probleme system32

Question

Bonjour,
quand j allume mon pc le message suivant s'affiche : 

c:windows/system32/bmclbmhw.dll

ACCES REFUSE

depuis je ne peut plus ouvrir internet explorer et bien d'autres application, car j ai souvent des message d'erreures qui oblige à fermer les progame en cours type de messages déjà vu :

rundll32.exe
ieplorer.exe
hopwschd2.exe
cordbg.exe

j ai mis plusieur logiciel re reparation sans aucun succes, une aide serait la bien venue

Merci, Franck

jlpjlp · Answer

slt, lance


AVG antirootkit

http://www.grisoft.com/doc/download-free-anti-rootkit/us/crp/0

_____________

 télécharger sur le bureau 
Navilog.zip 
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe 

= Double-Clic navilog1.zip 
= Extraire tout sur le bureau 
= Double-Clic navilog1 qui est sur le bureau 
= Appuyer sur une touche jusqu' arriver aux options 
= Choisir option 1 

un rapport : fixnavi.txt dans C : va se creer 
le copier/coller dans ton prochain message.

FRANCK2007 · Answer

slt t merci de m aider
que faut il que je fasse avec AVG antirootkit ?

FRANCK2007 · Answer

Search Navipromo version 3.2.1 commencé le 08/10/2007 à 18:49:58,10

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

Fix lancé depuis C:\Program Files
avilog1
Mise a jour le 03.10.2007 a 20h00 by IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13 


*** Recherche Programmes installes ***




*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***



*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\Franck.TITANIUM\Application Data ***


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***


*** Recherche avec Catchme-rootkit/stealth malware detector by gmer ***
pour + d'infos : http://www.gmer.net

Aucun fichier trouvé dans :

- C:\WINDOWS\system32
- C:\DOCUME~1\Franck.TITANIUM\Local Settings\Application Data



*** Recherche avec GenericNaviSearch ***
!!! Tous Ces résultats peuvent révéler des fichiers légitimes !!!
!!! A verifier impérativement avant toute suppression manuelle !!!

* Scan C:\WINDOWS\system32 *

Fichiers suspects :


* Scan C:\DOCUME~1\Franck.TITANIUM\Local Settings\Application Data *



*** Recherche fichiers *** 




*** Recherche cles registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:
C:\WINDOWS\system32\ayadd.bak1 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\cdeeg.bak1 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\jjllm.bak1 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\cdeeg.bak2 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\jjllm.bak2 trouvé ! infection Vundo possible non traité par cet outil !

2)Recherche Heuristique :



3)Recherche Certificats :

Certificat Egroup absent !


*** Analyse Terminé le 08/10/2007 à 18:51:54,03 ***

jlpjlp · Answer

colle un rapport hijackthis 
 
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html


Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo. 

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste 

Ensuite avec Explorer créer un dossier c:\hijackthis 
Décompresser Hijackthis dans ce dossier. 
C'est important pour les sauvegardes

___________________




scan avec vundo (colle le rapport)

Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.

Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.


puis :

________________


virtumondebegone (colle le rapport)

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

______________________


combofix (colle le rapport)

http://mickael.barroux.free.fr/securite/combofix.php

_______________________

recolle hijackthis et dis tes pbs

FRANCK2007 · Answer

ComboFix 07-10-07.2 - Franck 2007-10-08 22:10:40.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.298 [GMT 2:00]
Running from: C:\Documents and Settings\Franck.TITANIUM\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\Documents and Settings\Franck.TITANIUM\Application Data\WinTouch
C:\Documents and Settings\Franck.TITANIUM\Application Data\WinTouch\wintouch.cfg
C:\Documents and Settings\Franck.TITANIUM\Application Data\WinTouch\WinTouch.exe
C:\install\install.exe
C:\Program Files\Fichiers communs\Yazzle1122OinUninstaller.exe
C:\Program Files\Insider
C:\Program Files\WinAble
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\ayadd.bak1
C:\WINDOWS\system32\ayadd.bak1
C:\WINDOWS\system32\ayadd.ini
C:\WINDOWS\system32\ayadd.ini
C:\WINDOWS\system32\cdeeg.bak1
C:\WINDOWS\system32\cdeeg.bak2
C:\WINDOWS\system32\cdeeg.ini
C:\WINDOWS\system32\ddaya.dll
C:\WINDOWS\system32\install.exe
C:\WINDOWS\system32\jjllm.bak1
C:\WINDOWS\system32\jjllm.bak1
C:\WINDOWS\system32\jjllm.bak2
C:\WINDOWS\system32\jjllm.bak2
C:\WINDOWS\system32\jjllm.ini
C:\WINDOWS\system32\jjllm.ini
C:\WINDOWS\system32\mlljj.dll
C:\WINDOWS\system32\vgvswrox.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-08 to 2007-10-08 ))))))))))))))))))))))))))))))))))))
.

