Sujet Précédent Sujet Suivant

Supprimer cheval de troie TR/Dropper Gen

Résolu/Fermé
virus44 Messages postés 16 Date d'inscription jeudi 5 novembre 2009 Statut Membre Dernière intervention 4 décembre 2009 - 5 nov. 2009 à 20:25
virus44 Messages postés 16 Date d'inscription jeudi 5 novembre 2009 Statut Membre Dernière intervention 4 décembre 2009 - 10 nov. 2009 à 14:26
Bonjour,


J'aimerai avoir de l'aide pour supprimer un cheval de troi (TR/Dropper.Gen) de mon pc,j'ai essayé avec malwarebyte's,avira en mode sans echec mais rien n'y fait il reviens toujours...


Merci d'avance pour votre aide

Voici mon rapport HiJackThis:





Logfile of random's system information tool 1.06 (written by random/random)
Run by vincent at 2009-11-05 20:20:19
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 12 GB (59%) free of 20 GB
Total RAM: 3327 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:20:27, on 05/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Avira\AntiVir Desktop\sched.exe
D:\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\DOCUME~1\vincent\APPLIC~1\MICROS~1\clipsrv.exe
D:\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RunDll32.exe
D:\i tunes\iTunesHelper.exe
D:\TrendMicro Scan\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\lclock.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\vincent\Mes documents\RSIT.exe
C:\Program Files\trend micro\vincent.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "D:\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "D:\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe" /S
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Adobe Reader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [iTunesHelper] "D:\i tunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\TrendMicro Scan\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.3; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://saison7.fighting-club.com/salle3d.asp?num=11"
O4 - HKLM\..\Policies\Explorer\Run: [ClipSrv] C:\DOCUME~1\vincent\APPLIC~1\MICROS~1\clipsrv.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Cisvc] C:\DOCUME~1\vincent\LOCALS~1\APPLIC~1\cisvc.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Spool] C:\DOCUME~1\vincent\LOCALS~1\Temp\spoolsv.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Spool] C:\DOCUME~1\vincent\LOCALS~1\Temp\spoolsv.exe /waitservice (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_A54B7D6FB1DA63EA.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\TrendMicro Scan\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\TrendMicro Scan\bin\npjpi150_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-beta/OnlineScanner.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - http://cainternetsecurity.net/scanner/cascanner.cab
O20 - AppInit_DLLs:
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\a-squared Free\a2service.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - D:\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
A voir également:

16 réponses

Réponse 1 / 16
Utilisateur anonyme
5 nov. 2009 à 20:35
/!\ A l'attention de ceux qui passent sur ce sujet /!\
Le logiciel qui suit n'est pas à utiliser à la légère et peut faire des dégâts s'il est mal utilisé ! Ne le faites que si un helpeur du forum qui connait bien cet outil vous l'a recommandé.

/!\ Désactive tous tes logiciels de protection /!\

• Télécharge combofix(de sUBs) sur ton Bureau.
• Double-clique sur ComboFix.exe afin de le lancer.
• Il va te demander d'installer la console de récupération : accepte. (important en cas de problème)
• Ne touche à rien pendant le scan.
• Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.
#Si combofix ne veut pas se lancer renommes le en ccm.exe et éxécutes le en mode sans échec .
Tutoriel officiel de Combofix : http://www.bleepingcomputer.com/combofix/fr/comment-utiliser¬-combofix
0
Réponse 2 / 16
virus44 Messages postés 16 Date d'inscription jeudi 5 novembre 2009 Statut Membre Dernière intervention 4 décembre 2009
5 nov. 2009 à 20:52
Bonsoir nanard4700

Voici mon rapport combofix:

Mon pc est il durement verolé?

ComboFix 09-11-05.01 - vincent 05/11/2009 20:46.1.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.3327.2600 [GMT 1:00]
Lancé depuis: c:\documents and settings\vincent\Mes documents\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\vincent\Application Data\Microsoft\clipsrv.exe
c:\documents and settings\vincent\Local Settings\Application Data\cisvc.exe
c:\windows\system32\msconfig.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-10-05 au 2009-11-05 ))))))))))))))))))))))))))))))))))))
.

