rootkit Fermé

Question

bonjour, j'ai un problème de virus rootkit situé  

C:windows/system/32/drivers/mskssrv.sys

en plus je n'ai plus de son. je ne sais pas si celà est lié. merci pour votre aide


Configuration: Windows XP / Firefox 3.6.3

archet9 · Answer

Bonjour, 

Télécharges FindyKill de Chiquitine29 sur ton bureau : 

http://pagesperso-orange.fr/NosTools/Chiquitine29/Setup.exe  

Mirroir : 

http://findykill.changelog.fr/Setup.exe 




! Déconnectes toi et ferme toutes applications en cours ! 

* Double clique sur "FindyKill.exe" pour lancer l'installation et laisse les paramètres d'instalation par défaut . 

* Branches tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)

* Double-clique sur le raccourci FindyKill qui est sur ton bureau pour lancer l'outil .
 
* Au menu principal choisis l'option " F " pour français et tapes sur [entrée] . 

* Au second menu Choisis l'option " 1 " (recherche) et tapes sur [entrée] 

 Laisses travailler l'outil et ne touche à rien ... 

--> Postes le rapport qui apparait à la fin , sur le forum ...

( le rapport est sauvegardé aussi sous C:\FindyKill.txt )

loran12 · Answer

############################## | FindyKill V5.041 |

# User : benben (Administrateurs) # DUSHMOLL-978A5D
# Update on 29/04/2010 by El Desaparecido
# Start at: 20:00:42 | 08/05/2010
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com

# AMD Athlon(tm) Processor LE-1640
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 6.0.2900.5512
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1368 [VPS 100508-0] 4.8.1368 [ Enabled | Updated ]

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 232,88 Go (88,55 Go free) # NTFS
# D:\ # Disque CD-ROM # 469,28 Mo (0 Mo free) [GIGABYTE] # CDFS
# G:\ # Disque amovible

################## | Eléments infectieux |

D:\autorun.inf  

################## | Registre |


################## | Etat |

# Affichage des fichiers cachés : OK
 
# Mode sans echec : OK

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 ) 
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 ) 
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 ) 
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 ) 
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 ) 

################## | ! Fin du rapport # FindyKill V5.041 ! |

archet9 · Answer

Dsl...Mauvaise pioche !

---> Télécharge ComboFix.exe de sUBs sur ton Bureau : 
http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\ 

---> Double-clique sur Combofix.exe 
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...". 
Accepte en cliquant sur "Oui" 

---> Mets-le en langue française F 
Tape sur la touche 1 (Yes) pour démarrer le scan. 

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\ 

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire. 

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu 

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\ 

Note : Le rapport se trouve également là : C:\ComboFix.txt
a+

loran12 · Answer

ComboFix 10-05-07.07 - benben 08/05/2010  20:34:27.1.1 - x86
Microsoft Windows XP Édition familiale  5.1.2600.3.1252.33.1036.18.1982.1431 [GMT 2:00]
Lancé depuis: c:\documents and settings\benben\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100508-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\benben\LOCALS~1\Temp\svchost.exe
c:\documents and settings\benben\Application Data\inst.exe
c:\documents and settings\benben\Recent\Thumbs.db
c:\program files\Search Settings
c:\program files\Search Settings\kb127\SearchSettings.dll
c:\program files\Search Settings\kb127\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe
C:\Thumbs.db
c:\windows\system32\Thumbs.db

.
(((((((((((((((((((((((((((((   Fichiers créés du 2010-04-08 au 2010-05-08  ))))))))))))))))))))))))))))))))))))
.

2010-05-08 17:24 . 2010-05-08 18:00	--------	d-----w-	C:\FyK
2010-05-08 16:43 . 2010-05-08 16:43	--------	d-----w-	c:\program files\ma-config.com
2010-05-08 16:43 . 2010-05-08 16:43	--------	d-----w-	c:\documents and settings\All Users\Application Data\ma-config.com
2010-05-08 16:07 . 2007-05-09 07:40	15872	----a-r-	c:\windows\system32\RtkCoInst.dll
2010-05-08 16:07 . 2007-05-03 02:01	180224	----a-r-	c:\windows\system32\SRSTSHD.dll
2010-05-08 16:07 . 2007-04-16 08:09	167936	----a-r-	c:\windows\system32\SRSHP360.dll
2010-05-08 16:07 . 2007-04-12 23:08	135168	----a-r-	c:\windows\system32\SRSWOW.dll
2010-05-08 16:07 . 2007-03-23 06:34	266240	----a-r-	c:\windows\system32\RtkApoApi.dll
2010-05-08 16:07 . 2007-05-08 12:13	532480	----a-r-	c:\windows\system32\RtkPgExt.dll
2010-05-08 16:07 . 2006-12-13 01:30	339968	----a-r-	c:\windows\system32\SRSTSXT.dll
2010-05-08 16:07 . 2007-05-02 05:02	1911808	----a-r-	c:\windows\system32\RtkAPO.dll
2010-05-08 16:07 . 2007-05-10 08:10	4468736	----a-r-	c:\windows\RtHDVCpl.exe
2010-05-08 16:07 . 2007-05-10 09:25	1775712	----a-r-	c:\windows\system32\drivers\RTKVHDA.sys
2010-05-08 16:07 . 2010-05-08 16:07	--------	d-----w-	c:\windows\LastGood
2010-05-05 18:26 . 2008-04-13 18:40	34688	-c--a-w-	c:\windows\system32\dllcache\lbrtfdc.sys
2010-05-05 18:26 . 2008-04-13 18:40	34688	----a-w-	c:\windows\system32\drivers\lbrtfdc.sys
2010-05-05 18:24 . 2008-04-13 18:41	8576	-c--a-w-	c:\windows\system32\dllcache\i2omgmt.sys
2010-05-05 18:24 . 2008-04-13 18:41	8576	----a-w-	c:\windows\system32\drivers\i2omgmt.sys
2010-05-05 18:23 . 2008-04-13 18:40	8192	-c--a-w-	c:\windows\system32\dllcache\changer.sys
2010-04-29 19:18 . 2010-04-29 19:18	1190400	----a-w-	c:\documents and settings\benben\Application Data\Dealio\dinstallhelper.3E9FB0BF059147B1BECBD3E9B553787D.dll
2010-04-28 18:11 . 2010-04-29 17:08	--------	d-----w-	c:\documents and settings\benben\Application Data\FileZilla
2010-04-28 18:10 . 2010-04-28 18:10	--------	d-----w-	c:\program files\WalterShop.com
2010-04-25 07:15 . 2010-04-25 07:15	--------	d-----w-	c:\program files\TuneUpMedia
2010-04-25 07:15 . 2010-04-25 07:15	--------	d-----w-	c:\documents and settings\benben\Application Data\TuneUpMedia
2010-04-25 07:15 . 2010-04-25 07:15	--------	d-----w-	c:\documents and settings\All Users\Application Data\TuneUpMedia
2010-04-24 16:11 . 2010-04-24 16:11	--------	d-----w-	c:\program files\uTorrent
2010-04-24 16:11 . 2010-05-08 16:04	--------	d-----w-	c:\documents and settings\benben\Application Data\uTorrent
2010-04-24 15:59 . 2010-04-24 16:04	--------	d-----w-	c:\documents and settings\benben\Application Data\gtk-2.0
2010-04-24 15:55 . 2010-04-24 16:07	--------	d-----w-	c:\documents and settings\benben\Application Data\deluge
2010-04-24 15:55 . 2010-04-24 16:05	--------	d-----w-	c:\program files\GTK2-Runtime
2010-04-24 15:53 . 2010-04-24 16:05	--------	d-----w-	c:\program files\Deluge
2010-04-19 11:34 . 2008-06-10 12:00	26112	----a-w-	c:\documents and settings\benben\Application Data\Mozilla\Firefox\Profiles\zyz9rq1h.default\extensions\deezermsn@akryus.net\msnwial2.exe
2010-04-18 16:52 . 2010-04-18 16:52	--------	d-----w-	c:\program files\UnifiedToolbar
2010-04-17 15:00 . 2010-04-17 15:00	--------	d-----w-	c:\program files\Freeplayer

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-08 18:38 . 2007-10-12 01:00	859648	----a-w-	c:\windows\system32\drivers\lvusbsta.sys
2010-05-08 16:00 . 2010-03-26 18:32	--------	d-----w-	c:\documents and settings\benben\Application Data\vlc
2010-05-08 15:59 . 2008-08-14 17:07	15600	----a-w-	c:\windows\gdrv.sys
2010-05-05 18:26 . 2008-08-25 17:20	859648	----a-w-	c:\windows\system32\drivers
abtsfec.sys
2010-05-05 18:26 . 2008-08-25 17:20	859648	----a-w-	c:\windows\system32\drivers\mstee.sys
2010-05-05 18:26 . 2008-08-14 17:18	859648	----a-w-	c:\windows\system32\drivers\mspqm.sys
2010-05-05 18:26 . 2008-08-14 17:18	859648	----a-w-	c:\windows\system32\drivers\mspclock.sys
2010-05-05 18:26 . 2004-08-19 15:52	859648	----a-w-	c:\windows\system32\drivers\Modem.sys
2010-05-05 18:25 . 2010-05-05 18:26	859648	----a-w-	c:\windows\system32\drivers\OLD9E.tmp
2010-05-05 18:22 . 2010-05-05 18:22	16	----a-w-	c:\documents and settings\benben\Application Data\qvjsge.dat
2010-05-05 05:58 . 2009-12-14 20:01	--------	d-----w-	c:\documents and settings\benben\Application Data\Azureus
2010-04-30 17:48 . 2009-01-01 08:54	--------	d-----w-	c:\documents and settings\benben\Application Data\dvdcss
2010-04-29 19:18 . 2009-04-21 21:01	--------	d-----w-	c:\program files\Bonjour
2010-04-29 19:14 . 2009-04-21 20:59	--------	d-----w-	c:\program files\Apple Software Update
2010-04-29 19:13 . 2009-04-21 20:58	--------	d-----w-	c:\program files\Fichiers communs\Apple
2010-04-25 07:23 . 2009-12-14 20:01	--------	d-----w-	c:\program files\Vuze
2010-04-25 07:15 . 2009-11-07 19:01	--------	d-----w-	c:\program files\iTunes
2010-04-24 14:47 . 2010-01-15 14:57	1	----a-w-	c:\documents and settings\benben\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-19 18:08 . 2009-05-16 20:53	--------	d-----w-	c:\documents and settings\benben\Application Data\agi
2010-04-18 16:53 . 2009-05-16 20:52	--------	d-----w-	c:\program files\AGI
2010-04-18 16:53 . 2009-05-16 20:53	--------	d-----w-	c:\program files\Kiwee Toolbar
2010-04-18 16:52 . 2009-05-16 20:53	--------	d-----w-	c:\documents and settings\All Users\Application Data\agi
2010-04-14 19:32 . 2008-08-15 14:58	--------	d-----w-	c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-12 11:21 . 2006-03-02 12:00	94868	----a-w-	c:\windows\system32\perfc00C.dat
2010-04-12 11:21 . 2006-03-02 12:00	514928	----a-w-	c:\windows\system32\perfh00C.dat
2010-04-09 06:50 . 2008-09-01 20:32	--------	d-----w-	c:\program files\Fichiers communs\Adobe
2010-04-04 17:23 . 2008-09-13 18:57	--------	d-----w-	c:\program files\Fichiers communs\Java
2010-04-04 17:22 . 2010-04-04 17:22	503808	----a-w-	c:\documents and settings\benben\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-347efc12-n\msvcp71.dll
2010-04-04 17:22 . 2010-04-04 17:22	499712	----a-w-	c:\documents and settings\benben\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-347efc12-n\jmc.dll
2010-04-04 17:22 . 2010-04-04 17:22	348160	----a-w-	c:\documents and settings\benben\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-347efc12-n\msvcr71.dll
2010-04-04 17:22 . 2010-04-04 17:22	61440	----a-w-	c:\documents and settings\benben\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-74c83d55-n\decora-sse.dll
2010-04-04 17:22 . 2010-04-04 17:22	12800	----a-w-	c:\documents and settings\benben\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-74c83d55-n\decora-d3d.dll
2010-04-04 17:22 . 2008-09-13 18:58	--------	d-----w-	c:\program files\Java
2010-03-28 16:06 . 2010-01-20 16:18	--------	d-----w-	c:\program files\NirSoft
2010-03-23 17:24 . 2008-08-27 07:26	--------	d-----w-	c:\program files\PhotoFiltre
2010-03-15 19:17 . 2009-09-01 19:18	--------	d-----w-	c:\program files\Free Video Converter
2010-03-09 11:10 . 2006-03-02 12:00	430080	----a-w-	c:\windows\system32\vbscript.dll
2010-03-09 02:28 . 2009-04-14 18:33	411368	----a-w-	c:\windows\system32\deploytk.dll
2010-02-26 05:42 . 2006-03-02 12:00	671232	----a-w-	c:\windows\system32\wininet.dll
2010-02-26 05:42 . 2006-03-02 12:00	81920	----a-w-	c:\windows\system32\ieencode.dll
2010-02-24 13:11 . 2006-03-02 12:00	455680	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 12:07 . 2006-03-02 12:00	2192000	----a-w-	c:\windows\system32
toskrnl.exe
2010-02-16 19:07 . 2004-08-19 16:04	2068864	----a-w-	c:\windows\system32
tkrnlpa.exe
2010-02-12 10:03 . 2010-03-12 07:56	293376	------w-	c:\windows\system32\browserchoice.exe
2010-02-12 04:34 . 2006-03-02 12:00	100864	----a-w-	c:\windows\system32\6to4svc.dll
2010-02-11 17:06 . 2010-02-11 17:06	86016	----a-w-	c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\Zylom\DressShopHop\fr-FR\ZylomHost.exe
2010-02-11 17:06 . 2010-02-11 17:06	49152	----a-w-	c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\Zylom\DressShopHop\fr-FR\ZylomAdapter.dll
2010-02-11 17:06 . 2010-02-11 17:06	2060288	----a-w-	c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\Zylom\DressShopHop\fr-FR\DressShopHop.exe
2010-02-11 12:02 . 2006-03-02 12:00	226880	----a-w-	c:\windows\system32\drivers	cpip6.sys
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "mscoree.dll" [2008-07-25 282112]

[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agihelper.AGUtils]
[HKEY_CLASSES_ROOT\TypeLib\{647B16D8-AD7B-4983-82D7-82A270FC9E6D}]
[HKEY_CLASSES_ROOT\agcutils.AGSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
2008-07-25 09:16	282112	----a-w-	c:\windows\system32\mscoree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1c99b848-84cb-4ce4-8cd8-ed5719484d9f}"= "mscoree.dll" [2008-07-25 282112]
"{9ec204df-0e48-4c32-816e-2e928a4fd9c2}"= "mscoree.dll" [2008-07-25 282112]

[HKEY_CLASSES_ROOT\clsid\{1c99b848-84cb-4ce4-8cd8-ed5719484d9f}]
[HKEY_CLASSES_ROOT\UnifiedToolbar.UnifiedToolbar]

[HKEY_CLASSES_ROOT\clsid\{9ec204df-0e48-4c32-816e-2e928a4fd9c2}]
[HKEY_CLASSES_ROOT\IEToolbar.Toolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"MediaDicoAnglais"="c:\program files\Micro Application\MediaDICO Anglais\MediaDICOAnglais.exe" [2001-04-26 221184]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-04-24 321328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 16342528]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]
"KiweeHook"="c:\program files\Kiwee Toolbar\3.2\kwtbaim.exe" [2009-11-25 56544]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\benben\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\benben\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\benben\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\benben\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\Messenger\msmsgs.exe"=
"c:\Program Files\Shareaza\Shareaza.exe"=
"c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\Program Files\Bonjour\mDNSResponder.exe"=
"c:\Program Files\Windows Live\Messenger\msnmsgr.exe"=
"c:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"=
"c:\Program Files\iTunes\iTunes.exe"=
"c:\WINDOWS\system32\dpvsetup.exe"=
"c:\Program Files\Freeplayer\vlc\vlc.exe"=
"c:\Program Files\VideoLAN\VLC\vlc.exe"=
"c:\Program Files\Vuze\Azureus.exe"=
"c:\Program Files\Deluge\Deluge-Python\deluge.exe"=
"c:\Program Files\uTorrent\uTorrent.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [14/08/2008 22:29 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14/08/2008 22:29 20560]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [01/05/2010 13:58 271728]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - DRIVERHARDWAREV2
*NewlyCreated* - MACONFSERVICE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.durable.com/recherche
uDefault_Search_URL = hxxp://www.durable.com/recherche
uSearchMigratedDefaultURL = hxxp://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q={searchTerms}
mStart Page = hxxp://www.durable.com/recherche
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.durable.com/recherche
uSearchURL,(Default) = hxxp://www.durable.com/recherche
IE: Compare Prices with &Dealio - c:\documents and settings\benben\Application Data\Dealio\kb127es\DealioSearch.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\documents and settings\benben\Application Data\Mozilla\Firefox\Profiles\zyz9rq1h.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://imp.free.fr/
FF - prefs.js: keyword.URL - hxxp://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q=
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer
pzylomgamesplayer.dll
FF - plugin: c:\documents and settings\benben\Application Data\Mozilla\Firefox\Profiles\zyz9rq1h.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins
p_gp.dll
FF - plugin: c:\program files\ma-config.com
phardwaredetection.dll
FF - plugin: c:\program files\Microsoft\Office Live
pOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/new/?redirect_source=firefox-com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-WinUsr - c:\program files\Winsudate\gibusr.exe
HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
AddRemove-qtxbeh - c:\documents and settings\benben\local settings\application data\qtxbeh.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-08 20:37
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LVUSBSta]
"ImagePath"="system32\drivers\LVUSBSta.sys"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2010-05-08  20:39:29
ComboFix-quarantined-files.txt  2010-05-08 18:39

Avant-CF: 94 984 818 688 octets libres
Après-CF: 96 088 756 224 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP  dition familiale" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 64FE3768E989E26E7DE2F382475EDB39

archet9 · Answer

Re |==>/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour cet ordinateur/!\<==| |===========>il est fort déconseillé de le transposer sur un autre ordinateur !<==========| ----------------------------------------------------------------------------------------------- Toujours avec toutes les protections désactivées, fais ceci : * Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes) * Copie/colle dans le bloc-notes ce qui est entre les lignes ci dessous (sans les lignes) : ---------------------------------------------------------- KillAll:: Driver:: LVUSBSta Registry:: [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LVUSBSta] "ImagePath"="system32\drivers\LVUSBSta.sys" Rootkit :: c:\windows\system32\drivers\lvusbsta.sys ----------------------------------------------------------------- * Enregistre ce fichier sur ton Bureau (et pas ailleurs !) Sous le nom CFScript.txt * Quitte le Bloc Notes * Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) comme sur ce lien : http://img517.imageshack.us/img517/8662/cfscript10uc2.gif * Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé. * Une fois le scan achevé, un rapport va s'afficher: poste son contenu. * Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt @+

loran12 · Answer

as tu recu le rapport rien ne s'affiche

loran12 · Answer

ComboFix 10-05-07.07 - benben 08/05/2010  21:15:35.2.1 - x86
Microsoft Windows XP Édition familiale  5.1.2600.3.1252.33.1036.18.1982.1414 [GMT 2:00]
Lancé depuis: c:\documents and settings\benben\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\benben\Bureau\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100508-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((   Pilotes/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_LVUSBSta


(((((((((((((((((((((((((((((   Fichiers créés du 2010-04-08 au 2010-05-08  ))))))))))))))))))))))))))))))))))))
.