2007-10-08 22:09 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-08 18:46 <REP> d-------- C:\Program Files\Navilog1
2007-10-08 00:00 <REP> d-------- C:\VundoFix Backups
2007-10-07 23:38 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
2007-10-07 23:38 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
2007-10-07 23:38 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
2007-10-07 23:38 <REP> d-------- C:\Program Files\Defenza
2007-10-07 22:09 1,156 --a------ C:\WINDOWS\mozver.dat
2007-10-07 19:08 <REP> d-------- C:\Program Files\Trend Micro
2007-10-07 17:32 <REP> d-------- C:\Program Files\CCleaner
2007-10-07 16:17 <REP> d-------- C:\WINDOWS\pss
2007-10-07 15:24 <REP> d-------- C:\WINDOWS\system32\fr-fr
2007-10-07 15:04 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-07 15:04 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-07 15:04 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-07 15:04 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-07 15:04 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-07 15:04 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-10-07 15:04 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-07 14:46 <REP> d-------- C:\Program Files\RegCure
2007-10-06 02:50 <REP> d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\Talkback
2007-10-06 01:15 9,216 --a------ C:\WINDOWS\system32\avgwlntf.dll
2007-10-06 01:14 110,592 --a------ C:\WINDOWS\system32\avgfwafu.dll
2007-10-06 00:06 82,248 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-10-06 00:06 57,672 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-10-06 00:06 40,264 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-10-06 00:06 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-10-06 00:05 <REP> d-------- C:\Program Files\Spyware Doctor
2007-10-06 00:05 <REP> d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\PC Tools
2007-10-06 00:02 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-10-06 00:02 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-10-06 00:00 <REP> d-------- C:\Program Files\Picasa2
2007-10-05 22:35 249 --a------ C:\Documents and Settings\Franck.TITANIUM\6755.bat
2007-10-05 19:24 <REP> d-------- C:\WINDOWS\system32\AlertModule
2007-10-05 19:23 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
2007-10-05 19:22 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2007-10-05 14:37 <REP> d-------- C:\Program Files\Securitoo
2007-10-03 21:39 249 --a------ C:\Documents and Settings\Franck.TITANIUM\8203.bat
2007-10-03 21:38 36,352 --a------ C:\WINDOWS\system32\iifgdcc.dll
2007-10-03 21:37 32,768 --a------ C:\Documents and Settings\Franck.TITANIUM\winlogo.exe
2007-09-30 23:43 <REP> d-------- C:\WINDOWS\?icrosoft
2007-09-30 23:43 <REP> d-------- C:\Program Files\??crosoft
2007-09-30 23:40 <REP> d-------- C:\Program Files\?icrosoft
2007-09-30 23:40 <REP> d-------- C:\Program Files\?asks
2007-09-30 23:39 <REP> d-------- C:\WINDOWS\system32\A?pPatch
2007-09-30 23:39 <REP> d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?ppPatch
2007-09-30 23:39 <REP> d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\??sks
2007-09-30 23:38 <REP> dr--s---- C:\WINDOWS\a?sembly
2007-09-30 23:38 <REP> d---s---- C:\WINDOWS\system32\?icrosoft
2007-09-30 23:38 <REP> d-------- C:\WINDOWS\system32\?icrosoft.NET
2007-09-30 23:36 <REP> d---s---- C:\WINDOWS\system32\M?crosoft
2007-09-30 23:36 <REP> d---s---- C:\WINDOWS\??sks
2007-09-30 23:36 <REP> d---s---- C:\Documents and Settings\Franck.TITANIUM\Application Data\??crosoft
2007-09-30 23:36 <REP> d-------- C:\WINDOWS\system32\?asks
2007-09-30 23:36 <REP> d-------- C:\Program Files\A?pPatch
2007-09-30 23:36 <REP> d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\??pPatch
2007-09-30 23:35 <REP> d---s---- C:\WINDOWS\?asks
2007-09-30 23:35 <REP> d-------- C:\WINDOWS\system32\??stem32
2007-09-30 23:35 <REP> d-------- C:\Program Files\??sks
2007-09-30 23:34 <REP> d-------- C:\WINDOWS\system32\?ecurity
2007-09-30 23:34 <REP> d-------- C:\WINDOWS\?icrosoft.NET
2007-09-30 23:34 <REP> d-------- C:\Program Files\??pPatch
2007-09-30 23:34 <REP> d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\s?stem32
2007-09-30 23:34 <REP> d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\s?curity
2007-09-30 23:34 <REP> d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\M?crosoft.NET
2007-09-30 23:34 <REP> d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\F?nts
2007-09-30 23:34 <REP> d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?racle
2007-09-30 23:34 <REP> d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\??stem32
2007-09-30 23:33 <REP> dr--s---- C:\WINDOWS\?ssembly
2007-09-30 23:33 <REP> d---s---- C:\Documents and Settings\Franck.TITANIUM\Application Data\M?crosoft
2007-09-30 23:33 <REP> d---s---- C:\Documents and Settings\Franck.TITANIUM\Application Data\?icrosoft
2007-09-30 23:33 <REP> d---s---- C:\Documents and Settings\Franck.TITANIUM\Application Data\??crosoft
2007-09-30 23:33 <REP> d-------- C:\WINDOWS\system32\T?sks
2007-09-30 23:33 <REP> d-------- C:\WINDOWS\system32\??stem
2007-09-30 23:33 <REP> d-------- C:\WINDOWS\s?stem32
2007-09-30 23:33 <REP> d-------- C:\WINDOWS\M?crosoft
2007-09-30 23:33 <REP> d-------- C:\Program Files\?ymantec
2007-09-30 23:33 <REP> d-------- C:\Program Files\??crosoft.NET
2007-09-30 23:33 <REP> d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\S?mantec
2007-09-30 23:33 <REP> d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?asks
2007-09-30 23:33 <REP> d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\??stem
2007-09-30 23:32 <REP> d-------- C:\Program Files\?ystem
2007-09-30 23:32 <REP> d-------- C:\Program Files\?icrosoft.NET
2007-09-30 23:32 <REP> d-------- C:\Program Files\??crosoft.NET
2007-09-30 23:32 <REP> d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\s?stem
2007-09-30 23:32 <REP> d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\A?pPatch
2007-09-30 23:32 <REP> d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?ssembly
2007-09-30 23:32 <REP> d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?icrosoft.NET
2007-09-30 23:32 <REP> d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\??pPatch
2007-09-30 23:31 <REP> d-------- C:\Program Files\?ymbols
2007-09-30 23:31 <REP> d-------- C:\Program Files\?ssembly
2007-09-30 23:31 <REP> d-------- C:\Program Files\?racle
2007-09-30 23:31 <REP> d-------- C:\Program Files\?icrosoft
2007-09-30 23:31 <REP> d-------- C:\Program Files\?asks
2007-09-30 23:31 <REP> d-------- C:\Program Files\??sks
2007-09-30 23:31 <REP> d-------- C:\Program Files\??pPatch
2007-09-30 23:31 <REP> d-------- C:\Program Files\??crosoft
2007-09-30 23:31 <REP> d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\a?sembly
2007-09-30 23:31 <REP> d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?ppPatch
2007-09-30 23:31 <REP> d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?icrosoft.NET

