKB890859$\user32.dll
2005-03-02 20:10 578048 0df75fb73f705b011630159a43d7c354 c:\windows\$NtUninstallKB925902$\user32.dll
2008-04-14 04:33 579584 e853f84d3ce2faa2a802e33cf89ac023 c:\windows\ServicePackFiles\i386\user32.dll
2008-04-14 04:33 579584 e853f84d3ce2faa2a802e33cf89ac023 c:\windows\system32\user32.dll

2004-08-10 20:00 82944 bc41f51a39d3b255805fdb759b7814ae c:\windows\$NtServicePackUninstall$\ws2_32.dll
2008-04-14 04:33 82432 fb836f9e62d82904c983ad21296a5d9c c:\windows\ServicePackFiles\i386\ws2_32.dll
2008-04-14 04:33 82432 fb836f9e62d82904c983ad21296a5d9c c:\windows\system32\ws2_32.dll

2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 12:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\$NtServicePackUninstall$\tcpip.sys
2004-08-10 20:00 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB917953$\tcpip.sys
2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys
2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\$NtUninstallKB951748$\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\dllcache\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\drivers\tcpip.sys

2004-08-10 20:00 506368 d2de785aeab0bb8ca4c14a8a199dbe4e c:\windows\$NtServicePackUninstall$\winlogon.exe
2008-04-14 04:34 512000 dd73d6b9f6b4cb630cf35b438b540174 c:\windows\ServicePackFiles\i386\winlogon.exe
2008-04-14 04:34 512000 dd73d6b9f6b4cb630cf35b438b540174 c:\windows\system32\winlogon.exe

2004-08-10 20:00 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\$NtServicePackUninstall$\ndis.sys
2008-04-13 21:20 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys
2008-04-13 21:20 182656 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys

2004-08-10 20:00 29056 4448006b6bc60e6c027932cfc38d6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
2008-04-13 20:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\ServicePackFiles\i386\ip6fw.sys
2008-04-13 20:53 36608 3bb22519a194418d5fec05d800a19ad0 c:\windows\system32\drivers\ip6fw.sys

2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd c:\windows\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 c:\windows\$NtServicePackUninstall$\explorer.exe
2004-08-10 20:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa c:\windows\$NtUninstallKB938828$\explorer.exe
2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd c:\windows\ServicePackFiles\i386\explorer.exe

2004-08-10 20:00 108544 732e0b1abaace15d80ec19056b0a2af9 c:\windows\$NtServicePackUninstall$\services.exe
2008-04-14 04:34 109056 54cb50058851d95e56ec70d09f70857f c:\windows\ServicePackFiles\i386\services.exe
2008-04-14 04:34 109056 54cb50058851d95e56ec70d09f70857f c:\windows\system32\services.exe

2004-08-10 20:00 13312 9f3744a5c6f49291a7a685040a013399 c:\windows\$NtServicePackUninstall$\lsass.exe
2008-04-14 04:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb c:\windows\ServicePackFiles\i386\lsass.exe
2008-04-14 04:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb c:\windows\system32\lsass.exe

2004-08-10 20:00 15360 5584247b568c2e53934873f4b655fe6a c:\windows\$NtServicePackUninstall$\ctfmon.exe
2008-04-14 04:33 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-14 04:33 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 c:\windows\system32\ctfmon.exe

2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-11 01:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f c:\windows\$NtServicePackUninstall$\spoolsv.exe
2004-08-10 20:00 57856 b4ef928e4fad79364a80acba6d999934 c:\windows\$NtUninstallKB896423$\spoolsv.exe
2008-04-14 04:34 57856 460e4ce148bd07218da0b6a3d31885a9 c:\windows\ServicePackFiles\i386\spoolsv.exe
2008-04-14 04:34 57856 460e4ce148bd07218da0b6a3d31885a9 c:\windows\system32\spoolsv.exe

2004-08-10 20:00 25088 d6d65ea32b190401b57edb6706f29669 c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-14 04:34 26624 e74ddb12188c2ff57a78624dbf7332fc c:\windows\ServicePackFiles\i386\userinit.exe
2009-03-27 00:54 59904 4058d000a87af8a3e7b34f9d91619e90 c:\windows\system32\userinit.exe

2004-08-10 20:00 297984 7d521b8cf926459e270d18c559323815 c:\windows\$NtServicePackUninstall$\termsrv.dll
2008-04-14 04:33 297984 710bc85a8c22626ee094439e3ea0d38c c:\windows\ServicePackFiles\i386\termsrv.dll
2008-04-14 04:33 297984 710bc85a8c22626ee094439e3ea0d38c c:\windows\system32\termsrv.dll