2009-11-05 19:38 . 2009-11-05 19:38 117760 ----a-w- c:\documents and settings\vincent\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-05 19:37 . 2009-11-05 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-05 19:37 . 2009-11-05 19:37 -------- d-----w- c:\documents and settings\vincent\Application Data\SUPERAntiSpyware.com
2009-11-05 19:37 . 2009-11-05 19:37 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2009-11-05 16:11 . 2009-11-05 14:23 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-11-05 14:23 . 2009-11-05 16:11 -------- d-----w- c:\documents and settings\vincent\.housecall6.6
2009-11-05 14:18 . 2009-11-05 14:18 -------- d-----w- c:\windows\Sun
2009-11-05 14:17 . 2009-11-05 14:17 -------- d-----w- c:\program files\Fichiers communs\Java
2009-11-05 14:09 . 2009-11-05 14:09 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
2009-11-05 06:02 . 2009-11-05 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-04 16:13 . 2009-11-04 16:13 23 --sha-w- c:\windows\system32\edacded0_x.dat
2009-11-04 15:44 . 2009-11-04 15:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-04 14:10 . 2009-11-04 14:10 -------- d-----w- c:\documents and settings\vincent\Application Data\SFR
2009-11-04 13:45 . 2009-05-18 13:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-11-04 13:45 . 2008-04-17 12:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-11-04 01:21 . 2009-11-04 01:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky SDK
2009-11-04 01:14 . 2009-11-04 01:14 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-11-04 01:14 . 2009-10-17 00:39 72584 ----a-w- c:\windows\zllsputility.exe
2009-11-04 01:14 . 2009-10-12 17:15 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-11-04 01:13 . 2009-10-17 00:39 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-11-04 01:13 . 2009-10-17 00:39 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-11-04 01:13 . 2009-11-05 16:19 -------- d-----w- c:\windows\system32\ZoneLabs
2009-11-04 01:13 . 2009-10-17 00:39 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-11-04 01:12 . 2009-11-05 17:39 -------- d-----w- c:\windows\Internet Logs
2009-11-03 12:13 . 2009-11-03 12:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-11-03 12:13 . 2009-11-03 12:13 -------- d-----w- C:\ProgramData
2009-11-02 20:08 . 2009-11-02 20:08 -------- d-----w- c:\documents and settings\vincent\Application Data\Auslogics
2009-11-02 18:45 . 2009-11-05 19:20 -------- d-----w- c:\program files\trend micro
2009-11-02 18:45 . 2009-11-02 18:45 -------- d-----w- C:\rsit
2009-11-02 17:14 . 2001-08-23 16:47 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-11-02 17:14 . 2004-08-03 21:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-11-02 17:14 . 2004-08-19 15:09 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-11-02 16:54 . 2009-11-05 18:29 -------- d-----w- c:\documents and settings\vincent\Tracing
2009-11-02 16:46 . 2009-11-02 16:46 -------- d-----w- c:\program files\Microsoft
2009-11-02 16:46 . 2009-11-02 16:46 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-02 16:45 . 2009-11-02 16:46 -------- d-----w- c:\program files\Windows Live
2009-11-02 14:39 . 2009-11-02 14:39 -------- d-----w- c:\program files\iPod
2009-11-02 14:39 . 2009-11-02 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-02 14:39 . 2009-11-02 14:39 -------- d-----w- c:\program files\Bonjour
2009-11-02 14:39 . 2009-11-02 14:39 -------- d-----w- c:\program files\Apple Software Update
2009-11-02 14:39 . 2009-08-28 18:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-11-02 14:39 . 2009-08-28 18:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-11-02 14:38 . 2009-11-02 15:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-11-02 14:38 . 2009-11-02 14:39 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-11-02 00:28 . 2009-11-02 00:28 -------- d-----w- c:\documents and settings\vincent\Application Data\Malwarebytes
2009-11-02 00:27 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-02 00:27 . 2009-11-02 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-02 00:27 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-31 14:02 . 2009-11-05 17:38 -------- d-----w- c:\windows\BDOSCAN8
2009-10-31 13:26 . 2009-10-31 13:26 -------- d-----r- c:\documents and settings\NetworkService\Favoris
2009-10-30 15:46 . 2009-10-30 15:46 -------- d-----w- c:\documents and settings\vincent\Local Settings\Application Data\Fallout3
2009-10-30 15:35 . 2008-09-18 19:07 121064 ------r- c:\documents and settings\All Users\Application Data\Fallout3\setup.exe
2009-10-30 15:35 . 2009-10-30 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Fallout3
2009-10-29 23:39 . 2009-11-02 19:51 -------- d-----w- c:\documents and settings\vincent\Local Settings\Application Data\VirtuaTennis2009
2009-10-29 23:37 . 2009-03-09 14:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-10-29 23:37 . 2009-03-09 14:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-10-29 23:37 . 2009-03-16 13:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-10-29 23:37 . 2009-03-16 13:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-10-29 23:37 . 2009-03-16 13:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-10-29 23:37 . 2009-03-16 13:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-10-29 23:37 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-10-29 17:18 . 2009-10-29 17:18 -------- d-----w- c:\program files\SystemRequirementsLab
2009-10-28 19:58 . 2009-10-28 19:58 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-27 21:20 . 2009-10-27 21:20 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-10-27 21:20 . 2009-10-27 21:20 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-27 19:58 . 2009-10-27 19:58 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-10-27 15:52 . 2009-10-28 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\F4
2009-10-27 15:49 . 2009-10-27 15:49 -------- d-----w- c:\documents and settings\vincent\Application Data\F4
2009-10-27 13:41 . 2009-11-04 15:58 -------- d-----w- c:\documents and settings\vincent\Local Settings\Application Data\Unity
2009-10-27 13:40 . 2009-10-27 13:52 -------- d-----w- c:\windows\system32\Adobe
2009-10-27 02:00 . 2009-10-27 02:00 -------- d-----w- c:\windows\system32\KB905474
2009-10-27 02:00 . 2009-03-10 21:26 1438080 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-10-27 02:00 . 2009-03-10 21:18 454024 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2009-10-27 01:13 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-10-27 01:13 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-10-26 20:07 . 2008-11-13 14:17 177664 ------w- c:\windows\system32\dllcache\wintrust.dll
2009-10-26 20:07 . 2008-11-13 14:17 605696 ------w- c:\windows\system32\dllcache\crypt32.dll
2009-10-26 16:51 . 2009-10-26 16:51 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-10-26 16:51 . 2009-10-26 16:51 -------- d-----w- c:\windows\system32\xlive
2009-10-26 12:26 . 2009-10-26 12:26 -------- d-----w- c:\documents and settings\vincent\Local Settings\Application Data\Monte Cristo
2009-10-25 22:33 . 2009-10-25 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-10-25 22:31 . 2009-09-25 15:35 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-10-25 22:31 . 2009-10-25 22:32 -------- d-----w- c:\program files\ATI Technologies
2009-10-25 21:53 . 2009-10-25 21:54 63488 ----a-w- c:\windows\xobglu16.dll
2009-10-25 21:53 . 2009-10-25 21:54 38466 ----a-w- c:\windows\xobglu32.dll
2009-10-25 21:42 . 1996-10-14 00:24 131917 ----a-w- c:\windows\unstall.exe
2009-10-25 13:19 . 2009-10-25 13:19 -------- d-----w- c:\program files\Fichiers communs\DirectX
2009-10-25 13:15 . 2009-10-25 13:15 -------- d-----w- c:\windows\Logs
2009-10-24 00:46 . 2009-10-24 00:46 -------- d-----w- c:\documents and settings\All Users\Application Data\SimCity Societies
2009-10-23 19:45 . 2006-01-03 04:07 61440 ----a-w- c:\windows\system\cmsnxeye.exe
2009-10-23 19:45 . 2005-12-21 06:41 253952 ----a-w- c:\windows\system32\cmdrvrmu.exe
2009-10-23 19:45 . 2005-03-07 06:29 45056 ----a-w- c:\windows\system32\cmdrvrmu.dll
2009-10-23 19:45 . 2004-02-18 06:19 16384 ----a-w- c:\windows\system32\cmpropu.dll
2009-10-23 19:45 . 2004-02-13 07:39 98304 ----a-w- c:\windows\system32\cmudau.dll
2009-10-23 19:45 . 2002-04-29 07:04 917504 ----a-w- c:\windows\system\cmds3du.dll
2009-10-23 19:45 . 2001-11-23 04:08 712704 ----a-w- c:\windows\system32\a3dpropu.dll
2009-10-23 19:45 . 2009-10-23 19:45 -------- d-----w- c:\program files\Speed Link
2009-10-23 11:12 . 2006-03-24 03:30 1414528 ----a-w- c:\windows\system32\drivers\cmudaxu.sys
2009-10-22 18:41 . 2008-10-15 10:49 53618 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\CONFIG\AVWIN.INIaebb.dll
2009-10-22 17:15 . 2009-10-22 17:15 -------- d-----w- c:\windows\UbiSoft
2009-10-22 16:00 . 2009-10-22 16:00 -------- d-----w- c:\documents and settings\vincent\Application Data\DeepBurner
2009-10-21 18:58 . 2001-08-23 15:47 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-10-21 18:58 . 2001-08-23 15:47 8192 ----a-w- c:\windows\system32\kbdkor.dll
2009-10-21 18:58 . 2001-08-17 20:55 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-10-21 18:58 . 2001-08-17 20:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2009-10-21 18:58 . 2001-08-17 20:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2009-10-21 18:58 . 2001-08-17 20:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2009-10-21 18:16 . 2009-10-02 22:15 483707 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescript.dll
2009-10-21 18:16 . 2009-09-15 15:58 106867 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aevdf.dll
2009-10-21 18:16 . 2009-09-03 15:24 127346 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescn.dll
2009-10-21 18:16 . 2009-10-07 21:27 2011511 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeheur.dll
2009-10-21 18:16 . 2009-10-02 22:15 479604 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aerdl.dll
2009-10-21 18:16 . 2009-10-02 22:15 393587 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeemu.dll
2009-10-21 18:16 . 2009-10-02 22:15 364916 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aegen.dll
2009-10-21 18:16 . 2009-09-15 15:58 422261 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aepack.dll
2009-10-21 18:16 . 2009-09-15 15:57 184693 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aecore.dll
2009-10-21 18:16 . 2009-09-03 15:24 237940 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aehelp.dll
2009-10-21 18:16 . 2009-06-17 14:32 196987 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeoffice.dll
2009-10-21 18:16 . 2008-10-15 10:49 53618 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aebb.dll
2009-10-21 18:06 . 2009-10-21 18:06 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-10-21 18:06 . 2009-10-21 18:06 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-10-21 18:02 . 2009-10-21 18:02 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-21 18:02 . 2009-10-21 18:11 -------- d-----w- c:\documents and settings\vincent\Application Data\DAEMON Tools Lite
2009-10-21 14:53 . 2009-10-21 14:53 -------- d-----w- c:\windows\system32\Lang
2009-10-21 13:41 . 2009-10-21 13:41 664 ----a-w- c:\windows\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-05 17:26 . 2001-08-28 18:00 93408 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-05 17:26 . 2001-08-28 18:00 532828 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-05 15:00 . 2009-06-11 10:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-02 16:54 . 2009-06-11 17:35 12912 ----a-w- c:\documents and settings\vincent\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-28 19:04 . 2009-11-04 17:40 89600 ----a-w- c:\windows\system32\drivers\clipsrv.exe.vzr
2009-10-22 02:53 . 2009-06-11 14:20 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-10-21 13:27 . 2009-06-11 00:39 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2009-09-23 22:59 . 2009-09-23 22:59 4481024 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-09-23 22:39 . 2009-09-23 22:39 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-09-23 22:38 . 2009-09-23 22:38 299520 ----a-w- c:\windows\system32\ati2dvag.dll
2009-09-23 22:21 . 2009-09-23 22:21 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-09-23 22:21 . 2009-09-23 22:21 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-09-23 22:21 . 2009-09-23 22:21 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-09-23 22:20 . 2009-09-23 22:20 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-09-23 22:20 . 2009-09-23 22:20 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-09-23 22:19 . 2009-09-23 22:19 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-09-23 22:17 . 2009-09-23 22:17 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-09-23 22:11 . 2009-09-23 22:11 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-09-23 22:09 . 2009-09-23 22:09 3506080 ----a-w- c:\windows\system32\ati3duag.dll
2009-09-23 21:58 . 2009-09-23 21:58 12644352 ----a-w- c:\windows\system32\atioglxx.dll
2009-09-23 21:53 . 2009-09-23 21:53 2096384 ----a-w- c:\windows\system32\ativvaxx.dll
2009-09-23 21:53 . 2009-09-23 21:53 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-09-23 21:53 . 2009-09-23 21:53 3 ----a-w- c:\windows\system32\ativva5x.dat
2009-09-23 21:36 . 2009-09-23 21:36 65024 ----a-w- c:\windows\system32\atimpc32.dll
2009-09-23 21:36 . 2009-09-23 21:36 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2009-09-23 21:32 . 2009-09-23 21:32 561152 ----a-w- c:\windows\system32\atikvmag.dll
2009-09-23 21:31 . 2009-09-23 21:31 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-09-23 21:31 . 2009-09-23 21:31 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-09-23 21:30 . 2009-09-23 21:30 167936 ----a-w- c:\windows\system32\atiadlxx.dll
2009-09-23 21:29 . 2009-09-23 21:29 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-09-23 21:29 . 2009-09-23 21:29 3489792 ----a-w- c:\windows\system32\aticaldd.dll
2009-09-23 21:28 . 2009-09-23 21:28 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-09-23 21:27 . 2009-09-23 21:27 401408 ----a-w- c:\windows\system32\atiok3x2.dll
2009-09-23 21:23 . 2009-09-23 21:23 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2009-09-16 16:23 . 2009-09-16 16:23 491192 ----a-w- c:\documents and settings\All Users\Application Data\F4\EoS-Launcher.exe
2009-09-11 14:12 . 2004-08-19 20:09 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:46 . 2004-08-19 20:09 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-01 19:55 . 2009-09-01 19:55 195855 ----a-w- c:\windows\system32\atiicdxx.dat
2009-08-29 07:56 . 2007-04-18 14:32 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 13:04 . 2009-06-14 14:04 53248 ----a-w- c:\windows\system32\CSVer.dll
2009-08-26 08:15 . 2007-07-16 14:27 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-10 09:01 . 2009-08-10 09:01 21712 ----a-w- c:\documents and settings\All Users\Application Data\F4\IHelper.exe
.