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-08 22:37 --------- d-------- C:\Program Files\Wanadoo
2007-10-08 14:39 --------- d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-10-07 23:38 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-10-06 14:24 --------- d-------- C:\Program Files\AntivirusFirewall
2007-10-05 21:47 25214 --a------ C:\Program Files\B.ico
2007-10-05 21:47 25214 --a------ C:\Program Files\A.ico
2007-10-05 21:45 --------- d-------- C:\Program Files\Fichiers communs\Symantec Shared
2007-10-05 20:22 --------- d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-04 17:13 7168 --ahs---- C:\Program Files\Thumbs.db
2007-10-02 22:55 --------- d-------- C:\Program Files\Google
2007-10-01 22:28 --------- d-------- C:\Program Files\eMule
2007-09-30 23:43 --------- d-------- C:\Program Files\Common Files
2007-09-30 23:36 --------- d-------- C:\Program Files\??pPatch
2007-09-30 23:36 --------- d-------- C:\Program Files\??pPatch
2007-09-30 23:34 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?racle
2007-09-30 23:34 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?racle
2007-09-30 23:34 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\??stem32
2007-09-30 23:34 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\??curity
2007-09-30 23:34 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\??crosoft.NET
2007-09-30 23:34 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\??crosoft.NET
2007-09-30 23:33 --------- d-------- C:\Program Files\?ymantec
2007-09-30 23:32 --------- d-------- C:\Program Files\?ystem
2007-09-30 23:32 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?ssembly
2007-09-30 23:32 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\??stem
2007-09-30 23:32 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\??pPatch
2007-09-30 23:32 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\??pPatch
2007-09-30 23:31 --------- d-------- C:\Program Files\?ymbols
2007-09-30 23:31 --------- d-------- C:\Program Files\?ssembly
2007-09-30 23:31 --------- d-------- C:\Program Files\?racle
2007-09-30 23:31 --------- d-------- C:\Program Files\?racle
2007-09-30 23:31 --------- d-------- C:\Program Files\?icrosoft
2007-09-30 23:31 --------- d-------- C:\Program Files\?icrosoft
2007-09-30 23:31 --------- d-------- C:\Program Files\?asks
2007-09-30 23:31 --------- d-------- C:\Program Files\?asks
2007-09-30 23:31 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?ppPatch
2007-09-30 23:31 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?ppPatch
2007-09-30 23:31 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?icrosoft.NET
2007-09-30 23:31 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?icrosoft.NET
2007-09-30 23:31 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\??sembly
2007-09-30 23:30 --------- d-------- C:\Program Files\??stem32
2007-09-30 23:30 --------- d-------- C:\Program Files\??sks
2007-09-30 23:30 --------- d-------- C:\Program Files\??sks
2007-09-30 23:30 --------- d-------- C:\Program Files\??mbols
2007-09-30 23:30 --------- d-------- C:\Program Files\??curity
2007-09-30 23:30 --------- d-------- C:\Program Files\??crosoft
2007-09-30 23:30 --------- d-------- C:\Program Files\??crosoft
2007-09-30 23:30 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?ystem
2007-09-30 23:30 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?ymbols
2007-09-30 23:30 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?asks
2007-09-30 23:30 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?asks
2007-09-30 23:30 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\??sks
2007-09-30 23:30 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\??sks
2007-09-30 23:29 --------- d-------- C:\Program Files\?ystem32
2007-09-30 23:29 --------- d-------- C:\Program Files\?ppPatch
2007-09-30 23:29 --------- d-------- C:\Program Files\?ppPatch
2007-09-30 23:29 --------- d-------- C:\Program Files\?ecurity
2007-09-30 23:29 --------- d-------- C:\Program Files\??stem
2007-09-30 23:29 --------- d-------- C:\Program Files\??sembly
2007-09-30 23:29 --------- d-------- C:\Program Files\??mantec
2007-09-30 23:29 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?ystem32
2007-09-30 23:29 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?ecurity
2007-09-30 23:29 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\??mbols
2007-08-13 18:54 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2007-08-13 18:54 156160 --a------ C:\WINDOWS\system32\msls31.dll
2007-08-13 18:45 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2007-08-13 18:44 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2007-08-13 18:39 71680 --a------ C:\WINDOWS\system32\admparse.dll
2007-08-13 18:39 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2007-08-13 18:36 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2007-08-13 18:32 45568 --a------ C:\WINDOWS\system32\mshta.exe
2007-08-13 18:01 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2007-08-11 15:58 --------- d-------- C:\Documents and Settings\All Users\Application Data\Skyline
2007-08-11 15:52 --------- d-------- C:\Program Files\Skyline
2007-08-05 21:24 --------- d-------- C:\Program Files\?dobe
2007-08-05 21:24 --------- d-------- C:\Program Files\?dobe
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-16 01:59 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?dobe
2007-07-16 01:59 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?dobe
2007-07-15 15:46 --------- d---s---- C:\Documents and Settings\Franck.TITANIUM\Application Data\?icrosoft
2007-07-15 15:46 --------- d---s---- C:\Documents and Settings\Franck.TITANIUM\Application Data\?icrosoft
2007-07-15 15:46 --------- d---s---- C:\Documents and Settings\Franck.TITANIUM\Application Data\??crosoft
2007-07-15 15:46 --------- d---s---- C:\Documents and Settings\Franck.TITANIUM\Application Data\??crosoft
2005-07-10 12:56 --------- d-------- C:\Program Files\?icrosoft.NET
2005-07-10 12:56 --------- d-------- C:\Program Files\?icrosoft.NET
2005-07-10 12:56 --------- d-------- C:\Program Files\??crosoft.NET
2005-07-10 12:56 --------- d-------- C:\Program Files\??crosoft.NET
2005-07-10 01:03 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?ymantec
2005-07-10 01:03 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\??mantec
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26ECE649-A067-4860-986B-897892988D8F}]
C:\WINDOWS\system32\geedc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF370B13-0249-4452-AB47-30FD78092402}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 12:20 C:\WINDOWS\SOUNDMAN.EXE]
"LiveMonitor"="C:\Program Files\MSI\Live Update 3\LMonitor.exe" [2004-09-23 14:19]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 21:10]
"Ulead AutoDetector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-11-19 13:03]
"Controleur de calendrier pour Ulead Photo Express"="C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe" [2004-01-12 20:40]
"Aide Memoire Votre Budget"="" []
"ConvEuro MA"="" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 13:38]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 13:19]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-16 12:07]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2003-12-13 02:50]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-24 13:23]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-08-14 17:02]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-06 01:14]
"PCDAS"="C:\Program Files\Defenza\pcd-as.exe" [2006-12-15 10:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:54]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-07-26 19:14]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 16:20]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-21 13:17]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{178D4E6A-BA5A-4ECB-8521-F7B8393FDB97}"= C:\WINDOWS\system32\iifgdcc.dll [2007-10-03 21:38 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-10-06 01:15 9216 C:\WINDOWS\system32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifgdcc]
iifgdcc.dll 2007-10-03 21:38 36352 C:\WINDOWS\system32\iifgdcc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkkifd]
jkkkifd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"="C:\PROGRA~1\Google\Google Desktop Search\GoogleDesktopNetwork3.dll"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\pmkhf

