Sujet Précédent Sujet Suivant

[Virus] a.bat

Résolu
jtb Messages postés 154 Statut Membre -  
jtb Messages postés 154 Statut Membre -
Bonjour à tous,

Je suis infecté par le fichier a.bat qui apparaît à chaque démarrage dans c:/a.bat . Quand Avast me le détecte, je le supprime mais il revient. Mais, dès la suppression effectuée, Zone Alarm me demande si je peux donner l'accès au fichier windir.exe. Je n'ai jamais fait "accepter" de peur qu'il ne s'agisse d'une tentacule insidieuse de cette infection.

Je serai ravi si vous m'accorderiez quelques instants pour venir à bout de mon problèmes.

Bien à vous,

PS : je peux aisément vous transmettre le contenu de a.bat si vous le désirez.

Jtb.
A voir également:

45 réponses

Précédent
Réponse 21 / 45
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok

encore des soucis?

tu peux aussi mettre en gratos malwarebyte qui est top:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

pour protéger gratos ton ordi
http://www.commentcamarche.net/telecharger/logiciel 4 securite

mettre un antivirus

ANTIVIR
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
MALWAREBYTE ANTIMALWARE + SPYBOT
+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

--------
un pare feu :
(celui de Windows) ou mieux COMODO ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

http://www.clubic.com/telecharger-fiche11071-sunbelt-persona­l-firewall-e(...)
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
https://www.commentcamarche.net/telecharger/ 157 zonealarm

-----------

CCLEANER pour effacer les traces de surf
0
Réponse 22 / 45
jtb Messages postés 154 Statut Membre 1
 
Salut,

Oui, le a.bat revient encore. -_-

J'ai déjà Malwarebyte antimalware. Je vais installer SPYWAREBLASTER. On n'arrive pas à en être quitte de ce machin. :-(

Bon aprèm',

Jtb.
0
Réponse 23 / 45
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok il revient mais entre temps tu branche un disque , une clé ???

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

___________

colle un rapport avec ceci option 1: smitfraudfix:
http://siri.urz.free.fr/Fix/SmitfraudFix.php
0
Réponse 24 / 45
jtb Messages postés 154 Statut Membre 1
 
Salut,

Non, je ne branche strictement rien dessus. Le fichier revient quand je redémarre mon pc.

Avira Antivir ne nomme l'infaction : BAT/REG.ZAPCHAST.

Voici le rapport ComboFix :

ComboFix 09-04-14.09 - Jonathan 14/04/2009 18:45.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.32.1036.18.2047.1453 [GMT 2:00]
Lancé depuis: c:\documents and settings\Jonathan\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *disabled*
* Un nouveau point de restauration a été créé

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-03-14 au 2009-04-14 ))))))))))))))))))))))))))))))))))))
.

2009-04-14 16:39 . 2009-04-14 16:39 -------- d-----w c:\documents and settings\All Users\Application Data\TEMP
2009-04-14 16:39 . 2009-04-14 16:39 -------- d-----w c:\program files\SpywareBlaster
2009-04-13 20:37 . 2009-04-13 20:37 -------- d-----w c:\documents and settings\All Users\Application Data\Grisoft
2009-04-13 10:38 . 2009-04-13 11:21 -------- d-----r c:\documents and settings\LocalService\Mes documents
2009-04-13 09:55 . 2009-04-13 09:55 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-13 09:53 . 2009-02-13 09:31 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-13 09:53 . 2009-04-13 09:53 -------- d-----w c:\program files\Avira
2009-04-13 09:53 . 2009-04-13 09:53 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-04-13 09:44 . 2009-04-13 19:00 -------- d-----w c:\program files\Trend Micro
2009-04-11 18:14 . 2009-04-11 18:14 271386 ----a-w c:\windows\system32\Windir.exe
2009-04-08 21:32 . 2009-04-08 21:32 -------- d-----w c:\program files\iPod
2009-04-08 21:32 . 2009-04-08 21:32 -------- d-----w c:\program files\iTunes
2009-04-08 21:32 . 2009-04-08 21:32 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-03-27 13:12 . 2009-03-27 13:12 -------- d-----w c:\program files\Watchtower
2009-03-26 21:05 . 2009-03-26 21:11 -------- d-----w c:\documents and settings\Jonathan\Application Data\ArcSoft
2009-03-26 21:05 . 2009-03-26 21:05 -------- d-----w c:\documents and settings\Jonathan\Local Settings\Application Data\ArcSoft
2009-03-26 20:52 . 2009-03-26 20:52 26 ----a-w C:\UpdaterforApp.ini
2009-03-26 20:44 . 2005-04-27 15:36 245408 ----a-w c:\windows\system32\unicows.dll
2009-03-26 20:44 . 2005-02-23 13:58 11776 ----a-w c:\windows\system32\drivers\afc.sys
2009-03-26 20:44 . 2009-03-26 20:52 -------- d-----w c:\program files\Fichiers communs\ArcSoft
2009-03-26 20:44 . 2007-03-07 15:05 126976 ----a-w c:\windows\system32\MediaImpression Slideshow.scr
2009-03-26 20:44 . 2009-03-26 20:44 -------- d-----w c:\windows\system32\MediaImpression Slideshow
2009-03-26 20:44 . 2009-03-26 20:44 -------- d-----w c:\program files\ArcSoft
2009-03-24 22:29 . 2005-08-05 01:32 77824 ----a-w c:\windows\system32\TvRate.dll
2009-03-24 22:29 . 2005-07-12 02:33 49152 ----a-w c:\windows\system32\Macrovision.dll
2009-03-24 22:29 . 2009-03-25 16:58 -------- d-----w c:\program files\AGEIA Technologies
2009-03-24 22:29 . 2009-03-24 22:29 -------- d-----w c:\windows\system32\AGEIA
2009-03-24 22:29 . 2009-02-18 13:44 212711 ----a-w c:\windows\system32\nvapps.nvb
2009-03-24 22:16 . 2009-03-24 22:17 -------- d-----w c:\documents and settings\All Users\Application Data\DriverScanner
2009-03-24 22:14 . 2009-03-24 22:16 -------- dc-h--w c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-03-24 22:07 . 2009-04-11 14:19 190328 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-03-24 22:03 . 2009-03-24 22:04 -------- dc-h--w c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-03-24 22:02 . 2009-03-24 22:16 -------- d-----w c:\documents and settings\Jonathan\Application Data\Uniblue
2009-03-24 22:02 . 2009-03-24 22:16 -------- d-----w c:\program files\Uniblue
2009-03-24 22:01 . 2009-03-24 22:02 -------- dc-h--w c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-03-23 17:54 . 2009-03-23 17:54 -------- d-----w c:\program files\Windows Sidebar
2009-03-23 17:47 . 2009-03-23 17:55 -------- d-----w c:\program files\Nero
2009-03-21 21:24 . 2009-03-21 21:24 -------- d-----w c:\program files\Fichiers communs\xing shared
2009-03-19 22:34 . 2009-03-19 22:34 -------- d-sh--w c:\documents and settings\Jonathan\IECompatCache
2009-03-19 22:32 . 2009-03-19 22:32 -------- d-sh--w c:\documents and settings\Jonathan\PrivacIE
2009-03-19 22:29 . 2009-03-19 22:29 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache
2009-03-19 22:28 . 2009-03-19 22:28 -------- d-sh--w c:\documents and settings\Jonathan\IETldCache
2009-03-19 22:18 . 2009-03-19 22:18 -------- d-----w c:\windows\ie8updates
2009-03-19 22:16 . 2009-03-19 22:18 -------- dc-h--w c:\windows\ie8
2009-03-19 22:15 . 2009-02-28 04:55 105984 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-03-15 21:22 . 2008-06-24 11:45 1414440 ----a-w c:\windows\system32\ShellManager310E2D762.dll
2009-03-15 21:22 . 2008-06-23 15:36 773120 ----a-w c:\windows\system32\NEROINSTAEC43759.DB
2009-03-15 21:21 . 2009-03-15 21:21 0 ----a-w c:\windows\Irremote.ini
2009-03-15 20:27 . 2009-03-23 18:02 -------- d-----w c:\program files\Fichiers communs\Nero
2009-03-15 17:36 . 2009-03-15 17:44 -------- d-----w c:\documents and settings\Jonathan\Application Data\Hamachi
2009-03-15 17:36 . 2009-03-15 17:36 25280 ----a-w c:\windows\system32\drivers\hamachi.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-14 16:46 . 2009-03-14 21:19 14923808 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-14 16:46 . 2009-03-14 21:19 14923808 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-14 16:36 . 2008-10-28 17:17 -------- d-----w c:\program files\Mozilla Thunderbird
2009-04-14 11:06 . 2009-03-14 21:19 176288 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-13 19:00 . 2009-04-13 19:00 1554 ----a-w C:\TCleaner.txt
2009-04-13 12:50 . 2008-10-27 18:30 -------- d-----w c:\program files\PowerArchiver
2009-04-11 18:51 . 2008-10-31 18:26 -------- d-----w c:\documents and settings\Jonathan\Application Data\Azureus
2009-04-11 14:07 . 2008-11-17 18:17 -------- d-----w c:\documents and settings\Jonathan\Application Data\dvdcss
2009-04-11 12:50 . 2008-11-02 19:20 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-11 07:06 . 2008-12-17 22:48 -------- d-----w c:\documents and settings\Jonathan\Application Data\Free Download Manager
2009-04-08 21:32 . 2008-10-27 19:46 -------- d-----w c:\program files\Fichiers communs\Apple
2009-04-06 20:43 . 2008-11-17 17:32 -------- d-----w c:\documents and settings\Jonathan\Application Data\Nero
2009-04-06 13:32 . 2008-11-02 19:20 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2008-11-02 19:20 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-31 15:59 . 2008-10-31 22:25 -------- d-----w c:\program files\Java
2009-03-29 14:37 . 2002-08-30 12:00 85404 ----a-w c:\windows\system32\perfc00C.dat
2009-03-29 14:37 . 2002-08-30 12:00 513080 ----a-w c:\windows\system32\perfh00C.dat
2009-03-29 14:32 . 2008-12-26 08:16 4535628 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-03-26 20:44 . 2008-10-27 07:39 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-25 16:59 . 2008-10-26 23:08 -------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-03-23 17:47 . 2008-11-17 17:29 -------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-03-21 22:14 . 2008-10-27 20:02 -------- d-----w c:\program files\Fichiers communs\Adobe
2009-03-21 21:24 . 2008-12-09 21:41 -------- d-----w c:\program files\Fichiers communs\Real
2009-03-19 14:32 . 2008-10-27 19:48 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-18 23:10 . 2008-10-27 18:31 -------- d-----w c:\program files\TuneUp Utilities 2007
2009-03-17 12:05 . 2009-03-17 18:38 1440256 ----a-w c:\windows\Internet Logs\xDBA.tmp
2009-03-15 14:57 . 2008-10-27 20:20 -------- d-----w c:\documents and settings\Jonathan\Application Data\IEPro
2009-03-15 14:51 . 2009-03-15 14:51 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-15 14:50 . 2009-03-15 14:49 -------- d-----w c:\program files\QuickTime
2009-03-14 14:04 . 2008-10-26 23:14 4212 ---h--w c:\windows\system32\zllictbl.dat
2009-03-13 15:30 . 2008-10-30 17:59 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-13 12:56 . 2008-11-07 20:19 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-09 03:19 . 2008-10-31 22:26 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 03:34 . 2002-08-30 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 03:34 . 2002-08-30 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 03:33 . 2002-08-30 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 03:33 . 2002-08-30 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 03:32 . 2002-08-30 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 03:32 . 2002-08-30 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 03:31 . 2002-08-30 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 03:31 . 2002-08-30 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 03:31 . 2002-08-30 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 03:22 . 2002-08-30 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 21:09 . 2009-03-06 21:09 -------- d-----w c:\program files\OO Software
2009-03-02 20:42 . 2008-10-27 20:06 -------- d-----w c:\program files\eChanblard
2009-03-01 20:15 . 2009-03-01 20:15 -------- d-----w c:\program files\eRightSoft
2009-03-01 20:13 . 2008-11-07 20:52 -------- d-----w c:\program files\ffdshow
2009-03-01 15:52 . 2008-12-09 22:08 -------- d-----w c:\program files\Fichiers communs\DVDVideoSoft
2009-03-01 15:52 . 2008-10-31 19:31 -------- d-----w c:\program files\ASUS
2009-03-01 11:50 . 2008-10-27 00:10 91584 ----a-w c:\documents and settings\Jonathan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-27 13:17 . 2008-10-27 06:43 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-16 22:17 . 2008-10-27 00:04 453152 ----a-w c:\windows\system32\NVUNINST.EXE
2009-02-09 14:05 . 2002-08-30 12:00 1846912 ----a-w c:\windows\system32\win32k.sys
2009-01-16 17:24 . 2009-01-16 17:24 70936 ----a-w c:\windows\system32\PhysXLoader.dll
2008-11-02 17:28 . 2008-11-02 17:28 38976 ----a-w c:\documents and settings\Jonathan\Application Data\GDIPFONTCACHEV1.DAT
2008-10-27 06:32 . 2008-10-27 06:32 131 ----a-w c:\documents and settings\Jonathan\Local Settings\Application Data\fusioncache.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-27 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-30 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-30 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"SmartMon"="c:\program files\EmvSmartCardReader\SmartMON.exe" [2006-12-04 73826]
"BePCSC"="c:\program files\EmvSmartCardReader\BePCSC.exe" [2007-05-03 27136]
"beidsystemtray"="c:\program files\Belgium Identity Card\beidsystemtray.exe" [2007-02-19 188416]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-06-28 2512128]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-03-21 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"ArcSoft Connection Service"="c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-10-11 31232]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-18 1657376]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-12-26 18081280]
"Windows Manager System"="Windir.exe" - c:\windows\system32\Windir.exe [2009-04-11 271386]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - c:\program files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2003-9-15 503869]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-27 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w c:\program files\fichiers communs\logishrd\bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uOODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PhilipsDM\SA1916"=c:\program files\Philips\SA19XX\Philips Device Manager\Bin\DeviceManager.exe OS_STARTUP
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.11\RivaTuner.exe" /S
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R3 AIDA32Driver;AIDA32Driver; [x]
R3 eID Privacy Service;eID Privacy Service;c:\windows\system32\beidservicepcsc.exe [2007-02-19 331776]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\l1e51x86.sys [2008-08-24 37376]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-09-02 191656]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-03-05 108289]
S2 eID CRL Service;eID CRL Service;c:\windows\system32\beidservicecrl.exe [2007-02-19 225280]
S3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2007-01-26 2831232]
S3 EMVSCARD;EMVSCARD;c:\windows\system32\Drivers\EMVSCARD.sys [2006-09-18 20269]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'