2010-05-08 17:24 . 2010-05-08 18:00	--------	d-----w-	C:\FyK
2010-05-08 16:43 . 2010-05-08 16:43	--------	d-----w-	c:\program files\ma-config.com
2010-05-08 16:43 . 2010-05-08 16:43	--------	d-----w-	c:\documents and settings\All Users\Application Data\ma-config.com
2010-05-08 16:07 . 2007-05-09 07:40	15872	----a-r-	c:\windows\system32\RtkCoInst.dll
2010-05-08 16:07 . 2007-05-03 02:01	180224	----a-r-	c:\windows\system32\SRSTSHD.dll
2010-05-08 16:07 . 2007-04-16 08:09	167936	----a-r-	c:\windows\system32\SRSHP360.dll
2010-05-08 16:07 . 2007-04-12 23:08	135168	----a-r-	c:\windows\system32\SRSWOW.dll
2010-05-08 16:07 . 2007-03-23 06:34	266240	----a-r-	c:\windows\system32\RtkApoApi.dll
2010-05-08 16:07 . 2007-05-08 12:13	532480	----a-r-	c:\windows\system32\RtkPgExt.dll
2010-05-08 16:07 . 2006-12-13 01:30	339968	----a-r-	c:\windows\system32\SRSTSXT.dll
2010-05-08 16:07 . 2007-05-02 05:02	1911808	----a-r-	c:\windows\system32\RtkAPO.dll
2010-05-08 16:07 . 2007-05-10 08:10	4468736	----a-r-	c:\windows\RtHDVCpl.exe
2010-05-08 16:07 . 2007-05-10 09:25	1775712	----a-r-	c:\windows\system32\drivers\RTKVHDA.sys
2010-05-05 18:26 . 2008-04-13 18:40	34688	-c--a-w-	c:\windows\system32\dllcache\lbrtfdc.sys
2010-05-05 18:26 . 2008-04-13 18:40	34688	----a-w-	c:\windows\system32\drivers\lbrtfdc.sys
2010-05-05 18:24 . 2008-04-13 18:41	8576	-c--a-w-	c:\windows\system32\dllcache\i2omgmt.sys
2010-05-05 18:24 . 2008-04-13 18:41	8576	----a-w-	c:\windows\system32\drivers\i2omgmt.sys
2010-05-05 18:23 . 2008-04-13 18:40	8192	-c--a-w-	c:\windows\system32\dllcache\changer.sys
2010-04-29 19:18 . 2010-04-29 19:18	1190400	----a-w-	c:\documents and settings\benben\Application Data\Dealio\dinstallhelper.3E9FB0BF059147B1BECBD3E9B553787D.dll
2010-04-28 18:11 . 2010-04-29 17:08	--------	d-----w-	c:\documents and settings\benben\Application Data\FileZilla
2010-04-28 18:10 . 2010-04-28 18:10	--------	d-----w-	c:\program files\WalterShop.com
2010-04-25 07:15 . 2010-04-25 07:15	--------	d-----w-	c:\program files\TuneUpMedia
2010-04-25 07:15 . 2010-04-25 07:15	--------	d-----w-	c:\documents and settings\benben\Application Data\TuneUpMedia
2010-04-25 07:15 . 2010-04-25 07:15	--------	d-----w-	c:\documents and settings\All Users\Application Data\TuneUpMedia
2010-04-24 16:11 . 2010-04-24 16:11	--------	d-----w-	c:\program files\uTorrent
2010-04-24 16:11 . 2010-05-08 19:20	--------	d-----w-	c:\documents and settings\benben\Application Data\uTorrent
2010-04-24 15:59 . 2010-04-24 16:04	--------	d-----w-	c:\documents and settings\benben\Application Data\gtk-2.0
2010-04-24 15:55 . 2010-04-24 16:07	--------	d-----w-	c:\documents and settings\benben\Application Data\deluge
2010-04-24 15:55 . 2010-04-24 16:05	--------	d-----w-	c:\program files\GTK2-Runtime
2010-04-24 15:53 . 2010-04-24 16:05	--------	d-----w-	c:\program files\Deluge
2010-04-19 11:34 . 2008-06-10 12:00	26112	----a-w-	c:\documents and settings\benben\Application Data\Mozilla\Firefox\Profiles\zyz9rq1h.default\extensions\deezermsn@akryus.net\msnwial2.exe
2010-04-18 16:52 . 2010-04-18 16:52	--------	d-----w-	c:\program files\UnifiedToolbar
2010-04-17 15:00 . 2010-04-17 15:00	--------	d-----w-	c:\program files\Freeplayer

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-08 19:23 . 2007-10-12 01:00	859648	----a-w-	c:\windows\system32\drivers\lvusbsta.sys
2010-05-08 16:00 . 2010-03-26 18:32	--------	d-----w-	c:\documents and settings\benben\Application Data\vlc
2010-05-08 15:59 . 2008-08-14 17:07	15600	----a-w-	c:\windows\gdrv.sys
2010-05-05 18:26 . 2008-08-25 17:20	859648	----a-w-	c:\windows\system32\drivers
abtsfec.sys
2010-05-05 18:26 . 2008-08-25 17:20	859648	----a-w-	c:\windows\system32\drivers\mstee.sys
2010-05-05 18:26 . 2008-08-14 17:18	859648	----a-w-	c:\windows\system32\drivers\mspqm.sys
2010-05-05 18:26 . 2008-08-14 17:18	859648	----a-w-	c:\windows\system32\drivers\mspclock.sys
2010-05-05 18:26 . 2004-08-19 15:52	859648	----a-w-	c:\windows\system32\drivers\Modem.sys
2010-05-05 18:25 . 2010-05-05 18:26	859648	----a-w-	c:\windows\system32\drivers\OLD9E.tmp
2010-05-05 18:22 . 2010-05-05 18:22	16	----a-w-	c:\documents and settings\benben\Application Data\qvjsge.dat
2010-05-05 05:58 . 2009-12-14 20:01	--------	d-----w-	c:\documents and settings\benben\Application Data\Azureus
2010-04-30 17:48 . 2009-01-01 08:54	--------	d-----w-	c:\documents and settings\benben\Application Data\dvdcss
2010-04-29 19:18 . 2009-04-21 21:01	--------	d-----w-	c:\program files\Bonjour
2010-04-29 19:14 . 2009-04-21 20:59	--------	d-----w-	c:\program files\Apple Software Update
2010-04-29 19:13 . 2009-04-21 20:58	--------	d-----w-	c:\program files\Fichiers communs\Apple
2010-04-25 07:23 . 2009-12-14 20:01	--------	d-----w-	c:\program files\Vuze
2010-04-25 07:15 . 2009-11-07 19:01	--------	d-----w-	c:\program files\iTunes
2010-04-24 14:47 . 2010-01-15 14:57	1	----a-w-	c:\documents and settings\benben\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-19 18:08 . 2009-05-16 20:53	--------	d-----w-	c:\documents and settings\benben\Application Data\agi
2010-04-18 16:53 . 2009-05-16 20:52	--------	d-----w-	c:\program files\AGI
2010-04-18 16:53 . 2009-05-16 20:53	--------	d-----w-	c:\program files\Kiwee Toolbar
2010-04-18 16:52 . 2009-05-16 20:53	--------	d-----w-	c:\documents and settings\All Users\Application Data\agi
2010-04-14 19:32 . 2008-08-15 14:58	--------	d-----w-	c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-12 11:21 . 2006-03-02 12:00	94868	----a-w-	c:\windows\system32\perfc00C.dat
2010-04-12 11:21 . 2006-03-02 12:00	514928	----a-w-	c:\windows\system32\perfh00C.dat
2010-04-09 06:50 . 2008-09-01 20:32	--------	d-----w-	c:\program files\Fichiers communs\Adobe
2010-04-04 17:23 . 2008-09-13 18:57	--------	d-----w-	c:\program files\Fichiers communs\Java
2010-04-04 17:22 . 2010-04-04 17:22	503808	----a-w-	c:\documents and settings\benben\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-347efc12-n\msvcp71.dll
2010-04-04 17:22 . 2010-04-04 17:22	499712	----a-w-	c:\documents and settings\benben\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-347efc12-n\jmc.dll
2010-04-04 17:22 . 2010-04-04 17:22	348160	----a-w-	c:\documents and settings\benben\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-347efc12-n\msvcr71.dll
2010-04-04 17:22 . 2010-04-04 17:22	61440	----a-w-	c:\documents and settings\benben\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-74c83d55-n\decora-sse.dll
2010-04-04 17:22 . 2010-04-04 17:22	12800	----a-w-	c:\documents and settings\benben\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-74c83d55-n\decora-d3d.dll
2010-04-04 17:22 . 2008-09-13 18:58	--------	d-----w-	c:\program files\Java
2010-03-28 16:06 . 2010-01-20 16:18	--------	d-----w-	c:\program files\NirSoft
2010-03-23 17:24 . 2008-08-27 07:26	--------	d-----w-	c:\program files\PhotoFiltre
2010-03-15 19:17 . 2009-09-01 19:18	--------	d-----w-	c:\program files\Free Video Converter
2010-03-09 11:10 . 2006-03-02 12:00	430080	----a-w-	c:\windows\system32\vbscript.dll
2010-03-09 02:28 . 2009-04-14 18:33	411368	----a-w-	c:\windows\system32\deploytk.dll
2010-02-26 05:42 . 2006-03-02 12:00	671232	----a-w-	c:\windows\system32\wininet.dll
2010-02-26 05:42 . 2006-03-02 12:00	81920	----a-w-	c:\windows\system32\ieencode.dll
2010-02-24 13:11 . 2006-03-02 12:00	455680	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 12:07 . 2006-03-02 12:00	2192000	----a-w-	c:\windows\system32
toskrnl.exe
2010-02-16 19:07 . 2004-08-19 16:04	2068864	----a-w-	c:\windows\system32
tkrnlpa.exe
2010-02-12 10:03 . 2010-03-12 07:56	293376	------w-	c:\windows\system32\browserchoice.exe
2010-02-12 04:34 . 2006-03-02 12:00	100864	----a-w-	c:\windows\system32\6to4svc.dll
2010-02-11 17:06 . 2010-02-11 17:06	86016	----a-w-	c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\Zylom\DressShopHop\fr-FR\ZylomHost.exe
2010-02-11 17:06 . 2010-02-11 17:06	49152	----a-w-	c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\Zylom\DressShopHop\fr-FR\ZylomAdapter.dll
2010-02-11 17:06 . 2010-02-11 17:06	2060288	----a-w-	c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\Zylom\DressShopHop\fr-FR\DressShopHop.exe
2010-02-11 12:02 . 2006-03-02 12:00	226880	----a-w-	c:\windows\system32\drivers	cpip6.sys
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "mscoree.dll" [2008-07-25 282112]

[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agihelper.AGUtils]
[HKEY_CLASSES_ROOT\TypeLib\{647B16D8-AD7B-4983-82D7-82A270FC9E6D}]
[HKEY_CLASSES_ROOT\agcutils.AGSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
2008-07-25 09:16	282112	----a-w-	c:\windows\system32\mscoree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1c99b848-84cb-4ce4-8cd8-ed5719484d9f}"= "mscoree.dll" [2008-07-25 282112]
"{9ec204df-0e48-4c32-816e-2e928a4fd9c2}"= "mscoree.dll" [2008-07-25 282112]

[HKEY_CLASSES_ROOT\clsid\{1c99b848-84cb-4ce4-8cd8-ed5719484d9f}]
[HKEY_CLASSES_ROOT\UnifiedToolbar.UnifiedToolbar]

[HKEY_CLASSES_ROOT\clsid\{9ec204df-0e48-4c32-816e-2e928a4fd9c2}]
[HKEY_CLASSES_ROOT\IEToolbar.Toolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"MediaDicoAnglais"="c:\program files\Micro Application\MediaDICO Anglais\MediaDICOAnglais.exe" [2001-04-26 221184]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-04-24 321328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 16342528]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]
"KiweeHook"="c:\program files\Kiwee Toolbar\3.2\kwtbaim.exe" [2009-11-25 56544]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\benben\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\benben\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\benben\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\benben\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\Messenger\msmsgs.exe"=
"c:\Program Files\Shareaza\Shareaza.exe"=
"c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\Program Files\Bonjour\mDNSResponder.exe"=
"c:\Program Files\Windows Live\Messenger\msnmsgr.exe"=
"c:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"=
"c:\Program Files\iTunes\iTunes.exe"=
"c:\WINDOWS\system32\dpvsetup.exe"=
"c:\Program Files\Freeplayer\vlc\vlc.exe"=
"c:\Program Files\VideoLAN\VLC\vlc.exe"=
"c:\Program Files\Vuze\Azureus.exe"=
"c:\Program Files\Deluge\Deluge-Python\deluge.exe"=
"c:\Program Files\uTorrent\uTorrent.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [14/08/2008 22:29 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14/08/2008 22:29 20560]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [01/05/2010 13:58 271728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.durable.com/recherche
uDefault_Search_URL = hxxp://www.durable.com/recherche
uSearchMigratedDefaultURL = hxxp://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q={searchTerms}
mStart Page = hxxp://www.durable.com/recherche
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.durable.com/recherche
uSearchURL,(Default) = hxxp://www.durable.com/recherche
IE: Compare Prices with &Dealio - c:\documents and settings\benben\Application Data\Dealio\kb127es\DealioSearch.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\documents and settings\benben\Application Data\Mozilla\Firefox\Profiles\zyz9rq1h.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://imp.free.fr/
FF - prefs.js: keyword.URL - hxxp://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q=
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer
pzylomgamesplayer.dll
FF - plugin: c:\documents and settings\benben\Application Data\Mozilla\Firefox\Profiles\zyz9rq1h.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins
p_gp.dll
FF - plugin: c:\program files\ma-config.com
phardwaredetection.dll
FF - plugin: c:\program files\Microsoft\Office Live
pOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/new/?redirect_source=firefox-com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-08 21:19
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LVUSBSta]
"ImagePath"="system32\drivers\LVUSBSta.sys"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2532)
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\windows\RTHDCPL.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\Fichiers communs\Nero\Lib\NMIndexingService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2010-05-08  21:25:48 - La machine a redémarré
ComboFix-quarantined-files.txt  2010-05-08 19:25
ComboFix2.txt  2010-05-08 18:39

Avant-CF: 96 104 943 616 octets libres
Après-CF: 95 964 442 624 octets libres

- - End Of File - - E99B7E06DF59E47D0A0A42BD7112C77D

loran12 · Answer

j'ai eu un message d'avast lors du redémarage me signifiant qu'un rootkit avait été trouvé mais je n''ai plus la fin du lieu quand j'ai posté le rapport la première fois ca n'a pas marché et je n'avais pas noté tout le message d'avast...

archet9 · Answer

Fais un scan avec cet antispyware : 
Malwarebytes + tutoriel
 
Tu l'installes; mets le a jour...(onglet mise a jour)
Click maintenant sur l'onglet recherche et coche la case :
 "Executer un examen rapide".
Puis click sur "rechercher". 
Laisses le scanner le pc...
A la fin du scan, clique sur Afficher les résultats 
Si des elements on ete trouvés : 
> click sur supprimer la selection.
si il t'es demandé de redemarrer > click sur "oui".
A la fin un rapport va s'ouvrir; 
sauvegarde le de maniere a le retrouver en vue de le poster sur le forum.
Copies et colles le rapport stp.  

a+

loran12 · Answer

mbmam m'a signifié qu'il ne pouvait pas tout supprimé





Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4079

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

08/05/2010 23:11:38
mbam-log-2010-05-08 (23-11-38).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 120787
Temps écoulé: 5 minute(s), 12 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\drivers\lvusbsta.sys (Rootkit.Agent) -> Delete on reboot.

archet9 · Answer

C:\WINDOWS\system32\drivers\lvusbsta.sys (Rootkit.Agent) -> Delete on reboot.
==> J'espère...

Relance COMBOFIX stp

a+

loran12 · Answer

ComboFix 10-05-07.07 - benben 08/05/2010  23:42:05.3.1 - x86
Microsoft Windows XP Édition familiale  5.1.2600.3.1252.33.1036.18.1982.1483 [GMT 2:00]
Lancé depuis: c:\documents and settings\benben\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100508-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((   Fichiers créés du 2010-04-08 au 2010-05-08  ))))))))))))))))))))))))))))))))))))
.

2010-05-08 17:24 . 2010-05-08 18:00	--------	d-----w-	C:\FyK
2010-05-08 16:43 . 2010-05-08 16:43	--------	d-----w-	c:\program files\ma-config.com
2010-05-08 16:43 . 2010-05-08 16:43	--------	d-----w-	c:\documents and settings\All Users\Application Data\ma-config.com
2010-05-08 16:07 . 2007-05-09 07:40	15872	----a-r-	c:\windows\system32\RtkCoInst.dll
2010-05-08 16:07 . 2007-05-03 02:01	180224	----a-r-	c:\windows\system32\SRSTSHD.dll
2010-05-08 16:07 . 2007-04-16 08:09	167936	----a-r-	c:\windows\system32\SRSHP360.dll
2010-05-08 16:07 . 2007-04-12 23:08	135168	----a-r-	c:\windows\system32\SRSWOW.dll
2010-05-08 16:07 . 2007-03-23 06:34	266240	----a-r-	c:\windows\system32\RtkApoApi.dll
2010-05-08 16:07 . 2007-05-08 12:13	532480	----a-r-	c:\windows\system32\RtkPgExt.dll
2010-05-08 16:07 . 2006-12-13 01:30	339968	----a-r-	c:\windows\system32\SRSTSXT.dll
2010-05-08 16:07 . 2007-05-02 05:02	1911808	----a-r-	c:\windows\system32\RtkAPO.dll
2010-05-08 16:07 . 2007-05-10 08:10	4468736	----a-r-	c:\windows\RtHDVCpl.exe
2010-05-08 16:07 . 2007-05-10 09:25	1775712	----a-r-	c:\windows\system32\drivers\RTKVHDA.sys
2010-05-05 18:26 . 2008-04-13 18:40	34688	-c--a-w-	c:\windows\system32\dllcache\lbrtfdc.sys
2010-05-05 18:26 . 2008-04-13 18:40	34688	----a-w-	c:\windows\system32\drivers\lbrtfdc.sys
2010-05-05 18:24 . 2008-04-13 18:41	8576	-c--a-w-	c:\windows\system32\dllcache\i2omgmt.sys
2010-05-05 18:24 . 2008-04-13 18:41	8576	----a-w-	c:\windows\system32\drivers\i2omgmt.sys
2010-05-05 18:23 . 2008-04-13 18:40	8192	-c--a-w-	c:\windows\system32\dllcache\changer.sys
2010-04-29 19:18 . 2010-04-29 19:18	1190400	----a-w-	c:\documents and settings\benben\Application Data\Dealio\dinstallhelper.3E9FB0BF059147B1BECBD3E9B553787D.dll
2010-04-28 18:11 . 2010-04-29 17:08	--------	d-----w-	c:\documents and settings\benben\Application Data\FileZilla
2010-04-28 18:10 . 2010-04-28 18:10	--------	d-----w-	c:\program files\WalterShop.com
2010-04-25 07:15 . 2010-04-25 07:15	--------	d-----w-	c:\program files\TuneUpMedia
2010-04-25 07:15 . 2010-04-25 07:15	--------	d-----w-	c:\documents and settings\benben\Application Data\TuneUpMedia
2010-04-25 07:15 . 2010-04-25 07:15	--------	d-----w-	c:\documents and settings\All Users\Application Data\TuneUpMedia
2010-04-24 16:11 . 2010-04-24 16:11	--------	d-----w-	c:\program files\uTorrent
2010-04-24 16:11 . 2010-05-08 21:19	--------	d-----w-	c:\documents and settings\benben\Application Data\uTorrent
2010-04-24 15:59 . 2010-04-24 16:04	--------	d-----w-	c:\documents and settings\benben\Application Data\gtk-2.0
2010-04-24 15:55 . 2010-04-24 16:07	--------	d-----w-	c:\documents and settings\benben\Application Data\deluge
2010-04-24 15:55 . 2010-04-24 16:05	--------	d-----w-	c:\program files\GTK2-Runtime
2010-04-24 15:53 . 2010-04-24 16:05	--------	d-----w-	c:\program files\Deluge
2010-04-19 11:34 . 2008-06-10 12:00	26112	----a-w-	c:\documents and settings\benben\Application Data\Mozilla\Firefox\Profiles\zyz9rq1h.default\extensions\deezermsn@akryus.net\msnwial2.exe
2010-04-18 16:52 . 2010-04-18 16:52	--------	d-----w-	c:\program files\UnifiedToolbar
2010-04-17 15:00 . 2010-04-17 15:00	--------	d-----w-	c:\program files\Freeplayer

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-08 21:37 . 2008-08-14 17:17	--------	d-----w-	c:\program files\Realtek
2010-05-08 21:04 . 2009-11-26 10:04	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-05-08 16:00 . 2010-03-26 18:32	--------	d-----w-	c:\documents and settings\benben\Application Data\vlc
2010-05-08 15:59 . 2008-08-14 17:07	15600	----a-w-	c:\windows\gdrv.sys
2010-05-05 18:26 . 2008-08-25 17:20	859648	----a-w-	c:\windows\system32\drivers
abtsfec.sys
2010-05-05 18:26 . 2008-08-25 17:20	859648	----a-w-	c:\windows\system32\drivers\mstee.sys
2010-05-05 18:26 . 2008-08-14 17:18	859648	----a-w-	c:\windows\system32\drivers\mspqm.sys
2010-05-05 18:22 . 2010-05-05 18:22	16	----a-w-	c:\documents and settings\benben\Application Data\qvjsge.dat
2010-05-05 05:58 . 2009-12-14 20:01	--------	d-----w-	c:\documents and settings\benben\Application Data\Azureus
2010-04-30 17:48 . 2009-01-01 08:54	--------	d-----w-	c:\documents and settings\benben\Application Data\dvdcss
2010-04-29 19:18 . 2009-04-21 21:01	--------	d-----w-	c:\program files\Bonjour
2010-04-29 19:14 . 2009-04-21 20:59	--------	d-----w-	c:\program files\Apple Software Update
2010-04-29 19:13 . 2009-04-21 20:58	--------	d-----w-	c:\program files\Fichiers communs\Apple
2010-04-29 13:39 . 2009-11-26 10:04	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2009-11-26 10:04	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-04-25 07:23 . 2009-12-14 20:01	--------	d-----w-	c:\program files\Vuze
2010-04-25 07:15 . 2009-11-07 19:01	--------	d-----w-	c:\program files\iTunes
2010-04-24 14:47 . 2010-01-15 14:57	1	----a-w-	c:\documents and settings\benben\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-19 18:08 . 2009-05-16 20:53	--------	d-----w-	c:\documents and settings\benben\Application Data\agi
2010-04-18 16:53 . 2009-05-16 20:52	--------	d-----w-	c:\program files\AGI
2010-04-18 16:53 . 2009-05-16 20:53	--------	d-----w-	c:\program files\Kiwee Toolbar
2010-04-18 16:52 . 2009-05-16 20:53	--------	d-----w-	c:\documents and settings\All Users\Application Data\agi
2010-04-14 19:32 . 2008-08-15 14:58	--------	d-----w-	c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-12 11:21 . 2006-03-02 12:00	94868	----a-w-	c:\windows\system32\perfc00C.dat
2010-04-12 11:21 . 2006-03-02 12:00	514928	----a-w-	c:\windows\system32\perfh00C.dat
2010-04-09 06:50 . 2008-09-01 20:32	--------	d-----w-	c:\program files\Fichiers communs\Adobe
2010-04-04 17:23 . 2008-09-13 18:57	--------	d-----w-	c:\program files\Fichiers communs\Java
2010-04-04 17:22 . 2010-04-04 17:22	503808	----a-w-	c:\documents and settings\benben\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-347efc12-n\msvcp71.dll
2010-04-04 17:22 . 2010-04-04 17:22	499712	----a-w-	c:\documents and settings\benben\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-347efc12-n\jmc.dll
2010-04-04 17:22 . 2010-04-04 17:22	348160	----a-w-	c:\documents and settings\benben\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-347efc12-n\msvcr71.dll
2010-04-04 17:22 . 2010-04-04 17:22	61440	----a-w-	c:\documents and settings\benben\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-74c83d55-n\decora-sse.dll
2010-04-04 17:22 . 2010-04-04 17:22	12800	----a-w-	c:\documents and settings\benben\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-74c83d55-n\decora-d3d.dll
2010-04-04 17:22 . 2008-09-13 18:58	--------	d-----w-	c:\program files\Java
2010-03-28 16:06 . 2010-01-20 16:18	--------	d-----w-	c:\program files\NirSoft
2010-03-23 17:24 . 2008-08-27 07:26	--------	d-----w-	c:\program files\PhotoFiltre
2010-03-15 19:17 . 2009-09-01 19:18	--------	d-----w-	c:\program files\Free Video Converter
2010-03-09 11:10 . 2006-03-02 12:00	430080	----a-w-	c:\windows\system32\vbscript.dll
2010-03-09 02:28 . 2009-04-14 18:33	411368	----a-w-	c:\windows\system32\deploytk.dll
2010-02-26 05:42 . 2006-03-02 12:00	671232	----a-w-	c:\windows\system32\wininet.dll
2010-02-26 05:42 . 2006-03-02 12:00	81920	----a-w-	c:\windows\system32\ieencode.dll
2010-02-24 13:11 . 2006-03-02 12:00	455680	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 12:07 . 2006-03-02 12:00	2192000	----a-w-	c:\windows\system32
toskrnl.exe
2010-02-16 19:07 . 2004-08-19 16:04	2068864	----a-w-	c:\windows\system32
tkrnlpa.exe
2010-02-12 10:03 . 2010-03-12 07:56	293376	------w-	c:\windows\system32\browserchoice.exe
2010-02-12 04:34 . 2006-03-02 12:00	100864	----a-w-	c:\windows\system32\6to4svc.dll
2010-02-11 17:06 . 2010-02-11 17:06	86016	----a-w-	c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\Zylom\DressShopHop\fr-FR\ZylomHost.exe
2010-02-11 17:06 . 2010-02-11 17:06	49152	----a-w-	c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\Zylom\DressShopHop\fr-FR\ZylomAdapter.dll
2010-02-11 17:06 . 2010-02-11 17:06	2060288	----a-w-	c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\Zylom\DressShopHop\fr-FR\DressShopHop.exe
2010-02-11 12:02 . 2006-03-02 12:00	226880	----a-w-	c:\windows\system32\drivers	cpip6.sys
.

(((((((((((((((((((((((((((((   SnapShot@2010-05-08_18.37.45   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-08 21:17 . 2010-05-08 21:17	16384              c:\windows\Temp\Perflib_Perfdata_5e4.dat
+ 2010-05-08 21:17 . 2010-05-08 21:17	16384              c:\windows\Temp\Perflib_Perfdata_200.dat
+ 2004-08-19 15:52 . 2008-04-14 01:53	30336              c:\windows\system32\drivers\modem.sys
+ 2004-08-19 15:52 . 2008-04-14 01:53	30336              c:\windows\system32\dllcache\modem.sys
+ 2008-08-14 17:18 . 2008-04-13 18:39	5376              c:\windows\system32\drivers\mspclock.sys
+ 2008-08-14 17:18 . 2008-04-13 18:39	5376              c:\windows\system32\dllcache\mspclock.sys
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "mscoree.dll" [2008-07-25 282112]

[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agihelper.AGUtils]
[HKEY_CLASSES_ROOT\TypeLib\{647B16D8-AD7B-4983-82D7-82A270FC9E6D}]
[HKEY_CLASSES_ROOT\agcutils.AGSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
2008-07-25 09:16	282112	----a-w-	c:\windows\system32\mscoree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1c99b848-84cb-4ce4-8cd8-ed5719484d9f}"= "mscoree.dll" [2008-07-25 282112]
"{9ec204df-0e48-4c32-816e-2e928a4fd9c2}"= "mscoree.dll" [2008-07-25 282112]

[HKEY_CLASSES_ROOT\clsid\{1c99b848-84cb-4ce4-8cd8-ed5719484d9f}]
[HKEY_CLASSES_ROOT\UnifiedToolbar.UnifiedToolbar]

[HKEY_CLASSES_ROOT\clsid\{9ec204df-0e48-4c32-816e-2e928a4fd9c2}]
[HKEY_CLASSES_ROOT\IEToolbar.Toolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"MediaDicoAnglais"="c:\program files\Micro Application\MediaDICO Anglais\MediaDICOAnglais.exe" [2001-04-26 221184]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-04-24 321328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 16342528]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]
"KiweeHook"="c:\program files\Kiwee Toolbar\3.2\kwtbaim.exe" [2009-11-25 56544]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\benben\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\benben\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\benben\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\benben\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\Messenger\msmsgs.exe"=
"c:\Program Files\Shareaza\Shareaza.exe"=
"c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\Program Files\Bonjour\mDNSResponder.exe"=
"c:\Program Files\Windows Live\Messenger\msnmsgr.exe"=
"c:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"=
"c:\Program Files\iTunes\iTunes.exe"=
"c:\WINDOWS\system32\dpvsetup.exe"=
"c:\Program Files\Freeplayer\vlc\vlc.exe"=
"c:\Program Files\VideoLAN\VLC\vlc.exe"=
"c:\Program Files\Vuze\Azureus.exe"=
"c:\Program Files\Deluge\Deluge-Python\deluge.exe"=
"c:\Program Files\uTorrent\uTorrent.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [14/08/2008 22:29 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14/08/2008 22:29 20560]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [01/05/2010 13:58 271728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.durable.com/recherche
uDefault_Search_URL = hxxp://www.durable.com/recherche
uSearchMigratedDefaultURL = hxxp://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q={searchTerms}
mStart Page = hxxp://www.durable.com/recherche
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.durable.com/recherche
uSearchURL,(Default) = hxxp://www.durable.com/recherche
IE: Compare Prices with &Dealio - c:\documents and settings\benben\Application Data\Dealio\kb127es\DealioSearch.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\documents and settings\benben\Application Data\Mozilla\Firefox\Profiles\zyz9rq1h.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://imp.free.fr/
FF - prefs.js: keyword.URL - hxxp://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q=
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer
pzylomgamesplayer.dll
FF - plugin: c:\documents and settings\benben\Application Data\Mozilla\Firefox\Profiles\zyz9rq1h.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins
p_gp.dll
FF - plugin: c:\program files\ma-config.com
phardwaredetection.dll
FF - plugin: c:\program files\Microsoft\Office Live
pOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/new/?redirect_source=firefox-com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-08 23:48
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(644)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(212)
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Heure de fin: 2010-05-08  23:50:00
ComboFix-quarantined-files.txt  2010-05-08 21:49
ComboFix2.txt  2010-05-08 19:25
ComboFix3.txt  2010-05-08 18:39

Avant-CF: 96 399 831 040 octets libres
Après-CF: 96 365 203 456 octets libres

- - End Of File - - E8A0A1DD71F8B46EB4051C10532731B5

archet9 · Answer

Comment se comporte le pc stp++a+

loran12 · Answer

normal sauf que je n'ai plus de son et tout a l'heure avast a détecté des rotkit dans OLD9E et Modem.sys et mspclock

archet9 · Answer

|==>/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour cet ordinateur/!\<==| |===========>il est fort déconseillé de le transposer sur un autre ordinateur !<==========| ----------------------------------------------------------------------------------------------- Toujours avec toutes les protections désactivées, fais ceci : * Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes) * Copie/colle dans le bloc-notes ce qui est entre les lignes ci dessous (sans les lignes) : ---------------------------------------------------------- KillAll:: File:: c:\program files\kiwee toolbar\3.2\kwtbaim.exe ----------------------------------------------------------------- * Enregistre ce fichier sur ton Bureau (et pas ailleurs !) Sous le nom CFScript.txt * Quitte le Bloc Notes * Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) comme sur ce lien : http://img517.imageshack.us/img517/8662/cfscript10uc2.gif * Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé. * Une fois le scan achevé, un rapport va s'afficher: poste son contenu. * Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt

loran12 · Answer

ComboFix 10-05-07.07 - benben 09/05/2010   0:49.4.1 - x86
Microsoft Windows XP Édition familiale  5.1.2600.3.1252.33.1036.18.1982.1384 [GMT 2:00]
Lancé depuis: c:\documents and settings\benben\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\benben\Bureau\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100508-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\program files\kiwee toolbar\3.2\kwtbaim.exe"
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\kiwee toolbar\3.2\kwtbaim.exe

.
(((((((((((((((((((((((((((((   Fichiers créés du 2010-04-08 au 2010-05-08  ))))))))))))))))))))))))))))))))))))
.

2010-05-08 17:24 . 2010-05-08 18:00	--------	d-----w-	C:\FyK
2010-05-08 16:43 . 2010-05-08 16:43	--------	d-----w-	c:\program files\ma-config.com
2010-05-08 16:43 . 2010-05-08 16:43	--------	d-----w-	c:\documents and settings\All Users\Application Data\ma-config.com
2010-05-08 16:07 . 2007-05-09 07:40	15872	----a-r-	c:\windows\system32\RtkCoInst.dll
2010-05-08 16:07 . 2007-05-03 02:01	180224	----a-r-	c:\windows\system32\SRSTSHD.dll
2010-05-08 16:07 . 2007-04-16 08:09	167936	----a-r-	c:\windows\system32\SRSHP360.dll
2010-05-08 16:07 . 2007-04-12 23:08	135168	----a-r-	c:\windows\system32\SRSWOW.dll
2010-05-08 16:07 . 2007-03-23 06:34	266240	----a-r-	c:\windows\system32\RtkApoApi.dll
2010-05-08 16:07 . 2007-05-08 12:13	532480	----a-r-	c:\windows\system32\RtkPgExt.dll
2010-05-08 16:07 . 2006-12-13 01:30	339968	----a-r-	c:\windows\system32\SRSTSXT.dll
2010-05-08 16:07 . 2007-05-02 05:02	1911808	----a-r-	c:\windows\system32\RtkAPO.dll
2010-05-08 16:07 . 2007-05-10 08:10	4468736	----a-r-	c:\windows\RtHDVCpl.exe
2010-05-08 16:07 . 2007-05-10 09:25	1775712	----a-r-	c:\windows\system32\drivers\RTKVHDA.sys
2010-05-05 18:26 . 2008-04-13 18:40	34688	-c--a-w-	c:\windows\system32\dllcache\lbrtfdc.sys
2010-05-05 18:26 . 2008-04-13 18:40	34688	----a-w-	c:\windows\system32\drivers\lbrtfdc.sys
2010-05-05 18:24 . 2008-04-13 18:41	8576	-c--a-w-	c:\windows\system32\dllcache\i2omgmt.sys
2010-05-05 18:24 . 2008-04-13 18:41	8576	----a-w-	c:\windows\system32\drivers\i2omgmt.sys
2010-05-05 18:23 . 2008-04-13 18:40	8192	-c--a-w-	c:\windows\system32\dllcache\changer.sys
2010-04-28 18:11 . 2010-04-29 17:08	--------	d-----w-	c:\documents and settings\benben\Application Data\FileZilla
2010-04-28 18:10 . 2010-04-28 18:10	--------	d-----w-	c:\program files\WalterShop.com
2010-04-25 07:15 . 2010-04-25 07:15	--------	d-----w-	c:\program files\TuneUpMedia
2010-04-25 07:15 . 2010-04-25 07:15	--------	d-----w-	c:\documents and settings\benben\Application Data\TuneUpMedia
2010-04-25 07:15 . 2010-04-25 07:15	--------	d-----w-	c:\documents and settings\All Users\Application Data\TuneUpMedia
2010-04-24 16:11 . 2010-04-24 16:11	--------	d-----w-	c:\program files\uTorrent
2010-04-24 16:11 . 2010-05-08 22:54	--------	d-----w-	c:\documents and settings\benben\Application Data\uTorrent
2010-04-24 15:59 . 2010-04-24 16:04	--------	d-----w-	c:\documents and settings\benben\Application Data\gtk-2.0
2010-04-24 15:55 . 2010-04-24 16:07	--------	d-----w-	c:\documents and settings\benben\Application Data\deluge
2010-04-24 15:55 . 2010-04-24 16:05	--------	d-----w-	c:\program files\GTK2-Runtime
2010-04-24 15:53 . 2010-04-24 16:05	--------	d-----w-	c:\program files\Deluge
2010-04-18 16:52 . 2010-04-18 16:52	--------	d-----w-	c:\program files\UnifiedToolbar
2010-04-17 15:00 . 2010-04-17 15:00	--------	d-----w-	c:\program files\Freeplayer