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\system32\DRIVERS\DcCam.sys
R2 DCFS2K;Kodak DCFS2K Driver;C:\WINDOWS\system32\drivers\dcfs2k.sys
R2 Dev_UNIDRV;Dev_UNIDRV;\??\C:\WINDOWS\system32\Drivers\UNIDRV.SYS
R3 ovt530;Webcam Deluxe;C:\WINDOWS\system32\Drivers\ov530vid.sys
R3 PCAlertDriver;PCAlertDriver;\??\C:\Program Files\MSI\Core Center\NTGLM7X.sys
R3 RushTopDevice;RushTopDevice;\??\C:\Program Files\MSI\Core Center\RushTop.sys
S1 Exportit;Exportit;C:\WINDOWS\system32\DRIVERS\exportit.sys
S3 DcFpoint;DcFpoint;C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
S3 DcLps;Legacy Polling Service;C:\WINDOWS\system32\DRIVERS\DcLps.sys
S3 DcPTP;dcptp;C:\WINDOWS\system32\DRIVERS\DcPTP.sys
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys
S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7ccde93-6551-11dc-a91f-0008d3085179}]
AutoRun\command- .\Recycled\Driveinfo.exe
Open\Command- .\Recycled\Driveinfo.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-08 20:18:27 C:\WINDOWS\Tasks\RegCure Program Check.job"
"2007-10-07 12:46:17 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-10-08 19:18:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-08 22:19:33
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-08 22:41:34 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-08 22:41
.
--- E O F ---

pour le moment apparament plus de problème exepté avec internet explorer

FRANCK2007 · Answer

ComboFix 07-10-07.2 - Franck 2007-10-08 22:10:40.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.298 [GMT 2:00]
Running from: C:\Documents and Settings\Franck.TITANIUM\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\Documents and Settings\Franck.TITANIUM\Application Data\WinTouch
C:\Documents and Settings\Franck.TITANIUM\Application Data\WinTouch\wintouch.cfg
C:\Documents and Settings\Franck.TITANIUM\Application Data\WinTouch\WinTouch.exe
C:\install\install.exe
C:\Program Files\Fichiers communs\Yazzle1122OinUninstaller.exe
C:\Program Files\Insider
C:\Program Files\WinAble
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\ayadd.bak1
C:\WINDOWS\system32\ayadd.bak1
C:\WINDOWS\system32\ayadd.ini
C:\WINDOWS\system32\ayadd.ini
C:\WINDOWS\system32\cdeeg.bak1
C:\WINDOWS\system32\cdeeg.bak2
C:\WINDOWS\system32\cdeeg.ini
C:\WINDOWS\system32\ddaya.dll
C:\WINDOWS\system32\install.exe
C:\WINDOWS\system32\jjllm.bak1
C:\WINDOWS\system32\jjllm.bak1
C:\WINDOWS\system32\jjllm.bak2
C:\WINDOWS\system32\jjllm.bak2
C:\WINDOWS\system32\jjllm.ini
C:\WINDOWS\system32\jjllm.ini
C:\WINDOWS\system32\mlljj.dll
C:\WINDOWS\system32\vgvswrox.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-08 to 2007-10-08 ))))))))))))))))))))))))))))))))))))
.

