Sujet Précédent Sujet Suivant

Mets trois rapports

Résolu
loan12 Messages postés 26 Statut Membre -  
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Bonjour,suit a un virus et a plusieurs manipulations et afin de s'assurer de n'etre plus infecté je poste mets trois rapport merci de m'aidée
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 16:23:54 13/12/2007

+ Résultat de l'analyse:

:mozilla.7:C:\Documents and Settings\bernardes luis\Application Data\Mozilla\Firefox\Profiles\ruv76irr.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.34:C:\Documents and Settings\bernardes luis\Application Data\Mozilla\Firefox\Profiles\ruv76irr.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.35:C:\Documents and Settings\bernardes luis\Application Data\Mozilla\Firefox\Profiles\ruv76irr.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.36:C:\Documents and Settings\bernardes luis\Application Data\Mozilla\Firefox\Profiles\ruv76irr.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.

Fin du rapport

<html><head><title>BitDefender Online Scanner - Rapport virus en temps réel</title>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"></head><body leftmargin="20" topmargin="20" bgcolor="#ffffff" marginheight="0" marginwidth="0">

<table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">
<tbody><tr>
<td>
<p><font face="Courier New"><span style="font-size: 11pt;"><b>BitDefender Online Scanner - Rapport virus en temps réel</b></span></font></p>
</td>
<td width="10%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td colspan="3">
<p><font face="Courier New"><span style="font-size: 11pt;">Généré à: Thu, Dec 13, 2007 - 21:29:39</span></font></p>
</td>
</tr>
<tr>
<td>
<hr align="left" color="black" noshade="noshade" size="1" width="100%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td>
<p><font face="Courier New"><span style="font-size: 11pt;"><b>Info d'analyse</b></span></font></p>
</td>
<td width="10%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td>
<table bordercolordark="white" bordercolorlight="black" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody><tr>
<td width="75%">
<p><font face="Courier New"><span style="font-size: 11pt;">Fichiers scannés</span></font></p>
</td>
<td width="25%">
<p><font face="Courier New"><span style="font-size: 11pt;">163130</span></font></p>
</td>
</tr>
<tr>
<td width="75%">
<p><font face="Courier New"><span style="font-size: 11pt;">Infectés Fichiers</span></font></p>
</td>
<td width="25%">
<p><font face="Courier New"><span style="font-size: 11pt;">1</span></font></p>
</td>
</tr>
</tbody></table>
</td>
<td width="10%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td>
<p><font face="Courier New"><span style="font-size: 11pt;"><b> </b></span></font></p>
</td>
<td width="10%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td>
<p><font face="Courier New"><span style="font-size: 11pt;"><b>Virus Détectés</b></span></font></p>
</td>
<td width="10%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td>
<table bordercolordark="white" bordercolorlight="black" border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody><tr>
<td width="75%">
<p><font face="Courier New"><span style="font-size: 11pt;">Trojan.Mailskinner.G</span></font></p>
</td>
<td width="25%">
<p><font face="Courier New"><span style="font-size: 11pt;">1</span></font></p>
</td>
</tr>
</tbody></table>
</td>
<td width="10%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td>
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td>
<p> </p>
<hr align="left" color="black" noshade="noshade" size="1" width="100%">
</td>
<td width="10%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td>
<p><font face="Courier New"><span style="font-size: 8pt;">Ce
sommaire du processus d'analyse sera utilisé par les laboratoires
Antivirus BitDefender pour créer des statistiques agréguées sur
l'activité des virus dans le monde. </span></font></p>
</td>
<td width="10%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
</tbody></table>
<p> </p>

</body></html>Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:08:49, on 14/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {71D3B41B-9611-4AF2-BCD2-C1D8D4B86BCF} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FoxyTunes Toolbar Helper - {784D8FBC-4165-4D88-90FB-62907ACDD045} - C:\Program Files\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: optimizer by rightonadz - {AB71E94E-3DC4-41eb-BBD5-31E82C9FD1D4} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: (no name) - {CC073C12-B796-47C6-AAA9-6B6D2EC93449} - (no file)
O2 - BHO: {269821a8-08c3-c489-6fa4-81a427c41d8e} - {e8d14c72-4a18-4af6-984c-3c808a128962} - (no file)
O2 - BHO: dcads - {F173E53F-E042-49b6-BD46-983E93DA1B17} - (no file)
O2 - BHO: (no name) - {F755C139-52D8-41B1-B05F-BBAE79C14F85} - (no file)
O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: FoxyTunes Toolbar - {1D1901C3-F72A-46f3-9DBB-0AAA0DEEF6DF} - C:\Program Files\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
O3 - Toolbar: (no name) - {41C29B07-6F91-4966-91BE-2E2841643C83} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{E89722DB-A330-441E-9D94-E4DD3DBF551F}: NameServer = 80.10.246.130,80.10.246.3
O20 - Winlogon Notify: bkhprtxy - bkhprtxy.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norman NJeeves - Unknown owner - C:\NORMAN\nvc\BIN\NJEEVES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

21 réponses

  • 1
  • 2
Réponse 1 / 21
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

1) redémarre l'ordi.

2) télécharge combofix (par sUBs)ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

2 double-clique sur combofix.exe et suis les instructions

3 à la fin, il va produire un rapport C:\ComboFix.txt

4 copie/colle ce rapport dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

3) Remets aussi un rapport Hijackthis.
0
Réponse 2 / 21
loan12
 
bonjComboFix 07-12-16.3 - bernardes luis 2007-12-16 10:57:26.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.448 [GMT 1:00]
Running from: C:\Documents and Settings\bernardes luis\Bureau\ComboFix(2).exe
* Created a new restore point
.

((((((((((((((((((((((((((((( Fichiers créés 2007-11-16 to 2007-12-16 ))))))))))))))))))))))))))))))))))))
.

2007-12-13 19:57 . 2007-12-13 21:29 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-12-08 11:59 . 2007-12-08 11:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-12-08 11:58 . 2007-12-08 12:27 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2007-12-08 11:50 . 2007-12-16 11:00 <REP> d-------- C:\WINDOWS\Internet Logs
2007-12-07 18:25 . 2007-12-07 18:31 2,983 --a------ C:\rapport smitfraudfix du 07.12.07
2007-12-07 09:34 . 2007-12-07 09:35 <REP> d--h----- C:\WINDOWS\msdownld.tmp
2007-12-06 23:44 . 2007-12-06 23:44 1,014,754 --a------ C:\WINDOWS\system32\Prison Break.scr
2007-12-06 18:48 . 2007-12-06 18:55 <REP> d-------- C:\Documents and Settings\bernardes luis\Application Data\RegistrySmart
2007-12-05 16:22 . 2007-12-05 19:31 <REP> d-------- C:\Program Files\TuneUp Utilities 2007
2007-12-05 16:22 . 2007-12-05 16:22 <REP> d-------- C:\Documents and Settings\bernardes luis\Application Data\TuneUp Software
2007-12-05 16:22 . 2007-01-17 14:47 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-12-05 16:20 . 2007-12-05 16:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2007-12-04 20:30 . 2007-12-04 20:30 <REP> d-------- C:\Program Files\Avira
2007-12-04 18:01 . 2007-12-04 18:01 4,614 --a------ C:\rapport smitfraudfix du 04.12.07
2007-12-04 17:57 . 2007-12-07 18:26 392 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-03 16:56 . 2007-12-15 19:33 <REP> d-------- C:\Documents and Settings\bernardes luis\Incomplete
2007-12-03 16:55 . 2007-12-07 21:10 <REP> d-------- C:\Program Files\LimeWire
2007-12-03 10:37 . 2007-12-03 10:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-03 10:36 . 2007-12-08 14:57 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-03 10:36 . 2007-12-03 10:36 <REP> d-------- C:\Documents and Settings\bernardes luis\Application Data\SUPERAntiSpyware.com
2007-12-03 10:34 . 2007-12-05 16:20 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-02 14:16 . 2007-12-02 14:17 793,664 ---hs---- C:\WINDOWS\system32\nolqddko.ini
2007-12-01 15:01 . 2007-12-01 15:02 1,316,105 ---hs---- C:\WINDOWS\system32\ocrkpcwl.ini
2007-11-30 20:46 . 2007-12-04 20:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-30 14:29 . 2007-12-01 15:01 1,316,045 ---hs---- C:\WINDOWS\system32\qwaevigc.ini
2007-11-30 12:14 . 2007-11-30 13:11 1,407,619 ---hs---- C:\WINDOWS\system32\aqjxujsb.ini
2007-11-29 12:00 . 2007-11-30 12:06 1,410,128 ---hs---- C:\WINDOWS\system32\ehvoxltr.ini
2007-11-28 01:08 . 2007-11-29 11:49 789,897 ---hs---- C:\WINDOWS\system32\dhgjjncd.ini
2007-11-26 19:56 . 2007-11-27 19:56 780,515 ---hs---- C:\WINDOWS\system32\pyoyxaam.ini
2007-11-25 19:33 . 2007-03-29 13:58 409,600 -----c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2007-11-25 19:33 . 2007-03-29 13:58 18,944 -----c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2007-11-25 19:33 . 2007-03-29 13:58 8,192 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2007-11-25 19:33 . 2007-03-29 13:58 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2007-11-25 19:33 . 2007-03-29 13:58 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2007-11-25 19:33 . 2007-03-29 13:58 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2007-11-25 19:16 . 2007-11-25 19:16 <REP> d-------- C:\887a0aa41c04afd1bd
2007-11-25 19:07 . 2007-12-02 15:10 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-25 17:57 . 2007-12-07 17:15 <REP> d-------- C:\Program Files\Lavasoft
2007-11-25 17:57 . 2007-11-25 17:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-21 16:55 . 2007-11-22 22:07 1,441,388 ---hs---- C:\WINDOWS\system32\kqqyyslv.ini
2007-11-20 17:10 . 2007-11-20 17:10 164 --a------ C:\install.dat
2007-11-20 15:51 . 2007-11-21 15:51 1,290,650 ---hs---- C:\WINDOWS\system32\epfxwjus.ini
2007-11-20 15:33 . 2007-11-20 15:33 <REP> d-------- C:\Program Files\Trend Micro
2007-11-19 18:09 . 1996-08-20 20:37 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
2007-11-19 18:09 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
2007-11-19 18:09 . 2007-11-19 18:09 3,120 --a------ C:\WINDOWS\system32\118290.54
2007-11-19 18:09 . 2007-11-19 18:09 3,120 --a------ C:\WINDOWS\118294.78
2007-11-19 18:09 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
2007-11-19 13:01 . 2007-11-20 15:21 685,892 ---hs---- C:\WINDOWS\system32\pqwpwhqu.ini
2007-11-18 12:55 . 2007-11-18 17:39 678,220 ---hs---- C:\WINDOWS\system32\wnhidmju.ini
2007-11-17 12:56 . 2007-11-18 11:04 677,980 ---hs---- C:\WINDOWS\system32\mqnyvrpl.ini
2007-11-16 12:10 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-11-16 12:05 . 2007-11-16 16:20 675,380 ---hs---- C:\WINDOWS\system32\pqcdeayb.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-15 19:22 120,944 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-15 19:22 10,139,680 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-14 09:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-13 20:48 --------- d-----w C:\Documents and Settings\bernardes luis\Application Data\LimeWire
2007-12-08 10:59 75,932 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-12-08 10:59 74,396 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2007-12-03 15:37 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-30 17:44 80,118 ----a-w C:\WINDOWS\system32\dcads-remove.exe
2007-11-30 12:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-27 13:17 --------- d-----w C:\Program Files\Yahoo!
2007-11-26 13:55 --------- d-----w C:\Program Files\lg_fwupdate
2007-11-26 08:32 --------- d-----w C:\Program Files\DivX
2007-11-25 19:04 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-11-18 13:08 --------- d-----w C:\Documents and Settings\bernardes luis\Application Data\FrostWire
2007-11-16 15:38 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-11-16 10:58 494 ----a-w C:\Documents and Settings\bernardes luis\z.dat
2007-11-16 10:58 120 ----a-w C:\n.bat
2007-11-16 10:58 0 ----a-w C:\Documents and Settings\bernardes luis\x.dat
2007-11-14 17:40 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-06 11:19 40,731 ----a-w C:\WINDOWS\system32\superiorads-uninst.exe
2007-10-31 12:49 --------- d-----w C:\Program Files\Dcads Games Collection
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-24 10:46 --------- d-----w C:\Program Files\Java
2007-10-23 10:28 --------- d-----w C:\Program Files\AskTBar
2007-10-22 18:41 --------- d-----w C:\Program Files\CyberLink DVD Solution
2007-10-22 13:57 --------- d-----w C:\Documents and Settings\bernardes luis\Application Data\CyberLink
2007-10-22 13:44 --------- d-----w C:\Program Files\Azureus
2007-10-22 13:42 --------- d-----w C:\Documents and Settings\bernardes luis\Application Data\Azureus
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
2007-10-17 12:26 --------- d-----w C:\Documents and Settings\bernardes luis\Application Data\InterTrust
2007-10-17 12:23 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-10-17 12:23 --------- d-----w C:\Program Files\Ahead
2007-10-16 12:58 --------- d-----w C:\Program Files\Google
2007-10-12 15:00 448 ----a-w C:\drvpnp.dat
2007-10-12 14:56 484 ----a-w C:\pnpID.dat
2007-04-12 17:59 30,048 ----a-w C:\Documents and Settings\bernardes luis\Application Data\GDIPFONTCACHEV1.DAT
2007-04-02 16:27 433 ----a-w C:\Documents and Settings\bernardes luis\formhistory.dat
2007-04-02 16:27 20,046 ----a-w C:\Documents and Settings\bernardes luis\history.dat
2007-04-02 14:51 94,621 ----a-w C:\Documents and Settings\bernardes luis\xpti.dat
2007-04-02 14:51 151,490 ----a-w C:\Documents and Settings\bernardes luis\compreg.dat
2007-02-04 10:32 374 ----a-w C:\Documents and Settings\bernardes luis\Application Data\internaldb6334.dat
2007-02-03 13:35 538 ----a-w C:\Documents and Settings\bernardes luis\Application Data\internaldb8467.dat
2007-02-03 13:35 18,432 ----a-w C:\Documents and Settings\bernardes luis\Application Data\internaldb41.dat
2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( snapshot@2007-12-06_22.51.13.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-29 22:36:31 1,293,824 ----a-w C:\WINDOWS\$hf_mig$\KB941568\SP2QFE\quartz.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\updspapi.dll
+ 2007-10-10 23:22:14 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\advpack.dll
+ 2007-10-10 23:22:14 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\dxtrans.dll
+ 2007-10-10 23:22:14 132,608 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\extmgr.dll
+ 2007-10-10 23:22:14 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\icardie.dll
+ 2007-10-10 08:16:47 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ie4uinit.exe
+ 2007-10-10 23:22:14 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieakeng.dll
+ 2007-10-10 23:22:14 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieaksie.dll
+ 2007-10-10 05:47:20 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieapfltr.dat
+ 2007-10-10 23:22:14 383,488 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieapfltr.dll
+ 2007-10-10 23:22:15 388,096 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iedkcs32.dll
+ 2007-10-10 23:22:16 6,067,200 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieframe.dll
+ 2007-10-10 23:22:16 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iernonce.dll
+ 2007-10-10 23:22:16 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iertutil.dll
+ 2007-10-10 08:16:47 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieudinit.exe
+ 2007-10-10 08:16:56 625,664 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe
+ 2007-10-10 23:22:16 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\jsproxy.dll
+ 2007-10-10 23:22:16 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\msfeeds.dll
+ 2007-10-10 23:22:16 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\msfeedsbs.dll
+ 2007-10-30 23:40:57 3,593,216 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
+ 2007-10-10 23:22:18 478,208 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\mshtmled.dll
+ 2007-10-10 23:22:18 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\msrating.dll
+ 2007-10-10 23:22:18 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\mstime.dll
+ 2007-10-10 23:22:18 102,912 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\occache.dll
+ 2007-10-10 23:22:18 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\url.dll
+ 2007-10-10 23:22:19 1,162,240 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\urlmon.dll
+ 2007-10-10 23:22:19 233,472 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\webcheck.dll
+ 2007-10-10 23:22:19 825,344 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\update\updspapi.dll
+ 2007-11-13 11:02:46 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\updspapi.dll
+ 2007-11-13 08:47:45 20,480 ----a-w C:\WINDOWS\$hf_mig$\KB944653\SP2QFE\secdrv.sys
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\updspapi.dll
+ 2007-12-13 18:58:58 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2007-12-13 18:58:58 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2007-12-13 18:58:59 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2007-12-13 18:59:08 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2006-05-25 00:21:00 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2006-05-25 00:21:14 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2007-12-13 18:59:10 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2007-12-13 18:59:00 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2006-05-25 00:22:06 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
+ 2006-05-25 00:21:00 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2006-05-25 00:21:14 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
+ 2007-08-20 09:59:29 124,928 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll
+ 2007-08-20 09:59:29 214,528 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\dxtrans.dll
+ 2007-08-20 09:59:29 132,608 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\extmgr.dll
+ 2007-08-20 09:59:29 63,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\icardie.dll
+ 2007-08-17 10:22:11 63,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe
+ 2007-08-20 09:59:29 153,088 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll
+ 2007-08-20 09:59:29 230,400 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll
+ 2007-08-17 07:34:25 161,792 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakui.dll
+ 2007-08-20 09:59:29 383,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dll
+ 2007-08-20 09:59:29 384,512 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll
+ 2007-08-20 09:59:29 6,058,496 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieframe.dll
+ 2007-08-20 09:59:29 44,544 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll
+ 2007-08-20 09:59:30 267,776 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iertutil.dll
+ 2007-08-17 10:22:11 13,824 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieudinit.exe
+ 2007-08-17 10:22:32 625,152 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe
+ 2007-08-20 09:59:30 27,648 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\jsproxy.dll
+ 2007-08-20 09:59:30 459,264 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeeds.dll
+ 2007-08-20 09:59:30 52,224 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeedsbs.dll
+ 2007-08-20 09:59:30 3,584,512 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtml.dll
+ 2007-08-20 09:59:30 477,696 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtmled.dll
+ 2007-08-20 09:59:30 193,024 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msrating.dll
+ 2007-08-20 09:59:30 671,232 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mstime.dll
+ 2007-08-20 09:59:31 102,400 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\updspapi.dll
+ 2007-08-20 09:59:31 105,984 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\url.dll
+ 2007-08-20 09:59:31 1,152,000 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\urlmon.dll
+ 2007-08-20 09:59:31 232,960 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll
+ 2007-08-20 09:59:31 824,832 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
- 2007-08-20 09:59:29 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2007-10-10 23:49:42 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2007-08-20 09:59:29 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2007-10-10 23:49:42 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
- 2007-08-20 09:59:29 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-10-10 23:49:42 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-08-20 09:59:29 132,608 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-10-10 23:49:42 132,608 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-08-20 09:59:29 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2007-10-10 23:49:42 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2007-08-17 10:22:11 63,488 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2007-10-10 11:00:41 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2007-08-20 09:59:29 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2007-10-10 23:49:42 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2007-08-20 09:59:29 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2007-10-10 23:49:42 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2007-08-17 07:34:25 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2007-10-10 05:46:55 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2007-08-20 09:59:29 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2007-10-10 23:49:42 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2007-08-20 09:59:29 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2007-10-10 23:49:42 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-08-20 09:59:29 6,058,496 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2007-10-10 23:49:43 6,065,664 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2007-08-20 09:59:29 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2007-10-10 23:49:43 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2007-08-20 09:59:30 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2007-10-10 23:49:43 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2007-08-17 10:22:11 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2007-10-10 10:59:40 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2007-08-17 10:22:32 625,152 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2007-10-10 11:00:59 625,152 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-08-20 09:59:30 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-10-10 23:49:44 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2007-08-20 09:59:30 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2007-10-10 23:49:44 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2007-08-20 09:59:30 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2007-10-10 23:49:44 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2007-08-20 09:59:30 3,584,512 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2007-10-30 23:23:48 3,590,656 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-08-20 09:59:30 477,696 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-10-10 23:49:44 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-08-20 09:59:30 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2007-10-10 23:49:44 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-08-20 09:59:30 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-10-10 23:49:45 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-08-20 09:59:31 102,400 -c----w C:\WINDOWS\system32\dllcache\occache.dll
+ 2007-10-10 23:49:45 102,400 -c----w C:\WINDOWS\system32\dllcache\occache.dll
+ 2007-10-29 22:43:32 1,293,824 -c----w C:\WINDOWS\system32\dllcache\quartz.dll
- 2007-08-20 09:59:31 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
+ 2007-10-10 23:49:45 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2007-08-20 09:59:31 1,152,000 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-10-10 23:49:45 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-08-20 09:59:31 232,960 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2007-10-10 23:49:45 232,960 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-08-20 09:59:31 824,832 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-10-10 23:49:45 824,832 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2006-10-18 19:47:18 222,208 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2007-10-25 08:28:30 222,720 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2007-05-30 23:03:48 110,360 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
+ 2007-05-30 23:03:50 119,576 ----a-w C:\WINDOWS\system32\drivers\klif.sys
- 2007-08-20 09:59:29 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-10-10 23:49:42 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-08-20 09:59:29 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-10-10 23:49:42 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2007-08-20 09:59:29 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2007-10-10 23:49:42 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2007-08-17 10:22:11 63,488 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2007-10-10 11:00:41 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2007-08-20 09:59:29 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2007-10-10 23:49:42 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2007-08-20 09:59:29 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2007-10-10 23:49:42 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2007-08-17 07:34:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2007-10-10 05:46:55 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2007-08-20 09:59:29 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2007-10-10 23:49:42 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2007-08-20 09:59:29 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2007-10-10 23:49:42 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2007-08-20 09:59:29 6,058,496 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2007-10-10 23:49:43 6,065,664 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-08-20 09:59:29 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2007-10-10 23:49:43 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2007-08-20 09:59:30 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2007-10-10 23:49:43 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2007-08-17 10:22:11 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2007-10-10 10:59:40 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2007-06-21 20:55:28 21,904 ----a-w C:\WINDOWS\system32\imsinstall_loc040c.dll
+ 2007-06-21 20:55:28 17,808 ----a-w C:\WINDOWS\system32\imslsp_install_loc040c.dll
- 2007-08-20 09:59:30 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-10-10 23:49:44 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-06-21 20:54:26 796,048 ----a-w C:\WINDOWS\system32\libeay32_0.9.6l.dll
- 2007-11-02 07:12:57 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-08-20 09:59:30 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2007-10-10 23:49:44 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2007-08-20 09:59:30 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2007-10-10 23:49:44 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2007-08-20 09:59:30 3,584,512 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-10-30 23:23:48 3,590,656 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-08-20 09:59:30 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-10-10 23:49:44 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-08-20 09:59:30 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-10-10 23:49:44 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-08-20 09:59:30 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-10-10 23:49:45 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2007-08-20 09:59:31 102,400 ----a-w C:\WINDOWS\system32\occache.dll
+ 2007-10-10 23:49:45 102,400 ----a-w C:\WINDOWS\system32\occache.dll
+ 2004-04-27 03:40:52 11,264 ----a-w C:\WINDOWS\system32\SpOrder.dll
- 2007-07-22 17:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-12-13 20:26:50 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
- 2006-11-29 16:21:29 370,688 ----a-w C:\WINDOWS\system32\swsc.exe
+ 2007-12-04 00:00:42 136,704 ----a-w C:\WINDOWS\system32\swsc.exe
- 2007-07-18 12:42:22 60,416 ------w C:\WINDOWS\system32\tzchange.exe
+ 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\system32\tzchange.exe
- 2007-08-20 09:59:31 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2007-10-10 23:49:45 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-08-20 09:59:31 1,152,000 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-10-10 23:49:45 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-06-21 20:54:30 83,432 ----a-w C:\WINDOWS\system32\vsdata.dll
+ 2007-06-21 20:54:52 394,984 ----a-w C:\WINDOWS\system32\vsdatant.sys
+ 2007-06-21 20:54:32 157,160 ----a-w C:\WINDOWS\system32\vsinit.dll
+ 2007-06-21 20:54:32 103,912 ----a-w C:\WINDOWS\system32\vsmonapi.dll
+ 2007-06-21 20:54:32 275,944 ----a-w C:\WINDOWS\system32\vspubapi.dll
+ 2007-06-21 20:54:32 71,144 ----a-w C:\WINDOWS\system32\vsregexp.dll
+ 2007-06-21 20:54:34 472,552 ----a-w C:\WINDOWS\system32\vsutil.dll
+ 2007-06-21 20:55:30 54,672 ----a-w C:\WINDOWS\system32\vsutil_loc040c.dll
+ 2007-06-21 20:54:34 46,568 ----a-w C:\WINDOWS\system32\vswmi.dll
+ 2007-06-21 20:54:34 99,816 ----a-w C:\WINDOWS\system32\vsxml.dll
- 2007-08-20 09:59:31 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2007-10-10 23:49:45 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2007-08-20 09:59:31 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-10-10 23:49:45 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-06-21 20:54:34 83,432 ----a-w C:\WINDOWS\system32\zlcomm.dll
+ 2007-06-21 20:54:34 71,144 ----a-w C:\WINDOWS\system32\zlcommdb.dll
+ 2007-12-08 11:03:22 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
+ 2007-06-21 20:54:24 366,112 ----a-w C:\WINDOWS\system32\ZoneLabs\av.dll
+ 2007-06-21 20:55:26 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\av_loc040c.dll
+ 2007-05-30 23:03:30 65,248 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\aphish.dat
+ 2006-06-30 13:47:36 21,568 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\avcmhk4.dll
+ 2007-05-30 23:03:16 77,824 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHComm.dll
+ 2007-05-30 23:03:16 110,592 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHrule.dll
+ 2007-05-30 23:03:16 331,776 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHUM.dll
+ 2007-05-30 23:03:16 38,400 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\FSSync.dll
+ 2006-09-19 22:12:14 208,960 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\inv.dll
+ 2007-05-30 23:03:16 258,048 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\kave.dll
+ 2006-12-19 17:13:52 1,093,632 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\libeay32.dll
+ 2007-05-30 23:03:20 548,864 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcp80.dll
+ 2007-05-30 23:03:20 626,688 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcr80.dll
+ 2007-05-30 23:03:18 184,320 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prloader.dll
+ 2007-05-30 23:03:22 90,112 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prremote.dll
+ 2007-05-30 23:03:18 118,784 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
+ 2006-12-19 17:13:52 200,704 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ssleay32.dll
+ 2007-06-21 20:54:24 99,816 ----a-w C:\WINDOWS\system32\ZoneLabs\camupd.dll
+ 2007-06-21 20:55:26 17,808 ----a-w C:\WINDOWS\system32\ZoneLabs\camupd_loc040c.dll
+ 2004-01-30 11:35:08 813,568 ----a-w C:\WINDOWS\system32\ZoneLabs\dbghelp.dll
+ 2007-06-21 20:54:24 128,480 ----a-w C:\WINDOWS\system32\ZoneLabs\fbl.dll
+ 2007-06-21 20:54:26 38,376 ----a-w C:\WINDOWS\system32\ZoneLabs\featuremap.dll
+ 2007-06-21 20:54:26 321,016 ----a-w C:\WINDOWS\system32\ZoneLabs\imsecure.dll
+ 2007-06-21 20:55:28 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\imsecure_loc040c.dll
+ 2007-06-21 20:55:26 288,144 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\ConfigWizard_loc040c.zip.dll
+ 2007-06-21 20:55:28 152,976 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\LicenseUI_loc040c.zip.dll
+ 2007-06-21 20:54:54 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zlsvc.zip.dll
+ 2007-06-21 20:54:54 1,361,296 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zpy.zip.dll
+ 2007-06-21 20:54:54 71,056 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zui.zip.dll
+ 2007-06-21 20:56:16 30,184 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll
+ 2007-06-21 20:56:16 30,216 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll
+ 2007-06-11 11:43:50 714,472 ----a-w C:\WINDOWS\system32\ZoneLabs\qrbase.dll
+ 2007-06-11 11:43:52 788,200 ----a-w C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll
+ 2007-06-21 20:54:28 173,544 ----a-w C:\WINDOWS\system32\ZoneLabs\scheduler.dll
+ 2007-06-21 20:55:30 17,808 ----a-w C:\WINDOWS\system32\ZoneLabs\scheduler_loc040c.dll
+ 2007-01-11 10:12:08 2,432,259 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
+ 2007-06-11 11:43:56 1,496,808 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.dll
+ 2007-06-11 11:44:10 50,416 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.sys
+ 2007-06-21 20:54:28 456,168 ----a-w C:\WINDOWS\system32\ZoneLabs\ssleay32.dll
+ 2007-06-21 20:56:16 210,432 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll
+ 2007-06-21 20:56:18 3,229,176 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp.dll
+ 2007-06-21 20:55:28 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp_loc040c.dll
+ 2006-09-04 19:59:14 503,875 ----a-w C:\WINDOWS\system32\ZoneLabs\upd_core.dll
+ 2007-12-08 11:25:49 833,248 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll
+ 2007-06-21 20:54:46 144,936 ----a-w C:\WINDOWS\system32\ZoneLabs\updclient.exe
+ 2007-06-21 20:55:30 75,152 ----a-w C:\WINDOWS\system32\ZoneLabs\updClient_loc040c.dll
+ 2007-01-11 16:31:06 286,787 ----a-w C:\WINDOWS\system32\ZoneLabs\updtrsdk.dll
+ 2007-06-21 20:54:30 108,008 ----a-w C:\WINDOWS\system32\ZoneLabs\vsavpro.dll
+ 2007-06-21 20:54:30 79,336 ----a-w C:\WINDOWS\system32\ZoneLabs\vsdb.dll
+ 2007-06-21 20:55:30 17,808 ----a-w C:\WINDOWS\system32\ZoneLabs\vsdb_loc040c.dll
+ 2007-06-21 20:54:46 75,304 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon.exe
+ 2007-06-21 20:55:30 46,480 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon_loc040c.dll
+ 2007-06-21 20:54:32 2,024,936 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmondll.dll
+ 2007-06-21 20:54:32 1,345,000 ----a-w C:\WINDOWS\system32\ZoneLabs\vsruledb.dll
+ 2007-06-21 20:55:30 198,032 ----a-w C:\WINDOWS\system32\ZoneLabs\vsruledb_loc040c.dll
+ 2007-06-21 20:54:34 243,176 ----a-w C:\WINDOWS\system32\ZoneLabs\vsvault.dll
+ 2007-06-21 20:55:30 17,808 ----a-w C:\WINDOWS\system32\ZoneLabs\vsvault_loc040c.dll
+ 2007-01-11 10:12:08 2,432,259 ----a-w C:\WINDOWS\system32\ZoneLabs\zlasdbup.dat
+ 2007-06-21 20:54:36 177,640 ----a-w C:\WINDOWS\system32\ZoneLabs\zlparser.dll
+ 2007-06-21 20:54:36 79,344 ----a-w C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll
+ 2007-06-21 20:55:32 17,808 ----a-w C:\WINDOWS\system32\ZoneLabs\zlquarantine_loc040c.dll
+ 2007-06-21 20:54:36 378,344 ----a-w C:\WINDOWS\system32\ZoneLabs\zlsre.dll
+ 2007-06-21 20:55:32 21,904 ----a-w C:\WINDOWS\system32\ZoneLabs\zlsre_loc040c.dll
+ 2007-06-21 20:54:36 120,296 ----a-w C:\WINDOWS\system32\ZoneLabs\zlupdate.dll
+ 2007-06-21 20:54:40 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
+ 2007-12-16 09:28:09 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_468.dat
+ 2007-06-21 20:54:48 75,248 ----a-w C:\WINDOWS\zllsputility.exe
+ 2007-06-21 20:55:32 42,384 ----a-w C:\WINDOWS\zllsputility_loc040c.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{71D3B41B-9611-4AF2-BCD2-C1D8D4B86BCF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB71E94E-3DC4-41eb-BBD5-31E82C9FD1D4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC073C12-B796-47C6-AAA9-6B6D2EC93449}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e8d14c72-4a18-4af6-984c-3c808a128962}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F173E53F-E042-49b6-BD46-983E93DA1B17}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F755C139-52D8-41B1-B05F-BBAE79C14F85}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-05 15:57]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 01:01]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"= 1 (0x1)
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsHistory"= 1 (0x1)
"NoRecentDocsNetHood"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"= 1 (0x1)
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsHistory"= 1 (0x1)
"NoRecentDocsNetHood"= 0 (0x0)
"NoUserNameInStartMenu"= 1 (0x1)
"NoInstrumentation"= 0 (0x0)
"NoStartMenuPinnedList"= 0 (0x0)
"ForceStartMenuLogoff"= 0 (0x0)
"NoSharedDocuments"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bkhprtxy]
bkhprtxy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"OPTENET_FILTER"=2 (0x2)

R2 Dnscache;Client DNS;C:\WINDOWS\System32\svchost.exe -k NetworkService
R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe -k netsvcs

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8089cba0-27cf-11dc-b961-0018f68df7cb}]
\Shell\AutoRun\command - G:\ReadMe.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-14 16:16:33 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-16 11:07:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-16 11:10:04
C:\ComboFix2.txt ... 2007-12-06 22:52
.
2007-12-12 23:24:48 --- E O F ---
our lyonnais92 merci pour ta solution voici le rapport( plus rapport hijackthis)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:50, on 16/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {71D3B41B-9611-4AF2-BCD2-C1D8D4B86BCF} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FoxyTunes Toolbar Helper - {784D8FBC-4165-4D88-90FB-62907ACDD045} - C:\Program Files\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: optimizer by rightonadz - {AB71E94E-3DC4-41eb-BBD5-31E82C9FD1D4} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: (no name) - {CC073C12-B796-47C6-AAA9-6B6D2EC93449} - (no file)
O2 - BHO: {269821a8-08c3-c489-6fa4-81a427c41d8e} - {e8d14c72-4a18-4af6-984c-3c808a128962} - (no file)
O2 - BHO: dcads - {F173E53F-E042-49b6-BD46-983E93DA1B17} - (no file)
O2 - BHO: (no name) - {F755C139-52D8-41B1-B05F-BBAE79C14F85} - (no file)
O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: FoxyTunes Toolbar - {1D1901C3-F72A-46f3-9DBB-0AAA0DEEF6DF} - C:\Program Files\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
O3 - Toolbar: (no name) - {41C29B07-6F91-4966-91BE-2E2841643C83} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{E89722DB-A330-441E-9D94-E4DD3DBF551F}: NameServer = 80.10.246.130,80.10.246.3
O20 - Winlogon Notify: bkhprtxy - bkhprtxy.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norman NJeeves - Unknown owner - C:\NORMAN\nvc\BIN\NJEEVES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 3 / 21
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

reste sur ton post avec green day :

http://www.commentcamarche.net/forum/affich 3245014 virus adober passgenerator
0
Réponse 4 / 21
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
--

@+
N'acceptez jamais une désinfection par mp.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 21
loan12
 
bonjour,que signifie, ne pas acceptez de désinfection par mp
0
Réponse 6 / 21
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re

ça signifie pas de réponse par conversation privée (mp = message personnel)

Spybot bloque toujours ?

Si oui, donne le nom complet du fichier.
0
Réponse 7 / 21
loan12 Messages postés 26 Statut Membre
 
bonjour,spybot ne bloque plus, merc de tes conseils
0
Réponse 8 / 21
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier : C:\install.dat

Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le scrïpt.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
0
Réponse 9 / 21
loan12 Messages postés 26 Statut Membre
 
bonj
SDFix: Version 1.119

Run by bernardes luis on 21/12/2007 at 17:28

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Trojan Files Found:

C:\_NIM4711.TMP - Deleted
C:\Documents and Settings\bernardes luis\x.dat - Deleted
C:\Documents and Settings\bernardes luis\z.dat - Deleted
C:\n.bat - Deleted

x.dat and z.dat data copied to \SDFix\Data.txt

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-21 17:38:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sun 23 Sep 2007 72 ..SH. --- "C:\WINDOWS\SA69E4AD6.tmp"
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Fri 17 Nov 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 14 Jul 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp"
Fri 17 Nov 2006 4,348 ...H. --- "C:\Documents and Settings\bernardes luis\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Mon 4 Dec 2006 20 A..H. --- "C:\Documents and Settings\bernardes luis\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Fri 17 Nov 2006 9,655 A.SH. --- "C:\Documents and Settings\bernardes luis\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"

Finished!
our et merci pour tes conseille voici le rapport.txt et le log hijackthis..et merci pour ce petit programme.salut et a bientoLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:09:59, on 21/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: dcads - {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} - C:\WINDOWS\system32\nskA.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FoxyTunes Toolbar Helper - {784D8FBC-4165-4D88-90FB-62907ACDD045} - C:\Program Files\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: optimizer by rightonadz - {AB71E94E-3DC4-41eb-BBD5-31E82C9FD1D4} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: dcads - {F173E53F-E042-49b6-BD46-983E93DA1B17} - (no file)
O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: FoxyTunes Toolbar - {1D1901C3-F72A-46f3-9DBB-0AAA0DEEF6DF} - C:\Program Files\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
O3 - Toolbar: (no name) - {41C29B07-6F91-4966-91BE-2E2841643C83} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{E89722DB-A330-441E-9D94-E4DD3DBF551F}: NameServer = 80.10.246.130,80.10.246.3
O20 - Winlogon Notify: bkhprtxy - bkhprtxy.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norman NJeeves - Unknown owner - C:\NORMAN\nvc\BIN\NJEEVES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 10 / 21
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonsoir,

connais tu Protection PLUS ?

Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier : C:\WINDOWS\system32\msxml3a.dll

Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.
0
Réponse 11 / 21
loan12 Messages postés 26 Statut Membre
 
bonjo | Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Français | Svenska | Português | Italiano | | | Magyar | Deutsch | Česky | Polski | Español
Virustotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...
File msxml3a.dll received on 11.21.2007 04:31:20 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 0/32 (0%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2007.11.21.0 2007.11.21 -
AntiVir 7.6.0.34 2007.11.20 -
Authentium 4.93.8 2007.11.21 -
Avast 4.7.1074.0 2007.11.20 -
AVG 7.5.0.503 2007.11.20 -
BitDefender 7.2 2007.11.21 -
CAT-QuickHeal 9.00 2007.11.20 -
ClamAV 0.91.2 2007.11.21 -
DrWeb 4.44.0.09170 2007.11.20 -
eSafe 7.0.15.0 2007.11.14 -
eTrust-Vet 31.3.5312 2007.11.20 -
Ewido 4.0 2007.11.20 -
FileAdvisor 1 2007.11.21 -
Fortinet 3.14.0.0 2007.11.21 -
F-Prot 4.4.2.54 2007.11.21 -
F-Secure 6.70.13030.0 2007.11.21 -
Ikarus T3.1.1.12 2007.11.21 -
Kaspersky 7.0.0.125 2007.11.21 -
McAfee 5167 2007.11.20 -
Microsoft 1.3007 2007.11.21 -
NOD32v2 2674 2007.11.21 -
Norman 5.80.02 2007.11.20 -
Panda 9.0.0.4 2007.11.21 -
Prevx1 V2 2007.11.21 -
Rising 20.19.11.00 2007.11.21 -
Sophos 4.23.0 2007.11.21 -
Sunbelt 2.2.907.0 2007.11.21 -
Symantec 10 2007.11.21 -
TheHacker 6.2.9.135 2007.11.20 -
VBA32 3.12.2.5 2007.11.20 -
VirusBuster 4.3.26:9 2007.11.20 -
Webwasher-Gateway 6.0.1 2007.11.21 -
Additional information
File size: 24064 bytes
MD5: 718d1c9346a991ee101f2dfa72a50d70
SHA1: 7fea804959602826358911e286ce47a9f08cff48

ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com ur,je ne trouve pas le fichier send file.vioci le rapport .et encore merci
0
Réponse 12 / 21
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

connais tu Protection PLUS ?
0
Réponse 13 / 21
loan12
 
bonjour,non je ne connais pas ce programme
0
Réponse 14 / 21
loan12 Messages postés 26 Statut Membre
 
bonjour,ce programme ou logiciel et'il payant...(ps .j'apprécie becaucoup ce forum,avec sont esprit d'entraide. encor Merci )
0
Réponse 15 / 21
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
C:\WINDOWS\system32\nolqddko.ini
C:\WINDOWS\system32\ocrkpcwl.ini
C:\WINDOWS\system32\qwaevigc.ini
C:\WINDOWS\system32\aqjxujsb.ini
C:\WINDOWS\system32\ehvoxltr.ini
C:\WINDOWS\system32\dhgjjncd.ini
C:\WINDOWS\system32\pyoyxaam.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\kqqyyslv.ini
C:\WINDOWS\system32\epfxwjus.ini
C:\WINDOWS\system32\118290.54
C:\WINDOWS\118294.78
C:\WINDOWS\system32\pqwpwhqu.ini
C:\WINDOWS\system32\wnhidmju.ini
C:\WINDOWS\system32\mqnyvrpl.ini
C:\WINDOWS\system32\msxml3a.dll
C:\WINDOWS\system32\pqcdeayb.ini

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe

Clique sur le fichier CFscrïpt, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscrïpt vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis

en précisant où en sont tes soucis

* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation.
0
Réponse 16 / 21
loan12 Messages postés 26 Statut Membre
 
bonComboFix 07-12-16.3 - bernardes luis 2007-12-26 11:40:49.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.496 [GMT 1:00]
Running from: C:\Documents and Settings\bernardes luis\Bureau\ComboFix(2).exe
Command switches used :: C:\Documents and Settings\bernardes luis\Bureau\CFscript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((( Fichiers créés 2007-11-26 to 2007-12-26 ))))))))))))))))))))))))))))))))))))
.

2007-12-24 17:28 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-24 17:28 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-12-24 17:28 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-24 17:28 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-21 17:26 . 2007-12-21 17:26 <REP> d-------- C:\WINDOWS\ERUNT
2007-12-19 18:52 . 2007-12-19 18:52 <REP> d-------- C:\Program Files\MSN Messenger
2007-12-13 19:57 . 2007-12-13 21:29 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-12-08 11:59 . 2007-12-08 11:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-12-08 11:58 . 2007-12-08 12:27 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2007-12-08 11:50 . 2007-12-26 11:34 <REP> d-------- C:\WINDOWS\Internet Logs
2007-12-07 18:25 . 2007-12-07 18:31 2,983 --a------ C:\rapport smitfraudfix du 07.12.07
2007-12-07 09:34 . 2007-12-07 09:35 <REP> d--h----- C:\WINDOWS\msdownld.tmp
2007-12-06 23:44 . 2007-12-06 23:44 1,014,754 --a------ C:\WINDOWS\system32\Prison Break.scr
2007-12-06 18:48 . 2007-12-06 18:55 <REP> d-------- C:\Documents and Settings\bernardes luis\Application Data\RegistrySmart
2007-12-05 16:22 . 2007-12-19 15:41 <REP> d-------- C:\Program Files\TuneUp Utilities 2007
2007-12-05 16:22 . 2007-12-05 16:22 <REP> d-------- C:\Documents and Settings\bernardes luis\Application Data\TuneUp Software
2007-12-05 16:20 . 2007-12-05 16:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2007-12-04 20:30 . 2007-12-04 20:30 <REP> d-------- C:\Program Files\Avira
2007-12-04 18:01 . 2007-12-04 18:01 4,614 --a------ C:\rapport smitfraudfix du 04.12.07
2007-12-04 17:57 . 2007-12-24 17:32 710 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-03 16:56 . 2007-12-25 19:52 <REP> d-------- C:\Documents and Settings\bernardes luis\Incomplete
2007-12-03 16:55 . 2007-12-20 15:28 <REP> d-------- C:\Program Files\LimeWire
2007-12-03 10:37 . 2007-12-03 10:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-03 10:36 . 2007-12-08 14:57 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-03 10:36 . 2007-12-03 10:36 <REP> d-------- C:\Documents and Settings\bernardes luis\Application Data\SUPERAntiSpyware.com
2007-12-03 10:34 . 2007-12-19 15:41 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-02 14:16 . 2007-12-02 14:17 793,664 ---hs---- C:\WINDOWS\system32\nolqddko.ini
2007-12-01 15:01 . 2007-12-01 15:02 1,316,105 ---hs---- C:\WINDOWS\system32\ocrkpcwl.ini
2007-11-30 20:46 . 2007-12-04 20:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-30 14:29 . 2007-12-01 15:01 1,316,045 ---hs---- C:\WINDOWS\system32\qwaevigc.ini
2007-11-30 12:14 . 2007-11-30 13:11 1,407,619 ---hs---- C:\WINDOWS\system32\aqjxujsb.ini
2007-11-29 12:00 . 2007-11-30 12:06 1,410,128 ---hs---- C:\WINDOWS\system32\ehvoxltr.ini
2007-11-28 01:08 . 2007-11-29 11:49 789,897 ---hs---- C:\WINDOWS\system32\dhgjjncd.ini
2007-11-26 19:56 . 2007-11-27 19:56 780,515 ---hs---- C:\WINDOWS\system32\pyoyxaam.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-25 18:53 132,848 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-25 18:53 11,155,488 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-25 17:42 --------- d-----w C:\Documents and Settings\bernardes luis\Application Data\LimeWire
2007-12-25 13:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-25 10:34 --------- d-----w C:\Program Files\Google
2007-12-21 15:35 65,474 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_12_21_15_16_04_small.dmp.zip
2007-12-21 13:53 70,452 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_12_21_13_40_42_small.dmp.zip
2007-12-21 13:53 68,407 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_12_21_11_59_02_small.dmp.zip
2007-12-19 15:10 --------- d-----w C:\Program Files\Java
2007-12-18 15:51 80,097 ----a-w C:\WINDOWS\system32\dcads-remove.exe
2007-12-08 10:59 75,932 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-12-08 10:59 74,396 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2007-12-07 16:15 --------- d-----w C:\Program Files\Lavasoft
2007-12-03 15:37 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-30 12:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-27 13:17 --------- d-----w C:\Program Files\Yahoo!
2007-11-26 13:55 --------- d-----w C:\Program Files\lg_fwupdate
2007-11-26 08:32 --------- d-----w C:\Program Files\DivX
2007-11-25 19:04 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-11-25 16:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-20 16:10 164 ----a-w C:\install.dat
2007-11-20 14:33 --------- d-----w C:\Program Files\Trend Micro
2007-11-18 13:08 --------- d-----w C:\Documents and Settings\bernardes luis\Application Data\FrostWire
2007-11-16 15:38 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-11-14 17:40 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-06 11:19 40,731 ----a-w C:\WINDOWS\system32\superiorads-uninst.exe
2007-10-31 12:49 --------- d-----w C:\Program Files\Dcads Games Collection
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
2007-10-12 15:00 448 ----a-w C:\drvpnp.dat
2007-10-12 14:56 484 ----a-w C:\pnpID.dat
2007-04-12 17:59 30,048 ----a-w C:\Documents and Settings\bernardes luis\Application Data\GDIPFONTCACHEV1.DAT
2007-04-02 16:27 433 ----a-w C:\Documents and Settings\bernardes luis\formhistory.dat
2007-04-02 16:27 20,046 ----a-w C:\Documents and Settings\bernardes luis\history.dat
2007-04-02 14:51 94,621 ----a-w C:\Documents and Settings\bernardes luis\xpti.dat
2007-04-02 14:51 151,490 ----a-w C:\Documents and Settings\bernardes luis\compreg.dat
2007-02-04 10:32 374 ----a-w C:\Documents and Settings\bernardes luis\Application Data\internaldb6334.dat
2007-02-03 13:35 538 ----a-w C:\Documents and Settings\bernardes luis\Application Data\internaldb8467.dat
2007-02-03 13:35 18,432 ----a-w C:\Documents and Settings\bernardes luis\Application Data\internaldb41.dat
2004-10-01 13:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( snapshot@2007-12-25_14.17.25,09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-26 10:30:11 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_430.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-25 11:34]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-05 15:57]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 01:01]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"= 1 (0x1)
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsHistory"= 1 (0x1)
"NoRecentDocsNetHood"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"= 1 (0x1)
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsHistory"= 1 (0x1)
"NoRecentDocsNetHood"= 0 (0x0)
"NoUserNameInStartMenu"= 1 (0x1)
"NoInstrumentation"= 0 (0x0)
"NoStartMenuPinnedList"= 0 (0x0)
"ForceStartMenuLogoff"= 0 (0x0)
"NoSharedDocuments"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bkhprtxy]
bkhprtxy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"OPTENET_FILTER"=2 (0x2)

R2 Dnscache;Client DNS;C:\WINDOWS\System32\svchost.exe -k NetworkService

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8089cba0-27cf-11dc-b961-0018f68df7cb}]
\Shell\AutoRun\command - G:\ReadMe.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-21 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-26 11:43:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-26 11:45:52
C:\ComboFix2.txt ... 2007-12-25 14:19
C:\ComboFix3.txt ... 2007-12-24 15:21
.
2007-12-12 23:24:48 --- E O F ---
jour a toi lyonnais92 merci pour cette solution,le pc fonctionne mieux mais j'ai un doute, voici les deux rapport,Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:47:35, on 26/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FoxyTunes Toolbar Helper - {784D8FBC-4165-4D88-90FB-62907ACDD045} - C:\Program Files\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: FoxyTunes Toolbar - {1D1901C3-F72A-46f3-9DBB-0AAA0DEEF6DF} - C:\Program Files\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
O3 - Toolbar: (no name) - {41C29B07-6F91-4966-91BE-2E2841643C83} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{E89722DB-A330-441E-9D94-E4DD3DBF551F}: NameServer = 80.10.246.130,80.10.246.3
O20 - Winlogon Notify: bkhprtxy - bkhprtxy.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norman NJeeves - Unknown owner - C:\NORMAN\nvc\BIN\NJEEVES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 17 / 21
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

Relance HijackThis.

Choisis Do a scan only

Coche la case devant les lignes suivantes
O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {41C29B07-6F91-4966-91BE-2E2841643C83} - (no file)
O20 - Winlogon Notify: bkhprtxy - bkhprtxy.dll (file missing)

Ferme toutes les fenêtres (hormis HijackThis), y compris ton navigateur.

Clique sur fix checked.

C'est quoi ton doute ?

Redémarre l'ordi et remets un rapport Hijackthis
0
Réponse 18 / 21
loan12 Messages postés 26 Statut Membre
 
bonLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:09:24, on 28/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FoxyTunes Toolbar Helper - {784D8FBC-4165-4D88-90FB-62907ACDD045} - C:\Program Files\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: FoxyTunes Toolbar - {1D1901C3-F72A-46f3-9DBB-0AAA0DEEF6DF} - C:\Program Files\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{E89722DB-A330-441E-9D94-E4DD3DBF551F}: NameServer = 80.10.246.130,80.10.246.3
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norman NJeeves - Unknown owner - C:\NORMAN\nvc\BIN\NJEEVES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 19 / 21
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

si je te comprends bien, tout est rentré dans l'ordre. C'est parfait.

J'ai l'impression que tu n'as pas d'antispyware.

Je te suggère celui là :
Télécharge Superantispyware (SAS) en cliquant sur ce lien :

https://www.superantispyware.com/superantispywarefreevspro.html

Choisis "enregistrer" et enregistre-le sur ton bureau.

Double-clique sur l'icône d'installation qui vient de se créer et suis les instructions.

Créé une icône sur le bureau.

Double-clique sur l'icône de SAS (une tête dans un cercle rouge barré) pour le lancer.

- Si l'outil te demande de mettre à jour le programme ("update the program definitions", clique sur yes.
- Sous Configuration and Preferences, clique sur le bouton "Preferences"
- Clique sur l'onglet "Scanning Control "
- Dans "Scanner Options ", assure toi que la case devant lles lignes suivantes est cochée :

Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining
- Laisse les autres lignes décochées.

- Clique sur le bouton "Close" pour quitter l'écran du centre de contrôle.

- Dans la fenêtre principale, clique, dans "Scan for Harmful Software", sur "Scan your computer".

Dans la colonne de gauche, coche C:\Fixed Drive.

Dans la colonne de droite, sous "Complete scan", clique sur "Perform Complete Scan"

Clique sur "next" pour lancer le scan. Patiente pendant la durée du scan.

A la fin du scan, une fenêtre de résultats s'ouvre . Clique sur OK.

Assure toi que toutes les lignes de la fenêtre blanche sont cochées et clique sur "Next".

Tout ce qui a été trouvé sera mis en quarantaine. S'il t'es demandé de redémarrer l'ordi ("reboot"), clique sur Yes.

mais il y en a plein d'autres. Passe le 2 fois par mois.

Je ne suis pas sur que tu ais un nettoyeur :

je te propose

=>[/b] Télécharge ATF-Cleaner (Attribune) : http://www.atribune.org/ccount/click.php?id=1
-- Met le sur ton bureau

=> Lance ATF-Cleaner :
* Sous l'onglet Main, choisis : Select All
* Clique sur le bouton Empty Selected

* Sous l'onglet Firefox (si présent) : Clique sur select all
-- Au message "are you sure you want to delete your firefox saved password" clique sur NON
-- Clique sur Empty selected

* Sous l'onglet Opéra (si présent) : Clique sur select all
-- Au message "are you sure you want to delete your firefox saved password" clique sur NON
-- Clique sur Empty selected

* Quitte ATF-Cleaner

Tu l'utilises chaque jour (si tu as surfé). Il est simple et rapide.

Bon surf et bonnes fêtes de fin d'année.
0
Réponse 20 / 21
loan12 Messages postés 26 Statut Membre
 
bonjour a toi lyonnais92 j'ai bien suivi toute les manipulations a par le nettoyage j'ai deja ccleaner et pour l'antispyware j'ai spybot et avg anti-spyLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:43, on 30/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FoxyTunes Toolbar Helper - {784D8FBC-4165-4D88-90FB-62907ACDD045} - C:\Program Files\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: FoxyTunes Toolbar - {1D1901C3-F72A-46f3-9DBB-0AAA0DEEF6DF} - C:\Program Files\FoxyTunes\ForInternetExplorer\components\IE\FoxyTunesForIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - ESC Trusted Zone: [http://]*.update.microsoft.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{E89722DB-A330-441E-9D94-E4DD3DBF551F}: NameServer = 80.10.246.130,80.10.246.3
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norman NJeeves - Unknown owner - C:\NORMAN\nvc\BIN\NJEEVES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0

Discussions similaires

exo pix
Xtyller -
Raymond PENTIER -

2 réponses
Combien de combinaison possible avec 3 chiffres
LA MENACE -
Marion_P92 -

14 réponses
Aligner 2 photos côte à côte...
Dri80 -
tkyt -

10 réponses
Tableau (croisé dynamique?) à 3 entrées
ClementH3o -
ClementH3o -

10 réponses
je suis bloquer pou creer un compte steam
loan666 -
bubull -

11 réponses