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-08 21:37 . 2008-08-14 17:17	--------	d-----w-	c:\program files\Realtek
2010-05-08 21:04 . 2009-11-26 10:04	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-05-08 16:00 . 2010-03-26 18:32	--------	d-----w-	c:\documents and settings\benben\Application Data\vlc
2010-05-08 15:59 . 2008-08-14 17:07	15600	----a-w-	c:\windows\gdrv.sys
2010-05-05 18:26 . 2008-08-25 17:20	859648	----a-w-	c:\windows\system32\drivers
abtsfec.sys
2010-05-05 18:26 . 2008-08-25 17:20	859648	----a-w-	c:\windows\system32\drivers\mstee.sys
2010-05-05 18:26 . 2008-08-14 17:18	859648	----a-w-	c:\windows\system32\drivers\mspqm.sys
2010-05-05 18:22 . 2010-05-05 18:22	16	----a-w-	c:\documents and settings\benben\Application Data\qvjsge.dat
2010-05-05 05:58 . 2009-12-14 20:01	--------	d-----w-	c:\documents and settings\benben\Application Data\Azureus
2010-04-30 17:48 . 2009-01-01 08:54	--------	d-----w-	c:\documents and settings\benben\Application Data\dvdcss
2010-04-29 19:18 . 2010-04-29 19:18	1190400	----a-w-	c:\documents and settings\benben\Application Data\Dealio\dinstallhelper.3E9FB0BF059147B1BECBD3E9B553787D.dll
2010-04-29 19:18 . 2009-04-21 21:01	--------	d-----w-	c:\program files\Bonjour
2010-04-29 19:14 . 2009-04-21 20:59	--------	d-----w-	c:\program files\Apple Software Update
2010-04-29 19:13 . 2009-04-21 20:58	--------	d-----w-	c:\program files\Fichiers communs\Apple
2010-04-29 13:39 . 2009-11-26 10:04	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2009-11-26 10:04	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-04-25 07:23 . 2009-12-14 20:01	--------	d-----w-	c:\program files\Vuze
2010-04-25 07:15 . 2009-11-07 19:01	--------	d-----w-	c:\program files\iTunes
2010-04-24 14:47 . 2010-01-15 14:57	1	----a-w-	c:\documents and settings\benben\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-19 18:08 . 2009-05-16 20:53	--------	d-----w-	c:\documents and settings\benben\Application Data\agi
2010-04-18 16:53 . 2009-05-16 20:52	--------	d-----w-	c:\program files\AGI
2010-04-18 16:53 . 2009-05-16 20:53	--------	d-----w-	c:\program files\Kiwee Toolbar
2010-04-18 16:52 . 2009-05-16 20:53	--------	d-----w-	c:\documents and settings\All Users\Application Data\agi
2010-04-14 19:32 . 2008-08-15 14:58	--------	d-----w-	c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-12 11:21 . 2006-03-02 12:00	94868	----a-w-	c:\windows\system32\perfc00C.dat
2010-04-12 11:21 . 2006-03-02 12:00	514928	----a-w-	c:\windows\system32\perfh00C.dat
2010-04-09 06:50 . 2008-09-01 20:32	--------	d-----w-	c:\program files\Fichiers communs\Adobe
2010-04-04 17:23 . 2008-09-13 18:57	--------	d-----w-	c:\program files\Fichiers communs\Java
2010-04-04 17:22 . 2010-04-04 17:22	503808	----a-w-	c:\documents and settings\benben\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-347efc12-n\msvcp71.dll
2010-04-04 17:22 . 2010-04-04 17:22	499712	----a-w-	c:\documents and settings\benben\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-347efc12-n\jmc.dll
2010-04-04 17:22 . 2010-04-04 17:22	348160	----a-w-	c:\documents and settings\benben\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-347efc12-n\msvcr71.dll
2010-04-04 17:22 . 2010-04-04 17:22	61440	----a-w-	c:\documents and settings\benben\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-74c83d55-n\decora-sse.dll
2010-04-04 17:22 . 2010-04-04 17:22	12800	----a-w-	c:\documents and settings\benben\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-74c83d55-n\decora-d3d.dll
2010-04-04 17:22 . 2008-09-13 18:58	--------	d-----w-	c:\program files\Java
2010-03-28 16:06 . 2010-01-20 16:18	--------	d-----w-	c:\program files\NirSoft
2010-03-23 17:24 . 2008-08-27 07:26	--------	d-----w-	c:\program files\PhotoFiltre
2010-03-15 19:17 . 2009-09-01 19:18	--------	d-----w-	c:\program files\Free Video Converter
2010-03-09 11:10 . 2006-03-02 12:00	430080	----a-w-	c:\windows\system32\vbscript.dll
2010-03-09 02:28 . 2009-04-14 18:33	411368	----a-w-	c:\windows\system32\deploytk.dll
2010-02-26 05:42 . 2006-03-02 12:00	671232	----a-w-	c:\windows\system32\wininet.dll
2010-02-26 05:42 . 2006-03-02 12:00	81920	----a-w-	c:\windows\system32\ieencode.dll
2010-02-24 13:11 . 2006-03-02 12:00	455680	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 12:07 . 2006-03-02 12:00	2192000	----a-w-	c:\windows\system32
toskrnl.exe
2010-02-16 19:07 . 2004-08-19 16:04	2068864	----a-w-	c:\windows\system32
tkrnlpa.exe
2010-02-12 10:03 . 2010-03-12 07:56	293376	------w-	c:\windows\system32\browserchoice.exe
2010-02-12 04:34 . 2006-03-02 12:00	100864	----a-w-	c:\windows\system32\6to4svc.dll
2010-02-11 17:06 . 2010-02-11 17:06	86016	----a-w-	c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\Zylom\DressShopHop\fr-FR\ZylomHost.exe
2010-02-11 17:06 . 2010-02-11 17:06	49152	----a-w-	c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\Zylom\DressShopHop\fr-FR\ZylomAdapter.dll
2010-02-11 17:06 . 2010-02-11 17:06	2060288	----a-w-	c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\Zylom\DressShopHop\fr-FR\DressShopHop.exe
2010-02-11 12:02 . 2006-03-02 12:00	226880	----a-w-	c:\windows\system32\drivers	cpip6.sys
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "mscoree.dll" [2008-07-25 282112]

[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agihelper.AGUtils]
[HKEY_CLASSES_ROOT\TypeLib\{647B16D8-AD7B-4983-82D7-82A270FC9E6D}]
[HKEY_CLASSES_ROOT\agcutils.AGSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
2008-07-25 09:16	282112	----a-w-	c:\windows\system32\mscoree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1c99b848-84cb-4ce4-8cd8-ed5719484d9f}"= "mscoree.dll" [2008-07-25 282112]
"{9ec204df-0e48-4c32-816e-2e928a4fd9c2}"= "mscoree.dll" [2008-07-25 282112]

[HKEY_CLASSES_ROOT\clsid\{1c99b848-84cb-4ce4-8cd8-ed5719484d9f}]
[HKEY_CLASSES_ROOT\UnifiedToolbar.UnifiedToolbar]

[HKEY_CLASSES_ROOT\clsid\{9ec204df-0e48-4c32-816e-2e928a4fd9c2}]
[HKEY_CLASSES_ROOT\IEToolbar.Toolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"MediaDicoAnglais"="c:\program files\Micro Application\MediaDICO Anglais\MediaDICOAnglais.exe" [2001-04-26 221184]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-04-24 321328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 16342528]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\benben\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\benben\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\benben\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\benben\Menu D'marrer\Programmes\D'marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\Messenger\msmsgs.exe"=
"c:\Program Files\Shareaza\Shareaza.exe"=
"c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\Program Files\Bonjour\mDNSResponder.exe"=
"c:\Program Files\Windows Live\Messenger\msnmsgr.exe"=
"c:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"=
"c:\Program Files\iTunes\iTunes.exe"=
"c:\WINDOWS\system32\dpvsetup.exe"=
"c:\Program Files\Freeplayer\vlc\vlc.exe"=
"c:\Program Files\VideoLAN\VLC\vlc.exe"=
"c:\Program Files\Vuze\Azureus.exe"=
"c:\Program Files\Deluge\Deluge-Python\deluge.exe"=
"c:\Program Files\uTorrent\uTorrent.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [14/08/2008 22:29 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14/08/2008 22:29 20560]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [01/05/2010 13:58 271728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.durable.com/recherche
uDefault_Search_URL = hxxp://www.durable.com/recherche
uSearchMigratedDefaultURL = hxxp://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q={searchTerms}
mStart Page = hxxp://www.durable.com/recherche
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.durable.com/recherche
uSearchURL,(Default) = hxxp://www.durable.com/recherche
IE: Compare Prices with &Dealio - c:\documents and settings\benben\Application Data\Dealio\kb127es\DealioSearch.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\documents and settings\benben\Application Data\Mozilla\Firefox\Profiles\zyz9rq1h.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://imp.free.fr/
FF - prefs.js: keyword.URL - hxxp://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q=
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer
pzylomgamesplayer.dll
FF - plugin: c:\documents and settings\benben\Application Data\Mozilla\Firefox\Profiles\zyz9rq1h.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins
p_gp.dll
FF - plugin: c:\program files\ma-config.com
phardwaredetection.dll
FF - plugin: c:\program files\Microsoft\Office Live
pOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/new/?redirect_source=firefox-com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-KiweeHook - c:\program files\Kiwee Toolbar\3.2\kwtbaim.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-09 00:53
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(652)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(4000)
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Fichiers communs\Nero\Lib\NMIndexingService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Heure de fin: 2010-05-09  01:00:49 - La machine a redémarré
ComboFix-quarantined-files.txt  2010-05-08 23:00
ComboFix2.txt  2010-05-08 21:50
ComboFix3.txt  2010-05-08 19:25
ComboFix4.txt  2010-05-08 18:39