2009-04-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://news.google.be/news?ned=fr_be
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Envoyer à &Bluetooth - c:\program files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: {{000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\IEPro\iepro.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\z87h1j0x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.lycos.fr/
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-14 18:46
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="BB5DAE0BD4A137D592B1C78D2CA3232180AB05FB8E2FC8C0AA4916B776E6F5AC1A34C1B1C88CB4FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667A6171C11EC38DE3D9DB7CE019D40AA5C585E08E17CF14B42FDAA812E6CA05A7ED51C5ABB1113867F21C090AA2E13B928C43E9A4A4DA20485F369BD86EE76B56BE21DFAA8473295D791660A6C0E0526AE1F84E0DA5A07F0C33030537C95F272AF66BDB55B74A60479E98420538B7EE290789F32B0E76EC192147971224382E967B325B2F93D1B72A60B8C933B2E85FAD0657286FE005E865905346CA1A547577E9FEFBEC18F6CE36F5E6A4B964255DBC6FED1FD8C6F8D3755EDC4BA332897D83705AE4803192E423BCFFA4E6B585FD79F6188D7B2C6EAAE98BBFE75A7FDFAF1A7C365E422CBA659C4CD8C4AD0444522D92DD4FB5F5C16A9855F32DD621D320C38BE0BCB16E0D0591CCCE610F59D5F56C98868F317C7624CD6CE1AD5D9C02B7029DA8C576C535B572245C1149BC1B96F171A686C6DE7D91B98856B649A658DD08A844A89C6E027CA8EB04BEF164F13513D8F70390EDB3982AAFD4CB4424E32BD422A9806D50D4C11EC8F22DFCF2D5E3F8D980ECEB70B6FCE443DD8160502A6AF8A3D3D14E421156A9A66DD4546004564296B4248BB9D22B46B461E79AA482D8270B4769F4F2500F9CB3C87250A3621CD0A3F83620000A9C9FEA3A0770DB2BA76570C73B805EABE49859C9AA8BF0002EB7BD1BC7F7FE49287AE63584A9D90F8ACF2C1D8930A83B9C5A318889BA250AB151D62CB25C8BF9DCCFE17ADD15DF9C42E4ED7BC07F7C6893D55C136EEFDDF9602E13782FDFD4B3E5C4A53028F6447306647D5AD117AD07D669CB07DB934AB6CD01319255855031EDCBBB3282CDE9702A40F462B4F510098D7D080AAB1BAF20F824BD2712499A99957D4D3E4EF8B4EB09A2BB5A886D0F6118F1C51FE3619B810FBFAB691782743C0BB6AD675CCBC8FEC62773A8D9F611ED06DFDC730C76F483787E418AA90F199595C256189D35BC516F51FE7B6A4011FF6B5C88966896C2A00D2A25150C7803AD96E809DC0BC61A043B4A45BF347BCEA561023443EC6D6B01BED1E3D0E22EBF4EF8C4FB9B5605E113D62DD3189D93BB2740A07A549EA08EFEACF183D6044E2E07DB6B666F0C0764D0125F50D2FD5B4EE0C14C5E20D876C408750A437BBF7A8D4144D2D59F3FEDECEC00B68959056F3DA8C817FB2025105BCBC2E2B12852C926F7E9800CDAFE1E556620189F5CE1A5AF4180DAC5196A0E8C50909673A95728A9139C1D17E8B5568627E5B7D5BFD07DB0185CF177EA973BF00206868A2BB801060F25695B062685ABCE3D1BDF9A42481055DCBDE7D116947D36B35133D3AAF34C5124B9427"
"OODEFRAG10.00.00.01WORKSTATION"="9561824B1F5232CAA3F84684FE3321904F15EFFCE6F8F5B912F05EEC1E8109E4AA8483EC9C1EAAD141A1974FFC52E3A9955ADF4DEF66C30FC73B05844DC2408624D1FBC52AA8A2A68A04F82984290421DF3FF9067EFC61178DE659A62922B43818A674D6DC4C28BDBF83E744A5A6D0A93448CC253CE1FCDF54BE973B9418178781347B1870F90F4106D3DE4214505D280152649BF6CF8C2EF1E201211433DB35BEFD227445B26D8F6100E3BCA73E8039178B57CD9D9247781F46D92AD296BC3591DEFD4BDB0F9BB84065FABEDC9CD5FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A2D97226D213B5559DB7CE019D40AA5C3D0367E6ADEB8E0E17778336B937408E5C35EAB931393811EF9E5B04F7755B1B2396A7C0B27B72D4EDE0872EE319AA0BEE16C821578A68B944A5C31DDC4E63AC2FE82578D9F8192C84C106971FA20F3EF6D6D2AC9BE2E1F3A7C90615D5D625458C9231BBB8BE938524DDD38FAD2A12DAF982828B102EFD527B7F62CDE0324E7A1C13F1BBDACB8416C9DB1C3AC8266BD63389A8F1387DA92C58216DAB6FAC2224724E5DAEBEC2A2D928C75BBC1CB1E6ED90C0E5188D86659F886A8E9667B2F5E0D788C24DD8EA3A8CA31065C2C70E659F3560B2B77D21C80B8CFE81FBA3D63491486C42560F2FA9B2D5095D7ADF1FDA2F7605D891E84A7A1418E255CB71CD5BD9F5894F8A3D1EE4900CEA3D976B6C502360AFF769A4A3B8A292FE6E7B13737D24C3D1B330B0EA73B1C84E5550E7A1E047B0C282877A7155E1172284823EC4C19DCA9B0D90AE6DEF6341B4465EC40FBE2A59083E36A51EB443757D24DE9DE2E037579FCAF96D1E0938DD020401E6282C9F82ACC6465934D079B1A52C10CE162A26EAFEB2BD979D03073E7B5AFA258502BE063F0B8AB965B7FD0194D01CE44500E339BA5CB04C2F356832CE66134B622DE1F036CDDADE88880DD227980B637F582CABB936AD1E388ABBBF891A13999FACA98867261457137A25431FE0E8C6F63D025DC67F9115C503A221A0BACA45BF17F641127D1424A5D48B2822D847FC82CD2A9F8E4CBEAA053183C26A620C75EA12F1C5D494BF387EF748873A05B9E5993B2DF5A48899D048BB87C622002FC56E5B0875B47C7DFE83D1A81DD23BD959DCCC571B7FEE0DE688DE9E0368D38B47B94365E2989C3AD3BCE9BA59BEA9C3228BDBBBF9F98F07C65FE9F9FEBFF282FCDEAD7D53CF2F6489585854DEB34E987B0ED6AEB2D050F73A0CBF8FFB8FC9765F979209C188C4F063A6CB0D05497D7D99EC41499BA86A568171581AE7A3144D5BBF7E82DDD7BD561B9C03C0D87FDF99235530E8BB85E99ACD163D96E92BE3F14FD512A889B6D3915D53D50F9836EE992F1BCD2FCF"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll
c:\program files\fichiers communs\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(2112)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSFR.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Heure de fin: ~,10time:~,-3
ComboFix-quarantined-files.txt 2009-04-14 16:47

Avant-CF: 451.331.395.584 octets libres
Après-CF: 451.377.709.056 octets libres

271 --- E O F --- 2009-03-17 18:46

Voici le rapport de SmitfraudFix :

SmitFraudFix v2.408

Rapport fait à 18:57:01,90, mar. 14/04/2009
Executé à partir de C:\Documents and Settings\Jonathan\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\beidservicecrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\EmvSmartCardReader\SmartMON.exe
C:\Program Files\EmvSmartCardReader\BePCSC.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\Windir.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\Documents and Settings\Jonathan\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jonathan

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Jonathan\LOCALS~1\Temp

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jonathan\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Jonathan\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» DNS

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

Bien à toi,

Jtb.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 45
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
c:\a.bat

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

___________________

repare windows
https://www.pcastuces.com/pratique/windows/xp/default.htm
____________________

utilise pour supprimer tes traces

CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo
(dans les options puis avancé :désactive la case: effacer les fichiers de plus de 48 heures)
https://www.malekal.com/tutoriel-ccleaner/
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

___________________

Désactive ta restauration systeme puis redemarre ton ordi puis réactive là comme ceci:
https://www.informatruc.com

____________________

Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
0
Réponse 26 / 45
jtb Messages postés 154 Statut Membre 1
 
Salut,

Rapport Combofix :

ComboFix 09-04-14.09 - Jonathan 14/04/2009 21:19.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.32.1036.18.2047.1535 [GMT 2:00]
Lancé depuis: c:\documents and settings\Jonathan\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Jonathan\Bureau\CFscript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *disabled*
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-03-14 au 2009-04-14 ))))))))))))))))))))))))))))))))))))
.

2009-04-14 18:46 . 2001-08-23 15:47 24576 -c--a-w c:\windows\system32\dllcache\agcgauge.ax
2009-04-14 18:42 . 2009-04-14 18:42 -------- d-----w c:\program files\CCleaner
2009-04-14 16:51 . 2009-04-14 16:51 -------- d-----r c:\documents and settings\LocalService\Favoris
2009-04-14 16:39 . 2009-04-14 16:39 -------- d-----w c:\documents and settings\All Users\Application Data\TEMP
2009-04-14 16:39 . 2009-04-14 16:39 -------- d-----w c:\program files\SpywareBlaster
2009-04-13 20:37 . 2009-04-13 20:37 -------- d-----w c:\documents and settings\All Users\Application Data\Grisoft
2009-04-13 10:38 . 2009-04-13 11:21 -------- d-----r c:\documents and settings\LocalService\Mes documents
2009-04-13 09:55 . 2009-04-13 09:55 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-13 09:53 . 2009-02-13 09:31 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-13 09:53 . 2009-04-13 09:53 -------- d-----w c:\program files\Avira
2009-04-13 09:53 . 2009-04-13 09:53 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-04-13 09:44 . 2009-04-13 19:00 -------- d-----w c:\program files\Trend Micro
2009-04-11 18:14 . 2009-04-11 18:14 271386 ----a-w c:\windows\system32\Windir.exe
2009-04-08 21:32 . 2009-04-08 21:32 -------- d-----w c:\program files\iPod
2009-04-08 21:32 . 2009-04-08 21:32 -------- d-----w c:\program files\iTunes
2009-04-08 21:32 . 2009-04-08 21:32 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-03-27 13:12 . 2009-03-27 13:12 -------- d-----w c:\program files\Watchtower
2009-03-26 21:05 . 2009-03-26 21:11 -------- d-----w c:\documents and settings\Jonathan\Application Data\ArcSoft
2009-03-26 21:05 . 2009-03-26 21:05 -------- d-----w c:\documents and settings\Jonathan\Local Settings\Application Data\ArcSoft
2009-03-26 20:52 . 2009-03-26 20:52 26 ----a-w C:\UpdaterforApp.ini
2009-03-26 20:44 . 2005-04-27 15:36 245408 ----a-w c:\windows\system32\unicows.dll
2009-03-26 20:44 . 2005-02-23 13:58 11776 ----a-w c:\windows\system32\drivers\afc.sys
2009-03-26 20:44 . 2009-03-26 20:52 -------- d-----w c:\program files\Fichiers communs\ArcSoft
2009-03-26 20:44 . 2007-03-07 15:05 126976 ----a-w c:\windows\system32\MediaImpression Slideshow.scr
2009-03-26 20:44 . 2009-03-26 20:44 -------- d-----w c:\windows\system32\MediaImpression Slideshow
2009-03-26 20:44 . 2009-03-26 20:44 -------- d-----w c:\program files\ArcSoft
2009-03-24 22:29 . 2005-08-05 01:32 77824 ----a-w c:\windows\system32\TvRate.dll
2009-03-24 22:29 . 2005-07-12 02:33 49152 ----a-w c:\windows\system32\Macrovision.dll
2009-03-24 22:29 . 2009-03-25 16:58 -------- d-----w c:\program files\AGEIA Technologies
2009-03-24 22:29 . 2009-03-24 22:29 -------- d-----w c:\windows\system32\AGEIA
2009-03-24 22:29 . 2009-02-18 13:44 212711 ----a-w c:\windows\system32\nvapps.nvb
2009-03-24 22:16 . 2009-03-24 22:17 -------- d-----w c:\documents and settings\All Users\Application Data\DriverScanner
2009-03-24 22:14 . 2009-03-24 22:16 -------- dc-h--w c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-03-24 22:07 . 2009-04-11 14:19 190328 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-03-24 22:03 . 2009-03-24 22:04 -------- dc-h--w c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-03-24 22:02 . 2009-03-24 22:16 -------- d-----w c:\documents and settings\Jonathan\Application Data\Uniblue
2009-03-24 22:02 . 2009-03-24 22:16 -------- d-----w c:\program files\Uniblue
2009-03-24 22:01 . 2009-03-24 22:02 -------- dc-h--w c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-03-23 17:54 . 2009-03-23 17:54 -------- d-----w c:\program files\Windows Sidebar
2009-03-23 17:47 . 2009-03-23 17:55 -------- d-----w c:\program files\Nero
2009-03-21 21:24 . 2009-03-21 21:24 -------- d-----w c:\program files\Fichiers communs\xing shared
2009-03-19 22:34 . 2009-03-19 22:34 -------- d-sh--w c:\documents and settings\Jonathan\IECompatCache
2009-03-19 22:32 . 2009-03-19 22:32 -------- d-sh--w c:\documents and settings\Jonathan\PrivacIE
2009-03-19 22:29 . 2009-03-19 22:29 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache
2009-03-19 22:28 . 2009-03-19 22:28 -------- d-sh--w c:\documents and settings\Jonathan\IETldCache
2009-03-19 22:18 . 2009-03-19 22:18 -------- d-----w c:\windows\ie8updates
2009-03-19 22:16 . 2009-03-19 22:18 -------- dc-h--w c:\windows\ie8
2009-03-19 22:15 . 2009-02-28 04:55 105984 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-03-15 21:22 . 2008-06-24 11:45 1414440 ----a-w c:\windows\system32\ShellManager310E2D762.dll
2009-03-15 21:22 . 2008-06-23 15:36 773120 ----a-w c:\windows\system32\NEROINSTAEC43759.DB
2009-03-15 21:21 . 2009-03-15 21:21 0 ----a-w c:\windows\Irremote.ini
2009-03-15 20:27 . 2009-03-23 18:02 -------- d-----w c:\program files\Fichiers communs\Nero

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-14 19:21 . 2009-03-14 21:19 15247392 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-14 19:21 . 2009-03-14 21:19 15247392 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-14 18:56 . 2009-04-13 19:00 720 ----a-w C:\TCleaner.txt
2009-04-14 18:39 . 2009-04-14 18:39 62643 ----a-w c:\windows\Internet Logs\zlclient_2nd_2009_04_14_20_36_00_small.dmp.zip
2009-04-14 18:39 . 2009-04-14 18:39 60077 ----a-w c:\windows\Internet Logs\zlclient_2nd_2009_04_14_20_35_59_small.dmp.zip
2009-04-14 18:39 . 2009-04-14 18:39 41830 ----a-w c:\windows\Internet Logs\zlclient_2nd_2009_04_14_20_35_58_small.dmp.zip
2009-04-14 17:00 . 2009-03-14 21:19 179432 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-14 16:57 . 2009-04-14 16:57 5026 ----a-w C:\rapport.txt
2009-04-14 16:36 . 2008-10-28 17:17 -------- d-----w c:\program files\Mozilla Thunderbird
2009-04-13 12:50 . 2008-10-27 18:30 -------- d-----w c:\program files\PowerArchiver
2009-04-11 18:51 . 2008-10-31 18:26 -------- d-----w c:\documents and settings\Jonathan\Application Data\Azureus
2009-04-11 14:07 . 2008-11-17 18:17 -------- d-----w c:\documents and settings\Jonathan\Application Data\dvdcss
2009-04-11 12:50 . 2008-11-02 19:20 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-11 07:06 . 2008-12-17 22:48 -------- d-----w c:\documents and settings\Jonathan\Application Data\Free Download Manager
2009-04-08 21:32 . 2008-10-27 19:46 -------- d-----w c:\program files\Fichiers communs\Apple
2009-04-06 20:43 . 2008-11-17 17:32 -------- d-----w c:\documents and settings\Jonathan\Application Data\Nero
2009-04-06 13:32 . 2008-11-02 19:20 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2008-11-02 19:20 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-31 15:59 . 2008-10-31 22:25 -------- d-----w c:\program files\Java
2009-03-29 14:37 . 2002-08-30 12:00 85404 ----a-w c:\windows\system32\perfc00C.dat
2009-03-29 14:37 . 2002-08-30 12:00 513080 ----a-w c:\windows\system32\perfh00C.dat
2009-03-29 14:32 . 2008-12-26 08:16 4535628 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-03-26 20:44 . 2008-10-27 07:39 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-25 16:59 . 2008-10-26 23:08 -------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-03-23 17:47 . 2008-11-17 17:29 -------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-03-21 22:14 . 2008-10-27 20:02 -------- d-----w c:\program files\Fichiers communs\Adobe
2009-03-21 21:24 . 2008-12-09 21:41 -------- d-----w c:\program files\Fichiers communs\Real
2009-03-19 14:32 . 2008-10-27 19:48 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-18 23:10 . 2008-10-27 18:31 -------- d-----w c:\program files\TuneUp Utilities 2007
2009-03-17 12:05 . 2009-03-17 18:38 1440256 ----a-w c:\windows\Internet Logs\xDBA.tmp
2009-03-15 17:44 . 2009-03-15 17:36 -------- d-----w c:\documents and settings\Jonathan\Application Data\Hamachi
2009-03-15 17:36 . 2009-03-15 17:36 25280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-03-15 14:57 . 2008-10-27 20:20 -------- d-----w c:\documents and settings\Jonathan\Application Data\IEPro
2009-03-15 14:51 . 2009-03-15 14:51 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-15 14:50 . 2009-03-15 14:49 -------- d-----w c:\program files\QuickTime
2009-03-14 14:04 . 2008-10-26 23:14 4212 ---h--w c:\windows\system32\zllictbl.dat
2009-03-13 15:30 . 2008-10-30 17:59 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-13 12:56 . 2008-11-07 20:19 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-09 03:19 . 2008-10-31 22:26 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 03:34 . 2002-08-30 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 03:34 . 2002-08-30 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 03:33 . 2002-08-30 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 03:33 . 2002-08-30 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 03:32 . 2002-08-30 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 03:32 . 2002-08-30 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 03:31 . 2002-08-30 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 03:31 . 2002-08-30 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 03:31 . 2002-08-30 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 03:22 . 2002-08-30 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 21:09 . 2009-03-06 21:09 -------- d-----w c:\program files\OO Software
2009-03-02 20:42 . 2008-10-27 20:06 -------- d-----w c:\program files\eChanblard
2009-03-01 20:15 . 2009-03-01 20:15 -------- d-----w c:\program files\eRightSoft
2009-03-01 20:13 . 2008-11-07 20:52 -------- d-----w c:\program files\ffdshow
2009-03-01 15:52 . 2008-12-09 22:08 -------- d-----w c:\program files\Fichiers communs\DVDVideoSoft
2009-03-01 15:52 . 2008-10-31 19:31 -------- d-----w c:\program files\ASUS
2009-03-01 11:50 . 2008-10-27 00:10 91584 ----a-w c:\documents and settings\Jonathan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-27 13:17 . 2008-10-27 06:43 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-16 22:17 . 2008-10-27 00:04 453152 ----a-w c:\windows\system32\NVUNINST.EXE
2009-02-09 14:05 . 2002-08-30 12:00 1846912 ----a-w c:\windows\system32\win32k.sys
2009-01-16 17:24 . 2009-01-16 17:24 70936 ----a-w c:\windows\system32\PhysXLoader.dll
2008-11-02 17:28 . 2008-11-02 17:28 38976 ----a-w c:\documents and settings\Jonathan\Application Data\GDIPFONTCACHEV1.DAT
2008-10-27 06:32 . 2008-10-27 06:32 131 ----a-w c:\documents and settings\Jonathan\Local Settings\Application Data\fusioncache.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= "c:\windows\system32\ieframe.dll" [2009-03-08 11063808]

[HKEY_CLASSES_ROOT\clsid\{cfbfae00-17a6-11d0-99cb-00c04fd64497}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2009-02-17 15:11 408440 ----a-w c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2008-11-26 22:04 251504 ----a-w c:\program files\Google\Google Toolbar\GoogleToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
2009-04-06 10:49 668656 ----a-w c:\program files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
2008-11-26 22:04 522224 ----a-w c:\program files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
2009-03-09 03:18 35840 ----a-w c:\program files\Java\jre6\bin\jp2ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
2009-03-09 03:18 73728 ----a-w c:\program files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{F2CF5485-4E02-4F68-819C-B92DE9277049}"= "c:\windows\system32\ieframe.dll" [2009-03-08 11063808]

[HKEY_CLASSES_ROOT\clsid\{f2cf5485-4e02-4f68-819c-b92de9277049}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-27 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-30 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-30 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"SmartMon"="c:\program files\EmvSmartCardReader\SmartMON.exe" [2006-12-04 73826]
"BePCSC"="c:\program files\EmvSmartCardReader\BePCSC.exe" [2007-05-03 27136]
"beidsystemtray"="c:\program files\Belgium Identity Card\beidsystemtray.exe" [2007-02-19 188416]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-06-28 2512128]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-03-21 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"ArcSoft Connection Service"="c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-10-11 31232]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-18 1657376]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-12-26 18081280]
"Windows Manager System"="Windir.exe" - c:\windows\system32\Windir.exe [2009-04-11 271386]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - c:\program files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2003-9-15 503869]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-27 805392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"= {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - c:\windows\system32\webcheck.dll [2009-03-08 236544]
"WPDShServiceObj"= {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w c:\program files\fichiers communs\logishrd\bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uOODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PhilipsDM\SA1916"=c:\program files\Philips\SA19XX\Philips Device Manager\Bin\DeviceManager.exe OS_STARTUP
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.11\RivaTuner.exe" /S
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R3 AIDA32Driver;AIDA32Driver; [x]
R3 eID Privacy Service;eID Privacy Service;c:\windows\system32\beidservicepcsc.exe [2007-02-19 331776]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\l1e51x86.sys [2008-08-24 37376]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-09-02 191656]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-03-05 108289]
S2 eID CRL Service;eID CRL Service;c:\windows\system32\beidservicecrl.exe [2007-02-19 225280]
S3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2007-01-26 2831232]
S3 EMVSCARD;EMVSCARD;c:\windows\system32\Drivers\EMVSCARD.sys [2006-09-18 20269]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'