2007-10-08 22:09 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-08 18:46 <REP> d-------- C:\Program Files\Navilog1
2007-10-08 00:00 <REP> d-------- C:\VundoFix Backups
2007-10-07 23:38 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
2007-10-07 23:38 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
2007-10-07 23:38 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
2007-10-07 23:38 <REP> d-------- C:\Program Files\Defenza
2007-10-07 22:09 1,156 --a------ C:\WINDOWS\mozver.dat
2007-10-07 19:08 <REP> d-------- C:\Program Files\Trend Micro
2007-10-07 17:32 <REP> d-------- C:\Program Files\CCleaner
2007-10-07 16:17 <REP> d-------- C:\WINDOWS\pss
2007-10-07 15:24 <REP> d-------- C:\WINDOWS\system32\fr-fr
2007-10-07 15:04 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-07 15:04 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-07 15:04 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-07 15:04 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-07 15:04 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-07 15:04 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-10-07 15:04 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-07 14:46 <REP> d-------- C:\Program Files\RegCure
2007-10-06 02:50 <REP> d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\Talkback
2007-10-06 01:15 9,216 --a------ C:\WINDOWS\system32\avgwlntf.dll
2007-10-06 01:14 110,592 --a------ C:\WINDOWS\system32\avgfwafu.dll
2007-10-06 00:06 82,248 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-10-06 00:06 57,672 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-10-06 00:06 40,264 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-10-06 00:06 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-10-06 00:05 <REP> d-------- C:\Program Files\Spyware Doctor
2007-10-06 00:05 <REP> d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\PC Tools
2007-10-06 00:02 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-10-06 00:02 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-10-06 00:00 <REP> d-------- C:\Program Files\Picasa2
2007-10-05 22:35 249 --a------ C:\Documents and Settings\Franck.TITANIUM\6755.bat
2007-10-05 19:24 <REP> d-------- C:\WINDOWS\system32\AlertModule
2007-10-05 19:23 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
2007-10-05 19:22 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2007-10-05 14:37 <REP> d-------- C:\Program Files\Securitoo
2007-10-03 21:39 249 --a------ C:\Documents and Settings\Franck.TITANIUM\8203.bat
2007-10-03 21:38 36,352 --a------ C:\WINDOWS\system32\iifgdcc.dll
2007-10-03 21:37 32,768 --a------ C:\Documents and Settings\Franck.TITANIUM\winlogo.exe
2007-09-30 23:43 <REP> d-------- C:\WINDOWS\?icrosoft
2007-09-30 23:43 <REP> d-------- C:\Program Files\??crosoft
2007-09-30 23:40 <REP> d-------- C:\Program Files\?icrosoft
2007-09-30 23:40 <REP> d-------- C:\Program Files\?asks
2007-09-30 23:39 <REP> d-------- C:\WINDOWS\system32\A?pPatch
2007-09-30 23:39 <REP> d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?ppPatch
2007-09-30 23:39 <REP> d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\??sks
2007-09-30 23:38 <REP> dr--s---- C:\WINDOWS\a?sembly
2007-09-30 23:38 <REP> d---s---- C:\WINDOWS\system32\?icrosoft
2007-09-30 23:38 <REP> d-------- C:\WINDOWS\system32\?icrosoft.NET
2007-09-30 23:36 <REP> d---s---- C:\WINDOWS\system32\M?crosoft
2007-09-30 23:36 <REP> d---s---- C:\WINDOWS\??sks
2007-09-30 23:36 <REP> d---s---- C:\Documents and Settings\Franck.TITANIUM\Application Data\??crosoft
2007-09-30 23:36 <REP> d-------- C:\WINDOWS\system32\?asks
2007-09-30 23:36 <REP> d-------- C:\Program Files\A?pPatch
2007-09-30 23:36 <REP> d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\??pPatch
2007-09-30 23:35 <REP> d---s---- C:\WINDOWS\?asks
2007-09-30 23:35 <REP> d-------- C:\WINDOWS\system32\??stem32
2007-09-30 23:35 <REP> d-------- C:\Program Files\??sks
2007-09-30 23:34 <REP> d-------- C:\WINDOWS\system32\?ecurity
2007-09-30 23:34 <REP> d-------- C:\WINDOWS\?icrosoft.NET
2007-09-30 23:34 <REP> d-------- C:\Program Files\??pPatch
2007-09-30 23:34 <REP> d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\s?stem32
2007-09-30 23:34 <REP> d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\s?curity
2007-09-30 23:34 <REP> d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\M?crosoft.NET
2007-09-30 23:34 <REP> d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\F?nts
2007-09-30 23:34 <REP> d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?racle
2007-09-30 23:34 <REP> d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\??stem32
2007-09-30 23:33 <REP> dr--s---- C:\WINDOWS\?ssembly
2007-09-30 23:33 <REP> d---s---- C:\Documents and Settings\Franck.TITANIUM\Application Data\M?crosoft
2007-09-30 23:33 <REP> d---s---- C:\Documents and Settings\Franck.TITANIUM\Application Data\?icrosoft
2007-09-30 23:33 <REP> d---s---- C:\Documents and Settings\Franck.TITANIUM\Application Data\??crosoft
2007-09-30 23:33 <REP> d-------- C:\WINDOWS\system32\T?sks
2007-09-30 23:33 <REP> d-------- C:\WINDOWS\system32\??stem
2007-09-30 23:33 <REP> d-------- C:\WINDOWS\s?stem32
2007-09-30 23:33 <REP> d-------- C:\WINDOWS\M?crosoft
2007-09-30 23:33 <REP> d-------- C:\Program Files\?ymantec
2007-09-30 23:33 <REP> d-------- C:\Program Files\??crosoft.NET
2007-09-30 23:33 <REP> d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\S?mantec
2007-09-30 23:33 <REP> d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?asks
2007-09-30 23:33 <REP> d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\??stem
2007-09-30 23:32 <REP> d-------- C:\Program Files\?ystem
2007-09-30 23:32 <REP> d-------- C:\Program Files\?icrosoft.NET
2007-09-30 23:32 <REP> d-------- C:\Program Files\??crosoft.NET
2007-09-30 23:32 <REP> d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\s?stem
2007-09-30 23:32 <REP> d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\A?pPatch
2007-09-30 23:32 <REP> d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?ssembly
2007-09-30 23:32 <REP> d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?icrosoft.NET
2007-09-30 23:32 <REP> d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\??pPatch
2007-09-30 23:31 <REP> d-------- C:\Program Files\?ymbols
2007-09-30 23:31 <REP> d-------- C:\Program Files\?ssembly
2007-09-30 23:31 <REP> d-------- C:\Program Files\?racle
2007-09-30 23:31 <REP> d-------- C:\Program Files\?icrosoft
2007-09-30 23:31 <REP> d-------- C:\Program Files\?asks
2007-09-30 23:31 <REP> d-------- C:\Program Files\??sks
2007-09-30 23:31 <REP> d-------- C:\Program Files\??pPatch
2007-09-30 23:31 <REP> d-------- C:\Program Files\??crosoft
2007-09-30 23:31 <REP> d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\a?sembly
2007-09-30 23:31 <REP> d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?ppPatch
2007-09-30 23:31 <REP> d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?icrosoft.NET

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-08 22:37 --------- d-------- C:\Program Files\Wanadoo
2007-10-08 14:39 --------- d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-10-07 23:38 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-10-06 14:24 --------- d-------- C:\Program Files\AntivirusFirewall
2007-10-05 21:47 25214 --a------ C:\Program Files\B.ico
2007-10-05 21:47 25214 --a------ C:\Program Files\A.ico
2007-10-05 21:45 --------- d-------- C:\Program Files\Fichiers communs\Symantec Shared
2007-10-05 20:22 --------- d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-04 17:13 7168 --ahs---- C:\Program Files\Thumbs.db
2007-10-02 22:55 --------- d-------- C:\Program Files\Google
2007-10-01 22:28 --------- d-------- C:\Program Files\eMule
2007-09-30 23:43 --------- d-------- C:\Program Files\Common Files
2007-09-30 23:36 --------- d-------- C:\Program Files\??pPatch
2007-09-30 23:36 --------- d-------- C:\Program Files\??pPatch
2007-09-30 23:34 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?racle
2007-09-30 23:34 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?racle
2007-09-30 23:34 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\??stem32
2007-09-30 23:34 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\??curity
2007-09-30 23:34 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\??crosoft.NET
2007-09-30 23:34 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\??crosoft.NET
2007-09-30 23:33 --------- d-------- C:\Program Files\?ymantec
2007-09-30 23:32 --------- d-------- C:\Program Files\?ystem
2007-09-30 23:32 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?ssembly
2007-09-30 23:32 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\??stem
2007-09-30 23:32 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\??pPatch
2007-09-30 23:32 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\??pPatch
2007-09-30 23:31 --------- d-------- C:\Program Files\?ymbols
2007-09-30 23:31 --------- d-------- C:\Program Files\?ssembly
2007-09-30 23:31 --------- d-------- C:\Program Files\?racle
2007-09-30 23:31 --------- d-------- C:\Program Files\?racle
2007-09-30 23:31 --------- d-------- C:\Program Files\?icrosoft
2007-09-30 23:31 --------- d-------- C:\Program Files\?icrosoft
2007-09-30 23:31 --------- d-------- C:\Program Files\?asks
2007-09-30 23:31 --------- d-------- C:\Program Files\?asks
2007-09-30 23:31 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?ppPatch
2007-09-30 23:31 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?ppPatch
2007-09-30 23:31 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?icrosoft.NET
2007-09-30 23:31 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?icrosoft.NET
2007-09-30 23:31 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\??sembly
2007-09-30 23:30 --------- d-------- C:\Program Files\??stem32
2007-09-30 23:30 --------- d-------- C:\Program Files\??sks
2007-09-30 23:30 --------- d-------- C:\Program Files\??sks
2007-09-30 23:30 --------- d-------- C:\Program Files\??mbols
2007-09-30 23:30 --------- d-------- C:\Program Files\??curity
2007-09-30 23:30 --------- d-------- C:\Program Files\??crosoft
2007-09-30 23:30 --------- d-------- C:\Program Files\??crosoft
2007-09-30 23:30 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?ystem
2007-09-30 23:30 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?ymbols
2007-09-30 23:30 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?asks
2007-09-30 23:30 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?asks
2007-09-30 23:30 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\??sks
2007-09-30 23:30 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\??sks
2007-09-30 23:29 --------- d-------- C:\Program Files\?ystem32
2007-09-30 23:29 --------- d-------- C:\Program Files\?ppPatch
2007-09-30 23:29 --------- d-------- C:\Program Files\?ppPatch
2007-09-30 23:29 --------- d-------- C:\Program Files\?ecurity
2007-09-30 23:29 --------- d-------- C:\Program Files\??stem
2007-09-30 23:29 --------- d-------- C:\Program Files\??sembly
2007-09-30 23:29 --------- d-------- C:\Program Files\??mantec
2007-09-30 23:29 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?ystem32
2007-09-30 23:29 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?ecurity
2007-09-30 23:29 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\??mbols
2007-08-13 18:54 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2007-08-13 18:54 156160 --a------ C:\WINDOWS\system32\msls31.dll
2007-08-13 18:45 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2007-08-13 18:44 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2007-08-13 18:39 71680 --a------ C:\WINDOWS\system32\admparse.dll
2007-08-13 18:39 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2007-08-13 18:36 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2007-08-13 18:32 45568 --a------ C:\WINDOWS\system32\mshta.exe
2007-08-13 18:01 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2007-08-11 15:58 --------- d-------- C:\Documents and Settings\All Users\Application Data\Skyline
2007-08-11 15:52 --------- d-------- C:\Program Files\Skyline
2007-08-05 21:24 --------- d-------- C:\Program Files\?dobe
2007-08-05 21:24 --------- d-------- C:\Program Files\?dobe
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-16 01:59 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?dobe
2007-07-16 01:59 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?dobe
2007-07-15 15:46 --------- d---s---- C:\Documents and Settings\Franck.TITANIUM\Application Data\?icrosoft
2007-07-15 15:46 --------- d---s---- C:\Documents and Settings\Franck.TITANIUM\Application Data\?icrosoft
2007-07-15 15:46 --------- d---s---- C:\Documents and Settings\Franck.TITANIUM\Application Data\??crosoft
2007-07-15 15:46 --------- d---s---- C:\Documents and Settings\Franck.TITANIUM\Application Data\??crosoft
2005-07-10 12:56 --------- d-------- C:\Program Files\?icrosoft.NET
2005-07-10 12:56 --------- d-------- C:\Program Files\?icrosoft.NET
2005-07-10 12:56 --------- d-------- C:\Program Files\??crosoft.NET
2005-07-10 12:56 --------- d-------- C:\Program Files\??crosoft.NET
2005-07-10 01:03 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\?ymantec
2005-07-10 01:03 --------- d-------- C:\Documents and Settings\Franck.TITANIUM\Application Data\??mantec
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26ECE649-A067-4860-986B-897892988D8F}]
C:\WINDOWS\system32\geedc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF370B13-0249-4452-AB47-30FD78092402}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 12:20 C:\WINDOWS\SOUNDMAN.EXE]
"LiveMonitor"="C:\Program Files\MSI\Live Update 3\LMonitor.exe" [2004-09-23 14:19]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 21:10]
"Ulead AutoDetector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-11-19 13:03]
"Controleur de calendrier pour Ulead Photo Express"="C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe" [2004-01-12 20:40]
"Aide Memoire Votre Budget"="" []
"ConvEuro MA"="" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 13:38]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 13:19]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-16 12:07]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2003-12-13 02:50]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-24 13:23]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-08-14 17:02]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-06 01:14]
"PCDAS"="C:\Program Files\Defenza\pcd-as.exe" [2006-12-15 10:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:54]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-07-26 19:14]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 16:20]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-21 13:17]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{178D4E6A-BA5A-4ECB-8521-F7B8393FDB97}"= C:\WINDOWS\system32\iifgdcc.dll [2007-10-03 21:38 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-10-06 01:15 9216 C:\WINDOWS\system32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifgdcc]
iifgdcc.dll 2007-10-03 21:38 36352 C:\WINDOWS\system32\iifgdcc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkkifd]
jkkkifd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"="C:\PROGRA~1\Google\Google Desktop Search\GoogleDesktopNetwork3.dll"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\pmkhf

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\system32\DRIVERS\DcCam.sys
R2 DCFS2K;Kodak DCFS2K Driver;C:\WINDOWS\system32\drivers\dcfs2k.sys
R2 Dev_UNIDRV;Dev_UNIDRV;\??\C:\WINDOWS\system32\Drivers\UNIDRV.SYS
R3 ovt530;Webcam Deluxe;C:\WINDOWS\system32\Drivers\ov530vid.sys
R3 PCAlertDriver;PCAlertDriver;\??\C:\Program Files\MSI\Core Center\NTGLM7X.sys
R3 RushTopDevice;RushTopDevice;\??\C:\Program Files\MSI\Core Center\RushTop.sys
S1 Exportit;Exportit;C:\WINDOWS\system32\DRIVERS\exportit.sys
S3 DcFpoint;DcFpoint;C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
S3 DcLps;Legacy Polling Service;C:\WINDOWS\system32\DRIVERS\DcLps.sys
S3 DcPTP;dcptp;C:\WINDOWS\system32\DRIVERS\DcPTP.sys
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys
S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7ccde93-6551-11dc-a91f-0008d3085179}]
AutoRun\command- .\Recycled\Driveinfo.exe
Open\Command- .\Recycled\Driveinfo.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-08 20:18:27 C:\WINDOWS\Tasks\RegCure Program Check.job"
"2007-10-07 12:46:17 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-10-08 19:18:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-08 22:19:33
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-08 22:41:34 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-08 22:41
.
--- E O F ---

pour le moment apparament plus de problème exepté avec internet explorer

jlpjlp · Answer

les autres rapports svp

FRANCK2007 · Answer

Merci les gags pour votre aide, mais mon ordinateur à complètement planté, j'ai du tout réinstaller

Probleme system32

8 réponses

Votre réponse

Discussions similaires

Newsletters