------- Sigcheck -------

[-] 2007-07-18 . FA7C7C2B461130A792ADF6A28F1D652B . 506368 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2004-11-28 18:36 . AB3D62010AF342203FFA60C2D94DBC68 . 8704 . . [1] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-16 39408]
"SpybotSD TeaTimer"="d:\spybot - search & destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="d:\super anti spy ware\SUPERAntiSpyware.exe" [2009-10-12 2000112]
"LClock"="lclock.exe" - c:\windows\LClock.exe [2004-12-08 65536]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="d:\quicktime\qttask.exe" [2009-09-04 417792]
"avgnt"="d:\avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RivaTunerStartupDaemon"="d:\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTuner.exe" [2009-08-22 2781184]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-10-16 122880]
"Adobe Reader Speed Launcher"="d:\adobe reader\Reader\Reader_sl.exe" [2008-10-14 39792]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-25 98304]
"Malwarebytes Anti-Malware (reboot)"="d:\malwarebytes' anti-malware\mbam.exe" [2009-09-10 1312080]
"iTunesHelper"="d:\i tunes\iTunesHelper.exe" [2009-10-28 141600]
"ZoneAlarm Client"="d:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-10-17 1037192]
"SunJavaUpdateSched"="d:\trendmicro scan\bin\jusched.exe" [2005-04-13 36975]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-03 16876032]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"LSD_III"="c:\windows\LSD\end.cmd" [2007-08-07 2336]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\super anti spy ware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- d:\super anti spy ware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\COH\\RelicCOH.exe"=
"e:\\COH\\RelicDownloader\\RelicDownloader.exe"=
"e:\\Empire of Sports\\NetworkDiagnostic.exe"=
"e:\\Empire of Sports\\EmpireOfSports.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\mirrors\\Binaries\\MirrorsEdge.exe"=

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [20/03/2009 04:53 154664]
R1 SASDIFSV;SASDIFSV;d:\super anti spy ware\sasdifsv.sys [12/10/2009 21:24 9968]
R1 SASKUTIL;SASKUTIL;d:\super anti spy ware\SASKUTIL.SYS [12/10/2009 21:24 74480]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;d:\avira\AntiVir Desktop\sched.exe [15/10/2009 22:18 108289]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [19/10/2009 14:21 39424]
R3 SASENUM;SASENUM;d:\super anti spy ware\SASENUM.SYS [12/10/2009 21:24 7408]
S3 cmudau32;C-Media USB UDA Sound Interface;c:\windows\system32\drivers\cmudaxu.sys [23/10/2009 12:12 1414528]
S3 cpuz130;cpuz130;\??\c:\docume~1\vincent\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\vincent\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;d:\everest ultimate edition\kerneld.wnt [15/10/2009 22:50 27248]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [23/09/2009 13:50 238960]
S3 PciCon;PciCon;\??\g:\pcicon.sys --> g:\PciCon.sys [?]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*NewlyCreated* - SASDIFSV
*NewlyCreated* - SASENUM
*NewlyCreated* - SASKUTIL
*Deregistered* - cpuz132
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contenu du dossier 'Tâches planifiées'

2009-11-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-11-04 c:\windows\Tasks\User_Feed_Synchronization-{1F94FC4D-EFF2-436B-8DD2-2E15FEF24212}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]

2009-11-02 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-10-27 21:18]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_A54B7D6FB1DA63EA.dll/cmsidewiki.html
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-CmUsbSound - cmcnfgu.cpl
HKLM-Explorer_Run-ClipSrv - c:\docume~1\vincent\APPLIC~1\MICROS~1\clipsrv.exe
HKCU-Explorer_Run-Cisvc - c:\docume~1\vincent\LOCALS~1\APPLIC~1\cisvc.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-05 20:49
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: NTKRNLMP.EXE catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AC311F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x8ac311f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\d:\everest ultimate edition\kerneld.wnt"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(804)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-11-05 20:50
ComboFix-quarantined-files.txt 2009-11-05 19:50

Avant-CF: 12 115 566 592 octets libres
Après-CF: 12 149 043 200 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect /kernel=ntkrnlmp.exe

- - End Of File - - B19FC730017680016EAE6800D7B76BC7
0
Réponse 3 / 16
Utilisateur anonyme
5 nov. 2009 à 21:07
Oui il est bien vérolé .

* Télécharge mbr.exe de Gmer ici : http://www2.gmer.net/mbr/mbr.exe et enregistre le fichier sur le Bureau.
* Merci à Malekal pour le tutoriel
* Désactive tes protections et coupe la connexion. (Antivirus et antispywares, HIPS et autre résident)
* Double clique sur mbr.exe
* Un rapport sera généré : mbr.log
* En cas d'infection, ce message "MBR rootkit code detected" va apparaitre.
* Pour supprimer le rootkit aller dans le menu Démarrer=> Exécuter et tapez la commande : "%userprofile%\Bureau\mbr" -f
* (veuillez à bien respecter les guillemets)
* Dans le mbr.log cette ligne apparaitra "original MBR restored successfully !"
* Réactive tes protections .Poste ce rapport et supprime le ensuite.

o Pour vérifier désactive tes protections et coupe la connexion. (Antivirus et antispywares, HIPS et autre résident)
o Relance mbr.exe
o Réactive tes protections.
o Le nouveau mbr.log devrait être celui-ci :
o Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net
o device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
0
Réponse 4 / 16
virus44
6 nov. 2009 à 00:23
Rebonsoir nanard

Apparament mbr na rien trouvé,donc je n'ai pas eu a faire la manip: * Pour supprimer le rootkit aller dans le menu Démarrer=> Exécuter et tapez la commande : "%userprofile%\Bureau\mbr" -f


Voici le rapport:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 16
Utilisateur anonyme
6 nov. 2009 à 12:41
/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour virus44, il n'est pas transposable sur un autre ordinateur !
• Télécharge ce dossier virus44.zip
• Fais un clic-droit dessus --> Extraire tout --> choisis le Bureau comme destination
• Un autre dossier va apparaitre, prends le fichier CFScript.txt qui se trouve à l'intérieur et place le sur le Bureau et pas ailleurs.
• Désactive tes logiciels de protection
• Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier Combofix.exe
comme ceci :http://img155.imageshack.us/img155/4837/cfscriptop0.gif
• Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici → C:\ComboFix.txt

0
Réponse 6 / 16
virus44 Messages postés 16 Date d'inscription jeudi 5 novembre 2009 Statut Membre Dernière intervention 4 décembre 2009
6 nov. 2009 à 14:10
Bonjour Nanard

En ce qui concerne la manip glisser/déposer ce fichier CFScript.txt sur le fichier Combofix.exe,j'ai fais un copier coller j'éspère qu'il s'agit de la bonne manip..?

Voici le rapport:



ComboFix 09-11-05.01 - vincent 06/11/2009 14:02.2.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.3327.2607 [GMT 1:00]
Lancé depuis: c:\documents and settings\vincent\Mes documents\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\vincent\Bureau\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"c:\program files\DAEMON Tools Toolbar"
"c:\windows\system32\edacded0_x.dat"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\edacded0_x.dat

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-10-06 au 2009-11-06 ))))))))))))))))))))))))))))))))))))
.

2009-11-06 01:42 . 2009-11-06 01:42 -------- d-----w- c:\documents and settings\vincent\Local Settings\Application Data\F4
2009-11-05 19:38 . 2009-11-05 23:36 117760 ----a-w- c:\documents and settings\vincent\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-05 19:37 . 2009-11-05 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-05 19:37 . 2009-11-05 19:37 -------- d-----w- c:\documents and settings\vincent\Application Data\SUPERAntiSpyware.com
2009-11-05 19:37 . 2009-11-05 19:37 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2009-11-05 16:11 . 2009-11-05 14:23 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-11-05 14:23 . 2009-11-05 16:11 -------- d-----w- c:\documents and settings\vincent\.housecall6.6
2009-11-05 14:18 . 2009-11-05 14:18 -------- d-----w- c:\windows\Sun
2009-11-05 14:17 . 2009-11-05 14:17 -------- d-----w- c:\program files\Fichiers communs\Java
2009-11-05 14:09 . 2009-11-05 14:09 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
2009-11-05 06:02 . 2009-11-05 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-04 15:44 . 2009-11-04 15:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-04 14:10 . 2009-11-04 14:10 -------- d-----w- c:\documents and settings\vincent\Application Data\SFR
2009-11-04 13:45 . 2009-05-18 13:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-11-04 13:45 . 2008-04-17 12:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-11-04 01:21 . 2009-11-04 01:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky SDK
2009-11-04 01:14 . 2009-11-04 01:14 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-11-04 01:14 . 2009-10-17 00:39 72584 ----a-w- c:\windows\zllsputility.exe
2009-11-04 01:14 . 2009-10-12 17:15 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-11-04 01:13 . 2009-10-17 00:39 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-11-04 01:13 . 2009-10-17 00:39 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-11-04 01:13 . 2009-11-05 16:19 -------- d-----w- c:\windows\system32\ZoneLabs
2009-11-04 01:13 . 2009-10-17 00:39 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-11-04 01:12 . 2009-11-05 23:39 -------- d-----w- c:\windows\Internet Logs
2009-11-03 12:13 . 2009-11-03 12:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-11-03 12:13 . 2009-11-03 12:13 -------- d-----w- C:\ProgramData
2009-11-02 20:08 . 2009-11-02 20:08 -------- d-----w- c:\documents and settings\vincent\Application Data\Auslogics
2009-11-02 18:45 . 2009-11-05 19:20 -------- d-----w- c:\program files\trend micro
2009-11-02 18:45 . 2009-11-02 18:45 -------- d-----w- C:\rsit
2009-11-02 17:14 . 2001-08-23 16:47 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-11-02 17:14 . 2004-08-03 21:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-11-02 17:14 . 2004-08-19 15:09 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-11-02 16:54 . 2009-11-06 01:33 -------- d-----w- c:\documents and settings\vincent\Tracing
2009-11-02 16:46 . 2009-11-02 16:46 -------- d-----w- c:\program files\Microsoft
2009-11-02 16:46 . 2009-11-02 16:46 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-02 16:45 . 2009-11-02 16:46 -------- d-----w- c:\program files\Windows Live
2009-11-02 14:39 . 2009-11-02 14:39 -------- d-----w- c:\program files\iPod
2009-11-02 14:39 . 2009-11-02 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-02 14:39 . 2009-11-02 14:39 -------- d-----w- c:\program files\Bonjour
2009-11-02 14:39 . 2009-11-02 14:39 -------- d-----w- c:\program files\Apple Software Update
2009-11-02 14:39 . 2009-08-28 18:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-11-02 14:39 . 2009-08-28 18:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-11-02 14:38 . 2009-11-02 15:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-11-02 14:38 . 2009-11-02 14:39 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-11-02 00:28 . 2009-11-02 00:28 -------- d-----w- c:\documents and settings\vincent\Application Data\Malwarebytes
2009-11-02 00:27 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-02 00:27 . 2009-11-02 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-02 00:27 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-31 14:02 . 2009-11-05 17:38 -------- d-----w- c:\windows\BDOSCAN8
2009-10-31 13:26 . 2009-10-31 13:26 -------- d-----r- c:\documents and settings\NetworkService\Favoris
2009-10-30 15:46 . 2009-10-30 15:46 -------- d-----w- c:\documents and settings\vincent\Local Settings\Application Data\Fallout3
2009-10-30 15:35 . 2008-09-18 19:07 121064 ------r- c:\documents and settings\All Users\Application Data\Fallout3\setup.exe
2009-10-30 15:35 . 2009-10-30 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Fallout3
2009-10-29 23:39 . 2009-11-02 19:51 -------- d-----w- c:\documents and settings\vincent\Local Settings\Application Data\VirtuaTennis2009
2009-10-29 23:37 . 2009-03-09 14:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-10-29 23:37 . 2009-03-09 14:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-10-29 23:37 . 2009-03-16 13:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-10-29 23:37 . 2009-03-16 13:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-10-29 23:37 . 2009-03-16 13:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-10-29 23:37 . 2009-03-16 13:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-10-29 23:37 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-10-29 17:18 . 2009-10-29 17:18 -------- d-----w- c:\program files\SystemRequirementsLab
2009-10-28 19:58 . 2009-10-28 19:58 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-27 21:20 . 2009-10-27 21:20 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-10-27 21:20 . 2009-10-27 21:20 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-27 19:58 . 2009-10-27 19:58 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-10-27 15:52 . 2009-10-28 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\F4
2009-10-27 15:49 . 2009-10-27 15:49 -------- d-----w- c:\documents and settings\vincent\Application Data\F4
2009-10-27 13:41 . 2009-11-04 15:58 -------- d-----w- c:\documents and settings\vincent\Local Settings\Application Data\Unity
2009-10-27 13:40 . 2009-10-27 13:52 -------- d-----w- c:\windows\system32\Adobe
2009-10-27 02:00 . 2009-10-27 02:00 -------- d-----w- c:\windows\system32\KB905474
2009-10-27 02:00 . 2009-03-10 21:26 1438080 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-10-27 02:00 . 2009-03-10 21:18 454024 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2009-10-27 01:13 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-10-27 01:13 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-10-26 20:07 . 2008-11-13 14:17 177664 ------w- c:\windows\system32\dllcache\wintrust.dll
2009-10-26 20:07 . 2008-11-13 14:17 605696 ------w- c:\windows\system32\dllcache\crypt32.dll
2009-10-26 16:51 . 2009-10-26 16:51 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-10-26 16:51 . 2009-10-26 16:51 -------- d-----w- c:\windows\system32\xlive
2009-10-26 12:26 . 2009-10-26 12:26 -------- d-----w- c:\documents and settings\vincent\Local Settings\Application Data\Monte Cristo
2009-10-25 22:33 . 2009-10-25 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-10-25 22:31 . 2009-09-25 15:35 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-10-25 22:31 . 2009-10-25 22:32 -------- d-----w- c:\program files\ATI Technologies
2009-10-25 21:53 . 2009-10-25 21:54 63488 ----a-w- c:\windows\xobglu16.dll
2009-10-25 21:53 . 2009-10-25 21:54 38466 ----a-w- c:\windows\xobglu32.dll
2009-10-25 21:42 . 1996-10-14 00:24 131917 ----a-w- c:\windows\unstall.exe
2009-10-25 13:19 . 2009-10-25 13:19 -------- d-----w- c:\program files\Fichiers communs\DirectX
2009-10-25 13:15 . 2009-10-25 13:15 -------- d-----w- c:\windows\Logs
2009-10-24 00:46 . 2009-10-24 00:46 -------- d-----w- c:\documents and settings\All Users\Application Data\SimCity Societies
2009-10-23 19:45 . 2006-01-03 04:07 61440 ----a-w- c:\windows\system\cmsnxeye.exe
2009-10-23 19:45 . 2005-12-21 06:41 253952 ----a-w- c:\windows\system32\cmdrvrmu.exe
2009-10-23 19:45 . 2005-03-07 06:29 45056 ----a-w- c:\windows\system32\cmdrvrmu.dll
2009-10-23 19:45 . 2004-02-18 06:19 16384 ----a-w- c:\windows\system32\cmpropu.dll
2009-10-23 19:45 . 2004-02-13 07:39 98304 ----a-w- c:\windows\system32\cmudau.dll
2009-10-23 19:45 . 2002-04-29 07:04 917504 ----a-w- c:\windows\system\cmds3du.dll
2009-10-23 19:45 . 2001-11-23 04:08 712704 ----a-w- c:\windows\system32\a3dpropu.dll
2009-10-23 19:45 . 2009-10-23 19:45 -------- d-----w- c:\program files\Speed Link
2009-10-23 11:12 . 2006-03-24 03:30 1414528 ----a-w- c:\windows\system32\drivers\cmudaxu.sys
2009-10-22 18:41 . 2008-10-15 10:49 53618 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\CONFIG\AVWIN.INIaebb.dll
2009-10-22 17:15 . 2009-10-22 17:15 -------- d-----w- c:\windows\UbiSoft
2009-10-22 16:00 . 2009-10-22 16:00 -------- d-----w- c:\documents and settings\vincent\Application Data\DeepBurner
2009-10-21 18:58 . 2001-08-23 15:47 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-10-21 18:58 . 2001-08-23 15:47 8192 ----a-w- c:\windows\system32\kbdkor.dll
2009-10-21 18:58 . 2001-08-17 20:55 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-10-21 18:58 . 2001-08-17 20:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2009-10-21 18:58 . 2001-08-17 20:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2009-10-21 18:58 . 2001-08-17 20:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2009-10-21 18:16 . 2009-10-02 22:15 483707 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescript.dll
2009-10-21 18:16 . 2009-09-15 15:58 106867 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aevdf.dll
2009-10-21 18:16 . 2009-09-03 15:24 127346 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescn.dll
2009-10-21 18:16 . 2009-10-07 21:27 2011511 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeheur.dll
2009-10-21 18:16 . 2009-10-02 22:15 479604 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aerdl.dll
2009-10-21 18:16 . 2009-10-02 22:15 393587 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeemu.dll
2009-10-21 18:16 . 2009-10-02 22:15 364916 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aegen.dll
2009-10-21 18:16 . 2009-09-15 15:58 422261 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aepack.dll
2009-10-21 18:16 . 2009-09-15 15:57 184693 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aecore.dll
2009-10-21 18:16 . 2009-09-03 15:24 237940 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aehelp.dll
2009-10-21 18:16 . 2009-06-17 14:32 196987 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeoffice.dll
2009-10-21 18:16 . 2008-10-15 10:49 53618 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aebb.dll
2009-10-21 18:06 . 2009-10-21 18:06 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-10-21 18:06 . 2009-10-21 18:06 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-10-21 18:02 . 2009-10-21 18:02 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-21 18:02 . 2009-10-21 18:11 -------- d-----w- c:\documents and settings\vincent\Application Data\DAEMON Tools Lite
2009-10-21 14:53 . 2009-10-21 14:53 -------- d-----w- c:\windows\system32\Lang
2009-10-21 13:41 . 2009-10-21 13:41 664 ----a-w- c:\windows\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-05 17:26 . 2001-08-28 18:00 93408 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-05 17:26 . 2001-08-28 18:00 532828 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-05 15:00 . 2009-06-11 10:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-02 16:54 . 2009-06-11 17:35 12912 ----a-w- c:\documents and settings\vincent\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-28 19:04 . 2009-11-04 17:40 89600 ----a-w- c:\windows\system32\drivers\clipsrv.exe.vzr
2009-10-22 02:53 . 2009-06-11 14:20 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-10-21 13:27 . 2009-06-11 00:39 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2009-09-23 22:59 . 2009-09-23 22:59 4481024 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-09-23 22:39 . 2009-09-23 22:39 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-09-23 22:38 . 2009-09-23 22:38 299520 ----a-w- c:\windows\system32\ati2dvag.dll
2009-09-23 22:21 . 2009-09-23 22:21 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-09-23 22:21 . 2009-09-23 22:21 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-09-23 22:21 . 2009-09-23 22:21 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-09-23 22:20 . 2009-09-23 22:20 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-09-23 22:20 . 2009-09-23 22:20 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-09-23 22:19 . 2009-09-23 22:19 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-09-23 22:17 . 2009-09-23 22:17 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-09-23 22:11 . 2009-09-23 22:11 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-09-23 22:09 . 2009-09-23 22:09 3506080 ----a-w- c:\windows\system32\ati3duag.dll
2009-09-23 21:58 . 2009-09-23 21:58 12644352 ----a-w- c:\windows\system32\atioglxx.dll
2009-09-23 21:53 . 2009-09-23 21:53 2096384 ----a-w- c:\windows\system32\ativvaxx.dll
2009-09-23 21:53 . 2009-09-23 21:53 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-09-23 21:53 . 2009-09-23 21:53 3 ----a-w- c:\windows\system32\ativva5x.dat
2009-09-23 21:36 . 2009-09-23 21:36 65024 ----a-w- c:\windows\system32\atimpc32.dll
2009-09-23 21:36 . 2009-09-23 21:36 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2009-09-23 21:32 . 2009-09-23 21:32 561152 ----a-w- c:\windows\system32\atikvmag.dll
2009-09-23 21:31 . 2009-09-23 21:31 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-09-23 21:31 . 2009-09-23 21:31 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-09-23 21:30 . 2009-09-23 21:30 167936 ----a-w- c:\windows\system32\atiadlxx.dll
2009-09-23 21:29 . 2009-09-23 21:29 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-09-23 21:29 . 2009-09-23 21:29 3489792 ----a-w- c:\windows\system32\aticaldd.dll
2009-09-23 21:28 . 2009-09-23 21:28 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-09-23 21:27 . 2009-09-23 21:27 401408 ----a-w- c:\windows\system32\atiok3x2.dll
2009-09-23 21:23 . 2009-09-23 21:23 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2009-09-16 16:23 . 2009-09-16 16:23 491192 ----a-w- c:\documents and settings\All Users\Application Data\F4\EoS-Launcher.exe
2009-09-11 14:12 . 2004-08-19 20:09 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:46 . 2004-08-19 20:09 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-01 19:55 . 2009-09-01 19:55 195855 ----a-w- c:\windows\system32\atiicdxx.dat
2009-08-29 07:56 . 2007-04-18 14:32 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 13:04 . 2009-06-14 14:04 53248 ----a-w- c:\windows\system32\CSVer.dll
2009-08-26 08:15 . 2007-07-16 14:27 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-10 09:01 . 2009-08-10 09:01 21712 ----a-w- c:\documents and settings\All Users\Application Data\F4\IHelper.exe
.