2009-04-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHELINS SUPPRIMES - - - -

SharedTaskScheduler-{8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\System32\browseui.dll
ShellExecuteHooks-{AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://news.google.be/news?ned=fr_be
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Envoyer à &Bluetooth - c:\program files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: {{CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
IE: {{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {{FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\Messenger\msmsgs.exe
IE: {{000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\IEPro\iepro.dll
IE: {{92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\MICROS~3\Office12\REFIEBAR.DLL
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - c:\windows\system32\urlmon.dll
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - c:\windows\system32\urlmon.dll
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - c:\windows\system32\urlmon.dll
Handler: http\[u]0/ux00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL
Handler: https\[u]0/ux00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL
Handler: ipp\[u]0/ux00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll
Handler: msdaipp\[u]0/ux00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\FICHIE~1\System\OLEDB~1\MSDAIPP.DLL
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - c:\windows\system32\msvidctl.dll
Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\z87h1j0x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.lycos.fr/
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-14 21:21
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="BB5DAE0BD4A137D592B1C78D2CA3232180AB05FB8E2FC8C0AA4916B776E6F5AC1A34C1B1C88CB4FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667A6171C11EC38DE3D9DB7CE019D40AA5C585E08E17CF14B42FDAA812E6CA05A7ED51C5ABB1113867F21C090AA2E13B928C43E9A4A4DA20485F369BD86EE76B56BE21DFAA8473295D791660A6C0E0526AE1F84E0DA5A07F0C33030537C95F272AF66BDB55B74A60479E98420538B7EE290789F32B0E76EC192147971224382E967B325B2F93D1B72A60B8C933B2E85FAD0657286FE005E865905346CA1A547577E9FEFBEC18F6CE36F5E6A4B964255DBC6FED1FD8C6F8D3755EDC4BA332897D83705AE4803192E423BCFFA4E6B585FD79F6188D7B2C6EAAE98BBFE75A7FDFAF1A7C365E422CBA659C4CD8C4AD0444522D92DD4FB5F5C16A9855F32DD621D320C38BE0BCB16E0D0591CCCE610F59D5F56C98868F317C7624CD6CE1AD5D9C02B7029DA8C576C535B572245C1149BC1B96F171A686C6DE7D91B98856B649A658DD08A844A89C6E027CA8EB04BEF164F13513D8F70390EDB3982AAFD4CB4424E32BD422A9806D50D4C11EC8F22DFCF2D5E3F8D980ECEB70B6FCE443DD8160502A6AF8A3D3D14E421156A9A66DD4546004564296B4248BB9D22B46B461E79AA482D8270B4769F4F2500F9CB3C87250A3621CD0A3F83620000A9C9FEA3A0770DB2BA76570C73B805EABE49859C9AA8BF0002EB7BD1BC7F7FE49287AE63584A9D90F8ACF2C1D8930A83B9C5A318889BA250AB151D62CB25C8BF9DCCFE17ADD15DF9C42E4ED7BC07F7C6893D55C136EEFDDF9602E13782FDFD4B3E5C4A53028F6447306647D5AD117AD07D669CB07DB934AB6CD01319255855031EDCBBB3282CDE9702A40F462B4F510098D7D080AAB1BAF20F824BD2712499A99957D4D3E4EF8B4EB09A2BB5A886D0F6118F1C51FE3619B810FBFAB691782743C0BB6AD675CCBC8FEC62773A8D9F611ED06DFDC730C76F483787E418AA90F199595C256189D35BC516F51FE7B6A4011FF6B5C88966896C2A00D2A25150C7803AD96E809DC0BC61A043B4A45BF347BCEA561023443EC6D6B01BED1E3D0E22EBF4EF8C4FB9B5605E113D62DD3189D93BB2740A07A549EA08EFEACF183D6044E2E07DB6B666F0C0764D0125F50D2FD5B4EE0C14C5E20D876C408750A437BBF7A8D4144D2D59F3FEDECEC00B68959056F3DA8C817FB2025105BCBC2E2B12852C926F7E9800CDAFE1E556620189F5CE1A5AF4180DAC5196A0E8C50909673A95728A9139C1D17E8B5568627E5B7D5BFD07DB0185CF177EA973BF00206868A2BB801060F25695B062685ABCE3D1BDF9A42481055DCBDE7D116947D36B35133D3AAF34C5124B9427"
"OODEFRAG10.00.00.01WORKSTATION"="9561824B1F5232CAA3F84684FE3321904F15EFFCE6F8F5B912F05EEC1E8109E4AA8483EC9C1EAAD141A1974FFC52E3A9955ADF4DEF66C30FC73B05844DC2408624D1FBC52AA8A2A68A04F82984290421DF3FF9067EFC61178DE659A62922B43818A674D6DC4C28BDBF83E744A5A6D0A93448CC253CE1FCDF54BE973B9418178781347B1870F90F4106D3DE4214505D280152649BF6CF8C2EF1E201211433DB35BEFD227445B26D8F6100E3BCA73E8039178B57CD9D9247781F46D92AD296BC3591DEFD4BDB0F9BB84065FABEDC9CD5FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A2D97226D213B5559DB7CE019D40AA5C3D0367E6ADEB8E0E17778336B937408E5C35EAB931393811EF9E5B04F7755B1B2396A7C0B27B72D4EDE0872EE319AA0BEE16C821578A68B944A5C31DDC4E63AC2FE82578D9F8192C84C106971FA20F3EF6D6D2AC9BE2E1F3A7C90615D5D625458C9231BBB8BE938524DDD38FAD2A12DAF982828B102EFD527B7F62CDE0324E7A1C13F1BBDACB8416C9DB1C3AC8266BD63389A8F1387DA92C58216DAB6FAC2224724E5DAEBEC2A2D928C75BBC1CB1E6ED90C0E5188D86659F886A8E9667B2F5E0D788C24DD8EA3A8CA31065C2C70E659F3560B2B77D21C80B8CFE81FBA3D63491486C42560F2FA9B2D5095D7ADF1FDA2F7605D891E84A7A1418E255CB71CD5BD9F5894F8A3D1EE4900CEA3D976B6C502360AFF769A4A3B8A292FE6E7B13737D24C3D1B330B0EA73B1C84E5550E7A1E047B0C282877A7155E1172284823EC4C19DCA9B0D90AE6DEF6341B4465EC40FBE2A59083E36A51EB443757D24DE9DE2E037579FCAF96D1E0938DD020401E6282C9F82ACC6465934D079B1A52C10CE162A26EAFEB2BD979D03073E7B5AFA258502BE063F0B8AB965B7FD0194D01CE44500E339BA5CB04C2F356832CE66134B622DE1F036CDDADE88880DD227980B637F582CABB936AD1E388ABBBF891A13999FACA98867261457137A25431FE0E8C6F63D025DC67F9115C503A221A0BACA45BF17F641127D1424A5D48B2822D847FC82CD2A9F8E4CBEAA053183C26A620C75EA12F1C5D494BF387EF748873A05B9E5993B2DF5A48899D048BB87C622002FC56E5B0875B47C7DFE83D1A81DD23BD959DCCC571B7FEE0DE688DE9E0368D38B47B94365E2989C3AD3BCE9BA59BEA9C3228BDBBBF9F98F07C65FE9F9FEBFF282FCDEAD7D53CF2F6489585854DEB34E987B0ED6AEB2D050F73A0CBF8FFB8FC9765F979209C188C4F063A6CB0D05497D7D99EC41499BA86A568171581AE7A3144D5BBF7E82DDD7BD561B9C03C0D87FDF99235530E8BB85E99ACD163D96E92BE3F14FD512A889B6D3915D53D50F9836EE992F1BCD2FCF"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll
c:\program files\fichiers communs\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(2984)
c:\windows\system32\ieframe.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Heure de fin: ~,10time:~,-3
ComboFix-quarantined-files.txt 2009-04-14 19:21

Avant-CF: 450.718.457.856 octets libres
Après-CF: 450.708.627.456 octets libres

318 --- E O F --- 2009-03-17 18:46

Rapport Toolcleaner :

[ Rapport ToolsCleaner version 2.3.5 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Combofix.txt: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\Jonathan\Bureau\ComboFix.exe: trouvé !

---------------------------------
--> Suppression:

C:\Documents and Settings\Jonathan\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Combofix.txt: supprimé !
C:\Qoobox: supprimé !

Pour ce qui est de la réparation de Windows, on me demande WinXP Pro alors que j'ai le Familial. Il ne veut pas accepter ce dernier.

Ok pour Ccleaner.

Ok pour la restauration système.

Bien à toi,

Jtb.
0
Réponse 27 / 45
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok encore present?
0
Réponse 28 / 45
jtb Messages postés 154 Statut Membre 1
 
Hé oui. Il est du genre coriace on dirait.
0
Réponse 29 / 45
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok j'avais mal lu ton premier message où tu par de windir

analyse ce fichier sur virus total et colle le rapport https://www.virustotal.com/gui/
c:\windows\system32\Windir.exe

je me mets ceci de coté:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Manager System"="Windir.exe" - c:\windows\system32\Windir.exe [2009-04-11 271386]
0
Réponse 30 / 45
jtb Messages postés 154 Statut Membre 1
 
Salutations,

Rapport de Virus Total pour Windir.exe :

Rien de nouveau.

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.04.15 -
AhnLab-V3 5.0.0.2 2009.04.15 -
AntiVir 7.9.0.143 2009.04.15 -
Antiy-AVL 2.0.3.1 2009.04.15 -
Authentium 5.1.2.4 2009.04.15 -
Avast 4.8.1335.0 2009.04.15 -
AVG 8.5.0.287 2009.04.15 -
CAT-QuickHeal 10.00 2009.04.15 -
ClamAV 0.94.1 2009.04.15 -
Comodo 1115 2009.04.15 -
DrWeb 4.44.0.09170 2009.04.15 -
eSafe 7.0.17.0 2009.04.13 -
eTrust-Vet 31.6.6455 2009.04.14 -
F-Prot 4.4.4.56 2009.04.15 -
F-Secure 8.0.14470.0 2009.04.15 -
Fortinet 3.117.0.0 2009.04.15 -
GData 19 2009.04.15 -
Ikarus T3.1.1.49.0 2009.04.15 -
K7AntiVirus 7.10.704 2009.04.15 -
Kaspersky 7.0.0.125 2009.04.15 -
McAfee 5585 2009.04.15 -
McAfee+Artemis 5585 2009.04.15 -
McAfee-GW-Edition 6.7.6 2009.04.15 -
Microsoft 1.4502 2009.04.15 -
NOD32 4011 2009.04.15 -
Norman 6.00.06 2009.04.15 -
nProtect 2009.1.8.0 2009.04.15 -
Panda 10.0.0.14 2009.04.15 -
PCTools 4.4.2.0 2009.04.15 -
Prevx1 V2 2009.04.15 -
Rising 21.25.24.00 2009.04.15 -
Sophos 4.40.0 2009.04.15 -
Sunbelt 3.2.1858.2 2009.04.15 -
Symantec 1.4.4.12 2009.04.15 -
TheHacker 6.3.4.0.309 2009.04.15 -
TrendMicro 8.700.0.1004 2009.04.15 -
ViRobot 2009.4.15.1694 2009.04.15 -
VirusBuster 4.6.5.0 2009.04.15 -
Information additionnelle
File size: 271386 bytes
MD5...: 88432595d8e0db8ff855d0b34d404f65
SHA1..: a2d537772d37d974f793334e6c24f7703d7757c9
SHA256: 696dc730ad988579776fa5a8df9dc7b979bca979d58af0f0858b15fe541bc6ea
SHA512: 6b662b1c220d091b3430f04b274d511185166f2f34312d81394e212fe856bdd2
e9cf0bde3de4242320bcce9d598567033c47639cf5957d06be95d716581b4c5e
ssdeep: 3072:+4zEaBo/OFsFAZHnYm7d9MANIyhfLpjbSdGTXdl15pPw3zSexNkP4xet:Pz
EaIOFsFAZHNZ1fLpHSQtl15G3TmPws

PEiD..: -
TrID..: File type identification
Win32 Executable Microsoft Visual Basic 6 (90.9%)
Win32 Executable Generic (6.1%)
Generic Win/DOS Executable (1.4%)
DOS Executable Generic (1.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1660
timedatestamp.....: 0x49cf8ffb (Sun Mar 29 15:12:59 2009)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1d64c 0x1e000 5.15 68f029463dededadb191f2100cbd5e89
.data 0x1f000 0xc04 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110
.rsrc 0x20000 0x5d0c 0x6000 1.54 43eef63abb05cc8a2a896011d20b2108

( 1 imports )
> MSVBVM60.DLL: __vbaVarSub, _CIcos, _adj_fptan, __vbaStrI4, __vbaVarMove, __vbaVarVargNofree, __vbaAryMove, __vbaFreeVar, __vbaStrVarMove, __vbaLenBstr, __vbaGosubReturn, __vbaFreeVarList, _adj_fdiv_m64, __vbaRaiseEvent, __vbaGetFxStr3, -, _adj_fprem1, __vbaRecAnsiToUni, __vbaStrCat, __vbaLsetFixstr, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryDestruct, -, __vbaExitProc, -, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, _adj_fdivr_m16i, __vbaVarIndexLoad, -, __vbaStrFixstr, __vbaRefVarAry, _CIsin, -, __vbaErase, -, __vbaVarZero, __vbaChkstk, -, __vbaFileClose, __vbaGosubFree, EVENT_SINK_AddRef, __vbaGenerateBoundsError, -, __vbaStrCmp, __vbaGet3, __vbaPutOwner3, __vbaAryConstruct2, DllFunctionCall, __vbaRedimPreserve, __vbaLbound, _adj_fpatan, __vbaRedim, __vbaRecUniToAnsi, EVENT_SINK_Release, -, __vbaUI1I2, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, __vbaStrToUnicode, -, _adj_fprem, _adj_fdivr_m64, __vbaGosub, -, -, __vbaFPException, -, __vbaGetOwner3, __vbaUbound, __vbaStrVarVal, __vbaVarCat, __vbaLsetFixstrFree, __vbaFileSeek, -, _CIlog, __vbaErrorOverflow, __vbaFileOpen, -, __vbaVar2Vec, -, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, -, -, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, -, -, -, __vbaI4Var, __vbaAryLock, __vbaStrToAnsi, __vbaVarDup, __vbaFpI4, -, _CIatan, __vbaStrMove, -, __vbaUI1Str, __vbaR8IntI4, __vbaStrVarCopy, _allmul, _CItan, __vbaUI1Var, __vbaAryUnlock, _CIexp, __vbaFreeStr, __vbaFreeObj, -

( 0 exports )

RDS...: NSRL Reference Data Set
-

Je me demande à quoi sert ce fichier quand même.
0
Réponse 31 / 45
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
oui cela correspond au debut de tes souci le 11/4/9?

si oui

télécharge OTMoveIt
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.

double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
(bien mettre :files)

:files
c:\windows\system32\Windir.exe
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio­n\Run]
"Windows Manager System"=-

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

car pour info je pense qu'il est infecté :

https://www.broadcom.com/

http://www.prevx.com/filenames/X2475219079195684350-X1/WINDIR.EXE.html
0
Réponse 32 / 45
jtb Messages postés 154 Statut Membre 1
 
Resalut et merci pour l'intérêt que tu me manifestes.

Oui, j'ai posté le jour où j'ai eu ce problème. Je pense aussi que Windir.exe est infecté. Quand je regardais ses propriétés, je vois qu'il avait été créé et modifié le samedi 11 avril 2009, 20:14:35. C'est suspect je trouve.

La suppression n'a malheureusement pas fonctionné :

Error: Unable to interpret <files > in the current context!
Error: Unable to interpret <c:\windows\system32\Windir.exe > in the current context!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio­­n\Run not found.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04152009_230543

Bien à toi,

Jtb.
0
Réponse 33 / 45
jtb Messages postés 154 Statut Membre 1
 
(second message)

Re,

Je pense qu'il s'agit bel et bien de Windir.

1) Microsoft Update a fait la mise à jour de son outil de suppression des logiciels malveillants. Il m'a détecté ceci : Backd/Rbot.gen!A

2) J'ai tout bonnement supprimé Windir.exe de System32 (je l'ai conservé en archivé quand même) et le fichier WINDIR.EXE-29C5CF71 de C:\WINDOWS\Prefetch. Sa doit être une espèce de sauvegarde compressée.

Edit : après vérification, Windir.exe ainsi que son homologue compressé, n'existent pas sur un autre OS Windows XP SP3. J'ai vérifié cela sur mon pc portable.
0
Réponse 34 / 45
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
pour otmovit tu avais bien mis

:files

_____________________

tu les a viré?

_____________________
et si oui
encore des soucis?
_____________________

remets un rapport RSIT
0
Réponse 35 / 45
jtb Messages postés 154 Statut Membre 1
 
Salut,

Oui, j'avais bien mis ":files".

Oui, j'ai tout supprimé avec le logiciel Windows.

Et oui, a.bat revient encore. :-(

Voici le rapport de RSIT :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Jonathan at 2009-04-16 18:11:36
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 429 GB (90%) free of 477 GB
Total RAM: 2047 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:11:59, on 16/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\beidservicecrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\EmvSmartCardReader\SmartMON.exe
C:\Program Files\EmvSmartCardReader\BePCSC.exe
C:\Program Files\Belgium Identity Card\beidsystemtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\WINDOWS\system32\winoper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\DOCUME~1\Jonathan\LOCALS~1\Temp\Google Toolbar\gtbF.tmp.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Jonathan\Bureau\RSIT.exe
C:\Program Files\trend micro\Jonathan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://news.google.com/topstories?hl=fr&gl=BE&ceid=BE:fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SmartMon] C:\Program Files\EmvSmartCardReader\SmartMON.exe
O4 - HKLM\..\Run: [BePCSC] C:\Program Files\EmvSmartCardReader\BePCSC.exe
O4 - HKLM\..\Run: [beidsystemtray] C:\Program Files\Belgium Identity Card\beidsystemtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Manager System] winoper.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\RunServices: [Windows Manager System] winoper.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: eID CRL Service - Zetes - C:\WINDOWS\system32\beidservicecrl.exe
O23 - Service: eID Privacy Service - Zetes - C:\WINDOWS\system32\beidservicepcsc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 36 / 45
jtb Messages postés 154 Statut Membre 1
 
(Second message)

Second rapport :

info.txt logfile of random's system information tool 1.06 2009-04-16 18:12:01

======Uninstall list======

-->MsiExec /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
3DMark06-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}\setup.exe" -l0x9 -removeonly
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Software Suite-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{497A1721-088F-41EF-8876-B43C9DA5528B}\Setup.exe" -l0x40c
Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
ASUSUpdate-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x40c
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver-->"C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\Setup.exe" -runfromtemp -l0x040c -removeonly
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Azureus-->C:\Program Files\Azureus\Uninstall.exe
Belgium Identity Card Run-time 2.6-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EA248851-A7D5-4906-8C46-A3CA267F6A24} /l1036
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
E-Microscope-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57383270-6F61-4DC8-A9B8-C1745FC29F38}\Setup.exe" -l0x9
ffdshow [rev 2527] [2008-12-19]-->"C:\Program Files\ffdshow\unins000.exe"
Free Download Manager 2.5-->"C:\Program Files\Free Download Manager\unins000.exe"
Gadwin PrintScreen-->C:\Program Files\Gadwin Systems\PrintScreen\Uninstall.exe
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_11CB06797F2F038A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HDD Health v3.2 Beta-->"C:\Program Files\HDD Health\unins000.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
IE7Pro-->C:\Program Files\IEPro\uninst.exe
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{3CCB732A-E472-4CF9-B1EE-F18365341FE0}
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
K!TV-->C:\Program Files\K!TV\UninstKTV.exe
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x040c -removeonly
Ma-Config.com-->MsiExec.exe /X{1C02A760-1682-49AE-BB54-FA7D63BD3504}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{72AD53CC-CCC0-3757-8480-9EE176866A7C}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{0BD83598-C2EF-3343-847B-7D2E84599128}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Mise à jour pour Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Mozilla Firefox (3.0.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.21)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSI 8624 BDA Driver-->C:\WINDOWS\p3xunist.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 9-->C:\Program Files\Fichiers communs\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
O&O Defrag Professional Edition-->MsiExec.exe /I{53480330-E1D1-41CA-B8F8-7F78644F7F50}
OCCT Perestroika 2.0.1-->"C:\Program Files\OCCT\unins000.exe"
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Package de base Microsoft de service de chiffrement pour cartes à puce-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Philips SA19XX Device Manager-->"C:\Program Files\InstallShield Installation Information\{57B18739-7A22-44D7-A263-6E2A2180D3BC}\setup.exe" -runfromtemp -l0x040c -removeonly
PhotoFiltre Studio-->"C:\Program Files\PhotoFiltre Studio\Uninst.exe"
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
PowerArchiver 2006 v9.64 French-->"C:\Program Files\PowerArchiver\unins000.exe"
PowerQuest PartitionMagic 8.0-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
RivaTuner v2.11-->"C:\Program Files\RivaTuner v2.11\uninstall.exe"
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}
Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SmartCard Reader Driver Installation-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{C6D91586-9F98-4CFD-9BC3-FC0800911005} /l1033
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
Spelling Check Dictionary From OpenOffice.org-->"C:\Program Files\IEPro\unins000.exe"
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
SUPER © Version 2009.bld.35 (Jan 5, 2009)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TuneUp Utilities 2007-->MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
TV@Anywhere Utilities-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{477AB148-138C-46D2-820B-0DBFA744CEE8}\setup.exe" -l0x40c -uninst
Uniblue DriverScanner 2009-->"C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\DriverScanner_Setup.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue DriverScanner 2009-->C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\DriverScanner_Setup.exe
Uniblue RegistryBooster 2009-->"C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue RegistryBooster 2009-->C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe
Uniblue SpeedUpMyPC 2009-->"C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\SpeedUpMyPC.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue SpeedUpMyPC 2009-->C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\SpeedUpMyPC.exe
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {49E314EE-81FA-4007-8F1A-8D39BDBB4498}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {80E46078-C1C5-4AE8-8744-3EAFC812E118}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb962871)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {297857BF-4011-449B-BD74-DB64D182821C}
VLC media player 0.9.6-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Watchtower Library 2008 - Français-->C:\Program Files\Watchtower\Watchtower Library 2008\F\uninst.exe
WIDCOMM Bluetooth Software-->MsiExec.exe /X{FE90E9E7-A158-4687-8853-DF677A939A61}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{01523985-2098-43AF-9C97-12B07BE02A9B}
Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: AntiVir Desktop
FW: ZoneAlarm Firewall

======System event log======

Computer Name: JOHN-BUREAU
Event Code: 8003
Message: Le maître explorateur a reçu une annonce de serveur de l'ordinateur GREG_PORTABLE
qui pense qu'il est le maître explorateur sur le domaine pour le transport NetBT_Tcpip_{DB549FA6-C2A1-.
Le maître explorateur s'arrête ou une élection est provoquée.

Record Number: 19079
Source Name: MRxSmb
Time Written: 20090326220930.000000+060
Event Type: error
User:

Computer Name: JOHN-BUREAU
Event Code: 7001
Message: Le service Service Partage réseau du Lecteur Windows Media dépend du service Hôte de périphérique universel Plug-and-Play qui n'a pas pu démarrer en raison de l'erreur :
Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé.

Record Number: 19049
Source Name: Service Control Manager
Time Written: 20090326215527.000000+060
Event Type: error
User:

Computer Name: JOHN-BUREAU
Event Code: 7001
Message: Le service Service Partage réseau du Lecteur Windows Media dépend du service Hôte de périphérique universel Plug-and-Play qui n'a pas pu démarrer en raison de l'erreur :
Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé.

Record Number: 19009
Source Name: Service Control Manager
Time Written: 20090326211045.000000+060
Event Type: error
User:

Computer Name: JOHN-BUREAU
Event Code: 7001
Message: Le service Service Partage réseau du Lecteur Windows Media dépend du service Hôte de périphérique universel Plug-and-Play qui n'a pas pu démarrer en raison de l'erreur :
Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé.

Record Number: 18976
Source Name: Service Control Manager
Time Written: 20090326174844.000000+060
Event Type: error
User:

Computer Name: JOHN-BUREAU
Event Code: 8003
Message: Le maître explorateur a reçu une annonce de serveur de l'ordinateur ACER-29569F1E48
qui pense qu'il est le maître explorateur sur le domaine pour le transport NetBT_Tcpip_{DB549FA6-C2A.
Le maître explorateur s'arrête ou une élection est provoquée.

Record Number: 18946
Source Name: MRxSmb
Time Written: 20090325180434.000000+060
Event Type: error
User:

=====Application event log=====

Computer Name: JOHN-BUREAU
Event Code: 1
Message:
Record Number: 1586
Source Name: nview_info
Time Written: 20081230173441.000000+060
Event Type: error
User:

Computer Name: JOHN-BUREAU
Event Code: 1
Message:
Record Number: 1585
Source Name: nview_info
Time Written: 20081230170120.000000+060
Event Type: error
User:

Computer Name: JOHN-BUREAU
Event Code: 1
Message:
Record Number: 1579
Source Name: nview_info
Time Written: 20081230105759.000000+060
Event Type: error
User:

Computer Name: JOHN-BUREAU
Event Code: 1000
Message: Application défaillante drwtsn32.exe, version 5.1.2600.0, module défaillant dbghelp.dll, version 5.1.2600.5512, adresse de défaillance 0x0001295d.

Record Number: 1575
Source Name: Application Error
Time Written: 20081229235504.000000+060
Event Type: error
User:

Computer Name: JOHN-BUREAU
Event Code: 1000
Message: Application défaillante iexplore.exe, version 7.0.6000.16762, module défaillant unknown, version 0.0.0.0, adresse de défaillance 0x042173c0.

Record Number: 1574
Source Name: Application Error
Time Written: 20081229235500.000000+060
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"tvdumpflags"=8
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Le pense que le processus Winoper.exe (ce n'est pas un fichier) a avoir dans l'infection car il me demande l'accès à Internet quand je supprime a.bat.

Bien à toi,

Jtb.
0
Réponse 37 / 45
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
telecharge hijackthis

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

lance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Manager System] winoper.exe
O4 - HKLM\..\RunServices: [Windows Manager System] winoper.exe

______________________

Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

Driver ::
a7tc68fi
File::
c:\a.bat
C:\WINDOWS\system32\winoper.exe
C:\WINDOWS\system32\drivers\a7tc68fi.sys
Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Manager System"= -

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

___________________

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
guide: http://site-naheulbeuk.com/
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum

Si SDfix ne se lance pas (ça arrive!)

* Démarrer->Exécuter
* Copie/colle ceci dans la fenêtre :

%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe

* Clique sur ok, et valide.
* Redémarre et essaye de nouveau de lancer SDfix.

________________________

encore des soucis???
0
Réponse 38 / 45
jtb Messages postés 154 Statut Membre 1
 
Salut et merci beaucoup de ton aide.

J'ai fais ce qu'il fallait pour HiJackThis.

Voici le rapport ComboFix :

ComboFix 09-04-14.09 - Jonathan 16/04/2009 22:47.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.32.1036.18.2047.1433 [GMT 2:00]
Lancé depuis: c:\documents and settings\Jonathan\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Jonathan\Bureau\CFscript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *enabled*
* Un nouveau point de restauration a été créé

FILE ::
c:\a.bat
c:\windows\system32\drivers\a7tc68fi.sys
c:\windows\system32\winoper.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\winoper.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-03-16 au 2009-04-16 ))))))))))))))))))))))))))))))))))))
.

2009-04-16 16:11 . 2009-04-16 16:12 -------- d-----w C:\rsit
2009-04-15 21:08 . 2009-04-15 21:08 118 ----a-w c:\windows\system32\MRT.INI
2009-04-15 21:04 . 2008-12-16 12:31 354304 -c----w c:\windows\system32\dllcache\winhttp.dll
2009-04-15 21:03 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 21:03 . 2009-03-06 14:20 286720 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 21:03 . 2009-02-09 11:23 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 21:03 . 2009-02-09 10:53 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 21:03 . 2009-02-09 10:53 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 21:03 . 2009-02-09 10:53 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 21:02 . 2008-04-21 21:15 219136 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-14 19:41 . 2009-04-14 19:41 579584 -c--a-w c:\windows\system32\dllcache\user32.dll
2009-04-14 19:40 . 2009-04-14 19:57 -------- d-----w c:\windows\ERUNT
2009-04-14 19:40 . 2009-04-14 19:48 -------- d-----w C:\Backups
2009-04-14 18:46 . 2001-08-23 15:47 24576 -c--a-w c:\windows\system32\dllcache\agcgauge.ax
2009-04-14 18:42 . 2009-04-14 18:42 -------- d-----w c:\program files\CCleaner
2009-04-14 16:51 . 2009-04-14 16:51 -------- d-----r c:\documents and settings\LocalService\Favoris
2009-04-14 16:39 . 2009-04-14 16:39 -------- d-----w c:\documents and settings\All Users\Application Data\TEMP
2009-04-14 16:39 . 2009-04-14 16:39 -------- d-----w c:\program files\SpywareBlaster
2009-04-13 20:37 . 2009-04-13 20:37 -------- d-----w c:\documents and settings\All Users\Application Data\Grisoft
2009-04-13 10:38 . 2009-04-13 11:21 -------- d-----r c:\documents and settings\LocalService\Mes documents
2009-04-13 09:55 . 2009-04-13 09:55 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-13 09:53 . 2009-02-13 09:31 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-13 09:53 . 2009-04-13 09:53 -------- d-----w c:\program files\Avira
2009-04-13 09:53 . 2009-04-13 09:53 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-04-13 09:44 . 2009-04-16 20:37 -------- d-----w c:\program files\Trend Micro
2009-04-08 21:32 . 2009-04-08 21:32 -------- d-----w c:\program files\iPod
2009-04-08 21:32 . 2009-04-08 21:32 -------- d-----w c:\program files\iTunes
2009-04-08 21:32 . 2009-04-08 21:32 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-03-27 13:12 . 2009-03-27 13:12 -------- d-----w c:\program files\Watchtower
2009-03-26 21:05 . 2009-03-26 21:11 -------- d-----w c:\documents and settings\Jonathan\Application Data\ArcSoft
2009-03-26 21:05 . 2009-03-26 21:05 -------- d-----w c:\documents and settings\Jonathan\Local Settings\Application Data\ArcSoft
2009-03-26 20:52 . 2009-03-26 20:52 26 ----a-w C:\UpdaterforApp.ini
2009-03-26 20:44 . 2005-04-27 15:36 245408 ----a-w c:\windows\system32\unicows.dll
2009-03-26 20:44 . 2005-02-23 13:58 11776 ----a-w c:\windows\system32\drivers\afc.sys
2009-03-26 20:44 . 2009-03-26 20:52 -------- d-----w c:\program files\Fichiers communs\ArcSoft
2009-03-26 20:44 . 2007-03-07 15:05 126976 ----a-w c:\windows\system32\MediaImpression Slideshow.scr
2009-03-26 20:44 . 2009-03-26 20:44 -------- d-----w c:\windows\system32\MediaImpression Slideshow
2009-03-26 20:44 . 2009-03-26 20:44 -------- d-----w c:\program files\ArcSoft
2009-03-24 22:29 . 2005-08-05 01:32 77824 ----a-w c:\windows\system32\TvRate.dll
2009-03-24 22:29 . 2005-07-12 02:33 49152 ----a-w c:\windows\system32\Macrovision.dll
2009-03-24 22:29 . 2009-03-25 16:58 -------- d-----w c:\program files\AGEIA Technologies
2009-03-24 22:29 . 2009-03-24 22:29 -------- d-----w c:\windows\system32\AGEIA
2009-03-24 22:29 . 2009-02-18 13:44 212711 ----a-w c:\windows\system32\nvapps.nvb
2009-03-24 22:16 . 2009-03-24 22:17 -------- d-----w c:\documents and settings\All Users\Application Data\DriverScanner
2009-03-24 22:14 . 2009-03-24 22:16 -------- dc-h--w c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-03-24 22:07 . 2009-04-11 14:19 190328 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-03-24 22:03 . 2009-03-24 22:04 -------- dc-h--w c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-03-24 22:02 . 2009-03-24 22:16 -------- d-----w c:\documents and settings\Jonathan\Application Data\Uniblue
2009-03-24 22:02 . 2009-03-24 22:16 -------- d-----w c:\program files\Uniblue
2009-03-24 22:01 . 2009-03-24 22:02 -------- dc-h--w c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-03-23 17:54 . 2009-03-23 17:54 -------- d-----w c:\program files\Windows Sidebar
2009-03-23 17:47 . 2009-03-23 17:55 -------- d-----w c:\program files\Nero
2009-03-21 21:24 . 2009-03-21 21:24 -------- d-----w c:\program files\Fichiers communs\xing shared
2009-03-19 22:34 . 2009-03-19 22:34 -------- d-sh--w c:\documents and settings\Jonathan\IECompatCache
2009-03-19 22:32 . 2009-03-19 22:32 -------- d-sh--w c:\documents and settings\Jonathan\PrivacIE
2009-03-19 22:29 . 2009-03-19 22:29 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache
2009-03-19 22:28 . 2009-03-19 22:28 -------- d-sh--w c:\documents and settings\Jonathan\IETldCache
2009-03-19 22:18 . 2009-03-19 22:18 -------- d-----w c:\windows\ie8updates
2009-03-19 22:16 . 2009-03-19 22:18 -------- dc-h--w c:\windows\ie8
2009-03-19 22:15 . 2009-02-28 04:55 105984 -c----w c:\windows\system32\dllcache\iecompat.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-16 20:49 . 2009-03-14 21:19 16193568 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-16 20:49 . 2009-03-14 21:19 16193568 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-16 16:07 . 2008-10-28 17:17 -------- d-----w c:\program files\Mozilla Thunderbird
2009-04-16 05:32 . 2009-03-14 21:19 190784 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-15 21:18 . 2002-08-30 12:00 85404 ----a-w c:\windows\system32\perfc00C.dat
2009-04-15 21:18 . 2002-08-30 12:00 513080 ----a-w c:\windows\system32\perfh00C.dat
2009-04-15 21:16 . 2008-10-27 18:30 -------- d-----w c:\program files\PowerArchiver
2009-04-15 21:05 . 2008-11-07 20:19 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-14 19:57 . 2009-04-13 19:00 466 ----a-w C:\TCleaner.txt
2009-04-14 18:39 . 2009-04-14 18:39 62643 ----a-w c:\windows\Internet Logs\zlclient_2nd_2009_04_14_20_36_00_small.dmp.zip
2009-04-14 18:39 . 2009-04-14 18:39 60077 ----a-w c:\windows\Internet Logs\zlclient_2nd_2009_04_14_20_35_59_small.dmp.zip
2009-04-14 18:39 . 2009-04-14 18:39 41830 ----a-w c:\windows\Internet Logs\zlclient_2nd_2009_04_14_20_35_58_small.dmp.zip
2009-04-14 16:57 . 2009-04-14 16:57 5026 ----a-w C:\rapport.txt
2009-04-11 18:51 . 2008-10-31 18:26 -------- d-----w c:\documents and settings\Jonathan\Application Data\Azureus
2009-04-11 14:07 . 2008-11-17 18:17 -------- d-----w c:\documents and settings\Jonathan\Application Data\dvdcss
2009-04-11 12:50 . 2008-11-02 19:20 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-11 07:06 . 2008-12-17 22:48 -------- d-----w c:\documents and settings\Jonathan\Application Data\Free Download Manager
2009-04-08 21:32 . 2008-10-27 19:46 -------- d-----w c:\program files\Fichiers communs\Apple
2009-04-06 20:43 . 2008-11-17 17:32 -------- d-----w c:\documents and settings\Jonathan\Application Data\Nero
2009-04-06 13:32 . 2008-11-02 19:20 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2008-11-02 19:20 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-31 15:59 . 2008-10-31 22:25 -------- d-----w c:\program files\Java
2009-03-29 14:32 . 2008-12-26 08:16 4535628 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-03-26 20:44 . 2008-10-27 07:39 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-25 16:59 . 2008-10-26 23:08 -------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-03-23 18:02 . 2009-03-15 20:27 -------- d-----w c:\program files\Fichiers communs\Nero
2009-03-23 17:47 . 2008-11-17 17:29 -------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-03-21 22:14 . 2008-10-27 20:02 -------- d-----w c:\program files\Fichiers communs\Adobe
2009-03-21 21:24 . 2008-12-09 21:41 -------- d-----w c:\program files\Fichiers communs\Real
2009-03-19 14:32 . 2008-10-27 19:48 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-18 23:10 . 2008-10-27 18:31 -------- d-----w c:\program files\TuneUp Utilities 2007
2009-03-17 12:05 . 2009-03-17 18:38 1440256 ----a-w c:\windows\Internet Logs\xDBA.tmp
2009-03-15 17:44 . 2009-03-15 17:36 -------- d-----w c:\documents and settings\Jonathan\Application Data\Hamachi
2009-03-15 17:36 . 2009-03-15 17:36 25280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-03-15 14:57 . 2008-10-27 20:20 -------- d-----w c:\documents and settings\Jonathan\Application Data\IEPro
2009-03-15 14:51 . 2009-03-15 14:51 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-15 14:50 . 2009-03-15 14:49 -------- d-----w c:\program files\QuickTime
2009-03-14 14:04 . 2008-10-26 23:14 4212 ---h--w c:\windows\system32\zllictbl.dat
2009-03-13 15:30 . 2008-10-30 17:59 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-09 03:19 . 2008-10-31 22:26 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 03:34 . 2002-08-30 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 03:34 . 2002-08-30 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 03:33 . 2002-08-30 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 03:33 . 2002-08-30 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 03:32 . 2002-08-30 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 03:32 . 2002-08-30 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 03:31 . 2002-08-30 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 03:31 . 2002-08-30 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 03:31 . 2002-08-30 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 03:22 . 2002-08-30 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 21:09 . 2009-03-06 21:09 -------- d-----w c:\program files\OO Software
2009-03-06 14:20 . 2002-08-30 12:00 286720 ----a-w c:\windows\system32\pdh.dll
2009-03-02 20:42 . 2008-10-27 20:06 -------- d-----w c:\program files\eChanblard
2009-03-01 20:15 . 2009-03-01 20:15 -------- d-----w c:\program files\eRightSoft
2009-03-01 20:13 . 2008-11-07 20:52 -------- d-----w c:\program files\ffdshow
2009-03-01 15:52 . 2008-12-09 22:08 -------- d-----w c:\program files\Fichiers communs\DVDVideoSoft
2009-03-01 15:52 . 2008-10-31 19:31 -------- d-----w c:\program files\ASUS
2009-03-01 11:50 . 2008-10-27 00:10 91584 ----a-w c:\documents and settings\Jonathan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-27 13:17 . 2008-10-27 06:43 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-16 22:17 . 2008-10-27 00:04 453152 ----a-w c:\windows\system32\NVUNINST.EXE
2009-02-09 14:05 . 2002-08-30 12:00 1846912 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:23 . 2002-08-29 11:42 2025984 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:23 . 2002-08-30 12:00 2147328 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:23 . 2002-08-30 12:00 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:53 . 2002-08-30 12:00 735744 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:53 . 2002-08-30 12:00 739840 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:53 . 2002-08-30 12:00 685568 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:53 . 2002-08-30 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-06 10:39 . 2002-08-30 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:58 . 2002-08-30 12:00 56832 ----a-w c:\windows\system32\secur32.dll
2008-11-02 17:28 . 2008-11-02 17:28 38976 ----a-w c:\documents and settings\Jonathan\Application Data\GDIPFONTCACHEV1.DAT
2008-10-27 06:32 . 2008-10-27 06:32 131 ----a-w c:\documents and settings\Jonathan\Local Settings\Application Data\fusioncache.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-27 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-30 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-30 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"SmartMon"="c:\program files\EmvSmartCardReader\SmartMON.exe" [2006-12-04 73826]
"BePCSC"="c:\program files\EmvSmartCardReader\BePCSC.exe" [2007-05-03 27136]
"beidsystemtray"="c:\program files\Belgium Identity Card\beidsystemtray.exe" [2007-02-19 188416]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-06-28 2512128]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-03-21 198160]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"ArcSoft Connection Service"="c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-10-11 31232]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-12-26 18081280]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - c:\program files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2003-9-15 503869]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-27 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w c:\program files\fichiers communs\logishrd\bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uOODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PhilipsDM\SA1916"=c:\program files\Philips\SA19XX\Philips Device Manager\Bin\DeviceManager.exe OS_STARTUP
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.11\RivaTuner.exe" /S
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R3 AIDA32Driver;AIDA32Driver; [x]
R3 eID Privacy Service;eID Privacy Service;c:\windows\system32\beidservicepcsc.exe [2007-02-19 331776]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\l1e51x86.sys [2008-08-24 37376]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-09-02 191656]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-03-05 108289]
S2 eID CRL Service;eID CRL Service;c:\windows\system32\beidservicecrl.exe [2007-02-19 225280]
S3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2007-01-26 2831232]
S3 EMVSCARD;EMVSCARD;c:\windows\system32\Drivers\EMVSCARD.sys [2006-09-18 20269]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - GUSVC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'

2009-04-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://news.google.be/news?ned=fr_be
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Envoyer à &Bluetooth - c:\program files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: {{000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\IEPro\iepro.dll
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\z87h1j0x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.lycos.fr/
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-16 22:49
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="BB5DAE0BD4A137D592B1C78D2CA3232180AB05FB8E2FC8C0AA4916B776E6F5AC1A34C1B1C88CB4FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667A6171C11EC38DE3D9DB7CE019D40AA5C585E08E17CF14B42FDAA812E6CA05A7ED51C5ABB1113867F21C090AA2E13B928C43E9A4A4DA20485F369BD86EE76B56BE21DFAA8473295D791660A6C0E0526AE1F84E0DA5A07F0C33030537C95F272AF66BDB55B74A60479E98420538B7EE290789F32B0E76EC192147971224382E967B325B2F93D1B72A60B8C933B2E85FAD0657286FE005E865905346CA1A547577E9FEFBEC18F6CE36F5E6A4B964255DBC6FED1FD8C6F8D3755EDC4BA332897D83705AE4803192E423BCFFA4E6B585FD79F6188D7B2C6EAAE98BBFE75A7FDFAF1A7C365E422CBA659C4CD8C4AD0444522D92DD4FB5F5C16A9855F32DD621D320C38BE0BCB16E0D0591CCCE610F59D5F56C98868F317C7624CD6CE1AD5D9C02B7029DA8C576C535B572245C1149BC1B96F171A686C6DE7D91B98856B649A658DD08A844A89C6E027CA8EB04BEF164F13513D8F70390EDB3982AAFD4CB4424E32BD422A9806D50D4C11EC8F22DFCF2D5E3F8D980ECEB70B6FCE443DD8160502A6AF8A3D3D14E421156A9A66DD4546004564296B4248BB9D22B46B461E79AA482D8270B4769F4F2500F9CB3C87250A3621CD0A3F83620000A9C9FEA3A0770DB2BA76570C73B805EABE49859C9AA8BF0002EB7BD1BC7F7FE49287AE63584A9D90F8ACF2C1D8930A83B9C5A318889BA250AB151D62CB25C8BF9DCCFE17ADD15DF9C42E4ED7BC07F7C6893D55C136EEFDDF9602E13782FDFD4B3E5C4A53028F6447306647D5AD117AD07D669CB07DB934AB6CD01319255855031EDCBBB3282CDE9702A40F462B4F510098D7D080AAB1BAF20F824BD2712499A99957D4D3E4EF8B4EB09A2BB5A886D0F6118F1C51FE3619B810FBFAB691782743C0BB6AD675CCBC8FEC62773A8D9F611ED06DFDC730C76F483787E418AA90F199595C256189D35BC516F51FE7B6A4011FF6B5C88966896C2A00D2A25150C7803AD96E809DC0BC61A043B4A45BF347BCEA561023443EC6D6B01BED1E3D0E22EBF4EF8C4FB9B5605E113D62DD3189D93BB2740A07A549EA08EFEACF183D6044E2E07DB6B666F0C0764D0125F50D2FD5B4EE0C14C5E20D876C408750A437BBF7A8D4144D2D59F3FEDECEC00B68959056F3DA8C817FB2025105BCBC2E2B12852C926F7E9800CDAFE1E556620189F5CE1A5AF4180DAC5196A0E8C50909673A95728A9139C1D17E8B5568627E5B7D5BFD07DB0185CF177EA973BF00206868A2BB801060F25695B062685ABCE3D1BDF9A42481055DCBDE7D116947D36B35133D3AAF34C5124B9427"
"OODEFRAG10.00.00.01WORKSTATION"="9561824B1F5232CAA3F84684FE3321904F15EFFCE6F8F5B912F05EEC1E8109E4AA8483EC9C1EAAD141A1974FFC52E3A9955ADF4DEF66C30FC73B05844DC2408624D1FBC52AA8A2A68A04F82984290421DF3FF9067EFC61178DE659A62922B43818A674D6DC4C28BDBF83E744A5A6D0A93448CC253CE1FCDF54BE973B9418178781347B1870F90F4106D3DE4214505D280152649BF6CF8C2EF1E201211433DB35BEFD227445B26D8F6100E3BCA73E8039178B57CD9D9247781F46D92AD296BC3591DEFD4BDB0F9BB84065FABEDC9CD5FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A2D97226D213B5559DB7CE019D40AA5C3D0367E6ADEB8E0E17778336B937408E5C35EAB931393811EF9E5B04F7755B1B2396A7C0B27B72D4EDE0872EE319AA0BEE16C821578A68B944A5C31DDC4E63AC2FE82578D9F8192C84C106971FA20F3EF6D6D2AC9BE2E1F3A7C90615D5D625458C9231BBB8BE938524DDD38FAD2A12DAF982828B102EFD527B7F62CDE0324E7A1C13F1BBDACB8416C9DB1C3AC8266BD63389A8F1387DA92C58216DAB6FAC2224724E5DAEBEC2A2D928C75BBC1CB1E6ED90C0E5188D86659F886A8E9667B2F5E0D788C24DD8EA3A8CA31065C2C70E659F3560B2B77D21C80B8CFE81FBA3D63491486C42560F2FA9B2D5095D7ADF1FDA2F7605D891E84A7A1418E255CB71CD5BD9F5894F8A3D1EE4900CEA3D976B6C502360AFF769A4A3B8A292FE6E7B13737D24C3D1B330B0EA73B1C84E5550E7A1E047B0C282877A7155E1172284823EC4C19DCA9B0D90AE6DEF6341B4465EC40FBE2A59083E36A51EB443757D24DE9DE2E037579FCAF96D1E0938DD020401E6282C9F82ACC6465934D079B1A52C10CE162A26EAFEB2BD979D03073E7B5AFA258502BE063F0B8AB965B7FD0194D01CE44500E339BA5CB04C2F356832CE66134B622DE1F036CDDADE88880DD227980B637F582CABB936AD1E388ABBBF891A13999FACA98867261457137A25431FE0E8C6F63D025DC67F9115C503A221A0BACA45BF17F641127D1424A5D48B2822D847FC82CD2A9F8E4CBEAA053183C26A620C75EA12F1C5D494BF387EF748873A05B9E5993B2DF5A48899D048BB87C622002FC56E5B0875B47C7DFE83D1A81DD23BD959DCCC571B7FEE0DE688DE9E0368D38B47B94365E2989C3AD3BCE9BA59BEA9C3228BDBBBF9F98F07C65FE9F9FEBFF282FCDEAD7D53CF2F6489585854DEB34E987B0ED6AEB2D050F73A0CBF8FFB8FC9765F979209C188C4F063A6CB0D05497D7D99EC41499BA86A568171581AE7A3144D5BBF7E82DDD7BD561B9C03C0D87FDF99235530E8BB85E99ACD163D96E92BE3F14FD512A889B6D3915D53D50F9836EE992F1BCD2FCF"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll
c:\program files\fichiers communs\logishrd\bluetooth\LBTServ.dll
.
Heure de fin: ~,10time:~,-3
ComboFix-quarantined-files.txt 2009-04-16 20:50