Avant-CF: 96 376 262 656 octets libres
Après-CF: 96 334 766 080 octets libres

- - End Of File - - 5CC6A7A10758708FF95F344A5AAA312E

archet9 · Answer

DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection) 

 Télécharge List_Kill'em et enregistre le sur ton bureau
 
http://sd-1.archive-host.com/...

double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation 

une fois terminée , clic sur "terminer" et le programme se lancera seul 

choisis choisis l'option Search 

un icone blanc et noir va s'afficher sur le bureau , il te servira à rappeler le programme si besoin. 

 laisse travailler l'outil 

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué. 

un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , , il s'auto supprimera a la fin du scan 

 Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

loran12 · Answer

merci pour ton aide voici le rapport

¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.0.0.1 ¤¤¤¤¤¤¤¤¤¤

User : benben (Administrateurs) 
Update on 09/05/2010 by g3n-h@ckm@n ::::: 09.15
Start at: 11:08:54 | 09/05/2010

AMD Athlon(tm) Processor LE-1640
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 6.0.2900.5512
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1368 [VPS 100508-1] 4.8.1368 [ (!) Disabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 232,88 Go (89,84 Go free) | NTFS
D:\ -> Disque CD-ROM | 469,28 Mo (0 Mo free) [GIGABYTE] | CDFS
G:\ -> Disque amovible
 
Boot: Normal 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running 

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\pv.exe

======================
Keys "Run" 
======================

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}	REG_SZ         	"C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
MediaDicoAnglais	REG_SZ         	C:\Program Files\Micro Application\MediaDICO Anglais\MediaDICOAnglais.exe Lancement
uTorrent	REG_SZ         	"C:\Program Files\uTorrent\uTorrent.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
StartCCC	REG_SZ         	C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe 
RTHDCPL	REG_SZ         	RTHDCPL.EXE 
avast!	REG_SZ         	C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 
NeroFilterCheck	REG_SZ         	C:\WINDOWS\system32\NeroCheck.exe 
NBKeyScan	REG_SZ         	"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" 
fssui	REG_SZ         	"C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun 
iTunesHelper	REG_SZ         	"C:\Program Files\iTunes\iTunesHelper.exe" 
SunJavaUpdateSched	REG_SZ         	"C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" 
QuickTime Task	REG_SZ         	"C:\Program Files\QuickTime\QTTask.exe" -atboottime 
Adobe Reader Speed Launcher	REG_SZ         	"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" 
Adobe ARM	REG_SZ         	"C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" 
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] 
dontdisplaylastusername	REG_DWORD      	0 (0x0) 
legalnoticecaption	REG_SZ         	 
legalnoticetext	REG_SZ         	 
shutdownwithoutlogon	REG_DWORD      	1 (0x1) 
undockwithoutlogon	REG_DWORD      	1 (0x1) 
DisableRegistryTools	REG_DWORD      	0 (0x0) 

===============

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] 
NoDriveTypeAutoRun	REG_DWORD      	323 (0x143) 
NoDriveAutoRun	REG_DWORD      	67108863 (0x3ffffff) 
NoDrives	REG_DWORD      	0 (0x0) 

===============

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] 
HonorAutoRunSetting	REG_DWORD      	1 (0x1) 
NoDriveAutoRun	REG_DWORD      	67108863 (0x3ffffff) 
NoDriveTypeAutoRun	REG_DWORD      	323 (0x143) 
NoDrives	REG_DWORD      	0 (0x0) 

===============
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

===============

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 
 AutoRestartShell	REG_DWORD      	1 (0x1) 
 DefaultDomainName	REG_SZ         	DUSHMOLL-978A5D 
 DefaultUserName	REG_SZ         	benben 
 LegalNoticeCaption	REG_SZ         	 
 LegalNoticeText	REG_SZ         	 
 PowerdownAfterShutdown	REG_SZ         	0 
 ReportBootOk	REG_SZ         	1 
 Shell	REG_SZ         	Explorer.exe 
 ShutdownWithoutLogon	REG_SZ         	0 
 System	REG_SZ         	 
 Userinit	REG_SZ         	C:\WINDOWS\system32\userinit.exe, 
 VmApplet	REG_SZ         	rundll32 shell32,Control_RunDLL "sysdm.cpl" 
 SfcQuota	REG_DWORD      	-1 (0xffffffff) 
 allocatecdroms	REG_SZ         	0 
 allocatedasd	REG_SZ         	0 
 allocatefloppies	REG_SZ         	0 
 cachedlogonscount	REG_SZ         	10 
 forceunlocklogon	REG_DWORD      	0 (0x0) 
 passwordexpirywarning	REG_DWORD      	14 (0xe) 
 scremoveoption	REG_SZ         	0 
 AllowMultipleTSSessions	REG_DWORD      	1 (0x1) 
 UIHost	REG_EXPAND_SZ  	logonui.exe 
 LogonType	REG_DWORD      	1 (0x1) 
 Background	REG_SZ         	0 0 0 
 DebugServerCommand	REG_SZ         	no 
 SFCDisable	REG_DWORD      	0 (0x0) 
 WinStationsDisabled	REG_SZ         	0 
 HibernationPreviouslyEnabled	REG_DWORD      	1 (0x1) 
 ShowLogonOptions	REG_DWORD      	0 (0x0) 
 AltDefaultUserName	REG_SZ         	benben 
 AltDefaultDomainName	REG_SZ         	DUSHMOLL-978A5D 
 ChangePasswordUseKerberos	REG_DWORD      	1 (0x1) 

===============

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\AtiExtEvent]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify	ermsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\wlballoon]

===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972}	REG_SZ         	 

===============

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe	REG_SZ         	%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Messenger\msmsgs.exe	REG_SZ         	C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\Shareaza\Shareaza.exe	REG_SZ         	C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza Ultimate File Sharing
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE	REG_SZ         	C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
%windir%\Network Diagnostic\xpnetdiag.exe	REG_SZ         	%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Bonjour\mDNSResponder.exe	REG_SZ         	C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
C:\Program Files\Windows Live\Messenger\msnmsgr.exe	REG_SZ         	C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe	REG_SZ         	C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
C:\Program Files\iTunes\iTunes.exe	REG_SZ         	C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
C:\WINDOWS\system32\dpvsetup.exe	REG_SZ         	C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
C:\Program Files\Freeplayer\vlc\vlc.exe	REG_SZ         	C:\Program Files\Freeplayer\vlc\vlc.exe:*:Enabled:VLC media player
C:\Program Files\VideoLAN\VLC\vlc.exe	REG_SZ         	C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player
C:\Program Files\Vuze\Azureus.exe	REG_SZ         	C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze
C:\Program Files\Deluge\Deluge-Python\deluge.exe	REG_SZ         	C:\Program Files\Deluge\Deluge-Python\deluge.exe:*:Enabled:deluge
C:\Program Files\uTorrent\uTorrent.exe	REG_SZ         	C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
C:\Program Files\ma-config.com\maconfservice.exe	REG_SZ         	C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe	REG_SZ         	%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe	REG_SZ         	%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Messenger\msnmsgr.exe	REG_SZ         	C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe	REG_SZ         	C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare

===============
ActivX controls
===============

[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\CabBuilder]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5C051655-FCD5-4969-9182-770EA5AA5565}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D6F45B3-9043-443D-A792-115447494D24}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6414512B-B978-451D-A0D8-FCFDF33E833C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{BD8667B7-38D8-4C77-B580-18C3E146372C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}]

===============
[SilentIEStubProcessing	REG_SZ         	Y]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0fde1f56-0d59-4fd7-9624-e3df6b419d0f}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5056b317-8d4c-43ee-8543-b9d1e234b8f4}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]

==============
BHO :
======

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

===
DNS
===

HKLM\SYSTEM\CCS\Services\Tcpip\..\{8C68F83F-4009-41DF-9D02-F093F4EBADF3}: DhcpNameServer=212.27.40.240 212.27.40.241 
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8C68F83F-4009-41DF-9D02-F093F4EBADF3}: DhcpNameServer=212.27.40.240 212.27.40.241 
HKLM\SYSTEM\CS2\Services\Tcpip\..\{8C68F83F-4009-41DF-9D02-F093F4EBADF3}: DhcpNameServer=212.27.40.241 212.27.40.240 
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8C68F83F-4009-41DF-9D02-F093F4EBADF3}: DhcpNameServer=212.27.40.240 212.27.40.241 
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241 
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241 
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240 
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241 

================
Internet Explorer :
================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page	REG_SZ         	http://www.durable.com/recherche
Local Page	REG_EXPAND_SZ  	%SystemRoot%\system32\blank.htm
Default_Search_URL	REG_SZ         	https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL	REG_SZ         	https://www.msn.com/fr-fr/?ocid=iehp
Search Page	REG_SZ         	https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page	REG_SZ         	http://www.durable.com/recherche
Local Page	REG_SZ         	C:\WINDOWS\system32\blank.htm
Search Page	REG_SZ         	http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

========
Services
========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services] 

Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )

========
Safemode
========

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!  
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!  
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!  
 
=========
Atapi.sys
=========

C:\WINDOWS\$NtServicePackUninstall$\atapi.sys : 
 MD5 :: [cdfe4411a69c224bd1d11b2da92dac51]
SHA256 :: [0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d]
 
C:\WINDOWS\ERDNT\cache\atapi.sys : 
 MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]
 
C:\WINDOWS\ServicePackFiles\i386\atapi.sys : 
 MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]
 
C:\WINDOWS\system32\drivers\atapi.sys : 
 MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]
 
Référence :
==========

Win 2000_SP2   : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4   : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b     : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b      : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b  : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b  : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b  : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b  : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b  : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e
 
=======
Drive :
=======

Défragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d'analyse                 	 
    233 Go total,  89,85 Go libre (38%),  14% fragmenté (fragmentation du fichier 29%)

Vous devriez défragmenter ce volume. 	 

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\Documents and Settings\All Users\Application Data\AGI  
Present !! : C:\Documents and Settings\LocalService\Application Data\agi  
Present !! : C:\Program Files\AGI  
Present !! : C:\Program Files\Dealio  
Present !! : C:\Program Files\Kiwee Toolbar  
Present !! : C:\Program Files\Live-Player  
Present !! : C:\Program Files\WindowsUpdate  
Present !! : C:\WINDOWS\002624_.tmp  
Present !! : C:\WINDOWS\SET25.tmp  
Present !! : C:\WINDOWS\SET3.tmp  
Present !! : C:\WINDOWS\SET4.tmp  
Present !! : C:\WINDOWS\SET8.tmp  
Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn  
Present !! : C:\WINDOWS\System32\setb3.tmp  
Present !! : C:\Documents and Settings\benben\Application Data\qvjsge.dat  
Present !! : C:\Documents and Settings\benben\Application Data\pcouffin.inf  
Present !! : C:\Documents and Settings\benben\Application Data\pcouffin.log  
Present !! : C:\Documents and Settings\benben\Application Data\qvjsge.dat  
Present !! : C:\Documents and Settings\benben\Application Data\Dealio  
Present !! : C:\Documents and Settings\benben\Application Data\Live-Player  
Present !! : C:\Documents and Settings\benben\Application Data\Search Settings  
Present !! : C:\Documents and Settings\benben\Local Settings\Application Data\Kiwee Toolbar  
 
¤¤¤¤¤¤¤¤¤¤ Keys : 

Present !! : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar : {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}  
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}  
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}  
Present !! : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks : {0BC6E3FA-78EF-4886-842C-5A1258C4455A}  
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives  
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives  
Present !! : HKEY_USERS\S-1-5-21-1715567821-1326574676-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives  
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives  
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives  
Present !! : HKEY_USERS\S-1-5-21-1715567821-1326574676-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives  
Present !! : "HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"  
Present !! : "HKCU\software\microsoft\internet explorer\searchscopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}"  
Present !! : "HKLM\Software\Microsoft\Internet Explorer\Extensions\{E908B145-C847-4e85-B315-07E2E70DECF8}"  
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"  
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"  
Present !! : "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}"  
Present !! : "HKLM\Software\Search Settings"  
Present !! : HKCR\CLSID\{6A87B991-A31F-4130-AE72-6D0C294BF082}  
Present !! : HKCR\CLSID\{6E15D3C4-C6FC-4F02-B130-77CC5B1F09DB}  
Present !! : HKCR\CLSID\{E03BAFDC-EB9D-4C35-A7A2-AB6C62FF0A68}  
Present !! : HKCR\CLSID\{E6375F37-E4D1-4F51-B651-4658C27AC5BF}  
Present !! : HKCR\interface\{5663B370-F3C3-40D1-9C46-0E800AA4D0E8}  
Present !! : HKCR\KiweeIEToolbar.KiweeToolbar  
Present !! : HKCR\KiweeIEToolbar.KiweeToolbar.1  
Present !! : HKCR\KiweeIEToolbar.ToolbarInfo  
Present !! : HKCR\KiweeIEToolbar.ToolbarInfo.1  
Present !! : HKCR\Typelib\{259EEB17-79AA-44DF-8410-8E55F82A902A}  
Present !! : HKCR\Typelib\{C7403C30-3644-43D8-A82F-4BD84B9682D9}  
Present !! : HKCU\Software\AGI  
Present !! : HKLM\Software\Classes\CLSID\{6A87B991-A31F-4130-AE72-6D0C294BF082}  
Present !! : HKLM\Software\Classes\CLSID\{6E15D3C4-C6FC-4F02-B130-77CC5B1F09DB}  
Present !! : HKLM\Software\Classes\CLSID\{E03BAFDC-EB9D-4C35-A7A2-AB6C62FF0A68}  
Present !! : HKLM\Software\Classes\CLSID\{E6375F37-E4D1-4F51-B651-4658C27AC5BF}  
Present !! : HKLM\Software\Classes\Interface\{5663B370-F3C3-40D1-9C46-0E800AA4D0E8}  
Present !! : HKLM\Software\Classes\KiweeIEToolbar.KiweeToolbar  
Present !! : HKLM\Software\Classes\KiweeIEToolbar.KiweeToolbar.1  
Present !! : HKLM\Software\Classes\KiweeIEToolbar.ToolbarInfo  
Present !! : HKLM\Software\Classes\KiweeIEToolbar.ToolbarInfo.1  
Present !! : HKLM\Software\Classes\Typelib\{259EEB17-79AA-44DF-8410-8E55F82A902A}  
Present !! : HKLM\Software\Classes\Typelib\{C7403C30-3644-43D8-A82F-4BD84B9682D9}  
Present !! : HKLM\Software\Dealio  
Present !! : HKU\.DEFAULT\Software\AGI  

============

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-09 11:13:36
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
kernel: MBR read successfully
user & kernel MBR OK 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] 
FirstRunDisabled	REG_DWORD      	1 (0x1) 
AntiVirusDisableNotify	REG_DWORD      	0 (0x0) 
FirewallDisableNotify	REG_DWORD      	0 (0x0) 
UpdatesDisableNotify	REG_DWORD      	0 (0x0) 
AntiVirusOverride	REG_DWORD      	1 (0x1) 
FirewallOverride	REG_DWORD      	0 (0x0) 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 11:13:37,09

archet9 · Answer

Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau. 
mais cette fois-ci : 

 choisis l'option clean 

ton PC va redemarrer, 

laisse travailler l'outil. 

en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau , 

a+

loran12 · Answer

voici le rapport



¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.0.0.1 ¤¤¤¤¤¤¤¤¤¤ 
 
User : benben (Administrateurs) 
Update on 09/05/2010 by g3n-h@ckm@n ::::: 09.15
Start at: 12:10:36 | 09/05/2010

AMD Athlon(tm) Processor LE-1640
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 6.0.2900.5512
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1368 [VPS 100508-1] 4.8.1368 [ Enabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 232,88 Go (89,85 Go free) | NTFS
D:\ -> Disque CD-ROM | 469,28 Mo (0 Mo free) [GIGABYTE] | CDFS
G:\ -> Disque amovible
 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
 
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe
 
¤¤¤¤¤¤¤¤¤¤ Files/folders : 

Quarantined & Deleted !! : C:\Documents and Settings\All Users\Application Data\AGI 
Quarantined & Deleted !! : C:\Documents and Settings\LocalService\Application Data\agi 
Quarantined & Deleted !! : C:\Program Files\AGI 
Quarantined & Deleted !! : C:\Program Files\Dealio 
Quarantined & Deleted !! : C:\Program Files\Kiwee Toolbar 
Quarantined & Deleted !! : C:\Program Files\Live-Player 
Quarantined & Deleted !! : C:\Program Files\WindowsUpdate 
Quarantined & Deleted !! : C:\WINDOWS\002624_.tmp 
Quarantined & Deleted !! : C:\WINDOWS\SET25.tmp 
Quarantined & Deleted !! : C:\WINDOWS\SET3.tmp 
Quarantined & Deleted !! : C:\WINDOWS\SET4.tmp 
Quarantined & Deleted !! : C:\WINDOWS\SET8.tmp 
 
Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\etc\hosts.msn 
Quarantined & Deleted !! : C:\WINDOWS\System32\setb3.tmp 
Quarantined & Deleted !! : C:\Documents and Settings\benben\Application Data\qvjsge.dat 
Quarantined & Deleted !! : C:\Documents and Settings\benben\Application Data\pcouffin.inf 
Quarantined & Deleted !! : C:\Documents and Settings\benben\Application Data\pcouffin.log 
Quarantined & Deleted !! : C:\Documents and Settings\benben\Application Data\Dealio 
Quarantined & Deleted !! : C:\Documents and Settings\benben\Application Data\Live-Player 
Quarantined & Deleted !! : C:\Documents and Settings\benben\Application Data\Search Settings 
Quarantined & Deleted !! : C:\Documents and Settings\benben\Local Settings\Application Data\Kiwee Toolbar 
 
=======
Hosts :
=======

127.0.0.1       localhost   

========
Registry
========

Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar : {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}  
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}  
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}  
Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks : {0BC6E3FA-78EF-4886-842C-5A1258C4455A}  
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives  
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives  
Deleted : "HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"  
Deleted : "HKCU\software\microsoft\internet explorer\searchscopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}"  
Deleted : "HKLM\Software\Microsoft\Internet Explorer\Extensions\{E908B145-C847-4e85-B315-07E2E70DECF8}"  
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"  
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"  
Deleted : "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}"  
Deleted : "HKLM\Software\Search Settings"  
Deleted : HKCR\CLSID\{6A87B991-A31F-4130-AE72-6D0C294BF082}  
Deleted : HKCR\CLSID\{6E15D3C4-C6FC-4F02-B130-77CC5B1F09DB}  
Deleted : HKCR\CLSID\{E03BAFDC-EB9D-4C35-A7A2-AB6C62FF0A68}  
Deleted : HKCR\CLSID\{E6375F37-E4D1-4F51-B651-4658C27AC5BF}  
Deleted : HKCR\interface\{5663B370-F3C3-40D1-9C46-0E800AA4D0E8}  
Deleted : HKCR\KiweeIEToolbar.KiweeToolbar  
Deleted : HKCR\KiweeIEToolbar.KiweeToolbar.1  
Deleted : HKCR\KiweeIEToolbar.ToolbarInfo  
Deleted : HKCR\KiweeIEToolbar.ToolbarInfo.1  
Deleted : HKCR\Typelib\{259EEB17-79AA-44DF-8410-8E55F82A902A}  
Deleted : HKCR\Typelib\{C7403C30-3644-43D8-A82F-4BD84B9682D9}  
Deleted : HKCU\Software\AGI  
Deleted : HKLM\Software\Dealio  
Deleted : HKU\.DEFAULT\Software\AGI  
=================
Internet Explorer
=================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page	REG_SZ         	https://www.msn.com/fr-fr/?ocid=iehp
Local Page	REG_SZ         	C:\WINDOWS\system32\blank.htm
Default_Search_URL	REG_SZ         	https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL	REG_SZ         	https://www.msn.com/fr-fr/?ocid=iehp
Search Page	REG_SZ         	https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page	REG_SZ         	https://www.google.com/?gws_rd=ssl
Local Page	REG_SZ         	C:\WINDOWS\system32\blank.htm
Search Page	REG_SZ         	http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

===============
Security Center
===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] 
FirstRunDisabled	REG_DWORD      	1 (0x1) 
AntiVirusDisableNotify	REG_DWORD      	0 (0x0) 
FirewallDisableNotify	REG_DWORD      	0 (0x0) 
UpdatesDisableNotify	REG_DWORD      	0 (0x0) 
AntiVirusOverride	REG_DWORD      	1 (0x1) 
FirewallOverride	REG_DWORD      	1 (0x1) 
 
========
Services
=========

 Ndisuio : Start = 3   
 EapHost : Start = 2   
 SharedAccess : Start = 2   
 wuauserv : Start = 2   
 wscsvc : Start = 2   

============
Disk Cleaned
anti-ver blaster : OK 
Prefetch cleaned 
================
 
 
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

loran12 · Answer

m'as tu oublés, je sis que vous etes très occupé, je suis génés de poser cett question. Merci

Rootkit

21 réponses

Discussions similaires