------- Sigcheck -------

[-] 2007-07-18 . FA7C7C2B461130A792ADF6A28F1D652B . 506368 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2004-11-28 18:36 . AB3D62010AF342203FFA60C2D94DBC68 . 8704 . . [1] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-11-05_19.49.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-05 23:25 . 2009-11-05 23:25 37558 c:\windows\system32\ZoneLabs\avsys\temp\update\rollback\bases\wmuf\wmuf0008.dat
+ 2009-11-05 23:25 . 2009-11-05 23:25 51228 c:\windows\system32\ZoneLabs\avsys\temp\update\rollback\bases\blst\bl0014.dat
+ 2009-11-05 23:25 . 2009-11-05 23:25 55015 c:\windows\system32\ZoneLabs\avsys\temp\update\rollback\bases\apu\apu0002.dat
+ 2009-11-04 01:25 . 2009-11-05 23:25 37714 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\wmuf\wmuf0008.dat
+ 2009-11-04 01:22 . 2009-11-05 23:24 51225 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\blst\bl0014.dat
+ 2009-11-04 01:22 . 2009-11-05 23:24 55360 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\apu\apu0002.dat
+ 2009-11-04 01:25 . 2009-11-05 23:25 37714 c:\windows\system32\ZoneLabs\avsys\bases\wmuf0008.dat
+ 2009-11-04 01:25 . 2009-11-05 23:25 51225 c:\windows\system32\ZoneLabs\avsys\bases\bl0014.dat
+ 2009-11-04 01:13 . 2009-11-05 23:25 55360 c:\windows\system32\ZoneLabs\avsys\bases\apu0002.dat
+ 2009-11-05 23:25 . 2009-11-05 23:25 5505 c:\windows\system32\ZoneLabs\avsys\temp\update\rollback\bases\wmuf\wmuf0000.dat
+ 2009-11-05 23:25 . 2009-11-05 23:25 8624 c:\windows\system32\ZoneLabs\avsys\temp\update\rollback\bases\apu\apu0003.dat
+ 2009-11-04 01:25 . 2009-11-05 23:25 5513 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\wmuf\wmuf0000.dat
+ 2009-11-04 01:22 . 2009-11-05 23:25 8020 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\apu\apu0003.dat
+ 2009-11-04 01:13 . 2009-11-05 23:25 5513 c:\windows\system32\ZoneLabs\avsys\bases\wmuf0000.dat
+ 2009-11-04 01:13 . 2009-11-05 23:25 8020 c:\windows\system32\ZoneLabs\avsys\bases\apu0003.dat
+ 2009-10-22 02:53 . 2009-11-06 02:12 295606 c:\windows\Installer\{AC76BA86-7AD7-1036-7B44-A81300000003}\SC_Reader.exe
- 2009-10-22 02:53 . 2009-10-30 16:13 295606 c:\windows\Installer\{AC76BA86-7AD7-1036-7B44-A81300000003}\SC_Reader.exe
+ 2009-11-06 02:12 . 2009-11-06 02:12 1711616 c:\windows\Installer\1e65cad.msp
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-16 39408]
"SpybotSD TeaTimer"="d:\spybot - search & destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="d:\super anti spy ware\SUPERAntiSpyware.exe" [2009-10-12 2000112]
"LClock"="lclock.exe" - c:\windows\LClock.exe [2004-12-08 65536]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="d:\quicktime\qttask.exe" [2009-09-04 417792]
"avgnt"="d:\avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RivaTunerStartupDaemon"="d:\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTuner.exe" [2009-08-22 2781184]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-10-16 122880]
"Adobe Reader Speed Launcher"="d:\adobe reader\Reader\Reader_sl.exe" [2008-10-14 39792]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-25 98304]
"Malwarebytes Anti-Malware (reboot)"="d:\malwarebytes' anti-malware\mbam.exe" [2009-09-10 1312080]
"iTunesHelper"="d:\i tunes\iTunesHelper.exe" [2009-10-28 141600]
"ZoneAlarm Client"="d:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-10-17 1037192]
"SunJavaUpdateSched"="d:\trendmicro scan\bin\jusched.exe" [2005-04-13 36975]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-03 16876032]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"LSD_III"="c:\windows\LSD\end.cmd" [2007-08-07 2336]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\super anti spy ware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- d:\super anti spy ware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\COH\\RelicCOH.exe"=
"e:\\COH\\RelicDownloader\\RelicDownloader.exe"=
"e:\\Empire of Sports\\NetworkDiagnostic.exe"=
"e:\\Empire of Sports\\EmpireOfSports.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\mirrors\\Binaries\\MirrorsEdge.exe"=
"c:\\Documents and Settings\\vincent\\Local Settings\\Application Data\\F4\\ClientUpdater\\ClientUpdater.exe"=

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [20/03/2009 04:53 154664]
R1 SASDIFSV;SASDIFSV;d:\super anti spy ware\sasdifsv.sys [12/10/2009 21:24 9968]
R1 SASKUTIL;SASKUTIL;d:\super anti spy ware\SASKUTIL.SYS [12/10/2009 21:24 74480]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;d:\avira\AntiVir Desktop\sched.exe [15/10/2009 22:18 108289]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [19/10/2009 14:21 39424]
R3 SASENUM;SASENUM;d:\super anti spy ware\SASENUM.SYS [12/10/2009 21:24 7408]
S3 cmudau32;C-Media USB UDA Sound Interface;c:\windows\system32\drivers\cmudaxu.sys [23/10/2009 12:12 1414528]
S3 cpuz130;cpuz130;\??\c:\docume~1\vincent\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\vincent\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;d:\everest ultimate edition\kerneld.wnt [15/10/2009 22:50 27248]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [23/09/2009 13:50 238960]
S3 PciCon;PciCon;\??\g:\pcicon.sys --> g:\PciCon.sys [?]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*NewlyCreated* - SASDIFSV
*NewlyCreated* - SASENUM
*NewlyCreated* - SASKUTIL
*Deregistered* - cpuz132
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contenu du dossier 'Tâches planifiées'

2009-11-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-11-06 c:\windows\Tasks\User_Feed_Synchronization-{1F94FC4D-EFF2-436B-8DD2-2E15FEF24212}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]

2009-11-02 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-10-27 21:18]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_A54B7D6FB1DA63EA.dll/cmsidewiki.html
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-06 14:05
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: NTKRNLMP.EXE catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AC311F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x8ac311f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\d:\everest ultimate edition\kerneld.wnt"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(804)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-11-06 14:06
ComboFix-quarantined-files.txt 2009-11-06 13:06
ComboFix2.txt 2009-11-05 19:50

Avant-CF: 11 932 897 280 octets libres
Après-CF: 12 124 667 904 octets libres

- - End Of File - - 664F412CD48EE8F85F56CD76DE5064CB
0
Réponse 7 / 16
virus44 Messages postés 16 Date d'inscription jeudi 5 novembre 2009 Statut Membre Dernière intervention 4 décembre 2009
6 nov. 2009 à 14:58
J'ai l'impression de ne plus etre vérolé,j'ai passer un scan avec malwarebyte et superantispyware et ils ne trouve rien.
Peut ont faire confiance a ces logiciels?

Je passe actuellement un scan avec a-squared anti-Malware,je te tiens au courant...
0
Réponse 8 / 16
virus44 Messages postés 16 Date d'inscription jeudi 5 novembre 2009 Statut Membre Dernière intervention 4 décembre 2009
6 nov. 2009 à 15:56
Bon apres trois scan (Malwarebytes,a-squared,Avira) plus aucune trace de trojan ou autres misères..

Je pense ne plus etre vérolé,en esperant qu'il ne sont pas "endormie" et quils ne réaparaissent pas plus tard..

Qu'en penses tu Nanard?
0
Réponse 9 / 16
Utilisateur anonyme
6 nov. 2009 à 18:34
fait ce qui suit.

/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour virus44, il n'est pas transposable sur un autre ordinateur !
• Télécharge ce dossier virus44
• Fais un clic-droit dessus --> Extraire tout --> choisis le Bureau comme destination
• Un autre dossier va apparaitre, prends le fichier CFScript.txt qui se trouve à l'intérieur et place le sur le Bureau et pas ailleurs.
• Désactive tes logiciels de protection
• Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier Combofix.exe
comme ceci :http://img155.imageshack.us/img155/4837/cfscriptop0.gif
• Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici → C:\ComboFix.txt
*********************************************************************
Tu peux me poster les rapports malawaresbytes et a squared
0
Réponse 10 / 16
virus44 Messages postés 16 Date d'inscription jeudi 5 novembre 2009 Statut Membre Dernière intervention 4 décembre 2009
7 nov. 2009 à 04:24
Voici les rapports Combofix,Malwarebytes et a squared (sa prend de la place..)

stp peut tu me dire si mon pc est toujours vérolé et si c'est le cas quelle fichiers sont atteints.Merci


ComboFix 09-11-05.01 - vincent 07/11/2009 3:28.4.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.3327.2708 [GMT 1:00]
Lancé depuis: c:\documents and settings\vincent\Mes documents\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\vincent\Bureau\CFScript.txt
AV: a-squared Anti-Malware *On-access scanning enabled* (Updated) {0F8591BB-342B-4493-91C3-4E948ED21255}
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-10-07 au 2009-11-07 ))))))))))))))))))))))))))))))))))))
.

2009-11-06 01:42 . 2009-11-06 01:42 -------- d-----w- c:\documents and settings\vincent\Local Settings\Application Data\F4
2009-11-05 19:38 . 2009-11-06 16:04 117760 ----a-w- c:\documents and settings\vincent\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-05 19:37 . 2009-11-05 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-05 19:37 . 2009-11-05 19:37 -------- d-----w- c:\documents and settings\vincent\Application Data\SUPERAntiSpyware.com
2009-11-05 19:37 . 2009-11-05 19:37 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2009-11-05 16:11 . 2009-11-05 14:23 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-11-05 14:23 . 2009-11-05 16:11 -------- d-----w- c:\documents and settings\vincent\.housecall6.6
2009-11-05 14:18 . 2009-11-05 14:18 -------- d-----w- c:\windows\Sun
2009-11-05 14:17 . 2009-11-05 14:17 -------- d-----w- c:\program files\Fichiers communs\Java
2009-11-05 14:09 . 2009-11-05 14:09 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
2009-11-05 06:02 . 2009-11-05 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-04 15:44 . 2009-11-04 15:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-04 14:10 . 2009-11-04 14:10 -------- d-----w- c:\documents and settings\vincent\Application Data\SFR
2009-11-04 13:45 . 2009-05-18 13:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-11-04 13:45 . 2008-04-17 12:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-11-04 01:21 . 2009-11-04 01:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky SDK
2009-11-04 01:14 . 2009-11-04 01:14 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-11-04 01:14 . 2009-10-17 00:39 72584 ----a-w- c:\windows\zllsputility.exe
2009-11-04 01:14 . 2009-10-12 17:15 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-11-04 01:13 . 2009-10-17 00:39 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-11-04 01:13 . 2009-10-17 00:39 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-11-04 01:13 . 2009-11-05 16:19 -------- d-----w- c:\windows\system32\ZoneLabs
2009-11-04 01:13 . 2009-10-17 00:39 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-11-04 01:12 . 2009-11-07 02:13 -------- d-----w- c:\windows\Internet Logs
2009-11-03 12:13 . 2009-11-03 12:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-11-03 12:13 . 2009-11-03 12:13 -------- d-----w- C:\ProgramData
2009-11-02 20:08 . 2009-11-02 20:08 -------- d-----w- c:\documents and settings\vincent\Application Data\Auslogics
2009-11-02 18:45 . 2009-11-05 19:20 -------- d-----w- c:\program files\trend micro
2009-11-02 18:45 . 2009-11-02 18:45 -------- d-----w- C:\rsit
2009-11-02 17:14 . 2001-08-23 16:47 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-11-02 17:14 . 2004-08-03 21:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-11-02 17:14 . 2004-08-19 15:09 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-11-02 16:54 . 2009-11-07 01:35 -------- d-----w- c:\documents and settings\vincent\Tracing
2009-11-02 16:46 . 2009-11-02 16:46 -------- d-----w- c:\program files\Microsoft
2009-11-02 16:46 . 2009-11-02 16:46 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-02 16:45 . 2009-11-02 16:46 -------- d-----w- c:\program files\Windows Live
2009-11-02 14:39 . 2009-11-02 14:39 -------- d-----w- c:\program files\iPod
2009-11-02 14:39 . 2009-11-02 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-02 14:39 . 2009-11-02 14:39 -------- d-----w- c:\program files\Bonjour
2009-11-02 14:39 . 2009-11-02 14:39 -------- d-----w- c:\program files\Apple Software Update
2009-11-02 14:39 . 2009-08-28 18:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-11-02 14:39 . 2009-08-28 18:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-11-02 14:38 . 2009-11-02 15:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-11-02 14:38 . 2009-11-02 14:39 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-11-02 00:28 . 2009-11-02 00:28 -------- d-----w- c:\documents and settings\vincent\Application Data\Malwarebytes
2009-11-02 00:27 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-02 00:27 . 2009-11-02 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-02 00:27 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-31 14:02 . 2009-11-05 17:38 -------- d-----w- c:\windows\BDOSCAN8
2009-10-31 13:26 . 2009-10-31 13:26 -------- d-----r- c:\documents and settings\NetworkService\Favoris
2009-10-30 15:46 . 2009-10-30 15:46 -------- d-----w- c:\documents and settings\vincent\Local Settings\Application Data\Fallout3
2009-10-30 15:35 . 2008-09-18 19:07 121064 ------r- c:\documents and settings\All Users\Application Data\Fallout3\setup.exe
2009-10-30 15:35 . 2009-10-30 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Fallout3
2009-10-29 23:39 . 2009-11-02 19:51 -------- d-----w- c:\documents and settings\vincent\Local Settings\Application Data\VirtuaTennis2009
2009-10-29 23:37 . 2009-03-09 14:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-10-29 23:37 . 2009-03-09 14:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-10-29 23:37 . 2009-03-16 13:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-10-29 23:37 . 2009-03-16 13:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-10-29 23:37 . 2009-03-16 13:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-10-29 23:37 . 2009-03-16 13:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-10-29 23:37 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-10-29 17:18 . 2009-10-29 17:18 -------- d-----w- c:\program files\SystemRequirementsLab
2009-10-28 19:58 . 2009-10-28 19:58 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-27 21:20 . 2009-10-27 21:20 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-10-27 21:20 . 2009-10-27 21:20 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-27 19:58 . 2009-10-27 19:58 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-10-27 15:52 . 2009-10-28 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\F4
2009-10-27 15:49 . 2009-10-27 15:49 -------- d-----w- c:\documents and settings\vincent\Application Data\F4
2009-10-27 13:41 . 2009-11-04 15:58 -------- d-----w- c:\documents and settings\vincent\Local Settings\Application Data\Unity
2009-10-27 13:40 . 2009-10-27 13:52 -------- d-----w- c:\windows\system32\Adobe
2009-10-27 02:00 . 2009-10-27 02:00 -------- d-----w- c:\windows\system32\KB905474
2009-10-27 02:00 . 2009-03-10 21:26 1438080 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-10-27 02:00 . 2009-03-10 21:18 454024 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2009-10-27 01:13 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-10-27 01:13 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-10-26 20:07 . 2008-11-13 14:17 177664 ------w- c:\windows\system32\dllcache\wintrust.dll
2009-10-26 20:07 . 2008-11-13 14:17 605696 ------w- c:\windows\system32\dllcache\crypt32.dll
2009-10-26 16:51 . 2009-10-26 16:51 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-10-26 16:51 . 2009-10-26 16:51 -------- d-----w- c:\windows\system32\xlive
2009-10-26 12:26 . 2009-10-26 12:26 -------- d-----w- c:\documents and settings\vincent\Local Settings\Application Data\Monte Cristo
2009-10-25 22:33 . 2009-10-25 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-10-25 22:31 . 2009-09-25 15:35 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-10-25 22:31 . 2009-10-25 22:32 -------- d-----w- c:\program files\ATI Technologies
2009-10-25 21:53 . 2009-10-25 21:54 63488 ----a-w- c:\windows\xobglu16.dll
2009-10-25 21:53 . 2009-10-25 21:54 38466 ----a-w- c:\windows\xobglu32.dll
2009-10-25 21:42 . 1996-10-14 00:24 131917 ----a-w- c:\windows\unstall.exe
2009-10-25 13:19 . 2009-10-25 13:19 -------- d-----w- c:\program files\Fichiers communs\DirectX
2009-10-25 13:15 . 2009-10-25 13:15 -------- d-----w- c:\windows\Logs
2009-10-24 00:46 . 2009-10-24 00:46 -------- d-----w- c:\documents and settings\All Users\Application Data\SimCity Societies
2009-10-23 19:45 . 2006-01-03 04:07 61440 ----a-w- c:\windows\system\cmsnxeye.exe
2009-10-23 19:45 . 2005-12-21 06:41 253952 ----a-w- c:\windows\system32\cmdrvrmu.exe
2009-10-23 19:45 . 2005-03-07 06:29 45056 ----a-w- c:\windows\system32\cmdrvrmu.dll
2009-10-23 19:45 . 2004-02-18 06:19 16384 ----a-w- c:\windows\system32\cmpropu.dll
2009-10-23 19:45 . 2004-02-13 07:39 98304 ----a-w- c:\windows\system32\cmudau.dll
2009-10-23 19:45 . 2002-04-29 07:04 917504 ----a-w- c:\windows\system\cmds3du.dll
2009-10-23 19:45 . 2001-11-23 04:08 712704 ----a-w- c:\windows\system32\a3dpropu.dll
2009-10-23 19:45 . 2009-10-23 19:45 -------- d-----w- c:\program files\Speed Link
2009-10-23 11:12 . 2006-03-24 03:30 1414528 ----a-w- c:\windows\system32\drivers\cmudaxu.sys
2009-10-22 18:41 . 2008-10-15 10:49 53618 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\CONFIG\AVWIN.INIaebb.dll
2009-10-22 17:15 . 2009-10-22 17:15 -------- d-----w- c:\windows\UbiSoft
2009-10-22 16:00 . 2009-10-22 16:00 -------- d-----w- c:\documents and settings\vincent\Application Data\DeepBurner
2009-10-21 18:58 . 2001-08-23 15:47 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-10-21 18:58 . 2001-08-23 15:47 8192 ----a-w- c:\windows\system32\kbdkor.dll
2009-10-21 18:58 . 2001-08-17 20:55 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-10-21 18:58 . 2001-08-17 20:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2009-10-21 18:58 . 2001-08-17 20:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2009-10-21 18:58 . 2001-08-17 20:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2009-10-21 18:16 . 2009-10-02 22:15 483707 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescript.dll
2009-10-21 18:16 . 2009-09-15 15:58 106867 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aevdf.dll
2009-10-21 18:16 . 2009-09-03 15:24 127346 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescn.dll
2009-10-21 18:16 . 2009-10-07 21:27 2011511 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeheur.dll
2009-10-21 18:16 . 2009-10-02 22:15 479604 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aerdl.dll
2009-10-21 18:16 . 2009-10-02 22:15 393587 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeemu.dll
2009-10-21 18:16 . 2009-10-02 22:15 364916 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aegen.dll
2009-10-21 18:16 . 2009-09-15 15:58 422261 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aepack.dll
2009-10-21 18:16 . 2009-09-15 15:57 184693 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aecore.dll
2009-10-21 18:16 . 2009-09-03 15:24 237940 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aehelp.dll
2009-10-21 18:16 . 2009-06-17 14:32 196987 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeoffice.dll
2009-10-21 18:16 . 2008-10-15 10:49 53618 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aebb.dll
2009-10-21 18:06 . 2009-10-21 18:06 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-10-21 18:06 . 2009-10-21 18:06 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-10-21 18:02 . 2009-10-21 18:02 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-21 18:02 . 2009-10-21 18:11 -------- d-----w- c:\documents and settings\vincent\Application Data\DAEMON Tools Lite
2009-10-21 14:53 . 2009-10-21 14:53 -------- d-----w- c:\windows\system32\Lang
2009-10-21 13:41 . 2009-10-21 13:41 664 ----a-w- c:\windows\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 01:00 . 2001-08-28 18:00 93408 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-07 01:00 . 2001-08-28 18:00 532828 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-05 15:00 . 2009-06-11 10:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-02 16:54 . 2009-06-11 17:35 12912 ----a-w- c:\documents and settings\vincent\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-28 19:04 . 2009-11-04 17:40 89600 ----a-w- c:\windows\system32\drivers\clipsrv.exe.vzr
2009-10-22 02:53 . 2009-06-11 14:20 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-10-21 13:27 . 2009-06-11 00:39 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2009-09-23 22:59 . 2009-09-23 22:59 4481024 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-09-23 22:39 . 2009-09-23 22:39 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-09-23 22:38 . 2009-09-23 22:38 299520 ----a-w- c:\windows\system32\ati2dvag.dll
2009-09-23 22:21 . 2009-09-23 22:21 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-09-23 22:21 . 2009-09-23 22:21 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-09-23 22:21 . 2009-09-23 22:21 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-09-23 22:20 . 2009-09-23 22:20 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-09-23 22:20 . 2009-09-23 22:20 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-09-23 22:19 . 2009-09-23 22:19 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-09-23 22:17 . 2009-09-23 22:17 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-09-23 22:11 . 2009-09-23 22:11 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-09-23 22:09 . 2009-09-23 22:09 3506080 ----a-w- c:\windows\system32\ati3duag.dll
2009-09-23 21:58 . 2009-09-23 21:58 12644352 ----a-w- c:\windows\system32\atioglxx.dll
2009-09-23 21:53 . 2009-09-23 21:53 2096384 ----a-w- c:\windows\system32\ativvaxx.dll
2009-09-23 21:53 . 2009-09-23 21:53 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-09-23 21:53 . 2009-09-23 21:53 3 ----a-w- c:\windows\system32\ativva5x.dat
2009-09-23 21:36 . 2009-09-23 21:36 65024 ----a-w- c:\windows\system32\atimpc32.dll
2009-09-23 21:36 . 2009-09-23 21:36 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2009-09-23 21:32 . 2009-09-23 21:32 561152 ----a-w- c:\windows\system32\atikvmag.dll
2009-09-23 21:31 . 2009-09-23 21:31 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-09-23 21:31 . 2009-09-23 21:31 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-09-23 21:30 . 2009-09-23 21:30 167936 ----a-w- c:\windows\system32\atiadlxx.dll
2009-09-23 21:29 . 2009-09-23 21:29 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-09-23 21:29 . 2009-09-23 21:29 3489792 ----a-w- c:\windows\system32\aticaldd.dll
2009-09-23 21:28 . 2009-09-23 21:28 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-09-23 21:27 . 2009-09-23 21:27 401408 ----a-w- c:\windows\system32\atiok3x2.dll
2009-09-23 21:23 . 2009-09-23 21:23 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2009-09-16 16:23 . 2009-09-16 16:23 491192 ----a-w- c:\documents and settings\All Users\Application Data\F4\EoS-Launcher.exe
2009-09-11 14:12 . 2004-08-19 20:09 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:46 . 2004-08-19 20:09 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-01 19:55 . 2009-09-01 19:55 195855 ----a-w- c:\windows\system32\atiicdxx.dat
2009-08-29 07:56 . 2007-04-18 14:32 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 13:04 . 2009-06-14 14:04 53248 ----a-w- c:\windows\system32\CSVer.dll
2009-08-26 08:15 . 2007-07-16 14:27 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-10 09:01 . 2009-08-10 09:01 21712 ----a-w- c:\documents and settings\All Users\Application Data\F4\IHelper.exe
.

------- Sigcheck -------

[-] 2007-07-18 . FA7C7C2B461130A792ADF6A28F1D652B . 506368 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2004-11-28 18:36 . AB3D62010AF342203FFA60C2D94DBC68 . 8704 . . [1] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-11-05_19.49.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-07 01:01 . 2009-11-07 01:01 38926 c:\windows\system32\ZoneLabs\avsys\temp\update\rollback\bases\wmuf\wmuf0008.dat
+ 2009-11-07 01:01 . 2009-11-07 01:01 54852 c:\windows\system32\ZoneLabs\avsys\temp\update\rollback\bases\apu\apu0002.dat
+ 2009-11-07 01:01 . 2009-11-07 01:01 42008 c:\windows\system32\ZoneLabs\avsys\temp\update\rollback\bases\apu\apu0001.dat
+ 2009-11-04 01:25 . 2009-11-07 01:01 39444 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\wmuf\wmuf0008.dat
+ 2009-11-04 01:22 . 2009-11-05 23:24 51225 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\blst\bl0014.dat
+ 2009-11-04 01:22 . 2009-11-07 01:01 55436 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\apu\apu0002.dat
- 2009-11-04 01:22 . 2009-11-04 16:28 42008 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\apu\apu0001.dat
+ 2009-11-04 01:22 . 2009-11-07 01:01 42008 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\apu\apu0001.dat
+ 2009-11-04 01:25 . 2009-11-07 01:01 39444 c:\windows\system32\ZoneLabs\avsys\bases\wmuf0008.dat
+ 2009-11-04 01:25 . 2009-11-05 23:25 51225 c:\windows\system32\ZoneLabs\avsys\bases\bl0014.dat
+ 2009-11-04 01:13 . 2009-11-07 01:01 55436 c:\windows\system32\ZoneLabs\avsys\bases\apu0002.dat
+ 2009-11-04 01:13 . 2009-11-07 01:01 42008 c:\windows\system32\ZoneLabs\avsys\bases\apu0001.dat
- 2009-11-04 01:13 . 2009-11-04 16:28 42008 c:\windows\system32\ZoneLabs\avsys\bases\apu0001.dat
+ 2001-08-28 18:00 . 2009-11-07 01:00 71060 c:\windows\system32\perfc009.dat
- 2001-08-28 18:00 . 2009-11-05 17:26 71060 c:\windows\system32\perfc009.dat
+ 2009-11-07 01:01 . 2009-11-07 01:01 7186 c:\windows\system32\ZoneLabs\avsys\temp\update\rollback\bases\apu\apu0003.dat
+ 2009-11-04 01:25 . 2009-11-06 16:07 5631 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\wmuf\wmuf0000.dat
+ 2009-11-04 01:22 . 2009-11-07 01:01 6938 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\apu\apu0003.dat
+ 2009-11-04 01:13 . 2009-11-06 16:07 5631 c:\windows\system32\ZoneLabs\avsys\bases\wmuf0000.dat
+ 2009-11-04 01:13 . 2009-11-07 01:01 6938 c:\windows\system32\ZoneLabs\avsys\bases\apu0003.dat
+ 2001-08-28 18:00 . 2009-11-07 01:00 441124 c:\windows\system32\perfh009.dat
- 2001-08-28 18:00 . 2009-11-05 17:26 441124 c:\windows\system32\perfh009.dat
+ 2009-10-22 02:53 . 2009-11-06 02:12 295606 c:\windows\Installer\{AC76BA86-7AD7-1036-7B44-A81300000003}\SC_Reader.exe
- 2009-10-22 02:53 . 2009-10-30 16:13 295606 c:\windows\Installer\{AC76BA86-7AD7-1036-7B44-A81300000003}\SC_Reader.exe
+ 2009-11-06 02:12 . 2009-11-06 02:12 1711616 c:\windows\Installer\1e65cad.msp
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-16 39408]
"SpybotSD TeaTimer"="d:\spybot - search & destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="d:\super anti spy ware\SUPERAntiSpyware.exe" [2009-10-12 2000112]
"LClock"="lclock.exe" - c:\windows\LClock.exe [2004-12-08 65536]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="d:\quicktime\qttask.exe" [2009-09-04 417792]
"avgnt"="d:\avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RivaTunerStartupDaemon"="d:\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTuner.exe" [2009-08-22 2781184]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-10-16 122880]
"Adobe Reader Speed Launcher"="d:\adobe reader\Reader\Reader_sl.exe" [2008-10-14 39792]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-25 98304]
"Malwarebytes Anti-Malware (reboot)"="d:\malwarebytes' anti-malware\mbam.exe" [2009-09-10 1312080]
"iTunesHelper"="d:\i tunes\iTunesHelper.exe" [2009-10-28 141600]
"ZoneAlarm Client"="d:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-10-17 1037192]
"SunJavaUpdateSched"="d:\trendmicro scan\bin\jusched.exe" [2005-04-13 36975]
"a-squared"="d:\a-squared anti-malware 2\a2guard.exe" [2009-11-05 3279192]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-03 16876032]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"LSD_III"="c:\windows\LSD\end.cmd" [2007-08-07 2336]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\super anti spy ware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- d:\super anti spy ware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\COH\\RelicCOH.exe"=
"e:\\COH\\RelicDownloader\\RelicDownloader.exe"=
"e:\\Empire of Sports\\NetworkDiagnostic.exe"=
"e:\\Empire of Sports\\EmpireOfSports.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\mirrors\\Binaries\\MirrorsEdge.exe"=
"c:\\Documents and Settings\\vincent\\Local Settings\\Application Data\\F4\\ClientUpdater\\ClientUpdater.exe"=
"d:\\eMule\\emule.exe"=

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [20/03/2009 04:53 154664]
R1 SASDIFSV;SASDIFSV;d:\super anti spy ware\sasdifsv.sys [12/10/2009 21:24 9968]
R1 SASKUTIL;SASKUTIL;d:\super anti spy ware\SASKUTIL.SYS [12/10/2009 21:24 74480]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;d:\avira\AntiVir Desktop\sched.exe [15/10/2009 22:18 108289]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [19/10/2009 14:21 39424]
R3 SASENUM;SASENUM;d:\super anti spy ware\SASENUM.SYS [12/10/2009 21:24 7408]
S3 cmudau32;C-Media USB UDA Sound Interface;c:\windows\system32\drivers\cmudaxu.sys [23/10/2009 12:12 1414528]
S3 cpuz130;cpuz130;\??\c:\docume~1\vincent\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\vincent\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;d:\everest ultimate edition\kerneld.wnt [15/10/2009 22:50 27248]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [23/09/2009 13:50 238960]
S3 PciCon;PciCon;\??\g:\pcicon.sys --> g:\PciCon.sys [?]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contenu du dossier 'Tâches planifiées'

2009-11-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-11-06 c:\windows\Tasks\User_Feed_Synchronization-{1F94FC4D-EFF2-436B-8DD2-2E15FEF24212}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]

2009-11-02 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-10-27 21:18]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_A54B7D6FB1DA63EA.dll/cmsidewiki.html
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-07 03:30
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: NTKRNLMP.EXE catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AC311F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x8ac311f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\d:\everest ultimate edition\kerneld.wnt"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(800)
d:\super anti spy ware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(524)
c:\windows\system32\ntshrui.dll
c:\program files\Google\Quick Search Box\bin\1.2.1150.162\qsb.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\LC.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\stobject.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Heure de fin: 2009-11-07 3:31
ComboFix-quarantined-files.txt 2009-11-07 02:31
ComboFix2.txt 2009-11-06 14:15
ComboFix3.txt 2009-11-06 13:06
ComboFix4.txt 2009-11-05 19:50

Avant-CF: 12 050 530 304 octets libres
Après-CF: 12 016 574 464 octets libres

- - End Of File - - 04F95D992121F5E7CD97B887B89D7422



Version - a-squared Anti-Malware 4.5
Dernière mise à jour : 07/11/2009 03:40:14

Paramètres des balayages :

Type de balayage : Scan en Détail
Objets : Mémoire, Traces, Cookies, C:\, D:\, E:\, F:\
Balayage dans les archives : Marche
Analyse heuristique : Arrêt
Balayage dans les ADS : Marche

Début du balayage : 07/11/2009 03:40:31

C:\Documents and Settings\vincent\Cookies\vincent@247realmedia[2].txt Objets détectés : Trace.TrackingCookie.247realmedia!A2
C:\Documents and Settings\vincent\Cookies\vincent@2o7[2].txt Objets détectés : Trace.TrackingCookie.2o7!A2
C:\Documents and Settings\vincent\Cookies\vincent@atdmt[2].txt Objets détectés : Trace.TrackingCookie.atdmt!A2
C:\Documents and Settings\vincent\Cookies\vincent@bs.serving-sys[2].txt Objets détectés : Trace.TrackingCookie.bs.serving-sys!A2
C:\Documents and Settings\vincent\Cookies\vincent@serving-sys[2].txt Objets détectés : Trace.TrackingCookie.serving-sys!A2
C:\Documents and Settings\vincent\Cookies\vincent@weborama[1].txt Objets détectés : Trace.TrackingCookie.weborama!A2

Analysé

Fichiers : 158781
Traces : 686351
Cookies : 117
Processus : 40

Objets trouvés

Fichiers : 0
Traces : 0
Cookies : 6
Processus : 0
Clés de Registre : 0

Fin du balayage : 07/11/2009 04:19:55
Temps du balayage : 0:39:24



Malwarebytes' Anti-Malware 1.41
Version de la base de données: 3113
Windows 5.1.2600 Service Pack 2

07/11/2009 03:09:02
mbam-log-2009-11-07 (03-09-02).txt

Type de recherche: Examen complet (A:\|C:\|D:\|E:\|F:\|G:\|H:\|)
Eléments examinés: 219535
Temps écoulé: 24 minute(s), 24 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


Merci pour ton aide
0
Réponse 11 / 16
Utilisateur anonyme
7 nov. 2009 à 07:12
Il rest un dossier qui ne veux pas partir

• Télécharge:https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cpVobGk5bHnxrhQ4yaoEUDJvOYNnEGyYjgqHZz5GqZLfutR3fMFPlsC3-CGIilfupPAguYATNyua3csodN_frdMK8sSzUpit10Yac-QJCOkMqJKkbdKcP6ySs8trWPgoNVIq4TGGWCe6o0txXQv-ZueJF9vZzw3RXsGwFYIqN2lvF2LPdQzS8mE1d5kWOVOz6EMzQuE5-lClSJM869uq3oc7-t7yg%3D%3D&attredirects=3
• !! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!
• Double-cliques sur l'.exe pour lancer l'installe et laisses toi guider
• Une fois fait, cliques sur le raccourci créé sur ton bureau pour lancer l'outil .
• Choisis l'option2 et tapes "entrée" .
• Une fois le scan finit , un rapport va apparaître, copie/colles l'intégralité de son contenu dans ta prochaine réponse ...
• ( le rapport est en outre sauvegardé ici -> C:\TB.txt )
• Tuto :[ https://sites.google.com/site/toolbarsd/aideenimages toolbarSD]
0
Réponse 12 / 16
virus44 Messages postés 16 Date d'inscription jeudi 5 novembre 2009 Statut Membre Dernière intervention 4 décembre 2009
9 nov. 2009 à 15:34
Bonjour nanard

Désolé pour le retard..

voici le rapport,quen penses tu?


-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Processeur Intel Pentium III Xeon )
BIOS : BIOS Date: 04/07/09 15:26:13 Ver: 08.00.14
USER : vincent ( Administrator )
BOOT : Normal boot
Antivirus : a-squared Anti-Malware 4 (Not Activated)
Firewall : COMODO Firewall Pro 3.0 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:19 Go (Free:10 Go)
D:\ (Local Disk) - NTFS - Total:244 Go (Free:126 Go)
E:\ (Local Disk) - NTFS - Total:244 Go (Free:165 Go)
F:\ (Local Disk) - NTFS - Total:88 Go (Free:88 Go)
G:\ (CD or DVD) - UDF - Total:3 Go (Free:0 Go)
H:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( 09/11/2009|15:31 )

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\DAEMON Tools Toolbar

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.msn.com/fr-fr"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\vincent\Mes documents\Crack
C:\DOCUME~1\vincent\Mes documents\Crack\Crack
C:\DOCUME~1\vincent\Mes documents\Crack\MEMENTO.exe
C:\DOCUME~1\vincent\Mes documents\Crack\Mirrors.Edge.Update.1.01-RELOADED
C:\DOCUME~1\vincent\Mes documents\Crack\MirrorsEdge.exe
C:\DOCUME~1\vincent\Mes documents\Crack\SimCitySocieties.exe
C:\DOCUME~1\vincent\Mes documents\Crack\Crack\MEMENTO.exe
C:\DOCUME~1\vincent\Mes documents\Crack\Mirrors.Edge.Update.1.01-RELOADED\Crack
C:\DOCUME~1\vincent\Mes documents\Crack\Mirrors.Edge.Update.1.01-RELOADED\Update
C:\DOCUME~1\vincent\Mes documents\Crack\Mirrors.Edge.Update.1.01-RELOADED\Crack\MirrorsEdge.exe
C:\DOCUME~1\vincent\Mes documents\Crack\Mirrors.Edge.Update.1.01-RELOADED\Update\mirrors_edge_patch_101.exe



1 - "C:\ToolBar SD\TB_1.txt" - 09/11/2009|15:31 - Option : [2]

-----------\\ Fin du rapport a 15:31:59,09
0
Réponse 13 / 16
Utilisateur anonyme
9 nov. 2009 à 17:19
Post un nouveau rapport rsit
0
Réponse 14 / 16
virus44 Messages postés 16 Date d'inscription jeudi 5 novembre 2009 Statut Membre Dernière intervention 4 décembre 2009
9 nov. 2009 à 20:29
Je télécharge actuellement avec la mule,j'éspère que cela na va pas fausser le rapport..?!


Logfile of random's system information tool 1.06 (written by random/random)
Run by vincent at 2009-11-09 20:26:17
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 11 GB (56%) free of 20 GB
Total RAM: 3327 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:26:24, on 09/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Avira\AntiVir Desktop\sched.exe
D:\a-squared Anti-Malware 2\a2service.exe
D:\a-squared Free\a2service.exe
D:\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
D:\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\i tunes\iTunesHelper.exe
D:\TrendMicro Scan\bin\jusched.exe
C:\WINDOWS\lclock.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\eMule\emule.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Documents and Settings\vincent\Mes documents\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\vincent\Mes documents\vincent.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
R3 - Default URLSearchHook is missing
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "D:\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "D:\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe" /S
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Adobe Reader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [iTunesHelper] "D:\i tunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\TrendMicro Scan\bin\jusched.exe
O4 - HKLM\..\Run: [a-squared] "D:\a-squared Anti-Malware 2\a2guard.exe"
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\super anti spy ware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.3; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://saison7.fighting-club.com/salle3d.asp?num=11"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_A54B7D6FB1DA63EA.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\TrendMicro Scan\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\TrendMicro Scan\bin\npjpi150_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-beta/OnlineScanner.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - http://cainternetsecurity.net/scanner/cascanner.cab
O20 - Winlogon Notify: !SASWinLogon - D:\super anti spy ware\SASWINLO.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - D:\a-squared Anti-Malware 2\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\a-squared Free\a2service.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - D:\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 15 / 16
Utilisateur anonyme
9 nov. 2009 à 20:36
Rien sur le dernier rapport .Toujours des soucis ?
0
Réponse 16 / 16
virus44 Messages postés 16 Date d'inscription jeudi 5 novembre 2009 Statut Membre Dernière intervention 4 décembre 2009
10 nov. 2009 à 14:26
Non plus de problème!

Merci Nanard pour ton aide,mon pc tourne a nouveau impecablement.

Je met ce sujet en résolu!
0

Discussions similaires

Que fait le virus LPI Win32 Pup-Gen
Tristan Chrome -
Tristan Chrome -

2 réponses
Sa veux dire koi??Subject: FW: Tr :FW: TR: TR
france22 -
ghano0666545160 -

12 réponses