2006-07-05 12:58 1050112 fb85ef2a6713e3a58a497e093626b93c c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
2007-04-16 18:11 1051136 62e3f0e9abfcbcee62c51546f622c455 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
2007-04-16 17:53 1049600 6f1fe2ae7b22eb9ced1bff533c9455ea c:\windows\$NtServicePackUninstall$\kernel32.dll
2004-08-10 20:00 1048576 7830e20c74611281b1bdae5888cd50f5 c:\windows\$NtUninstallKB917422$\kernel32.dll
2006-07-05 12:56 1049088 ce4af1fa47a29adf97cb107775ce395c c:\windows\$NtUninstallKB935839$\kernel32.dll
2008-04-14 04:33 1054720 3ac8886dfa5ab641417df4d3b7f5512e c:\windows\ServicePackFiles\i386\kernel32.dll
2008-04-14 04:33 1054720 3ac8886dfa5ab641417df4d3b7f5512e c:\windows\system32\kernel32.dll

2004-08-10 20:00 17408 b02e4ddbe0e98f42f3b61292ddb3a104 c:\windows\$NtServicePackUninstall$\powrprof.dll
2008-04-14 04:33 17408 9f2c862e39bf8e8fc51c3f6a6bceb415 c:\windows\ServicePackFiles\i386\powrprof.dll
2008-04-14 04:33 17408 9f2c862e39bf8e8fc51c3f6a6bceb415 c:\windows\system32\powrprof.dll

2004-08-10 20:00 110080 39ee5faf56260ebb8d77a08f525ebbb4 c:\windows\$NtServicePackUninstall$\imm32.dll
2008-04-14 04:33 110080 0469b73db32e5520f342c5e163aa3cca c:\windows\ServicePackFiles\i386\imm32.dll
2008-04-14 04:33 110080 0469b73db32e5520f342c5e163aa3cca c:\windows\system32\imm32.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-04-02_ 0.29.47.93 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-02 20:48:29 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_32c.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-05 67128]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 68856]
"msnmsgr"="~c:\program files\Windows Live\Messenger\msnmsgr.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"eRecoveryService"="c:\program files\Acer\eRecovery\Monitor.exe" [2005-06-20 352256]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-11 136600]
"Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-07 1838592]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-12-13 185872]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-08-18 1447168]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\CELIA\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

c:\documents and settings\STEPHANE\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Controleur de calendrier pour Mon Edition personnalisee de Ulead Photo Express 4.0.lnk - c:\program files\Ulead Systems\Ulead Photo Express 4.0 Mon Edition Sp‚ciale\CalCheck.exe [2006-08-25 57344]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-05 67128]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-08-09 106561]
Wireless 802.11g USB Adapter.lnk - c:\program files\Wireless 802.11g USB Adapter\ZDWlan.exe [2004-11-19 425984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\kazaa.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\XSyK2uln.exe"=

R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [1980-01-01 76544]
R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\system32\drivers\hcw88aud.sys [1980-01-01 11970]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-08-18 468224]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2008-12-28 55136]
R2 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [1980-01-01 130112]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [2005-08-08 296259]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [1980-01-01 137793]
R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [1980-01-01 611444]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\hcw88bar.sys [1980-01-01 27984]
S0 gdbmv;gdbmv;c:\windows\system32\drivers\wykxikds.sys --> c:\windows\system32\drivers\wykxikds.sys [?]
S2 hcw88ts;Hauppauge WinTV 88x TS Capture;c:\windows\system32\drivers\hcw88ts.sys [1980-01-01 14528]
.
Contenu du dossier 'Tâches planifiées'

2009-03-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath -

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-02 23:20:37
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr = ~"c:\program files\Windows Live\Messenger\msnmsgr.exe" /background?

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(988)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-04-02 23:24:01
ComboFix-quarantined-files.txt 2009-04-02 21:23:57
ComboFix2.txt 2009-04-01 22:32:07

Avant-CF: 46 029 180 928 octets libres
Après-CF: 46,034,198,528 octets libres

285 --- E O F --- 2009-03-20 06:24:13
je n'arrive pas a sauvegardé le rapport de dr web mais voici le resultat:
objet:userinit.exe
chemin:c/windows/system32
statut: trojan.fakealert.4130
action:supprimé

a+
0
Réponse 7 / 7
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
je n'arrive pas a sauvegardé le rapport de dr web mais voici le resultat:
objet:userinit.exe
chemin:c/windows/system32
statut: trojan.fakealert.4130
action:supprimé

ok pafait c'est ce que je voulais!

______________________

vire le fichier Peer2Peer-FR en allant dans poste de travail puis

c:\program files\Peer2Peer-FR
______________________

Désactive ta restauration systeme puis redemarre ton ordi puis réactive là comme ceci:
https://www.informatruc.com
_______________________

remets un rapport RSIT et dis nous si ton antivirus trouve encore cette infection
_______________________

a plus
0

Discussions similaires

Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
qu'est ce qu'un "trojan agent/gen" ? svp
Saber03 -
jacques.gache -

33 réponses
Comment enlever mon virus trojan:win32/si...
bryanoulet -
juju666 -

58 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses