total security virus!

Question

Bonjour,
Depuis ce matin il y a total security qui s'est glisser dans la barre des taches. Maintenant à chaque démarrage il me fait un scan en me disant qu'il y a des virus sur mon ordinateur et qu'il faut acheter total security pour les supprimer. De plus toute les 5 minutes il m'ouvre une fenêtre en me disant: vous avez des virus, voulez vous les supprimer et quand je clic dessus il m'envoie sur un site pour télécharger la version complète et payante de total security.
Comment faire pour s'en débarasser?

Merci d'avance.

XaTon · Answer

Bonjour ,

Et encore un

Fait ceci 

~~~~~~~~~~~~~~~> Hijack This <~~~~~~~~~~~~~~~~~~~

- Telecharger Hijack 
>http://www.infos-du-net.com/telecharger/HijackThis.html

Une fois Hijack installer, exécuter le :
- Cliquer sur "Do a system scan and save a logfile"

- Un fichier texte s'ouvre, si ce n'est pas le cas celui-ci se trouve dans le même dossier que hijackthis.exe .
- Faire édition / sélectionner tout
- Clic droit / copier

- Poste moi le rapport entier

stylet26 · Answer

Merci de m'avoir répondu alors voilà le rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:12:28, on 22/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\Temp\_ex-68.exe
C:\Documents and Settings\All Users\Application Data\15237504\15237504.exe
C:\WINDOWS\system32\ducoovyve.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\LocalService\Application Data\Microsoft\muquassouvoog.exe
C:\Documents and Settings\Emilien\Bureau\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Shareware.Pro-FR Toolbar - {b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d} - C:\Program Files\Peer2Peer-FR	bPee1.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Shareware.Pro-FR Toolbar - {b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d} - C:\Program Files\Peer2Peer-FR	bPee1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Shareware.Pro-FR Toolbar - {b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d} - C:\Program Files\Peer2Peer-FR	bPee1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\Temp\_ex-68.exe
O4 - HKLM\..\Run: [15237504] C:\Documents and Settings\All Users\Application Data\15237504\15237504.exe
O4 - HKLM\..\Run: [tiho] C:\WINDOWS\system32\ducoovyve.exe
O4 - HKLM\..\RunServices: [tiho] C:\WINDOWS\system32\ducoovyve.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe (User 'Default user')
O4 - Startup: ikowin32.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar	oolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Consulter les dictionnaires (SYSTRAN) - res://C:\Program Files\SYSTRAN\6\GUIres.dll/lookup.js
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Traduire (SYSTRAN) - res://C:\Program Files\SYSTRAN\6\GUIres.dll/translate.js
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: C-DillaSrv (iuety7o54y02ma) - Unknown owner - C:\Documents and Settings\LocalService\Application Data\Microsoft\kunen.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

stylet26 · Answer

Voilà c'est fait.

stylet26 · Answer

Aidez moi svp!!!

Merci d'avance.

heatloaf · Answer

je sais ocmment virer ce virus mais a mon avis tu dois le faire a chaque fois que tu allume l'ordinateur jviens de trouver en quelque minute tu fai ctrl Alt Supr / processus et ensuite ya un truc du genre 1545154.exe (jai mis les nombre au hasard) jme suis dit , j'ai pas un exe comme ca j'ai fait terminer le processus le truc s'est enlevé

XaTon · Answer

Désoler , j'ai du m'absenter

Fait ceci :

~~~~~~~~~~~~~~> Malwarebytes <~~~~~~~~~~~~~~~~~~~


- Télécharger Malwarebytes
- Enregistre le sur le bureau
- Double clique sur le fichier téléchargé pour lancer le processus d’installation
- Lorsqu’il te le sera demandé, mets à jour Malwarebytes anti malware
- Si le pare-feu demande l’autorisation de se connecter pour malwarebytes, acceptes
- Une fois la mise à jour terminée, ferme Malwarebytes

- Double-clique sur l’icône de malwarebytes pour le relancer
- Dans l’onglet, Recherche, probablement ouvert par défaut,
- Sélectionne Exécuter un examen complet
- Clique sur Rechercher
- Le scan démarre

- A la fin de l’analyse, un message s’affiche : L’examen s’est terminé normalement. Cliquez sur ‘Afficher les résultats’ pour afficher tous les objets trouvés.
- Clique sur Ok pour poursuivre.
- Si des malwares ont été détectés, cliques sur Afficher les résultats
- Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

- Malwarebytes va ouvrir le bloc-notes et y copier le rapport d’analyse.
- Rends toi dans l’onglet rapport/log
- Tu clique dessus pour l’afficher.
- Une fois affiché, cliques sur édition en haut du bloc notes, et puis sur sélectionner tout
- Tu recliques sur édition et puis sur copier et tu reviens sur le forum et dans ta réponse
- Tu clique droit dans le cadre de la réponse et coller

stylet26 · Answer

Bon alors j'ai essayé de suivre la réponse de heatloaf et ça marche. Je n'ai pas encore vu si le virus se relançait au démarrage. Le virus disparait. Pour Malwarebytes, je l'avais déjà j'ai fait un scan complet hier et j'ai ensuite supprimer les virus qui m'avaient trouver. Voilà le rapport:

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1749
Windows 5.1.2600 Service Pack 3

22/08/2009 13:47:03
mbam-log-2009-08-22 (13-47-03).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 246261
Temps écoulé: 1 hour(s), 31 minute(s), 45 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ggxxqq (Adware.Navipromo.H) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\Emilien\Local Settings\Application Data\ggxxqq_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Emilien\Local Settings\Application Data\ggxxqq_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Emilien\Local Settings\Application Data\ggxxqq.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Emilien\Local Settings\Application Data\ggxxqq.exe (Adware.Navipromo.H) -> Delete on reboot.
C:\Program Files\BPS\AudioConverterPro\AC.exe (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.

stylet26 · Answer

Oui apparemment le virus se relance après le redémarrage du pc.

XaTon · Answer

Refait un log Hijack

stylet26 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:27, on 23/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\Temp\_ex-68.exe
C:\Documents and Settings\All Users\Application Data\15237504\15237504.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\ducoovyve.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Emilien\Bureau\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Shareware.Pro-FR Toolbar - {b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d} - C:\Program Files\Peer2Peer-FR	bPee1.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Shareware.Pro-FR Toolbar - {b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d} - C:\Program Files\Peer2Peer-FR	bPee1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Shareware.Pro-FR Toolbar - {b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d} - C:\Program Files\Peer2Peer-FR	bPee1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\Temp\_ex-68.exe
O4 - HKLM\..\Run: [15237504] C:\Documents and Settings\All Users\Application Data\15237504\15237504.exe
O4 - HKLM\..\Run: [tiho] C:\WINDOWS\system32\ducoovyve.exe
O4 - HKLM\..\RunServices: [tiho] C:\WINDOWS\system32\ducoovyve.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe (User 'Default user')
O4 - Startup: ikowin32.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar	oolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Consulter les dictionnaires (SYSTRAN) - res://C:\Program Files\SYSTRAN\6\GUIres.dll/lookup.js
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Traduire (SYSTRAN) - res://C:\Program Files\SYSTRAN\6\GUIres.dll/translate.js
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: C-DillaSrv (iuety7o54y02ma) - Unknown owner - C:\WINDOWS\system32\kunen.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

XaTon · Answer

Ouai , toujours la 

Fait ceci 

~~~~~~~~~~~~~~> SmitFraudfix <~~~~~~~~~~~~~~~~~~~

Telecharger SmitFraudfix sur ce lien :

> http://www.geekstogo.com/forum/files/file/6-smitfraudfix/

* Place le sur le bureau tu obtiens alors une icône SmitFraudfix avec un triangle jaune.
* Double-cliquez sur l'icone, un nouveau dossier est alors créé.

* Clic sur l'icône SmitFraudfix 
* Effectuer l'option 1 (  Recherche )

Note
Une fois, l'option 1 lancée.
Une fenêtre sur fond bleu s'ouvre alors... un message d'informations s'ouvre, appuyez sur une touche pour passer à l'étape suivante.

/!\ Laisse l'analyse ce terminer /!\

_ Une fois le scan terminé, un rapport va s'ouvrir sur le Bloc-Note.
    * Clique sur le menu Édition puis Sélectionner tout.
    * Puis poste moi le rapport

stylet26 · Answer

SmitFraudFix v2.423

Rapport fait à 11:15:13.67, 23/08/2009
Executé à partir de C:\Documents and Settings\Emilien\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\Temp\_ex-68.exe
C:\Documents and Settings\All Users\Application Data\15237504\15237504.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\ducoovyve.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Emilien\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Emilien


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Emilien\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Emilien\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Emilien\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 

C:\Program Files\Google\googletoolbar1.dll PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
 

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""




»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Thomson ST Remote NDIS Device - Miniport d'ordonnancement de paquets
DNS Server Search Order: 10.0.0.138

HKLM\SYSTEM\CCS\Services\Tcpip\..\{07F4178D-87C3-421F-B309-A618862E2CE3}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS1\Services\Tcpip\..\{07F4178D-87C3-421F-B309-A618862E2CE3}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0E2B9D06-2CD6-4E49-B05B-DB2341048280}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS3\Services\Tcpip\..\{07F4178D-87C3-421F-B309-A618862E2CE3}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

XaTon · Answer

Fait ceci :

~~~~~~~~~~~~~~~~> Combofix <~~~~~~~~~~~~~~~~~~~

- Télécharge Combofix

>http://download.bleepingcomputer.com/sUBs/ComboFix.exe

- Renomme le pour l’enregistrer sur ton bureau en asdehi
- Double clique combofix.exe qui est devenu asdehi.exe

/!\  Déconnecte toi d'Internet et referme les fenêtres de tous les programmes en cours avant de lancer le scan /!\
/!\   Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares  /!\

- Tape sur la touche 1 (Yes) pour démarrer le scan
- Lorsque ComboFix a fini son examen, il annoncera qu'il est en train de préparer le compte rendu

Note :
Ceci peut durer un certain temps, donc surtout sois patient. Si si le Bureau Windows disparaît, ne pas s'inquiéter pas

- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire. 
- Un log s'ouvrira, celui ci sera sauvegarder dans C:/ Combofix

/!\  Réactiver la protection en temps réel  /!\

- Copie / Colle moi le rapport present dans C:/ Combofix

stylet26 · Answer

ComboFix 09-08-22.06 - Emilien 23/08/2009 12:13.1.2 - NTFSx86
Microsoft Windows XP Édition familiale  5.1.2600.3.1252.33.1036.18.3070.2546 [GMT 2:00]
Running from: c:\documents and settings\Emilien\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090822-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\15237504
c:\documents and settings\All Users\Application Data\15237504\15237504
c:\documents and settings\All Users\Application Data\15237504\15237504.exe
c:\documents and settings\All Users\Application Data\15237504\pc15237504ins
c:\documents and settings\Emilien\Application Data\BITS
c:\documents and settings\Emilien\Application Data\BITS\BITS.ini
c:\documents and settings\Emilien\Application Data\BITS\DHTTable.dat
c:\documents and settings\Emilien\Application Data\BITS\ProxyList.ini
c:\documents and settings\Emilien\Application Data\BITS\UPnP.ini
c:\documents and settings\Emilien\Application Data\wiaserva.log
c:\program files\Mozilla Firefox\extensions\{2B9ED78F-5417-4E26-8956-9D54A6D94469}
c:\program files\Mozilla Firefox\extensions\{2B9ED78F-5417-4E26-8956-9D54A6D94469}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{2B9ED78F-5417-4E26-8956-9D54A6D94469}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{2B9ED78F-5417-4E26-8956-9D54A6D94469}\install.rdf
c:\program files\WinPCap
c:\program files\WinPCappcapd.exe
c:ecycler\S-1-5-21-3605873742-1097865343-2296637568-1003
c:\windows\Installer\7a6ad.msi
c:\windows\Installer\WinRMSrv.msi
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\drivers
pf.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Packet.dll
c:\windows\system32\Process.exe
c:\windows\system32\pthreadVC.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32	mp.reg
c:\windows\system32\uniq.tll
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\system32\WS2Fix.exe

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_gaopdxserv.sys
-------\Legacy_NPF
-------\Service_gaopdxserv.sys
-------\Service_NPF


(((((((((((((((((((((((((   Files Created from 2009-07-23 to 2009-08-23  )))))))))))))))))))))))))))))))
.

2009-08-23 08:28 . 2009-08-22 10:03	282624	----a-w-	c:\windows\system32
afa.exe
2009-08-22 17:10 . 2009-08-22 10:03	282624	----a-w-	c:\documents and settings\LocalService\Application Data\Microsoft\kunen.exe
2009-08-22 10:03 . 2009-08-22 10:03	282624	----a-w-	c:\documents and settings\LocalService\Application Data\Microsoft\ducoovyve.exe
2009-08-22 10:03 . 2009-08-22 10:03	282624	----a-w-	c:\windows\system32\ducoovyve.exe
2009-08-21 09:53 . 2009-08-21 09:53	--------	d-----w-	c:\documents and settings\Emilien\Application Data\Games
2009-08-21 09:45 . 2009-08-23 09:07	--------	d-----w-	c:\program files\Dracula Origin
2009-08-20 09:29 . 2009-08-20 09:37	--------	d-----w-	c:\program files\BF2142 Editor
2009-08-20 09:29 . 2009-08-23 09:37	73216	----a-w-	c:\windows\ST6UNST.EXE
2009-08-20 09:29 . 2009-08-23 09:37	286720	------w-	c:\windows\Setup1.exe
2009-08-19 16:02 . 2009-08-19 16:26	--------	d-----w-	C:\Casino
2009-08-17 09:08 . 2009-08-17 09:08	--------	d-----w-	c:\program files\Ashampoo
2009-08-15 13:05 . 2009-08-15 13:07	911	----a-w-	c:\windows\eReg.dat
2009-08-15 13:00 . 2009-08-15 13:00	737280	----a-w-	c:\windows\iun6002.exe
2009-08-15 12:31 . 2009-04-23 08:38	982016	----a-w-	c:\windows\system32\Earth_3D_Screensaver.scr
2009-08-15 12:30 . 2009-08-15 12:30	--------	d-----w-	c:\documents and settings\Emilien\Application Data\Boost Windows
2009-08-15 12:29 . 2009-08-15 12:30	--------	d-----w-	c:\program files\Boost Windows
2009-08-15 12:28 . 2009-04-08 12:39	906752	----a-w-	c:\windows\system32\Haunted_House_3D_Screensaver.scr
2009-08-15 12:27 . 2009-01-20 01:04	894976	----a-w-	c:\windows\system32\Lagoon_3D_Screensaver.scr
2009-08-15 12:27 . 2009-01-20 01:04	10907136	----a-w-	c:\windows\system32\Lagoon 3D Screensaver.exe
2009-08-15 12:27 . 2009-01-21 14:39	32698880	----a-w-	c:\windows\system32\Dutch Windmills 3D Screensaver.exe
2009-08-15 12:27 . 2009-01-20 01:10	911872	----a-w-	c:\windows\system32\Dutch_Windmills_3D_Screensaver.scr
2009-08-15 12:27 . 2009-01-21 14:40	35133952	----a-w-	c:\windows\system32\Snow Village 3D Screensaver.exe
2009-08-15 12:27 . 2009-01-20 01:13	912896	----a-w-	c:\windows\system32\Snow_Village_3D_Screensaver.scr
2009-08-15 12:26 . 2009-01-22 16:29	19387392	----a-w-	c:\windows\system32\Lighthouse Point 3D Screensaver.exe
2009-08-15 12:26 . 2009-01-20 01:10	902144	----a-w-	c:\windows\system32\Lighthouse_Point_3D_Screensaver.scr
2009-08-15 12:22 . 2009-01-20 00:48	448000	----a-w-	c:\windows\system32\The_One_Ring_3D_Screensaver.scr
2009-08-15 12:22 . 2009-01-19 23:43	3099648	----a-w-	c:\windows\system32\The One Ring 3D Screensaver.exe
2009-08-15 12:20 . 2009-04-07 14:28	914432	----a-w-	c:\windows\system32\Deep_Space_3D_Screensaver.scr
2009-08-15 12:17 . 2009-08-15 12:21	--------	d-----w-	c:\program files\3Planesoft Screensaver Manager
2009-08-15 12:17 . 2009-08-15 12:17	--------	d-----w-	c:\windows\system32\3Planesoft
2009-08-15 12:17 . 2008-01-09 12:55	454656	----a-w-	c:\windows\system32\3Planesoft_Screensaver_Manager.scr
2009-08-15 12:17 . 2008-01-22 10:22	31378432	----a-w-	c:\windows\system32\Western Railway 3D Screensaver.exe
2009-08-15 12:17 . 2009-08-18 11:43	--------	d-----w-	c:\program files\Western Railway 3D Screensaver
2009-08-15 12:17 . 2008-01-23 12:28	847872	----a-w-	c:\windows\system32\Western_Railway_3D_Screensaver.scr
2009-08-13 12:02 . 2009-02-05 20:06	23152	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2009-08-13 12:02 . 2009-02-05 20:06	51376	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2009-08-13 12:02 . 2009-02-05 20:05	26944	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2009-08-13 12:02 . 2009-02-05 20:07	114768	----a-w-	c:\windows\system32\drivers\aswSP.sys
2009-08-13 12:02 . 2009-02-05 20:07	20560	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2009-08-13 12:02 . 2009-02-05 20:04	97480	----a-w-	c:\windows\system32\AvastSS.scr
2009-08-13 12:02 . 2009-02-05 20:08	93296	----a-w-	c:\windows\system32\drivers\aswmon.sys
2009-08-13 12:02 . 2009-02-05 20:08	94032	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2009-08-13 12:01 . 2009-02-05 20:11	1256296	----a-w-	c:\windows\system32\aswBoot.exe
2009-08-13 11:41 . 2009-08-13 11:41	--------	d-----w-	c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2009-08-13 11:40 . 2009-08-13 11:40	152576	----a-w-	c:\documents and settings\Emilien\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-13 11:35 . 2009-07-10 13:27	1315328	-c----w-	c:\windows\system32\dllcache\msoe.dll
2009-07-26 09:01 . 2009-07-26 09:01	--------	d-sh--w-	c:\documents and settings\Emilien\UserData
2009-07-25 14:28 . 2009-07-31 13:26	--------	d-----w-	c:\program files\Steam

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-22 17:40 . 2004-08-05 19:00	85114	----a-w-	c:\windows\system32\perfc00C.dat
2009-08-22 17:40 . 2004-08-05 19:00	511074	----a-w-	c:\windows\system32\perfh00C.dat
2009-08-22 17:22 . 2009-05-08 18:33	--------	d-----w-	c:\documents and settings\Emilien\Application Data\Skype
2009-08-22 17:22 . 2009-05-08 17:07	--------	d-----w-	c:\documents and settings\Emilien\Application Data\skypePM
2009-08-22 11:32 . 2009-01-28 13:08	--------	d-----w-	c:\documents and settings\All Users\Application Data\Electronic Arts
2009-08-22 10:03 . 2009-08-23 10:21	282624	----a-w-	c:\windows\system32	akettuc.exe
2009-08-22 08:53 . 2009-02-10 16:34	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP
2009-08-22 08:38 . 2009-01-11 10:44	--------	d-----w-	c:\program files\Electronic Arts
2009-08-20 10:57 . 2009-07-22 13:36	--------	d-----w-	c:\program files\EA Games
2009-08-20 10:57 . 2008-12-11 13:53	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-08-20 10:31 . 2009-02-08 18:13	--------	d-----w-	c:\documents and settings\All Users\Application Data\Test Drive Unlimited
2009-08-14 15:54 . 2009-02-06 19:51	--------	d-----w-	c:\program files\Dream Aquarium
2009-08-13 11:41 . 2008-12-21 13:40	--------	d-----w-	c:\program files\Java
2009-08-05 09:00 . 2004-08-05 19:00	205312	----a-w-	c:\windows\system32\mswebdvd.dll
2009-07-31 12:08 . 2008-12-21 13:42	1	----a-w-	c:\documents and settings\Emilien\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-07-31 12:06 . 2009-03-26 16:52	--------	d-----w-	c:\program files\Microsoft Silverlight
2009-07-31 05:35 . 2008-12-20 14:44	--------	d-----w-	c:\program files\Ubisoft
2009-07-31 05:29 . 2009-02-07 19:50	--------	d-----w-	c:\documents and settings\All Users\Application Data\WinZip
2009-07-30 18:14 . 2009-05-02 15:30	138184	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2009-07-30 18:14 . 2009-05-02 15:30	183112	----a-w-	c:\windows\system32\PnkBstrB.exe
2009-07-27 15:03 . 2009-05-08 16:40	--------	d-----w-	c:\documents and settings\Emilien\Application Data\Hamachi
2009-07-27 15:03 . 2009-01-31 10:24	--------	d-----w-	c:\documents and settings\Emilien\Application Data\DMCache
2009-07-25 15:36 . 2009-01-03 17:46	--------	d-----w-	c:\program files\SEGA
2009-07-25 03:23 . 2009-05-07 18:51	411368	----a-w-	c:\windows\system32\deploytk.dll
2009-07-23 15:22 . 2005-07-20 13:05	--------	d-----w-	c:\program files\Pyro Studios
2009-07-22 14:27 . 2009-01-31 18:42	66872	----a-w-	c:\windows\system32\PnkBstrA.exe
2009-07-22 14:12 . 2009-07-22 13:08	--------	d-----w-	c:\program files\GameShadow
2009-07-21 15:13 . 2009-07-21 15:13	8854	----a-r-	c:\documents and settings\Emilien\Application Data\Microsoft\Installer\{C86E3E3F-2A7B-4E25-BB82-3CBB9C799FA0}\Uninstall_Imperial_G_C86E3E3F2A7B4E25BB823CBB9C799FA0.exe
2009-07-21 15:13 . 2009-07-21 15:13	10134	----a-r-	c:\documents and settings\Emilien\Application Data\Microsoft\Installer\{C86E3E3F-2A7B-4E25-BB82-3CBB9C799FA0}\ARPPRODUCTICON.exe
2009-07-20 17:34 . 2009-07-20 17:34	--------	d-----w-	c:\program files\Live-Player
2009-07-20 17:34 . 2009-02-22 19:32	--------	d-----w-	c:\documents and settings\Emilien\Application Data\live-player
2009-07-17 19:03 . 2004-08-05 19:00	58880	----a-w-	c:\windows\system32\atl.dll
2009-07-16 07:51 . 2009-07-16 07:51	--------	d-----w-	c:\documents and settings\Jonathan\Application Data\Logitech
2009-07-16 05:13 . 2009-02-17 15:50	--------	d-----w-	c:\program files\Codemasters
2009-07-15 13:46 . 2009-07-15 13:46	--------	d-----w-	c:\documents and settings\Emilien\Application Data\Logitech
2009-07-15 13:38 . 2009-07-15 13:38	--------	d-----w-	c:\documents and settings\Emilien\Application Data\Musicmatch
2009-07-15 13:38 . 2009-07-15 13:38	--------	d-----w-	c:\program files\MUSICMATCH
2009-07-15 13:37 . 2009-07-15 13:37	--------	d-----w-	c:\program files\Fichiers communs\Logitech
2009-07-15 13:37 . 2009-07-15 13:37	--------	d-----w-	c:\program files\Logitech
2009-07-14 12:18 . 2009-07-14 12:08	--------	d-----w-	c:\documents and settings\Emilien\Application Data\Pro Cycling Manager 2009
2009-07-14 11:52 . 2009-06-22 15:43	--------	d-----w-	c:\program files\Carnivores 2
2009-07-13 21:43 . 2004-08-05 19:00	286208	----a-w-	c:\windows\system32\wmpdxm.dll
2009-07-12 18:36 . 2009-01-23 15:04	744	----a-w-	c:\documents and settings\Emilien\Application Data\filterclsid.dat
2009-07-11 15:58 . 2008-12-20 17:37	--------	d-----w-	c:\documents and settings\Emilien\Application Data\vlc
2009-07-11 15:57 . 2008-12-22 19:48	--------	d-----w-	c:\documents and settings\Emilien\Application Data\dvdcss
2009-07-10 17:41 . 2009-07-10 15:22	--------	d-----w-	c:\program files\adslTV
2009-07-10 13:11 . 2009-05-05 18:48	--------	d-----w-	c:\program files\Atari
2009-07-10 10:53 . 2008-12-21 07:02	20128	----a-w-	c:\documents and settings\Emilien\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-09 07:24 . 2008-12-24 09:43	20128	----a-w-	c:\documents and settings\Jonathan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-07 17:03 . 2009-04-26 07:42	20	---h--w-	c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT
2009-07-07 17:02 . 2009-07-07 17:02	20	---h--w-	c:\documents and settings\All Users\Application Data\PKP_DLck.DAT
2009-07-07 17:02 . 2009-07-07 17:02	--------	d-----w-	c:\documents and settings\All Users\Application Data\Filters
2009-07-07 17:02 . 2009-04-26 07:42	--------	d-----w-	c:\documents and settings\All Users\Application Data\Ultima_T15
2009-07-07 17:02 . 2009-04-26 07:42	--------	d-----w-	c:\documents and settings\All Users\Application Data\EnterNHelp
2009-07-07 17:02 . 2009-07-07 17:02	--------	d-----w-	c:\documents and settings\All Users\Application Data\Font Book
2009-07-07 17:00 . 2009-04-26 07:43	--------	d-----w-	c:\program files\Fichiers communs\Nikon
2009-07-07 17:00 . 2009-07-07 17:00	--------	d-----w-	c:\program files\Nikon
2009-07-07 16:28 . 2009-07-07 16:28	--------	d-----w-	c:\program files\DDS Converter 2
2009-07-06 13:04 . 2008-12-22 17:43	--------	d-----w-	c:\program files\THQ
2009-07-06 11:13 . 2009-07-06 11:13	49152	----a-r-	c:\documents and settings\Emilien\Application Data\Microsoft\Installer\{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}\ARPPRODUCTICON.exe
2009-07-04 15:18 . 2009-07-04 15:18	--------	d-----w-	c:\program files\SpicyTools
2009-07-04 15:18 . 2009-07-04 15:18	--------	d-----w-	c:\program files\SpicyTools Video Converter 1.0
2009-07-03 17:03 . 2009-02-15 18:42	--------	d-----w-	c:\program files\Activision
2009-07-03 17:00 . 2009-07-03 17:00	--------	d-----w-	c:\documents and settings\All Users\Application Data\ATI
2009-07-03 16:57 . 2004-08-05 19:00	915456	----a-w-	c:\windows\system32\wininet.dll
2009-07-03 16:48 . 2009-04-15 08:16	--------	d-----w-	c:\program files\ATI Technologies
2009-07-03 06:51 . 2009-02-16 18:27	721904	----a-w-	c:\windows\system32\drivers\sptd.sys
2009-07-03 06:42 . 2009-07-03 06:42	--------	d-----w-	c:\program files\Alcohol Soft
2009-07-02 08:28 . 2009-05-01 07:28	--------	d-----w-	c:\program files\Mount&Blade
2009-06-28 08:06 . 2009-04-19 09:12	--------	d-----w-	c:\program files\Free Audio Pack
2009-06-28 07:47 . 2009-06-28 07:47	--------	d-----w-	c:\documents and settings\Emilien\Application Data\AccurateRip
2009-06-28 07:47 . 2009-06-28 07:47	--------	d-----w-	c:\program files\Illustrate
2009-06-28 07:47 . 2009-06-28 07:47	5433520	----a-w-	c:\windows\system32\SpoonUninstall.exe
2009-06-28 07:39 . 2009-06-28 07:39	--------	d-----w-	c:\program files\BPS
2009-06-28 07:35 . 2009-06-27 13:10	--------	d-----w-	c:\program files\NCH Swift Sound
2009-06-27 13:11 . 2009-06-27 13:11	--------	d-----w-	c:\program files\NCH Software
2009-06-26 18:06 . 2009-06-21 09:53	--------	d-----w-	c:\program files\GameSpy Arcade
2009-06-25 12:44 . 2009-06-25 12:44	--------	d-----w-	c:\program files\CCleaner
2009-06-25 08:26 . 2004-08-05 19:00	736768	----a-w-	c:\windows\system32\lsasrv.dll
2009-06-25 08:26 . 2004-08-05 19:00	56832	----a-w-	c:\windows\system32\secur32.dll
2009-06-25 08:26 . 2004-08-05 19:00	54272	----a-w-	c:\windows\system32\wdigest.dll
2009-06-25 08:26 . 2004-08-05 19:00	147456	----a-w-	c:\windows\system32\schannel.dll
2009-06-25 08:26 . 2004-08-05 19:00	136192	----a-w-	c:\windows\system32\msv1_0.dll
2009-06-25 08:26 . 2004-08-05 19:00	301568	----a-w-	c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2004-08-05 19:00	92928	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2009-06-21 17:18 . 2009-06-21 17:14	78336	----a-w-	c:\windows\pysoft_uninstaller.exe
2009-06-21 17:03 . 2009-06-21 17:03	5917662	----a-w-	c:\windows\system32\combat_tyrannosaures.dat
2009-06-21 17:03 . 2009-06-21 17:03	1880064	----a-w-	c:\windows\system32\combat_tyrannosaures.scr
2009-06-21 10:03 . 2009-06-21 10:03	107888	----a-w-	c:\windows\system32\CmdLineExt.dll
2009-06-16 14:40 . 2004-08-05 19:00	81920	----a-w-	c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2004-08-05 19:00	119808	----a-w-	c:\windows\system32	2embed.dll
2009-06-15 10:44 . 2004-08-05 19:00	78848	----a-w-	c:\windows\system32	elnet.exe
2009-06-10 14:14 . 2004-08-05 19:00	85504	----a-w-	c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2005-07-04 19:01	2066432	----a-w-	c:\windows\system32\mstscax.dll
2009-06-10 06:15 . 2004-08-05 19:00	132096	----a-w-	c:\windows\system32\wkssvc.dll
2009-06-07 17:00 . 2009-06-07 17:00	207872	----a-w-	c:\documents and settings\Emilien\Application Data\SystemRequirementsLab\SRLProxy_srl_4.dll
2009-06-07 17:00 . 2009-06-07 17:00	207872	----a-w-	c:\documents and settings\Emilien\Application Data\SystemRequirementsLab\SRLProxy_srl_3.dll
2009-06-07 17:00 . 2009-06-07 17:00	207872	----a-w-	c:\documents and settings\Emilien\Application Data\SystemRequirementsLab\SRLProxy_srl_2.dll
2009-06-07 17:00 . 2009-06-07 17:00	207872	----a-w-	c:\documents and settings\Emilien\Application Data\SystemRequirementsLab\SRLProxy_srl_1.dll
2009-06-07 11:50 . 2009-06-07 11:50	10134	----a-r-	c:\documents and settings\Emilien\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2008-12-24 15:48 . 2008-12-24 15:48	0	--sha-w-	c:\windows\SMINST\HPCD.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}"= "c:\program files\Peer2Peer-FR	bPee1.dll" [2009-07-08 2215960]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-05-20 177464]

[HKEY_CLASSES_ROOT\clsid\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]
2009-07-08 14:51	2215960	----a-w-	c:\program files\Peer2Peer-FR	bPee1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-05-20 12:36	1258808	----a-w-	c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}"= "c:\program files\Peer2Peer-FR	bPee1.dll" [2009-07-08 2215960]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]

[HKEY_CLASSES_ROOT\clsid\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B00F3D7D-ECAD-4A3B-BCF7-BA5FC1FD0F8D}"= "c:\program files\Peer2Peer-FR	bPee1.dll" [2009-07-08 2215960]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]

[HKEY_CLASSES_ROOT\clsid\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2009-03-21 1649600]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-05 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-05-20 111928]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-20 98304]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-05-03 53248]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"tiho"="c:\windows\system32\ducoovyve.exe" [2009-08-22 282624]
"couced"="c:\windows\system32
afa.exe" [2009-08-22 282624]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-12-20 16860672]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-05-20 28160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"couced"="c:\windows\system32
afa.exe" [2009-08-22 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NeroHomeFirstStart"="c:\program files\Fichiers communs\Ahead\Lib\NMFirstStart.exe" [2007-06-01 16944]

c:\documents and settings\Jonathan\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

c:\documents and settings\Emilien\Menu D‚marrer\Programmes\D‚marrage\
ikowin32.exe [2008-4-13 23552]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-15 450560]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\Ubisoft\Prince of Persia\Prince of Persia.exe"=
"c:\Program Files\Ubisoft\Prince of Persia\PrinceOfPersia_Launcher.exe"=
"c:\WINDOWS\system32\PnkBstrA.exe"=
"c:\WINDOWS\system32\PnkBstrB.exe"=
"c:\Program Files\Opera\opera.exe"=
"c:\Program Files\Atari\Test drive Unlimited\TestDriveUnlimited.exe"=
"c:\Documents and Settings\Emilien\Mes documents\no limit megaupload\RouterClient.exe"=
"c:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"=
"c:\Program Files\Windows Live\Messenger\wlcsdk.exe"=
"c:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"=
"c:\Program Files\Java\jre1.6.0_07\launch4j-tmp\JDownloader.exe"=
"c:\WINDOWS\system32\java.exe"=
"c:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe"=
"c:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"=
"c:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"=
"c:\Program Files\SYSTRAN\6\SystranTranslationProjectManager.exe"=
"c:\Program Files\SYSTRAN\6\Dicts\SystranFilterEngine.exe"=
"c:\Program Files\SYSTRAN\6\Dicts\SystranTranslationEngine.exe"=
"c:\Program Files\SYSTRAN\6\SystranToolbar.exe"=
"c:\Program Files\SYSTRAN\6\SystranDictionaryManager.exe"=
"c:\Program Files\SYSTRAN\6\Dicts\SystranCodingEngine.exe"=
"c:\Program Files\Activision\X-Men Origins - Wolverine(TM)\Binaries\Wolverine.exe"=
"c:\Program Files\Steam\steam.exe"=
"c:\Program Files\Java\jre6\bin\javaw.exe"=
"c:\Program Files\SEGA\Medieval II Total War\kingdoms.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\Program Files\Windows Live\Messenger\msnmsgr.exe"=
"c:\Program Files\GameSpy Arcade\Aphex.exe"=
"c:\Program Files\SEGA\Medieval II Total War\medieval2.exe"=
"c:\Program Files\Activision\Prototype\prototypef.exe"=
"c:\Program Files\Pyro Studios\Imperial Glory\ImperialGlory.exe"=
"c:\Program Files\Steam\steamapps\common\empire total war demo\Empire.exe"=
"c:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe"=
"c:\Program Files\Skype\Phone\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10210:TCP"= 10210:TCP:BitComet 10210 TCP
"10210:UDP"= 10210:UDP:BitComet 10210 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"53:UDP"= 53:UDP:Promo

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [06/12/2005 17:11 35328]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [13/08/2009 14:02 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13/08/2009 14:02 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [26/03/2009 18:52 55152]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers
vhda32.sys [12/12/2008 00:50 38176]
S2 i0iyas9gm;SigmaTel Audio Service;c:\windows\system32	akettuc.exe [23/08/2009 12:21 282624]
S2 iuety7o54y02ma;C-DillaSrv;c:\windows\system32\kunen.exe --> c:\windows\system32\kunen.exe [?]
S3 CrystalSysInfo;CrystalSysInfo;\??\c:\program files\MediaCoder\SysInfo.sys --> c:\program files\MediaCoder\SysInfo.sys [?]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
S3 LHidPPKE;Logitech SetPoint HID Function Driver;c:\windows\system32\drivers\LHidPPKE.Sys [15/07/2009 15:37 22497]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32undll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-07-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-PowerBar - (no file)
HKLM-Run-15237504 - c:\documents and settings\All Users\Application Data\15237504\15237504.exe


.
------- Supplementary Scan -------
.
IE: &Recherche AOL Toolbar - c:\program files\AOL Toolbar	oolbar.dll/SEARCH.HTML
IE: Consulter les dictionnaires (SYSTRAN) - c:\program files\SYSTRAN\6\GUIres.dll/lookup.js
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Liens de téléchargement avec Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: Traduire (SYSTRAN) - c:\program files\SYSTRAN\6\GUIres.dll/translate.js
LSP: c:\windows\system32\idmmbc.dll
FF - ProfilePath - c:\documents and settings\Emilien\Application Data\Mozilla\Firefox\Profiles\hanfmlgr.default\
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\documents and settings\Emilien\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\program files\Opera\program\plugins\NPMetaStream3.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology
pViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-23 12:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2183762552-1457200377-2593566968-1007\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:08,c9,71,61,79,7b,bc,eb,6c,c6,b5,29,e0,ab,94,4b,8c,c5,43,b6,f9,dc,17,
   3e,f5,28,89,57,99,44,f2,8b,cd,b3,b3,1d,f6,9d,4d,66,0e,fa,29,5d,2c,29,a0,56,\
"??"=hex:84,10,64,32,5a,5a,63,dc,a4,e3,cd,cb,90,35,d7,ef

[HKEY_USERS\S-1-5-21-2183762552-1457200377-2593566968-1007\Software\SecuROM\License information*]
"datasecu"=hex:24,31,20,be,24,8a,c1,f8,ea,9c,8d,4f,dd,23,82,72,42,aa,ea,7f,16,
   bf,b6,da,44,16,d9,17,32,a6,5f,8a,7b,02,6e,11,af,d5,45,11,fd,36,a6,69,81,34,\
"rkeysecu"=hex:53,b2,60,61,ee,89,20,91,52,c8,67,f6,b9,0e,65,cd

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{395529a4-df69-4a83-b062-3eee76affbb3}]
@Denied: (Full) (Everyone)
"Model"=dword:0000009c
"Therad"=dword:00000016
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
   4b,7b,ad,04,7a,b1,b5,76,9b,27,47,15,81,e0,2c,90,21,0e,51,28,35,81,46,94,89,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):42,bd,01,f9,8c,19,e6,a6,ab,48,aa,e4,ac,2c,02,71,c4,dd,14,cc,48,
   61,c0,f3,6e,a6,56,99,56,61,6c,e1,55,df,18,90,21,8d,e5,3f,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):bf,e1,7e,2c,b2,97,eb,a2,e8,58,55,ba,43,64,fe,a0,a9,14,47,e8,ab,
   9b,b1,3e,39,d1,6b,6b,e6,a7,57,13,62,9c,e2,ba,4b,2f,47,23,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f2eb5bf5-7124-4cee-ba80-d4cd949c2680}]
@Denied: (Full) (Everyone)
"Model"=dword:0000003b
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
   38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(560)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(616)
c:\windows\system32\idmmbc.dll

- - - - - - - > 'explorer.exe'(2484)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\idmmbc.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Internet Download Manager\IDMIECC.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
c:\program files\Internet Download Manager\idmmkb.dll
c:\program files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32
afa.exee
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32
afa.exee
c:\program files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2009-08-23 12:26 - machine was rebooted
ComboFix-quarantined-files.txt  2009-08-23 10:26

Pre-Run: 247 222 980 608 octets libres
Post-Run: 247 399 927 808 octets libres

455	--- E O F ---	2009-08-18 15:58

A un moment quand j'ai redémarrer, le logiciel total security avait disparu mais dès que je suis arrivé sur internet avast à trouvé un virus qu'il n'a pas pu supprimer ni mettre en quarantaine et total security est revenu.

stylet26 · Answer

???

Albator · Answer

blocnote le répertoire/fichier à numéro est généré aléatoirement, il est donc différent sur chaque Pc infecté.
Vous proposé : .......\Application Data\10729684
Pour stylet26 c'est ce répertoire/fichier : ......\Application Data\15237504

Albator · Answer

stylet26 faites ces procédures.. • Sélectionnez le contenu de ce qu'ils y a entre les lignes pointillés = ========================================================= File:: c:\windows\system32 afa.exe c:\documents and settings\LocalService\Application Data\Microsoft\kunen.exe c:\documents and settings\LocalService\Application Data\Microsoft\ducoovyve.exe c:\windows\system32\ducoovyve.exe c:\windows\iun6002.exe c:\windows\system32 akettuc.exe c:\documents and settings\Emilien\Menu D‚marrer\Programmes\D‚marrage\ikowin32.exe registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EEE6C35B-6118-11DC-9C72-001320C79847}"=- ========================================================= • Copiez le texte sélectionné (CTRL+C). • Ouvrez le Bloc-notes (Menu Démarrer -> Tout les programmes -> Accessoires ..). • Collez le texte copié dans ce Bloc-notes (CTRL+V). • Sauvegarder sur votre Bureau ce fichier sous le nom de CFScript.txt ► Désactiver votre antivirus et tout logiciels de protection. • Par un clic glisser/déposer le fichier CFScript.txt sur l’icône ComboFix sur votre Bureau. Telque sur cette image --> http://img530.imageshack.us/img530/204/cfscriptdd4.gif >> Un "pop-up" va apparaître qui dit que "la version ComboFix est utilisé à vos risques et avec aucune garantie..". • Acceptez en cliquant sur "Oui" >> Une fenêtre bleue va apparaître avec le message : Type 1 to continue, or 2 to abort , • Entrez 1 et validez. >>> Patientez le temps du scan. <<< Le Bureau va disparaître à plusieurs reprises : c'est normal! >> Après le scan, il est possible que ComboFix ait besoin de redémarrer le PC, • Laissez-le aller. >> Une fois complèté, un rapport va s'afficher. ► Postez le contenu de ce rapport (C:\ComboFix.txt ). ► Réactiver votre antivirus et autre protection. _________________________________________________________________________ Téléchargezsur votre bureau Ad-Remover ( C_XX) : http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe /|\ Désactiver votre antivirus. • Installez Ad-remover (un raccourci sera créé sur le bureau), • Lancer le raccourci de Ad-remover, • Sélectionner la langue, F --> Entrée, • Déconnectez-vous, quittez les applications ouvertes.. • Sélectionner [L. Lancer le nettoyage], >> Laisser le aller, • Lorsque le scan sera complété appuyez sur une touche pour ouvrir le rapport ► Postez le rapport (C:\Ad-Report-SCAN.log). /|\ Réactivez votre antivirus. _________________________________________________________________________ Téléchargez Malwarebytes : http://www.malwarebytes.org/mbam.php • Lancez l'installation, • Dans [Settings] vous pouvez mettre en Français. • Faites la mise à jours de Malwarebytes. • Dans [Recherche] sélectionnez [Exécuter un examen Complet], • Après le scan, appuyer sur >>>>> [Supprimer la sélection]. >> Redémarrer si nécessaire.. ► Postez le rapport de Malwarebytes. _________________________________________________________________________ Téléchargez sur votre bureau RSIT (de random/random) : http://images.malwareremoval.com/random/RSIT.exe • Double cliquez sur RSIT.exe, • Appuyez sur [Continue] à l'écran « Disclaimer », • RSIT téléchargera HijackThis (s’il n’est pas installé) -> acceptez la licence, >> le rapport Log.txt va s'ouvrir à l'écran.. >> Postez ce rapport Log.txt (C:\RSIT\log.txt)

Albator · Answer

re, Si vous pouvez rajoutez ceci >> c:\windows\system32\kunen.exe << de suite après File:: comme cela : File:: c:\windows\system32\kunen.exe c:\windows\system32 afa.exe <-- et laisser les aute lignes tels quelles ..

stylet26 · Answer

Voilà celui de combofix:


ComboFix 09-08-24.05 - Emilien 25/08/2009  7:28.2.2 - NTFSx86
Microsoft Windows XP Édition familiale  5.1.2600.3.1252.33.1036.18.3070.2518 [GMT 2:00]
Running from: c:\documents and settings\Emilien\Bureau\ComboFix.exe
Command switches used :: c:\documents and settings\Emilien\Bureau\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090824-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
 * Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\documents and settings\Emilien\Menu D‚marrer\Programmes\D‚marrage\ikowin32.exe"
"c:\documents and settings\LocalService\Application Data\Microsoft\ducoovyve.exe"
"c:\documents and settings\LocalService\Application Data\Microsoft\kunen.exe"
"c:\windows\iun6002.exe"
"c:\windows\system32\ducoovyve.exe"
"c:\windows\system32\kunen.exe"
"c:\windows\system32
afa.exe"
"c:\windows\system32	akettuc.exe"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\14465154
c:\documents and settings\All Users\Application Data\14465154\14465154
c:\documents and settings\All Users\Application Data\14465154\14465154.exe
c:\documents and settings\All Users\Application Data\14465154\pc14465154ins
c:\documents and settings\Emilien\Application Data\wiaserva.log
c:\documents and settings\LocalService\Application Data\Microsoft\ducoovyve.exe
c:\documents and settings\LocalService\Application Data\Microsoft\kunen.exe
c:\program files\WinPCap
c:\program files\WinPCappcapd.exe
c:\windows\iun6002.exe
c:\windows\system32\drivers
pf.sys
c:\windows\system32\ducoovyve.exe
c:\windows\system32\kunen.exe
c:\windows\system32
afa.exe
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32	akettuc.exe
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_npf
-------\Legacy_i0iyas9gm
-------\Legacy_iuety7o54y02ma
-------\Service_i0iyas9gm
-------\Service_iuety7o54y02ma


(((((((((((((((((((((((((   Files Created from 2009-07-25 to 2009-08-25  )))))))))))))))))))))))))))))))
.

2009-08-24 04:59 . 2009-08-22 10:03	282624	----a-w-	c:\documents and settings\LocalService\Application Data\Microsoft	akettuc.exe
2009-08-23 12:31 . 2009-08-23 12:31	--------	d-----w-	c:\program files\System Requirements Lab BETA
2009-08-23 12:30 . 2009-08-23 12:30	137728	----a-w-	c:\documents and settings\Emilien\Application Data\System Requirements Lab BETA\SRLProxy_srl_4_1_1_0_d.dll
2009-08-23 12:30 . 2009-08-23 12:30	137728	----a-w-	c:\documents and settings\Emilien\Application Data\System Requirements Lab BETA\SRLProxy_srl_4_1_1_0_c.dll
2009-08-23 12:30 . 2009-08-23 12:30	137728	----a-w-	c:\documents and settings\Emilien\Application Data\System Requirements Lab BETA\SRLProxy_srl_4_1_1_0_b.dll
2009-08-23 12:30 . 2009-08-23 12:30	137728	----a-w-	c:\documents and settings\Emilien\Application Data\System Requirements Lab BETA\SRLProxy_srl_4_1_1_0_a.dll
2009-08-23 12:30 . 2009-08-23 12:30	--------	d-----w-	c:\documents and settings\Emilien\Application Data\System Requirements Lab BETA
2009-08-23 11:42 . 2009-08-22 10:03	282624	----a-w-	c:\documents and settings\LocalService\Application Data\Microsoft
afa.exe
2009-08-23 10:21 . 2009-08-22 10:03	282624	----a-w-	c:\documents and settings\LocalService\Application Data\Microsoft\muquassouvoog.exe
2009-08-21 09:53 . 2009-08-21 09:53	--------	d-----w-	c:\documents and settings\Emilien\Application Data\Games
2009-08-21 09:45 . 2009-08-23 09:07	--------	d-----w-	c:\program files\Dracula Origin
2009-08-20 09:29 . 2009-08-20 09:37	--------	d-----w-	c:\program files\BF2142 Editor
2009-08-20 09:29 . 2009-08-23 09:37	73216	----a-w-	c:\windows\ST6UNST.EXE
2009-08-20 09:29 . 2009-08-23 09:37	286720	------w-	c:\windows\Setup1.exe
2009-08-19 16:02 . 2009-08-19 16:26	--------	d-----w-	C:\Casino
2009-08-17 09:08 . 2009-08-17 09:08	--------	d-----w-	c:\program files\Ashampoo
2009-08-15 13:05 . 2009-08-15 13:07	911	----a-w-	c:\windows\eReg.dat
2009-08-15 12:31 . 2009-04-23 08:38	982016	----a-w-	c:\windows\system32\Earth_3D_Screensaver.scr
2009-08-15 12:30 . 2009-08-15 12:30	--------	d-----w-	c:\documents and settings\Emilien\Application Data\Boost Windows
2009-08-15 12:29 . 2009-08-15 12:30	--------	d-----w-	c:\program files\Boost Windows
2009-08-15 12:28 . 2009-04-08 12:39	906752	----a-w-	c:\windows\system32\Haunted_House_3D_Screensaver.scr
2009-08-15 12:27 . 2009-01-20 01:04	894976	----a-w-	c:\windows\system32\Lagoon_3D_Screensaver.scr
2009-08-15 12:27 . 2009-01-20 01:04	10907136	----a-w-	c:\windows\system32\Lagoon 3D Screensaver.exe
2009-08-15 12:27 . 2009-01-21 14:39	32698880	----a-w-	c:\windows\system32\Dutch Windmills 3D Screensaver.exe
2009-08-15 12:27 . 2009-01-20 01:10	911872	----a-w-	c:\windows\system32\Dutch_Windmills_3D_Screensaver.scr
2009-08-15 12:27 . 2009-01-21 14:40	35133952	----a-w-	c:\windows\system32\Snow Village 3D Screensaver.exe
2009-08-15 12:27 . 2009-01-20 01:13	912896	----a-w-	c:\windows\system32\Snow_Village_3D_Screensaver.scr
2009-08-15 12:26 . 2009-01-22 16:29	19387392	----a-w-	c:\windows\system32\Lighthouse Point 3D Screensaver.exe
2009-08-15 12:26 . 2009-01-20 01:10	902144	----a-w-	c:\windows\system32\Lighthouse_Point_3D_Screensaver.scr
2009-08-15 12:22 . 2009-01-20 00:48	448000	----a-w-	c:\windows\system32\The_One_Ring_3D_Screensaver.scr
2009-08-15 12:22 . 2009-01-19 23:43	3099648	----a-w-	c:\windows\system32\The One Ring 3D Screensaver.exe
2009-08-15 12:20 . 2009-04-07 14:28	914432	----a-w-	c:\windows\system32\Deep_Space_3D_Screensaver.scr
2009-08-15 12:17 . 2009-08-15 12:21	--------	d-----w-	c:\program files\3Planesoft Screensaver Manager
2009-08-15 12:17 . 2009-08-15 12:17	--------	d-----w-	c:\windows\system32\3Planesoft
2009-08-15 12:17 . 2008-01-09 12:55	454656	----a-w-	c:\windows\system32\3Planesoft_Screensaver_Manager.scr
2009-08-15 12:17 . 2008-01-22 10:22	31378432	----a-w-	c:\windows\system32\Western Railway 3D Screensaver.exe
2009-08-15 12:17 . 2009-08-18 11:43	--------	d-----w-	c:\program files\Western Railway 3D Screensaver
2009-08-15 12:17 . 2008-01-23 12:28	847872	----a-w-	c:\windows\system32\Western_Railway_3D_Screensaver.scr
2009-08-13 12:02 . 2009-02-05 20:06	23152	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2009-08-13 12:02 . 2009-02-05 20:06	51376	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2009-08-13 12:02 . 2009-02-05 20:05	26944	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2009-08-13 12:02 . 2009-02-05 20:07	114768	----a-w-	c:\windows\system32\drivers\aswSP.sys
2009-08-13 12:02 . 2009-02-05 20:07	20560	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2009-08-13 12:02 . 2009-02-05 20:04	97480	----a-w-	c:\windows\system32\AvastSS.scr
2009-08-13 12:02 . 2009-02-05 20:08	93296	----a-w-	c:\windows\system32\drivers\aswmon.sys
2009-08-13 12:02 . 2009-02-05 20:08	94032	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2009-08-13 12:01 . 2009-02-05 20:11	1256296	----a-w-	c:\windows\system32\aswBoot.exe
2009-08-13 11:41 . 2009-08-13 11:41	--------	d-----w-	c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2009-08-13 11:40 . 2009-08-13 11:40	152576	----a-w-	c:\documents and settings\Emilien\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-13 11:35 . 2009-07-10 13:27	1315328	-c----w-	c:\windows\system32\dllcache\msoe.dll
2009-07-26 09:01 . 2009-07-26 09:01	--------	d-sh--w-	c:\documents and settings\Emilien\UserData

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-25 05:36 . 2009-08-25 05:36	--------	d-----w-	c:\documents and settings\All Users\Application Data\11266564
2009-08-25 05:36 . 2009-08-25 05:36	823840	----a-w-	c:\documents and settings\All Users\Application Data\11266564\11266564.exe
2009-08-23 12:23 . 2009-02-10 16:34	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP
2009-08-22 17:40 . 2004-08-05 19:00	85114	----a-w-	c:\windows\system32\perfc00C.dat
2009-08-22 17:40 . 2004-08-05 19:00	511074	----a-w-	c:\windows\system32\perfh00C.dat
2009-08-22 17:22 . 2009-05-08 18:33	--------	d-----w-	c:\documents and settings\Emilien\Application Data\Skype
2009-08-22 17:22 . 2009-05-08 17:07	--------	d-----w-	c:\documents and settings\Emilien\Application Data\skypePM
2009-08-22 11:32 . 2009-01-28 13:08	--------	d-----w-	c:\documents and settings\All Users\Application Data\Electronic Arts
2009-08-22 08:38 . 2009-01-11 10:44	--------	d-----w-	c:\program files\Electronic Arts
2009-08-20 10:57 . 2009-07-22 13:36	--------	d-----w-	c:\program files\EA Games
2009-08-20 10:57 . 2008-12-11 13:53	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-08-20 10:31 . 2009-02-08 18:13	--------	d-----w-	c:\documents and settings\All Users\Application Data\Test Drive Unlimited
2009-08-14 15:54 . 2009-02-06 19:51	--------	d-----w-	c:\program files\Dream Aquarium
2009-08-13 11:41 . 2008-12-21 13:40	--------	d-----w-	c:\program files\Java
2009-08-05 09:00 . 2004-08-05 19:00	205312	----a-w-	c:\windows\system32\mswebdvd.dll
2009-07-31 13:26 . 2009-07-25 14:28	--------	d-----w-	c:\program files\Steam
2009-07-31 12:08 . 2008-12-21 13:42	1	----a-w-	c:\documents and settings\Emilien\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-07-31 12:06 . 2009-03-26 16:52	--------	d-----w-	c:\program files\Microsoft Silverlight
2009-07-31 05:35 . 2008-12-20 14:44	--------	d-----w-	c:\program files\Ubisoft
2009-07-31 05:29 . 2009-02-07 19:50	--------	d-----w-	c:\documents and settings\All Users\Application Data\WinZip
2009-07-30 18:14 . 2009-05-02 15:30	138184	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2009-07-30 18:14 . 2009-05-02 15:30	183112	----a-w-	c:\windows\system32\PnkBstrB.exe
2009-07-27 15:03 . 2009-05-08 16:40	--------	d-----w-	c:\documents and settings\Emilien\Application Data\Hamachi
2009-07-27 15:03 . 2009-01-31 10:24	--------	d-----w-	c:\documents and settings\Emilien\Application Data\DMCache
2009-07-25 15:36 . 2009-01-03 17:46	--------	d-----w-	c:\program files\SEGA
2009-07-25 03:23 . 2009-05-07 18:51	411368	----a-w-	c:\windows\system32\deploytk.dll
2009-07-23 15:22 . 2005-07-20 13:05	--------	d-----w-	c:\program files\Pyro Studios
2009-07-22 14:27 . 2009-01-31 18:42	66872	----a-w-	c:\windows\system32\PnkBstrA.exe
2009-07-22 14:12 . 2009-07-22 13:08	--------	d-----w-	c:\program files\GameShadow
2009-07-21 15:13 . 2009-07-21 15:13	8854	----a-r-	c:\documents and settings\Emilien\Application Data\Microsoft\Installer\{C86E3E3F-2A7B-4E25-BB82-3CBB9C799FA0}\Uninstall_Imperial_G_C86E3E3F2A7B4E25BB823CBB9C799FA0.exe
2009-07-21 15:13 . 2009-07-21 15:13	10134	----a-r-	c:\documents and settings\Emilien\Application Data\Microsoft\Installer\{C86E3E3F-2A7B-4E25-BB82-3CBB9C799FA0}\ARPPRODUCTICON.exe
2009-07-20 17:34 . 2009-07-20 17:34	--------	d-----w-	c:\program files\Live-Player
2009-07-20 17:34 . 2009-02-22 19:32	--------	d-----w-	c:\documents and settings\Emilien\Application Data\live-player
2009-07-17 19:03 . 2004-08-05 19:00	58880	----a-w-	c:\windows\system32\atl.dll
2009-07-16 07:51 . 2009-07-16 07:51	--------	d-----w-	c:\documents and settings\Jonathan\Application Data\Logitech
2009-07-16 05:13 . 2009-02-17 15:50	--------	d-----w-	c:\program files\Codemasters
2009-07-15 13:46 . 2009-07-15 13:46	--------	d-----w-	c:\documents and settings\Emilien\Application Data\Logitech
2009-07-15 13:38 . 2009-07-15 13:38	--------	d-----w-	c:\documents and settings\Emilien\Application Data\Musicmatch
2009-07-15 13:38 . 2009-07-15 13:38	--------	d-----w-	c:\program files\MUSICMATCH
2009-07-15 13:37 . 2009-07-15 13:37	--------	d-----w-	c:\program files\Fichiers communs\Logitech
2009-07-15 13:37 . 2009-07-15 13:37	--------	d-----w-	c:\program files\Logitech
2009-07-14 12:18 . 2009-07-14 12:08	--------	d-----w-	c:\documents and settings\Emilien\Application Data\Pro Cycling Manager 2009
2009-07-14 11:52 . 2009-06-22 15:43	--------	d-----w-	c:\program files\Carnivores 2
2009-07-13 21:43 . 2004-08-05 19:00	286208	----a-w-	c:\windows\system32\wmpdxm.dll
2009-07-12 18:36 . 2009-01-23 15:04	744	----a-w-	c:\documents and settings\Emilien\Application Data\filterclsid.dat
2009-07-11 15:58 . 2008-12-20 17:37	--------	d-----w-	c:\documents and settings\Emilien\Application Data\vlc
2009-07-11 15:57 . 2008-12-22 19:48	--------	d-----w-	c:\documents and settings\Emilien\Application Data\dvdcss
2009-07-10 17:41 . 2009-07-10 15:22	--------	d-----w-	c:\program files\adslTV
2009-07-10 13:11 . 2009-05-05 18:48	--------	d-----w-	c:\program files\Atari
2009-07-10 10:53 . 2008-12-21 07:02	20128	----a-w-	c:\documents and settings\Emilien\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-09 07:24 . 2008-12-24 09:43	20128	----a-w-	c:\documents and settings\Jonathan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-07 17:03 . 2009-04-26 07:42	20	---h--w-	c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT
2009-07-07 17:02 . 2009-07-07 17:02	20	---h--w-	c:\documents and settings\All Users\Application Data\PKP_DLck.DAT
2009-07-07 17:02 . 2009-07-07 17:02	--------	d-----w-	c:\documents and settings\All Users\Application Data\Filters
2009-07-07 17:02 . 2009-04-26 07:42	--------	d-----w-	c:\documents and settings\All Users\Application Data\Ultima_T15
2009-07-07 17:02 . 2009-04-26 07:42	--------	d-----w-	c:\documents and settings\All Users\Application Data\EnterNHelp
2009-07-07 17:02 . 2009-07-07 17:02	--------	d-----w-	c:\documents and settings\All Users\Application Data\Font Book
2009-07-07 17:00 . 2009-04-26 07:43	--------	d-----w-	c:\program files\Fichiers communs\Nikon
2009-07-07 17:00 . 2009-07-07 17:00	--------	d-----w-	c:\program files\Nikon
2009-07-07 16:28 . 2009-07-07 16:28	--------	d-----w-	c:\program files\DDS Converter 2
2009-07-06 13:04 . 2008-12-22 17:43	--------	d-----w-	c:\program files\THQ
2009-07-06 11:13 . 2009-07-06 11:13	49152	----a-r-	c:\documents and settings\Emilien\Application Data\Microsoft\Installer\{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}\ARPPRODUCTICON.exe
2009-07-04 15:18 . 2009-07-04 15:18	--------	d-----w-	c:\program files\SpicyTools
2009-07-04 15:18 . 2009-07-04 15:18	--------	d-----w-	c:\program files\SpicyTools Video Converter 1.0
2009-07-03 17:03 . 2009-02-15 18:42	--------	d-----w-	c:\program files\Activision
2009-07-03 17:00 . 2009-07-03 17:00	--------	d-----w-	c:\documents and settings\All Users\Application Data\ATI
2009-07-03 16:57 . 2004-08-05 19:00	915456	------w-	c:\windows\system32\wininet.dll
2009-07-03 16:48 . 2009-04-15 08:16	--------	d-----w-	c:\program files\ATI Technologies
2009-07-03 06:51 . 2009-02-16 18:27	721904	----a-w-	c:\windows\system32\drivers\sptd.sys
2009-07-03 06:42 . 2009-07-03 06:42	--------	d-----w-	c:\program files\Alcohol Soft
2009-07-02 08:28 . 2009-05-01 07:28	--------	d-----w-	c:\program files\Mount&Blade
2009-06-28 08:06 . 2009-04-19 09:12	--------	d-----w-	c:\program files\Free Audio Pack
2009-06-28 07:47 . 2009-06-28 07:47	--------	d-----w-	c:\documents and settings\Emilien\Application Data\AccurateRip
2009-06-28 07:47 . 2009-06-28 07:47	--------	d-----w-	c:\program files\Illustrate
2009-06-28 07:47 . 2009-06-28 07:47	5433520	----a-w-	c:\windows\system32\SpoonUninstall.exe
2009-06-28 07:39 . 2009-06-28 07:39	--------	d-----w-	c:\program files\BPS
2009-06-28 07:35 . 2009-06-27 13:10	--------	d-----w-	c:\program files\NCH Swift Sound
2009-06-27 13:11 . 2009-06-27 13:11	--------	d-----w-	c:\program files\NCH Software
2009-06-26 18:06 . 2009-06-21 09:53	--------	d-----w-	c:\program files\GameSpy Arcade
2009-06-25 08:26 . 2004-08-05 19:00	736768	----a-w-	c:\windows\system32\lsasrv.dll
2009-06-25 08:26 . 2004-08-05 19:00	56832	----a-w-	c:\windows\system32\secur32.dll
2009-06-25 08:26 . 2004-08-05 19:00	54272	----a-w-	c:\windows\system32\wdigest.dll
2009-06-25 08:26 . 2004-08-05 19:00	147456	----a-w-	c:\windows\system32\schannel.dll
2009-06-25 08:26 . 2004-08-05 19:00	136192	----a-w-	c:\windows\system32\msv1_0.dll
2009-06-25 08:26 . 2004-08-05 19:00	301568	----a-w-	c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2004-08-05 19:00	92928	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2009-06-21 17:18 . 2009-06-21 17:14	78336	----a-w-	c:\windows\pysoft_uninstaller.exe
2009-06-21 17:03 . 2009-06-21 17:03	5917662	----a-w-	c:\windows\system32\combat_tyrannosaures.dat
2009-06-21 17:03 . 2009-06-21 17:03	1880064	----a-w-	c:\windows\system32\combat_tyrannosaures.scr
2009-06-21 10:03 . 2009-06-21 10:03	107888	----a-w-	c:\windows\system32\CmdLineExt.dll
2009-06-16 14:40 . 2004-08-05 19:00	81920	----a-w-	c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2004-08-05 19:00	119808	----a-w-	c:\windows\system32	2embed.dll
2009-06-15 10:44 . 2004-08-05 19:00	78848	----a-w-	c:\windows\system32	elnet.exe
2009-06-10 14:14 . 2004-08-05 19:00	85504	----a-w-	c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2005-07-04 19:01	2066432	----a-w-	c:\windows\system32\mstscax.dll
2009-06-10 06:15 . 2004-08-05 19:00	132096	----a-w-	c:\windows\system32\wkssvc.dll
2009-06-07 17:00 . 2009-06-07 17:00	207872	----a-w-	c:\documents and settings\Emilien\Application Data\SystemRequirementsLab\SRLProxy_srl_4.dll
2009-06-07 17:00 . 2009-06-07 17:00	207872	----a-w-	c:\documents and settings\Emilien\Application Data\SystemRequirementsLab\SRLProxy_srl_3.dll
2009-06-07 17:00 . 2009-06-07 17:00	207872	----a-w-	c:\documents and settings\Emilien\Application Data\SystemRequirementsLab\SRLProxy_srl_2.dll
2009-06-07 17:00 . 2009-06-07 17:00	207872	----a-w-	c:\documents and settings\Emilien\Application Data\SystemRequirementsLab\SRLProxy_srl_1.dll
2008-12-24 15:48 . 2008-12-24 15:48	0	--sha-w-	c:\windows\SMINST\HPCD.sys
.

(((((((((((((((((((((((((((((   SnapShot@2009-08-23_10.21.48   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-25 05:36 . 2009-08-25 05:36	19456              c:\windows\Temp\wpv461250826839.exe
+ 2009-08-25 05:34 . 2009-08-25 05:34	16384              c:\windows\Temp\Perflib_Perfdata_640.dat
+ 2009-08-25 05:08 . 2009-08-25 05:08	16384              c:\windows\Temp\Perflib_Perfdata_524.dat
+ 2009-08-25 05:34 . 2009-08-25 05:34	16384              c:\windows\Temp\Perflib_Perfdata_1e0.dat
+ 2009-08-23 12:31 . 2009-08-23 12:31	19456              c:\windows\Installer\2df277.msi
+ 2009-08-25 05:36 . 2009-08-25 05:36	154790              c:\windows\Temp\wpv061251033318.exe
+ 2009-08-25 05:36 . 2009-08-25 05:36	401920              c:\windows\Temp\_ex-08.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}"= "c:\program files\Peer2Peer-FR	bPee1.dll" [2009-07-08 2215960]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-05-20 177464]

[HKEY_CLASSES_ROOT\clsid\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]
2009-07-08 14:51	2215960	----a-w-	c:\program files\Peer2Peer-FR	bPee1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-05-20 12:36	1258808	----a-w-	c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B00F3D7D-ECAD-4A3B-BCF7-BA5FC1FD0F8D}"= "c:\program files\Peer2Peer-FR	bPee1.dll" [2009-07-08 2215960]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]

[HKEY_CLASSES_ROOT\clsid\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2009-03-21 1649600]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-05 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-05-20 111928]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-20 98304]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-05-03 53248]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"11266564"="c:\documents and settings\All Users\Application Data\11266564\11266564.exe" [2009-08-25 823840]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-12-20 16860672]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-05-20 28160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NeroHomeFirstStart"="c:\program files\Fichiers communs\Ahead\Lib\NMFirstStart.exe" [2007-06-01 16944]

c:\documents and settings\Jonathan\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

c:\documents and settings\Emilien\Menu D‚marrer\Programmes\D‚marrage\
ikowin32.exe [2008-4-13 23552]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-15 450560]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\Ubisoft\Prince of Persia\Prince of Persia.exe"=
"c:\Program Files\Ubisoft\Prince of Persia\PrinceOfPersia_Launcher.exe"=
"c:\WINDOWS\system32\PnkBstrA.exe"=
"c:\WINDOWS\system32\PnkBstrB.exe"=
"c:\Program Files\Opera\opera.exe"=
"c:\Program Files\Atari\Test drive Unlimited\TestDriveUnlimited.exe"=
"c:\Documents and Settings\Emilien\Mes documents\no limit megaupload\RouterClient.exe"=
"c:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"=
"c:\Program Files\Windows Live\Messenger\wlcsdk.exe"=
"c:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"=
"c:\Program Files\Java\jre1.6.0_07\launch4j-tmp\JDownloader.exe"=
"c:\WINDOWS\system32\java.exe"=
"c:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe"=
"c:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"=
"c:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"=
"c:\Program Files\SYSTRAN\6\SystranTranslationProjectManager.exe"=
"c:\Program Files\SYSTRAN\6\Dicts\SystranFilterEngine.exe"=
"c:\Program Files\SYSTRAN\6\Dicts\SystranTranslationEngine.exe"=
"c:\Program Files\SYSTRAN\6\SystranToolbar.exe"=
"c:\Program Files\SYSTRAN\6\SystranDictionaryManager.exe"=
"c:\Program Files\SYSTRAN\6\Dicts\SystranCodingEngine.exe"=
"c:\Program Files\Activision\X-Men Origins - Wolverine(TM)\Binaries\Wolverine.exe"=
"c:\Program Files\Steam\steam.exe"=
"c:\Program Files\Java\jre6\bin\javaw.exe"=
"c:\Program Files\SEGA\Medieval II Total War\kingdoms.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\Program Files\Windows Live\Messenger\msnmsgr.exe"=
"c:\Program Files\GameSpy Arcade\Aphex.exe"=
"c:\Program Files\SEGA\Medieval II Total War\medieval2.exe"=
"c:\Program Files\Activision\Prototype\prototypef.exe"=
"c:\Program Files\Pyro Studios\Imperial Glory\ImperialGlory.exe"=
"c:\Program Files\Steam\steamapps\common\empire total war demo\Empire.exe"=
"c:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe"=
"c:\Program Files\Skype\Phone\Skype.exe"=
"c:\WINDOWS\Temp\_ex-08.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10210:TCP"= 10210:TCP:BitComet 10210 TCP
"10210:UDP"= 10210:UDP:BitComet 10210 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"53:UDP"= 53:UDP:Promo

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [06/12/2005 17:11 35328]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [13/08/2009 14:02 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13/08/2009 14:02 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [26/03/2009 18:52 55152]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers
vhda32.sys [12/12/2008 00:50 38176]
S3 CrystalSysInfo;CrystalSysInfo;\??\c:\program files\MediaCoder\SysInfo.sys --> c:\program files\MediaCoder\SysInfo.sys [?]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
S3 LHidPPKE;Logitech SetPoint HID Function Driver;c:\windows\system32\drivers\LHidPPKE.Sys [15/07/2009 15:37 22497]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32undll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-07-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-tiho - c:\windows\system32\ducoovyve.exe
HKLM-Run-couced - c:\windows\system32
afa.exe
HKLM-Run-14465154 - c:\documents and settings\All Users\Application Data\14465154\14465154.exe


.
------- Supplementary Scan -------
.
IE: &Recherche AOL Toolbar - c:\program files\AOL Toolbar	oolbar.dll/SEARCH.HTML
IE: Consulter les dictionnaires (SYSTRAN) - c:\program files\SYSTRAN\6\GUIres.dll/lookup.js
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Liens de téléchargement avec Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: Traduire (SYSTRAN) - c:\program files\SYSTRAN\6\GUIres.dll/translate.js
LSP: c:\windows\system32\idmmbc.dll
FF - ProfilePath - c:\documents and settings\Emilien\Application Data\Mozilla\Firefox\Profiles\hanfmlgr.default\
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\documents and settings\Emilien\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\program files\Opera\program\plugins\NPMetaStream3.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology
pViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-25 07:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2183762552-1457200377-2593566968-1007\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:08,c9,71,61,79,7b,bc,eb,6c,c6,b5,29,e0,ab,94,4b,8c,c5,43,b6,f9,dc,17,
   3e,f5,28,89,57,99,44,f2,8b,cd,b3,b3,1d,f6,9d,4d,66,0e,fa,29,5d,2c,29,a0,56,\
"??"=hex:84,10,64,32,5a,5a,63,dc,a4,e3,cd,cb,90,35,d7,ef

[HKEY_USERS\S-1-5-21-2183762552-1457200377-2593566968-1007\Software\SecuROM\License information*]
"datasecu"=hex:24,31,20,be,24,8a,c1,f8,ea,9c,8d,4f,dd,23,82,72,42,aa,ea,7f,16,
   bf,b6,da,44,16,d9,17,32,a6,5f,8a,7b,02,6e,11,af,d5,45,11,fd,36,a6,69,81,34,\
"rkeysecu"=hex:53,b2,60,61,ee,89,20,91,52,c8,67,f6,b9,0e,65,cd

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{395529a4-df69-4a83-b062-3eee76affbb3}]
@Denied: (Full) (Everyone)
"Model"=dword:0000009c
"Therad"=dword:00000016
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
   4b,7b,ad,04,7a,b1,b5,76,9b,27,47,15,81,e0,2c,90,21,0e,51,28,35,81,46,94,89,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):42,bd,01,f9,8c,19,e6,a6,ab,48,aa,e4,ac,2c,02,71,c4,dd,14,cc,48,
   61,c0,f3,6e,a6,56,99,56,61,6c,e1,55,df,18,90,21,8d,e5,3f,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):bf,e1,7e,2c,b2,97,eb,a2,e8,58,55,ba,43,64,fe,a0,a9,14,47,e8,ab,
   9b,b1,3e,39,d1,6b,6b,e6,a7,57,13,62,9c,e2,ba,4b,2f,47,23,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f2eb5bf5-7124-4cee-ba80-d4cd949c2680}]
@Denied: (Full) (Everyone)
"Model"=dword:0000003b
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
   38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(768)
c:\windows\system32\idmmbc.dll

- - - - - - - > 'Explorer.EXE'(1284)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\idmmbc.dll
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\MSVCP71.dll
c:\program files\Internet Download Manager\IDMIECC.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
c:\program files\Internet Download Manager\idmmkb.dll
c:\program files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
c:\windows\Temp\wpv461250826839.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2009-08-25  7:40 - machine was rebooted
ComboFix-quarantined-files.txt  2009-08-25 05:40
ComboFix2.txt  2009-08-23 10:26

Pre-Run: 247 392 120 832 octets libres
Post-Run: 247 288 602 624 octets libres

456	--- E O F ---	2009-08-18 15:58

stylet26 · Answer

Voici celui de ad Remover: . ======= RAPPORT D'AD-REMOVER 1.1.4.5_P | UNIQUEMENT XP/VISTA/SEVEN ======= . Mit à jour par C_XX le 24/08/2009 à 1:30 PM Contact: AdRemover.contact@gmail.com Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html . Lancé à: 7:50:16, 25/08/2009 | Mode Normal | Option: CLEAN Exécuté de: C:\Program Files\Ad-remover\ Système d'exploitation: Microsoft® Windows XP™ v5.1.2600 Nom du PC: LOCAL-AA075FB0E | Utilisateur actuel: Emilien . Administrateur: Administrateur N'est pas administrateur: ASPNET Administrateur: Emilien N'est pas administrateur: HelpAssistant *Desactive* N'est pas administrateur: Invité Administrateur: Jonathan N'est pas administrateur: SUPPORT_388945a0 *Desactive* . ============== ÉLÉMENT(S) NEUTRALISÉ(S) ============== . . HKCR\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A} HKCR\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064} HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847} HKCR\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847} HKCR\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} HKCR\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} HKCR\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} HKCR\MediaPlayer.GraphicsUtils HKCR\MediaPlayer.GraphicsUtils.1 HKCR\MgMediaPlayer.GifAnimator HKCR\MgMediaPlayer.GifAnimator.1 HKCR\SWEETIE.IEToolbar HKCR\SWEETIE.IEToolbar.1 HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook.1 HKCR\Toolbar3.SWEETIE HKCR\Toolbar3.SWEETIE.1 HKCR\Typelib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19} HKCR\Typelib\{EEE6C35E-6118-11DC-9C72-001320C79847} HKCR\Typelib\{EEE6C35F-6118-11DC-9C72-001320C79847} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} HKCU\Software\SweetIM HKLM\Software\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289} HKLM\Software\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F} HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} HKLM\Software\SweetIM HKLM\Software\Trymedia Systems HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Sweetim HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\{EEE6C35D-6118-11DC-9C72-001320C79847} HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{EEE6C35B-6118-11DC-9C72-001320C79847} HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501 HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636 HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8 HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43 HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\351716A953E21214898904032EAE2E81 HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432 HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0 HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1 HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7 HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0 HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5 HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74 HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3 HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058 HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15 HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A189D17A469616C4688D23E192996267 HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0 HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9 HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7 HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6 HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5 HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804 HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839 HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420 HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0 HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0 HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9 . C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\logs C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\update C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\adapter.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\autoupdate.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\logger.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\messages.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\sweetim.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\sweetimapp.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\users C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\users\main_user_config.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\users\stylet2009@hotmail.fr C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\users\stylet2009@hotmail.fr\content_update_notification.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\users\stylet2009@hotmail.fr\emoticons_shortcut.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\users\stylet2009@hotmail.fr\lastuse_Audibles.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\users\stylet2009@hotmail.fr\lastuse_DisplayPictures.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\users\stylet2009@hotmail.fr\lastuse_SpecialFX.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\users\stylet2009@hotmail.fr\lastuse_Winks.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\users\stylet2009@hotmail.fr\user_config.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000100AD.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000100B5.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00010814.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00010859.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\0001085D.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\0001085F.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\0001086C.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00010892.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00010893.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\0001089A.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000108A5.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000108A9.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000108C2.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000108C4.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000108E0.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000108F4.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00010914.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00010926.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00010933.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00010941.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00010947.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00010948.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00010949.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00010952.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00010968.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00010970.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00010972.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00010980.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00010996.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000200C9.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\0002031F.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00020344.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\0002039F.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000203DB.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000203E4.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000300A1.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000300A5.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000300B2.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000300CD.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000300D7.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000300D8.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\0004002B.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000400C3.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00050004.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00050005.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000600DE.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00060137.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00060191.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\0006019D.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00060272.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000602C2.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000602D2.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000602FE.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\0008000B.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\0008000D.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080011.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080014.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080016.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\0008001A.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080020.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080023.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080026.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080029.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\0008003D.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\0008003F.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080040.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080041.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080042.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080050.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080051.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080052.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080053.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080054.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080056.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\0008005C.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080061.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080063.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080065.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080071.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080076.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080077.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080084.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080086.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080087.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\0008008F.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080090.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080091.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000800A3.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000800D4.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000800DB.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000800DC.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000800DE.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000800E3.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000800E5.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000800E6.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000800EA.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000800EB.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000800EC.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000800ED.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000800F1.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000800F2.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000800F3.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\01050007.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\02050001.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\02050002.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\cache_indx.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars\Internet Explorer C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars\Internet Explorer\cache C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars\Internet Explorer\cache\79364243b9dac7ae8d7a0ecd142b9032.toolbar34.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM C:\DOCUME~1\Emilien\APPLIC~1\Mozilla\Firefox\Profiles\hanfmlgr.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome C:\DOCUME~1\Emilien\APPLIC~1\Mozilla\Firefox\Profiles\hanfmlgr.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome.manifest C:\DOCUME~1\Emilien\APPLIC~1\Mozilla\Firefox\Profiles\hanfmlgr.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\components C:\DOCUME~1\Emilien\APPLIC~1\Mozilla\Firefox\Profiles\hanfmlgr.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\install.rdf C:\DOCUME~1\Emilien\APPLIC~1\Mozilla\Firefox\Profiles\hanfmlgr.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF C:\DOCUME~1\Emilien\APPLIC~1\Mozilla\Firefox\Profiles\hanfmlgr.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar.jar C:\DOCUME~1\Emilien\APPLIC~1\Mozilla\Firefox\Profiles\hanfmlgr.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\components\SIMAutoCompleteSearch.js C:\DOCUME~1\Emilien\APPLIC~1\Mozilla\Firefox\Profiles\hanfmlgr.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF\manifest.mf C:\DOCUME~1\Emilien\APPLIC~1\Mozilla\Firefox\Profiles\hanfmlgr.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF\zigbert.rsa C:\DOCUME~1\Emilien\APPLIC~1\Mozilla\Firefox\Profiles\hanfmlgr.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF\zigbert.sf C:\DOCUME~1\Emilien\APPLIC~1\Mozilla\Firefox\Profiles\hanfmlgr.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} C:\DOCUME~1\Emilien\APPLIC~1\Mozilla\Firefox\Profiles\hanfmlgr.default\SweetIMToolbarData\logs C:\DOCUME~1\Emilien\APPLIC~1\Mozilla\Firefox\Profiles\hanfmlgr.default\SweetIMToolbarData /!\ NON SUPPRIMÉ: C:\Program Files\SweetIM\Messenger C:\Program Files\SweetIM\Toolbars C:\Program Files\SweetIM\Messenger\default.xml /!\ NON SUPPRIMÉ: C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll C:\Program Files\SweetIM\Messenger\mgAIMAuto.dll C:\Program Files\SweetIM\Messenger\mgAIMMessengerAdapter.dll C:\Program Files\SweetIM\Messenger\mgArchive.dll C:\Program Files\SweetIM\Messenger\mgcommon.dll C:\Program Files\SweetIM\Messenger\mgcommunication.dll C:\Program Files\SweetIM\Messenger\mgconfig.dll C:\Program Files\SweetIM\Messenger\mgFlashPlayer.dll C:\Program Files\SweetIM\Messenger\mghooking.dll C:\Program Files\SweetIM\Messenger\mgICQAuto.dll C:\Program Files\SweetIM\Messenger\mgICQMessengerAdapter.dll C:\Program Files\SweetIM\Messenger\mgIEPlayer.dll C:\Program Files\SweetIM\Messenger\mglogger.dll C:\Program Files\SweetIM\Messenger\mgMediaPlayer.dll C:\Program Files\SweetIM\Messenger\mgMsnAuto.dll C:\Program Files\SweetIM\Messenger\mgMsnMessengerAdapter.dll C:\Program Files\SweetIM\Messenger\mgsimcommon.dll C:\Program Files\SweetIM\Messenger\mgSweetIM.dll C:\Program Files\SweetIM\Messenger\mgUpdateSupport.dll C:\Program Files\SweetIM\Messenger\mgxml_wrapper.dll C:\Program Files\SweetIM\Messenger\mgYahooAuto.dll C:\Program Files\SweetIM\Messenger\mgYahooMessengerAdapter.dll C:\Program Files\SweetIM\Messenger\msvcp71.dll /!\ NON SUPPRIMÉ: C:\Program Files\SweetIM\Messenger\msvcr71.dll C:\Program Files\SweetIM\Messenger esources C:\Program Files\SweetIM\Messenger\SweetIM.exe C:\Program Files\SweetIM\Messenger esources\images C:\Program Files\SweetIM\Messenger esources\images\AudibleButton.png C:\Program Files\SweetIM\Messenger esources\images\DisplayPicturesButton.png C:\Program Files\SweetIM\Messenger esources\images\EmoticonButton.png C:\Program Files\SweetIM\Messenger esources\images\NudgeButton.png C:\Program Files\SweetIM\Messenger esources\images\SoundFxButton.png C:\Program Files\SweetIM\Messenger esources\images\WinksButton.png C:\Program Files\SweetIM\Toolbars\Internet Explorer C:\Program Files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe C:\Program Files\SweetIM\Toolbars\Internet Explorer\conf C:\Program Files\SweetIM\Toolbars\Internet Explorer\default.xml C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll C:\Program Files\SweetIM\Toolbars\Internet Explorer\mghooking.dll C:\Program Files\SweetIM\Toolbars\Internet Explorer\mglogger.dll C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll C:\Program Files\SweetIM\Toolbars\Internet Explorer\msvcp71.dll C:\Program Files\SweetIM\Toolbars\Internet Explorer\msvcr71.dll C:\Program Files\SweetIM\Toolbars\Internet Explorer esources C:\Program Files\SweetIM\Toolbars\Internet Explorer\conf\logger.xml C:\Program Files\SweetIM\Toolbars\Internet Explorer esources\about.html C:\Program Files\SweetIM\Toolbars\Internet Explorer esources\affid.dat C:\Program Files\SweetIM\Toolbars\Internet Explorer esources\basis.xml C:\Program Files\SweetIM\Toolbars\Internet Explorer esources\clear-history.png C:\Program Files\SweetIM\Toolbars\Internet Explorer esources\content-notifier-anim-over.gif C:\Program Files\SweetIM\Toolbars\Internet Explorer esources\content-notifier-anim.gif C:\Program Files\SweetIM\Toolbars\Internet Explorer esources\content-notifier.js C:\Program Files\SweetIM\Toolbars\Internet Explorer esources\dating.png C:\Program Files\SweetIM\Toolbars\Internet Explorer esources\dictionary.png C:\Program Files\SweetIM\Toolbars\Internet Explorer esources\eye_icon.png C:\Program Files\SweetIM\Toolbars\Internet Explorer esources\eye_icon_over.png C:\Program Files\SweetIM\Toolbars\Internet Explorer esources\e_cards.png C:\Program Files\SweetIM\Toolbars\Internet Explorer esources\find.png C:\Program Files\SweetIM\Toolbars\Internet Explorer esources\free_stuff.png C:\Program Files\SweetIM\Toolbars\Internet Explorer esources\games.png C:\Program Files\SweetIM\Toolbars\Internet Explorer esources\glitter.png C:\Program Files\SweetIM\Toolbars\Internet Explorer esources\google.png C:\Program Files\SweetIM\Toolbars\Internet Explorer esources\help.png C:\Program Files\SweetIM\Toolbars\Internet Explorer esources\highlight.png C:\Program Files\SweetIM\Toolbars\Internet Explorer esources\live.png C:\Program Files\SweetIM\Toolbars\Internet Explorer esources\locales.xml C:\Program Files\SweetIM\Toolbars\Internet Explorer esources\logo_16x16.png C:\Program Files\SweetIM\Toolbars\Internet Explorer esources\logo_21x18.png C:\Program Files\SweetIM\Toolbars\Internet Explorer esources\logo_32x32.png C:\Program Files\SweetIM\Toolbars\Internet Explorer esources\logo_about.png C:\Program Files\SweetIM\Toolbars\Internet Explorer esources\more-search-providers.png C:\Program Files\SweetIM\Toolbars\Internet Explorer esources\music.png C:\Program Files\SweetIM\Toolbars\Internet Explorer esources ews.png C:\Program Files\SweetIM\Toolbars\Internet Explorer esources\photos.png C:\Program Files\SweetIM\Toolbars\Internet Explorer esources\search-current-site.png C:\Program Files\SweetIM\Toolbars\Internet Explorer esources\shopping.png C:\Program Files\SweetIM\Toolbars\Internet Explorer esources\SmileySmile.png C:\Program Files\SweetIM\Toolbars\Internet Explorer esources\SmileyWink.png C:\Program Files\SweetIM\Toolbars\Internet Explorer esources\sweetim_text.png C:\Program Files\SweetIM\Toolbars\Internet Explorer esources oolbar.xml C:\Program Files\SweetIM\Toolbars\Internet Explorer esources\version.txt C:\Program Files\SweetIM\Toolbars\Internet Explorer esources\video.png C:\Program Files\SweetIM\Toolbars\Internet Explorer esources\web-search.png C:\Program Files\SweetIM\Toolbars\Internet Explorer esources\yahoo.png /!\ NON SUPPRIMÉ: C:\Program Files\SweetIM C:\DOCUME~1\Emilien\APPLIC~1\Mozilla\Firefox\Profiles\hanfmlgr.default\searchplugins\sweetim.xml C:\WINDOWS\Installer\16266c.msi C:\WINDOWS\Installer\162671.msi C:\WINDOWS\Prefetch\SWEETIM.EXE-114201E6.pf (!) -- Fichiers temporaires supprimés. . ============== Scan additionnel ============== . . * Mozilla FireFox Version 3.0.13 * . Nom du profil: hanfmlgr.default (Emilien) . (Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.13"); . (prefs.js) EFFACÉ: user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&q="); (prefs.js) EFFACÉ: user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0"); (prefs.js) EFFACÉ: user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7"); (prefs.js) EFFACÉ: user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log"); (prefs.js) EFFACÉ: user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000"); (prefs.js) EFFACÉ: user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7"); (prefs.js) EFFACÉ: user_pref("sweetim.toolbar.mode.debug", "false"); (prefs.js) EFFACÉ: user_pref("sweetim.toolbar.previous.keyword.URL", "chrome://browser-region/locale/region.properties"); (prefs.js) EFFACÉ: user_pref("sweetim.toolbar.search.external", ""); (prefs.js) EFFACÉ: user_pref("sweetim.toolbar.search.history.capacity", "10"); (prefs.js) EFFACÉ: user_pref("sweetim.toolbar.simapp_id", "{4C89D670-552B-11DE-9A62-00235465FE47}"); (prefs.js) EFFACÉ: user_pref("sweetim.toolbar.version", "1.0.0.8"); . . * Internet Explorer Version 8.0.6001.18702 * . [HKEY_CURRENT_USER\..\Internet Explorer\Main] . Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896 Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome . [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main] . Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Search bar: hxxp://search.msn.com/spbasic.htm Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page: hxxp://fr.msn.com/ . [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS] . Tabs : res://ieframe.dll/tabswelcome.htm . =================================== . 29257 Octet(s) - C:\Ad-Report-CLEAN.log . 1 Fichier(s) - C:\DOCUME~1\Emilien\LOCALS~1\Temp 2 Fichier(s) - C:\WINDOWS\Temp . 19 Fichier(s) - C:\Program Files\Ad-remover\BACKUP 39 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE . Fin à: 7:55:21 | 25/08/2009 . ============== E.O.F ============== .

stylet26 · Answer

Voici le rapport de Malwarebytes:


Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2551
Windows 5.1.2600 Service Pack 3

25/08/2009 09:06:11
mbam-log-2009-08-25 (09-06-11).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 277809
Temps écoulé: 1 hour(s), 6 minute(s), 47 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 6

Processus mémoire infecté(s):
C:\Documents and Settings\All Users\Application Data\11266564\11266564.exe (Rogue.Multiple.H) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live-Player (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\11266564 (Rogue.Multiple.H) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\11266564 (Rogue.Multiple.H) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\11266564\11266564 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\11266564\11266564.exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\11266564\pc11266564ins (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Emilien\Mes documents
o limit megauploadouter\FRITZ!Box
c.exe (PuP.Keylogger) -> Quarantined and deleted successfully.
C:\Documents and Settings\Emilien\Mes documents\Programes\WRar380\WinRAR 3.80 Final\Patch 1.1 (ICU)\RAR Slayer v1.1 [v3.5+].exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Emilien\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.

stylet26 · Answer

Et voilà le rapport RSIT:


Logfile of random's system information tool 1.06 (written by random/random)
Run by Emilien at 2009-08-25 09:17:16
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 235 GB (50%) free of 473 GB
Total RAM: 3070 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:17:21, on 25/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Temp\wpv191250826839.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\All Users\Application Data\10716254\10716254.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Emilien\Bureau\RSIT.exe
C:\Documents and Settings\Emilien\Bureau\Emilien.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Shareware.Pro-FR Toolbar - {b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d} - C:\Program Files\Peer2Peer-FR	bPee1.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Shareware.Pro-FR Toolbar - {b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d} - C:\Program Files\Peer2Peer-FR	bPee1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [10716254] C:\Documents and Settings\All Users\Application Data\10716254\10716254.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe (User 'Default user')
O4 - Startup: ikowin32.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar	oolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Consulter les dictionnaires (SYSTRAN) - res://C:\Program Files\SYSTRAN\6\GUIres.dll/lookup.js
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Traduire (SYSTRAN) - res://C:\Program Files\SYSTRAN\6\GUIres.dll/translate.js
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

stylet26 · Answer

Et maintenant???

Albator · Answer

Procédure d'installation de la console. L'infection utilise des fichiers système de Windows (nfts.sys, beep.sys..) quel patch/modifie, pour réinstaller l'infection. Vous devez installer la console de récupération, avec lequel ComboFix utilisera les fichiers système nécessaire.. Télécharger "sur votre bureau" le fichier correspondant à votre version (familial ou pro) de windows: - Windows XP Édition familiale : http://www.microsoft.com/downloads/details.aspx?FamilyId=15491F07-99F7-4A2D-983D-81C2137FF464&displaylang=fr Ou - Windows XP Professionnel : http://www.microsoft.com/downloads/details.aspx?FamilyId=535D248D-5E10-49B5-B80C-0A0205368124&displaylang=fr ► Glisser le fichier téléchargé sur l'icône de Combofix.exe Telque sur l'image le montre : http://img.bleepingcomputer.com/combofix/usage/rc.gif _________________________________________________________________ Procédure de désinfection CFScript. • Sélectionnez le contenu de ce qu'ils y a entre les lignes pointillés = ========================================================= Driver:: i0iyas9gm.sys iuety7o54y02ma.sys npf.sys File:: c:\documents and settings\LocalService\Application Data\Microsoft akettuc.exe c:\documents and settings\LocalService\Application Data\Microsoft afa.exe c:\documents and settings\LocalService\Application Data\Microsoft\muquassouvoog.exe c:\documents and settings\All Users\Application Data\PKP_DLck.DAT c:\windows\Installer\2df277.msi C:\WINDOWS\sed.exe C:\WINDOWS\PEV.exe C:\WINDOWS\Setup1.exe C:\WINDOWS\NIRCMD.exe C:\Documents and Settings\All Users\Application Data\10716254\10716254.exe C:\Documents and Settings\Emilien\Menu Démarrer\Programmes\Démarrage\ikowin32.exe Folder:: c:\documents and settings\Emilien\Application Data\live-player C:\Documents and Settings\All Users\Application Data\10716254 C:\Program Files\SweetIM registry:: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "10716254"=- ========================================================= • Copiez le texte sélectionné (CTRL+C). • Ouvrez le Bloc-notes (Menu Démarrer -> Tout les programmes -> Accessoires ..). • Collez le texte copié dans ce Bloc-notes (CTRL+V). • Sauvegarder sur votre Bureau ce fichier sous le nom de CFScript.txt ► Désactiver votre antivirus et tout logiciels de protection. • Par un clic glisser/déposer le fichier CFScript.txt sur l’icône ComboFix sur votre Bureau. Telque sur cette image --> http://img530.imageshack.us/img530/204/cfscriptdd4.gif >> Un "pop-up" va apparaître qui dit que "la version ComboFix est utilisé à vos risques et avec aucune garantie..". • Acceptez en cliquant sur "Oui" >> Une fenêtre bleue va apparaître avec le message : Type 1 to continue, or 2 to abort , • Entrez 1 et validez. >> Patientez le temps du scan. <<< >> Le Bureau va disparaître à plusieurs reprises : c'est normal! >> Après le scan, il est possible que ComboFix ait besoin de redémarrer le PC, • Laissez-le aller. >> Une fois complèté, un rapport va s'afficher. ► Postez le contenu de ce rapport (C:\ComboFix.txt ). ► Réactiver votre antivirus et autre protection.

Total security virus! - Page 2

Discussions similaires

Newsletters