Avant-CF: 449.845.211.136 octets libres
Après-CF: 449.818.120.192 octets libres

292 --- E O F --- 2009-03-17 18:46

Et le rapport SDFix :

[b]SDFix: Version 1.240 /b
Run by Administrateur on jeu. 16/04/2009 at 22:58

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services /b:

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

[b]Checking Files /b:

No Trojan Files Found

Removing Temp Files

[b]ADS Check /b:

[b]Final Check /b:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-16 23:03:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000d3c20ef28]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:2d,1f,1a,a2,ff,5a,92,92,ab,df,44,e6,eb,f6,4f,68,b0,98,08,15,46,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,2e,be,75,ee,06,c5,9a,24,92,3f,13,c8,0e,a6,82,61,40,..
"khjeh"=hex:37,42,16,8a,05,a7,15,2f,0d,9c,80,37,5f,aa,10,af,47,c0,36,0a,93,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:99,b7,e1,2e,3c,38,72,2f,45,46,13,3e,2a,05,76,8b,ff,d0,68,d3,3d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\000d3c20ef28]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:2d,1f,1a,a2,ff,5a,92,92,ab,df,44,e6,eb,f6,4f,68,b0,98,08,15,46,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,2e,be,75,ee,06,c5,9a,24,92,3f,13,c8,0e,a6,82,61,40,..
"khjeh"=hex:37,42,16,8a,05,a7,15,2f,0d,9c,80,37,5f,aa,10,af,47,c0,36,0a,93,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:99,b7,e1,2e,3c,38,72,2f,45,46,13,3e,2a,05,76,8b,ff,d0,68,d3,3d,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG08.00.00.01WORKSTATION"="BB5DAE0BD4A137D592B1C78D2CA3232180AB05FB8E2FC8C0AA4916B776E6F5AC1A34C1B1C88CB4FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667A6171C11EC38DE3D9DB7CE019D40AA5C585E08E17CF14B42FDAA812E6CA05A7ED51C5ABB1113867F21C090AA2E13B928C43E9A4A4DA20485F369BD86EE76B56BE21DFAA8473295D791660A6C0E0526AE1F84E0DA5A07F0C33030537C95F272AF66BDB55B74A60479E98420538B7EE290789F32B0E76EC192147971224382E967B325B2F93D1B72A60B8C933B2E85FAD0657286FE005E865905346CA1A547577E9FEFBEC18F6CE36F5E6A4B964255DBC6FED1FD8C6F8D3755EDC4BA332897D83705AE4803192E423BCFFA4E6B585FD79F6188D7B2C6EAAE98BBFE75A7FDFAF1A7C365E422CBA659C4CD8C4AD0444522D92DD4FB5F5C16A9855F32DD621D320C38BE0BCB16E0D0591CCCE610F59D5F56C98868F317C7624CD6CE1AD5D9C02B7029DA8C576C535B572245C1149BC1B96F171A686C6DE7D91B98856B649A658DD08A844A89C6E027CA8EB04BEF164F13513D8F70390EDB3982AAFD4CB4424E32BD422A9806D50D4C11EC8F22DFCF2D5E3F8D980ECEB70B6FCE443DD8160502A6AF8A3D3D14E421156A9A66DD4546004564296B4248BB9D22B46B461E79AA482D8270B4769F4F2500F9CB3C87250A3621CD0A3F83620000A9C9FEA3A0770DB2BA76570C73B805EABE49859C9AA8BF0002EB7BD1BC7F7FE49287AE63584A9D90F8ACF2C1D8930A83B9C5A318889BA250AB151D62CB25C8BF9DCCFE17ADD15DF9C42E4ED7BC07F7C6893D55C136EEFDDF9602E13782FDFD4B3E5C4A53028F6447306647D5AD117AD07D669CB07DB934AB6CD01319255855031EDCBBB3282CDE9702A40F462B4F510098D7D080AAB1BAF20F824BD2712499A99957D4D3E4EF8B4EB09A2BB5A886D0F6118F1C51FE3619B810FBFAB691782743C0BB6AD675CCBC8FEC62773A8D9F611ED06DFDC730C76F483787E418AA90F199595C256189D35BC516F51FE7B6A4011FF6B5C88966896C2A00D2A25150C7803AD96E809DC0BC61A043B4A45BF347BCEA561023443EC6D6B01BED1E3D0E22EBF4EF8C4FB9B5605E113D62DD3189D93BB2740A07A549EA08EFEACF183D6044E2E07DB6B666F0C0764D0125F50D2FD5B4EE0C14C5E20D876C408750A437BBF7A8D4144D2D59F3FEDECEC00B68959056F3DA8C817FB2025105BCBC2E2B12852C926F7E9800CDAFE1E556620189F5CE1A5AF4180DAC5196A0E8C50909673A95728A9139C1D17E8B5568627E5B7D5BFD07DB0185CF177EA973BF00206868A2BB801060F25695B062685ABCE3D1BDF9A42481055DCBDE7D116947D36B35133D3AAF34C5124B9427"
"OODEFRAG10.00.00.01WORKSTATION"="9561824B1F5232CAA3F84684FE3321904F15EFFCE6F8F5B912F05EEC1E8109E4AA8483EC9C1EAAD141A1974FFC52E3A9955ADF4DEF66C30FC73B05844DC2408624D1FBC52AA8A2A68A04F82984290421DF3FF9067EFC61178DE659A62922B43818A674D6DC4C28BDBF83E744A5A6D0A93448CC253CE1FCDF54BE973B9418178781347B1870F90F4106D3DE4214505D280152649BF6CF8C2EF1E201211433DB35BEFD227445B26D8F6100E3BCA73E8039178B57CD9D9247781F46D92AD296BC3591DEFD4BDB0F9BB84065FABEDC9CD5FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A2D97226D213B5559DB7CE019D40AA5C3D0367E6ADEB8E0E17778336B937408E5C35EAB931393811EF9E5B04F7755B1B2396A7C0B27B72D4EDE0872EE319AA0BEE16C821578A68B944A5C31DDC4E63AC2FE82578D9F8192C84C106971FA20F3EF6D6D2AC9BE2E1F3A7C90615D5D625458C9231BBB8BE938524DDD38FAD2A12DAF982828B102EFD527B7F62CDE0324E7A1C13F1BBDACB8416C9DB1C3AC8266BD63389A8F1387DA92C58216DAB6FAC2224724E5DAEBEC2A2D928C75BBC1CB1E6ED90C0E5188D86659F886A8E9667B2F5E0D788C24DD8EA3A8CA31065C2C70E659F3560B2B77D21C80B8CFE81FBA3D63491486C42560F2FA9B2D5095D7ADF1FDA2F7605D891E84A7A1418E255CB71CD5BD9F5894F8A3D1EE4900CEA3D976B6C502360AFF769A4A3B8A292FE6E7B13737D24C3D1B330B0EA73B1C84E5550E7A1E047B0C282877A7155E1172284823EC4C19DCA9B0D90AE6DEF6341B4465EC40FBE2A59083E36A51EB443757D24DE9DE2E037579FCAF96D1E0938DD020401E6282C9F82ACC6465934D079B1A52C10CE162A26EAFEB2BD979D03073E7B5AFA258502BE063F0B8AB965B7FD0194D01CE44500E339BA5CB04C2F356832CE66134B622DE1F036CDDADE88880DD227980B637F582CABB936AD1E388ABBBF891A13999FACA98867261457137A25431FE0E8C6F63D025DC67F9115C503A221A0BACA45BF17F641127D1424A5D48B2822D847FC82CD2A9F8E4CBEAA053183C26A620C75EA12F1C5D494BF387EF748873A05B9E5993B2DF5A48899D048BB87C622002FC56E5B0875B47C7DFE83D1A81DD23BD959DCCC571B7FEE0DE688DE9E0368D38B47B94365E2989C3AD3BCE9BA59BEA9C3228BDBBBF9F98F07C65FE9F9FEBFF282FCDEAD7D53CF2F6489585854DEB34E987B0ED6AEB2D050F73A0CBF8FFB8FC9765F979209C188C4F063A6CB0D05497D7D99EC41499BA86A568171581AE7A3144D5BBF7E82DDD7BD561B9C03C0D87FDF99235530E8BB85E99ACD163D96E92BE3F14FD512A889B6D3915D53D50F9836EE992F1BCD2FCF"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000016f

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

[b]Remaining Services /b:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\ma-config.com\\maconfservice.exe"="C:\\Program Files\\ma-config.com\\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"C:\\Program Files\\IEPro\\MiniDM.exe"="C:\\Program Files\\IEPro\\MiniDM.exe:*:Enabled:MiniDM"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[b]Remaining Files /b:

[b]Files with Hidden Attributes /b:

Mon 26 Jan 2009 1,740,632 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 26 Jan 2009 5,365,592 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Thu 5 Mar 2009 2,260,480 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Sun 16 Mar 2008 216,064 ..SHR --- "C:\WINDOWS\system32\nbDX.dll"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Sun 1 Mar 2009 90,624 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Mon 20 Oct 2008 16,447 A.SHR --- "C:\Program Files\eRightSoft\SUPER\_Setup.dll"
Mon 27 Oct 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sun 4 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"
Tue 10 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Tue 10 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"
Tue 10 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"
Tue 10 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"
Tue 10 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"
Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"
Thu 20 Mar 2008 5,632 ..SHR --- "C:\Program Files\eRightSoft\SUPER\spk\1stRun.exe"

[b]Finished!/b

Au redémarrage, a.bat n'est plus venu en c:. C'est plutôt bon signe. Si je résume, je dois surveiller a.bat, Windir.exe et Winoper.exe. Si ces trucs ne se ramènent plus, sa doit être bon, non?

Je te tiens au courant.

A+ et encore merci,

Jtb.
0
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok parfait. C'est bon! . Tu peux virer ce qui à été utilisé avec toolcleaner
0
Réponse 39 / 45
jtb Messages postés 154 Statut Membre 1
 
Salut à toi,

Voilà, c'est fait pour Toolcleaner. Je laisse la discussion en "non-résolu" jusque ce soir vois demain pour quand même tout revérifier. Sait-on jamais !

[ Rapport ToolsCleaner version 2.3.5 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Combofix.txt: trouvé !
C:\SDFIX: trouvé !
C:\Combofix: trouvé !
C:\Qoobox: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Jonathan\Bureau\SdFix.exe: trouvé !
C:\Documents and Settings\Jonathan\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Jonathan\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Jonathan\Bureau\HJTInstall.exe: trouvé !
C:\Documents and Settings\Jonathan\Bureau\OTMoveIt3.exe: trouvé !
C:\Documents and Settings\Jonathan\Bureau\Rsit.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\hijackthis.log: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

---------------------------------
--> Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Jonathan\Bureau\SdFix.exe: supprimé !
C:\Documents and Settings\Jonathan\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\Jonathan\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\Jonathan\Bureau\HJTInstall.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\Documents and Settings\Jonathan\Bureau\OTMoveIt3.exe: supprimé !
C:\Documents and Settings\Jonathan\Bureau\Rsit.exe: supprimé !
C:\Program Files\Trend Micro\hijackthis.log: supprimé !
C:\SDFIX: supprimé !
C:\Combofix: supprimé !
C:\Qoobox: supprimé !
C:\Rsit: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

J'aimerais en tout cas te remercier pour tout le temps que tu m'as consacré. Merci infiniment. :-)

Passe un très bon après-midi.

Jtb.
0
Réponse 40 / 45
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok vire combofix

C:\Documents and Settings\Jonathan\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!

a plus tu diras
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses