Virus kavo.exe

Résolu
hamza_bba -  
g!rly Messages postés 18462 Statut Contributeur -
Bonjour,

peut quelq'un vous me donner des information de virus kavo.exe

merci
Configuration: Windows XP
Internet Explorer 6.0

13 réponses

  1. g!rly Messages postés 18462 Statut Contributeur 407
     
    ah ok
    tres bien
    bonne journée egalement
    ;-)
    1
  2. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut,
    fais ceci :
    Télécharge combofix.exe (par sUBs) sur ton Bureau.

    -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    et

    Télécharge HijackThis ici :

    -> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

    Tutoriel d´utilisation (video) :

    -> http://pageperso.aol.fr/balltrap34/demohijack.htm

    Post le rapport généré ici stp...

    ps : fais combofix avant hijack this et post les rapports

    @+
    0
  3. kava
     
    Il y deux différents type de ce virus
    L'autre créer une fichier XAdeIect.com sur toutes les partitions et l'autre un fichier autode1ect.com
    Tous deux créer une fichier kavo.exe, kavo.dll et kavo1.dll dans le dossier <System>

    Tous créer un lien dans le registre :
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    kava
    qui pointe vers le fichiers <System>\kavo.exe

    Plus d'info :

    https://www.symantec.com?uid=db46c476-af5d-4746-8288-a4b720511d0f
    https://www.symantec.com?uid=410331b1-0407-441f-8645-065037ee0647

    ou plus simple + patch
    http://www.net-studio.org/application/autorun-g.php
    0
  4. g!rly Messages postés 18462 Statut Contributeur 407
     
    Pas de réponse...
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. phige
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:27, on 2008-02-24
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ACS.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
    C:\WINDOWS\system32\ZoomingHook.exe
    C:\WINDOWS\system32\TCtrlIOHook.exe
    C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
    C:\Program Files\e-Carte Bleue\LA POSTE\CVD ADESIO\ECB.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\SuperCopier\SuperCopier.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
    O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
    O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
    O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
    O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
    O4 - HKLM\..\Run: [eCarteBleue-LP-P1] "C:\Program Files\e-Carte Bleue\LA POSTE\CVD ADESIO\ECB.exe" /dontopenmycards
    O4 - HKLM\..\Run: [RIP PopUp] C:\Program Files\RIP PopUp\nopopup.exe /startup
    O4 - HKLM\..\Run: [CmUsbAudio] RunDll32 cmcnfg2.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1CDF6C05-EA29-4A68-B702-9463B069854E}: NameServer = 196.3.81.5,196.3.81.132
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1CDF6C05-EA29-4A68-B702-9463B069854E}: NameServer = 196.3.81.5,196.3.81.132
    O17 - HKLM\System\CS2\Services\Tcpip\..\{1CDF6C05-EA29-4A68-B702-9463B069854E}: NameServer = 196.3.81.5,196.3.81.132
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    0
  7. phige
     
    ComboFix 08-02-23 - PG 2008-02-24 11:20:19.2 - NTFSx86
    Endroit: C:\Documents and Settings\PG\Bureau\ComboFix.exe

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\kavo.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-24 to 2008-02-24 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-22 18:03 . 2008-02-22 18:03 <REP> d-------- C:\Program Files\Trend Micro
    2008-02-18 15:33 . 2008-01-31 15:00 113,906 -r-hs---- C:\p3r1ud.exe
    2008-01-24 14:26 . 2005-08-17 12:02 93,904 -ra------ C:\WINDOWS\system32\drivers\cmo_mdm.sys
    2008-01-24 14:26 . 2005-08-17 12:04 73,696 -ra------ C:\WINDOWS\system32\drivers\cmo_serd.sys
    2008-01-24 14:26 . 2005-08-17 11:59 58,352 -ra------ C:\WINDOWS\system32\drivers\cmo_bus.sys
    2008-01-24 14:26 . 2005-08-17 12:02 8,304 -ra------ C:\WINDOWS\system32\drivers\cmo_mdfl.sys
    2008-01-24 14:26 . 2005-08-17 12:03 6,176 -ra------ C:\WINDOWS\system32\drivers\cmo_cmnt.sys
    2008-01-24 14:26 . 2005-08-17 12:03 6,176 -ra------ C:\WINDOWS\system32\drivers\cmo_cm.sys
    2008-01-24 14:26 . 2005-08-17 11:59 5,840 -ra------ C:\WINDOWS\system32\drivers\cmo_whnt.sys
    2008-01-24 14:26 . 2005-08-17 11:59 5,840 -ra------ C:\WINDOWS\system32\drivers\cmo_wh.sys
    2008-01-24 14:20 . 2008-01-24 14:21 <REP> d-------- C:\Program Files\Interjet
    2008-01-24 14:20 . 2006-03-09 16:40 196,608 -r------- C:\WINDOWS\PINSTALLPROCESS.DLL

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-24 15:23 --------- d-----w C:\Documents and Settings\PG\Application Data\Skype
    2008-02-24 14:40 9,280 ----a-w C:\Documents and Settings\PG\Application Data\wklnhst.dat
    2008-02-24 14:28 15,249,147 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
    2008-02-23 22:21 4,631,552 ----a-w C:\WINDOWS\Internet Logs\xDB7B.tmp
    2008-02-23 22:21 218,112 ----a-w C:\WINDOWS\Internet Logs\xDB7A.tmp
    2008-02-22 18:15 3,378,176 ----a-w C:\WINDOWS\Internet Logs\xDB78.tmp
    2008-02-22 18:14 4,584,448 ----a-w C:\WINDOWS\Internet Logs\xDB79.tmp
    2008-02-21 14:57 --------- d-----w C:\Program Files\Comptes Bancaires 5.6
    2008-02-19 18:09 --------- d-----w C:\Documents and Settings\PG\Application Data\UseNeXT
    2008-02-19 17:13 4,578,304 ----a-w C:\WINDOWS\Internet Logs\xDB7E.tmp
    2008-02-19 17:13 151,040 ----a-w C:\WINDOWS\Internet Logs\xDB77.tmp
    2008-02-18 18:13 96,256 ----a-w C:\WINDOWS\Internet Logs\xDB75.tmp
    2008-02-18 18:13 4,574,208 ----a-w C:\WINDOWS\Internet Logs\xDB76.tmp
    2008-02-15 22:58 128,000 ----a-w C:\WINDOWS\Internet Logs\xDB74.tmp
    2008-02-14 21:35 206,336 ----a-w C:\WINDOWS\Internet Logs\xDB73.tmp
    2008-02-11 22:48 4,564,480 ----a-w C:\WINDOWS\Internet Logs\xDB72.tmp
    2008-02-11 22:48 192,512 ----a-w C:\WINDOWS\Internet Logs\xDB71.tmp
    2008-02-11 00:49 492,544 ----a-w C:\WINDOWS\Internet Logs\xDB70.tmp
    2008-02-07 00:29 4,540,928 ----a-w C:\WINDOWS\Internet Logs\xDB6F.tmp
    2008-02-07 00:29 313,856 ----a-w C:\WINDOWS\Internet Logs\xDB6E.tmp
    2008-02-04 20:14 307,712 ----a-w C:\WINDOWS\Internet Logs\xDB6D.tmp
    2008-01-30 22:26 4,530,176 ----a-w C:\WINDOWS\Internet Logs\xDB6B.tmp
    2008-01-30 22:26 111,104 ----a-w C:\WINDOWS\Internet Logs\xDB69.tmp
    2008-01-30 08:33 337,408 ----a-w C:\WINDOWS\Internet Logs\xDB68.tmp
    2008-01-27 17:33 470,528 ----a-w C:\WINDOWS\Internet Logs\xDB67.tmp
    2008-01-27 17:33 4,434,944 ----a-w C:\WINDOWS\Internet Logs\xDB6C.tmp
    2008-01-26 16:52 24,043,954 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_01_26_12_45_05_full.dmp.zip
    2008-01-26 16:32 17,604,376 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_01_26_12_21_26_full.dmp.zip
    2008-01-26 16:32 128,440 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_01_26_12_20_42_small.dmp.zip
    2008-01-24 18:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-21 21:22 1,181,696 ----a-w C:\WINDOWS\Internet Logs\xDB65.tmp
    2008-01-21 21:21 4,414,464 ----a-w C:\WINDOWS\Internet Logs\xDB66.tmp
    2008-01-07 17:37 249,344 ----a-w C:\WINDOWS\Internet Logs\xDB64.tmp
    2007-12-31 23:09 4,402,688 ----a-w C:\WINDOWS\Internet Logs\xDB63.tmp
    2007-12-31 23:09 336,384 ----a-w C:\WINDOWS\Internet Logs\xDB62.tmp
    2007-12-23 17:26 942,592 ----a-w C:\WINDOWS\Internet Logs\xDB61.tmp
    2007-12-13 23:27 54,672 ----a-w C:\WINDOWS\system32\vsutil_loc040c.dll
    2007-12-13 23:27 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
    2007-12-10 22:28 166,912 ----a-w C:\WINDOWS\Internet Logs\xDB60.tmp
    2007-12-07 17:58 457,728 ----a-w C:\WINDOWS\Internet Logs\xDB5F.tmp
    2007-12-04 17:58 1,286,144 ----a-w C:\WINDOWS\Internet Logs\xDB5E.tmp
    2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    2007-11-12 16:35 214,528 ----a-w C:\WINDOWS\Internet Logs\xDBDE.tmp
    2007-11-08 20:56 498,176 ----a-w C:\WINDOWS\Internet Logs\xDBC0.tmp
    2007-10-26 21:47 745,984 ----a-w C:\WINDOWS\Internet Logs\xDB5C.tmp
    2007-10-26 21:47 4,317,696 ----a-w C:\WINDOWS\Internet Logs\xDB88.tmp
    2007-10-22 23:25 517,632 ----a-w C:\WINDOWS\Internet Logs\xDB59.tmp
    2007-10-21 23:24 81,920 ----a-w C:\WINDOWS\Internet Logs\xDB5A.tmp
    2007-10-21 23:24 4,303,360 ----a-w C:\WINDOWS\Internet Logs\xDB5B.tmp
    2007-10-20 00:12 4,303,360 ----a-w C:\WINDOWS\Internet Logs\xDB58.tmp
    2007-10-20 00:12 111,616 ----a-w C:\WINDOWS\Internet Logs\xDB57.tmp
    2007-10-19 03:18 4,302,336 ----a-w C:\WINDOWS\Internet Logs\xDB56.tmp
    2007-10-19 03:18 288,768 ----a-w C:\WINDOWS\Internet Logs\xDB55.tmp
    2007-10-17 21:42 548,352 ----a-w C:\WINDOWS\Internet Logs\xDB53.tmp
    2007-10-17 21:42 4,298,752 ----a-w C:\WINDOWS\Internet Logs\xDB54.tmp
    2007-10-16 02:26 401,920 ----a-w C:\WINDOWS\Internet Logs\xDB52.tmp
    2007-10-16 02:26 4,297,216 ----a-w C:\WINDOWS\Internet Logs\xDB6A.tmp
    2007-10-11 21:56 679,424 ----a-w C:\WINDOWS\Internet Logs\xDB4F.tmp
    2007-10-11 21:56 4,294,144 ----a-w C:\WINDOWS\Internet Logs\xDB51.tmp
    2007-10-10 00:56 454,656 ----a-w C:\WINDOWS\Internet Logs\xDB4C.tmp
    2007-10-10 00:56 4,291,584 ----a-w C:\WINDOWS\Internet Logs\xDB4E.tmp
    2007-10-09 00:26 1,852,416 ----a-w C:\WINDOWS\Internet Logs\xDB8C.tmp
    2007-10-02 02:50 515,584 ----a-w C:\WINDOWS\Internet Logs\xDB4B.tmp
    2007-10-01 02:38 567,296 ----a-w C:\WINDOWS\Internet Logs\xDB49.tmp
    2007-10-01 02:38 4,273,664 ----a-w C:\WINDOWS\Internet Logs\xDB4A.tmp
    2007-09-27 02:40 633,856 ----a-w C:\WINDOWS\Internet Logs\xDB47.tmp
    2007-09-27 02:40 4,271,104 ----a-w C:\WINDOWS\Internet Logs\xDB48.tmp
    2007-09-20 23:16 4,265,984 ----a-w C:\WINDOWS\Internet Logs\xDB5D.tmp
    2007-09-20 23:16 1,333,760 ----a-w C:\WINDOWS\Internet Logs\xDB45.tmp
    2007-09-18 02:01 4,252,672 ----a-w C:\WINDOWS\Internet Logs\xDB50.tmp
    2007-09-18 02:01 3,019,776 ----a-w C:\WINDOWS\Internet Logs\xDB46.tmp
    2007-08-21 00:44 4,149,760 ----a-w C:\WINDOWS\Internet Logs\xDB4D.tmp
    2007-08-21 00:44 1,972,224 ----a-w C:\WINDOWS\Internet Logs\xDB44.tmp
    2007-08-14 00:36 4,012,032 ----a-w C:\WINDOWS\Internet Logs\xDB43.tmp
    2007-08-14 00:36 333,824 ----a-w C:\WINDOWS\Internet Logs\xDB42.tmp
    2007-08-13 02:43 315,904 ----a-w C:\WINDOWS\Internet Logs\xDB41.tmp
    2007-08-12 04:02 433,664 ----a-w C:\WINDOWS\Internet Logs\xDB40.tmp
    2007-08-11 03:08 4,009,472 ----a-w C:\WINDOWS\Internet Logs\xDB3F.tmp
    2007-08-11 03:08 1,306,624 ----a-w C:\WINDOWS\Internet Logs\xDB3E.tmp
    2007-08-06 02:25 400,384 ----a-w C:\WINDOWS\Internet Logs\xDB3C.tmp
    2007-08-06 02:25 3,996,672 ----a-w C:\WINDOWS\Internet Logs\xDB3D.tmp
    2007-08-04 03:45 3,994,624 ----a-w C:\WINDOWS\Internet Logs\xDB3B.tmp
    2007-08-04 03:45 1,348,608 ----a-w C:\WINDOWS\Internet Logs\xDB3A.tmp
    2007-07-30 01:04 3,971,584 ----a-w C:\WINDOWS\Internet Logs\xDB39.tmp
    2007-07-30 01:04 3,517,440 ----a-w C:\WINDOWS\Internet Logs\xDB38.tmp
    2007-07-15 22:08 22,150,944 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_07_14_16_54_03_full.dmp.zip
    2007-05-15 21:07 3,174,400 ----a-w C:\WINDOWS\Internet Logs\xDB37.tmp
    2007-04-14 15:14 4,004,864 ----a-w C:\WINDOWS\Internet Logs\xDB36.tmp
    2007-03-31 08:32 3,308,544 ----a-w C:\WINDOWS\Internet Logs\xDB34.tmp
    2007-03-31 08:31 3,689,472 ----a-w C:\WINDOWS\Internet Logs\xDB35.tmp
    2007-03-25 06:24 3,662,848 ----a-w C:\WINDOWS\Internet Logs\xDB33.tmp
    2007-03-25 06:24 2,219,008 ----a-w C:\WINDOWS\Internet Logs\xDB32.tmp
    2007-03-24 07:08 3,662,336 ----a-w C:\WINDOWS\Internet Logs\xDB31.tmp
    2007-03-24 07:08 2,791,936 ----a-w C:\WINDOWS\Internet Logs\xDB30.tmp
    2007-03-20 02:03 1,923,072 ----a-w C:\WINDOWS\Internet Logs\xDB2F.tmp
    2007-03-19 05:15 3,651,072 ----a-w C:\WINDOWS\Internet Logs\xDB2E.tmp
    2007-03-19 05:15 1,178,112 ----a-w C:\WINDOWS\Internet Logs\xDB2D.tmp
    2007-03-18 14:46 2,822,144 ----a-w C:\WINDOWS\Internet Logs\xDB2C.tmp
    2007-03-13 00:20 3,614,208 ----a-w C:\WINDOWS\Internet Logs\xDB2B.tmp
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
    "SuperCopier.exe"="C:\Program Files\SuperCopier\SuperCopier.exe" [2003-04-24 18:03 683520]
    "PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 05:10 536576]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-02-06 12:49 19490344]
    "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2005-05-25 07:07 188459]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 07:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-30 11:46 192512]
    "PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 05:56 1077327]
    "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-09-05 12:16 184320]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-10-28 09:37 88363 C:\WINDOWS\agrsmmsg.exe]
    "CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2005-01-21 16:48 675840]
    "TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-11-29 16:06 53248]
    "TOSHIBA Accessibility"="C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe" [2004-12-07 16:24 24576]
    "HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-12-23 13:07 28672]
    "SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2005-02-25 10:59 65536]
    "Zooming"="ZoomingHook.exe" [2004-07-14 11:07 24576 C:\WINDOWS\system32\ZoomingHook.exe]
    "TCtryIOHook"="TCtrlIOHook.exe" [2005-02-16 09:43 28672 C:\WINDOWS\system32\TCtrlIOHook.exe]
    "TPSMain"="TPSMain.exe" [2005-01-21 05:28 266240 C:\WINDOWS\system32\TPSMain.exe]
    "SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2004-11-15 05:49 118784]
    "Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2004-11-12 12:57 73728]
    "NDSTray.exe"="NDSTray.exe" []
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-01-13 20:05 122939]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-02 04:03 155648]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 03:59 126976]
    "TFncKy"="TFncKy.exe" []
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 09:00 79224]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-07-04 08:38 180269]
    "CFSServ.exe"="CFSServ.exe" []
    "eCarteBleue-LP-P1"="C:\Program Files\e-Carte Bleue\LA POSTE\CVD ADESIO\ECB.exe" [2002-12-20 03:49 188416]
    "RIP PopUp"="C:\Program Files\RIP PopUp\nopopup.exe" [ ]
    "CmUsbAudio"="cmcnfg2.cpl" []
    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-08 00:42 176128]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "srePostpone"="c:\windows\system32\zonelabs\srescan.dll" [2008-01-28 12:28 1504736]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 07:00 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-13 22:44:06 29696]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 17:20:56 65588]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"= %windir%\\system32\\sessmgr.exe:@xpsp2res.dll,-22019
    "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R1 SerTVOutCtlr;TOSHIBA Controls Driver -EPIOMngr;C:\WINDOWS\system32\drivers\EPIOMngr.sys [2004-07-30 10:05]
    R1 TPwSav;Common Driver;C:\WINDOWS\system32\Drivers\TPwSav.sys [2005-02-25 14:08]
    S1 StickyMesger;StickyMesger;C:\Program Files\TOSHIBA\Accessibility\StickyMesger.sys []
    S3 cmo_bus;Data Modem @ CDMA Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\cmo_bus.sys [2005-08-17 11:59]
    S3 cmo_mdfl;Data Modem @ CDMA Filter;C:\WINDOWS\system32\DRIVERS\cmo_mdfl.sys [2005-08-17 12:02]
    S3 cmo_mdm;Data Modem @ CDMA Drivers;C:\WINDOWS\system32\DRIVERS\cmo_mdm.sys [2005-08-17 12:02]
    S3 cmo_serd;Data Modem @ CDMA Diagnostic Serial Port (WDM);C:\WINDOWS\system32\DRIVERS\cmo_serd.sys [2005-08-17 12:04]
    S3 cmuda2;C-Media USB Audio Interface;C:\WINDOWS\system32\drivers\cmuda2.sys [2004-06-16 04:59]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e41bd128-db42-11dc-beb0-000fb084009f}]
    \Shell\AutoRun\command - E:\p3r1ud.exe
    \Shell\explore\Command - E:\p3r1ud.exe
    \Shell\open\Command - E:\p3r1ud.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2005-03-18 08:54:28 C:\WINDOWS\Tasks\Symantec NetDetect.job"
    - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-24 11:23:49
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-24 11:25:03
    ComboFix-quarantined-files.txt 2008-02-24 15:24:47
    ComboFix2.txComboFix 08-02-23 - PG 2008-02-22 18:16:02.1 - NTFSx86
    Endroit: C:\Documents and Settings\PG\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Autorun.inf
    C:\WINDOWS\system32\a.exe
    C:\WINDOWS\system32\kavo.exe
    C:\WINDOWS\system32\packet.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\nm

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-23 to 2008-02-23 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-22 18:03 . 2008-02-22 18:03 <REP> d-------- C:\Program Files\Trend Micro
    2008-02-18 15:33 . 2008-01-31 15:00 113,906 -r-hs---- C:\p3r1ud.exe
    2008-01-24 14:26 . 2005-08-17 12:02 93,904 -ra------ C:\WINDOWS\system32\drivers\cmo_mdm.sys
    2008-01-24 14:26 . 2005-08-17 12:04 73,696 -ra------ C:\WINDOWS\system32\drivers\cmo_serd.sys
    2008-01-24 14:26 . 2005-08-17 11:59 58,352 -ra------ C:\WINDOWS\system32\drivers\cmo_bus.sys
    2008-01-24 14:26 . 2005-08-17 12:02 8,304 -ra------ C:\WINDOWS\system32\drivers\cmo_mdfl.sys
    2008-01-24 14:26 . 2005-08-17 12:03 6,176 -ra------ C:\WINDOWS\system32\drivers\cmo_cmnt.sys
    2008-01-24 14:26 . 2005-08-17 12:03 6,176 -ra------ C:\WINDOWS\system32\drivers\cmo_cm.sys
    2008-01-24 14:26 . 2005-08-17 11:59 5,840 -ra------ C:\WINDOWS\system32\drivers\cmo_whnt.sys
    2008-01-24 14:26 . 2005-08-17 11:59 5,840 -ra------ C:\WINDOWS\system32\drivers\cmo_wh.sys
    2008-01-24 14:20 . 2008-01-24 14:21 <REP> d-------- C:\Program Files\Interjet
    2008-01-24 14:20 . 2006-03-09 16:40 196,608 -r------- C:\WINDOWS\PINSTALLPROCESS.DLL

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-23 22:21 4,631,552 ----a-w C:\WINDOWS\Internet Logs\xDB7B.tmp
    2008-02-23 22:21 218,112 ----a-w C:\WINDOWS\Internet Logs\xDB7A.tmp
    2008-02-23 22:16 --------- d-----w C:\Documents and Settings\PG\Application Data\Skype
    2008-02-22 18:15 3,378,176 ----a-w C:\WINDOWS\Internet Logs\xDB78.tmp
    2008-02-22 18:14 4,584,448 ----a-w C:\WINDOWS\Internet Logs\xDB79.tmp
    2008-02-21 14:57 --------- d-----w C:\Program Files\Comptes Bancaires 5.6
    2008-02-19 18:09 --------- d-----w C:\Documents and Settings\PG\Application Data\UseNeXT
    2008-02-19 17:13 4,578,304 ----a-w C:\WINDOWS\Internet Logs\xDB7E.tmp
    2008-02-19 17:13 151,040 ----a-w C:\WINDOWS\Internet Logs\xDB77.tmp
    2008-02-18 18:13 96,256 ----a-w C:\WINDOWS\Internet Logs\xDB75.tmp
    2008-02-18 18:13 4,574,208 ----a-w C:\WINDOWS\Internet Logs\xDB76.tmp
    2008-02-15 22:58 128,000 ----a-w C:\WINDOWS\Internet Logs\xDB74.tmp
    2008-02-14 21:35 206,336 ----a-w C:\WINDOWS\Internet Logs\xDB73.tmp
    2008-02-11 22:48 4,564,480 ----a-w C:\WINDOWS\Internet Logs\xDB72.tmp
    2008-02-11 22:48 192,512 ----a-w C:\WINDOWS\Internet Logs\xDB71.tmp
    2008-02-11 00:49 492,544 ----a-w C:\WINDOWS\Internet Logs\xDB70.tmp
    2008-02-07 00:29 4,540,928 ----a-w C:\WINDOWS\Internet Logs\xDB6F.tmp
    2008-02-07 00:29 313,856 ----a-w C:\WINDOWS\Internet Logs\xDB6E.tmp
    2008-02-04 20:14 307,712 ----a-w C:\WINDOWS\Internet Logs\xDB6D.tmp
    2008-02-02 19:00 9,170 ----a-w C:\Documents and Settings\PG\Application Data\wklnhst.dat
    2008-01-30 22:26 4,530,176 ----a-w C:\WINDOWS\Internet Logs\xDB6B.tmp
    2008-01-30 22:26 111,104 ----a-w C:\WINDOWS\Internet Logs\xDB69.tmp
    2008-01-30 08:33 337,408 ----a-w C:\WINDOWS\Internet Logs\xDB68.tmp
    2008-01-27 17:33 470,528 ----a-w C:\WINDOWS\Internet Logs\xDB67.tmp
    2008-01-27 17:33 4,434,944 ----a-w C:\WINDOWS\Internet Logs\xDB6C.tmp
    2008-01-26 16:52 24,043,954 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_01_26_12_45_05_full.dmp.zip
    2008-01-26 16:32 17,604,376 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_01_26_12_21_26_full.dmp.zip
    2008-01-26 16:32 128,440 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_01_26_12_20_42_small.dmp.zip
    2008-01-24 18:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-21 21:22 1,181,696 ----a-w C:\WINDOWS\Internet Logs\xDB65.tmp
    2008-01-21 21:21 4,414,464 ----a-w C:\WINDOWS\Internet Logs\xDB66.tmp
    2008-01-15 14:33 13,509,181 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
    2008-01-07 17:37 249,344 ----a-w C:\WINDOWS\Internet Logs\xDB64.tmp
    2007-12-31 23:09 4,402,688 ----a-w C:\WINDOWS\Internet Logs\xDB63.tmp
    2007-12-31 23:09 336,384 ----a-w C:\WINDOWS\Internet Logs\xDB62.tmp
    2007-12-23 17:26 942,592 ----a-w C:\WINDOWS\Internet Logs\xDB61.tmp
    2007-12-13 23:27 54,672 ----a-w C:\WINDOWS\system32\vsutil_loc040c.dll
    2007-12-13 23:27 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
    2007-12-10 22:28 166,912 ----a-w C:\WINDOWS\Internet Logs\xDB60.tmp
    2007-12-07 17:58 457,728 ----a-w C:\WINDOWS\Internet Logs\xDB5F.tmp
    2007-12-04 17:58 1,286,144 ----a-w C:\WINDOWS\Internet Logs\xDB5E.tmp
    2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    2007-11-12 16:35 214,528 ----a-w C:\WINDOWS\Internet Logs\xDBDE.tmp
    2007-11-08 20:56 498,176 ----a-w C:\WINDOWS\Internet Logs\xDBC0.tmp
    2007-10-26 21:47 745,984 ----a-w C:\WINDOWS\Internet Logs\xDB5C.tmp
    2007-10-26 21:47 4,317,696 ----a-w C:\WINDOWS\Internet Logs\xDB88.tmp
    2007-10-22 23:25 517,632 ----a-w C:\WINDOWS\Internet Logs\xDB59.tmp
    2007-10-21 23:24 81,920 ----a-w C:\WINDOWS\Internet Logs\xDB5A.tmp
    2007-10-21 23:24 4,303,360 ----a-w C:\WINDOWS\Internet Logs\xDB5B.tmp
    2007-10-20 00:12 4,303,360 ----a-w C:\WINDOWS\Internet Logs\xDB58.tmp
    2007-10-20 00:12 111,616 ----a-w C:\WINDOWS\Internet Logs\xDB57.tmp
    2007-10-19 03:18 4,302,336 ----a-w C:\WINDOWS\Internet Logs\xDB56.tmp
    2007-10-19 03:18 288,768 ----a-w C:\WINDOWS\Internet Logs\xDB55.tmp
    2007-10-17 21:42 548,352 ----a-w C:\WINDOWS\Internet Logs\xDB53.tmp
    2007-10-17 21:42 4,298,752 ----a-w C:\WINDOWS\Internet Logs\xDB54.tmp
    2007-10-16 02:26 401,920 ----a-w C:\WINDOWS\Internet Logs\xDB52.tmp
    2007-10-16 02:26 4,297,216 ----a-w C:\WINDOWS\Internet Logs\xDB6A.tmp
    2007-10-11 21:56 679,424 ----a-w C:\WINDOWS\Internet Logs\xDB4F.tmp
    2007-10-11 21:56 4,294,144 ----a-w C:\WINDOWS\Internet Logs\xDB51.tmp
    2007-10-10 00:56 454,656 ----a-w C:\WINDOWS\Internet Logs\xDB4C.tmp
    2007-10-10 00:56 4,291,584 ----a-w C:\WINDOWS\Internet Logs\xDB4E.tmp
    2007-10-09 00:26 1,852,416 ----a-w C:\WINDOWS\Internet Logs\xDB8C.tmp
    2007-10-02 02:50 515,584 ----a-w C:\WINDOWS\Internet Logs\xDB4B.tmp
    2007-10-01 02:38 567,296 ----a-w C:\WINDOWS\Internet Logs\xDB49.tmp
    2007-10-01 02:38 4,273,664 ----a-w C:\WINDOWS\Internet Logs\xDB4A.tmp
    2007-09-27 02:40 633,856 ----a-w C:\WINDOWS\Internet Logs\xDB47.tmp
    2007-09-27 02:40 4,271,104 ----a-w C:\WINDOWS\Internet Logs\xDB48.tmp
    2007-09-20 23:16 4,265,984 ----a-w C:\WINDOWS\Internet Logs\xDB5D.tmp
    2007-09-20 23:16 1,333,760 ----a-w C:\WINDOWS\Internet Logs\xDB45.tmp
    2007-09-18 02:01 4,252,672 ----a-w C:\WINDOWS\Internet Logs\xDB50.tmp
    2007-09-18 02:01 3,019,776 ----a-w C:\WINDOWS\Internet Logs\xDB46.tmp
    2007-08-21 00:44 4,149,760 ----a-w C:\WINDOWS\Internet Logs\xDB4D.tmp
    2007-08-21 00:44 1,972,224 ----a-w C:\WINDOWS\Internet Logs\xDB44.tmp
    2007-08-14 00:36 4,012,032 ----a-w C:\WINDOWS\Internet Logs\xDB43.tmp
    2007-08-14 00:36 333,824 ----a-w C:\WINDOWS\Internet Logs\xDB42.tmp
    2007-08-13 02:43 315,904 ----a-w C:\WINDOWS\Internet Logs\xDB41.tmp
    2007-08-12 04:02 433,664 ----a-w C:\WINDOWS\Internet Logs\xDB40.tmp
    2007-08-11 03:08 4,009,472 ----a-w C:\WINDOWS\Internet Logs\xDB3F.tmp
    2007-08-11 03:08 1,306,624 ----a-w C:\WINDOWS\Internet Logs\xDB3E.tmp
    2007-08-06 02:25 400,384 ----a-w C:\WINDOWS\Internet Logs\xDB3C.tmp
    2007-08-06 02:25 3,996,672 ----a-w C:\WINDOWS\Internet Logs\xDB3D.tmp
    2007-08-04 03:45 3,994,624 ----a-w C:\WINDOWS\Internet Logs\xDB3B.tmp
    2007-08-04 03:45 1,348,608 ----a-w C:\WINDOWS\Internet Logs\xDB3A.tmp
    2007-07-30 01:04 3,971,584 ----a-w C:\WINDOWS\Internet Logs\xDB39.tmp
    2007-07-30 01:04 3,517,440 ----a-w C:\WINDOWS\Internet Logs\xDB38.tmp
    2007-07-15 22:08 22,150,944 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_07_14_16_54_03_full.dmp.zip
    2007-05-15 21:07 3,174,400 ----a-w C:\WINDOWS\Internet Logs\xDB37.tmp
    2007-04-14 15:14 4,004,864 ----a-w C:\WINDOWS\Internet Logs\xDB36.tmp
    2007-03-31 08:32 3,308,544 ----a-w C:\WINDOWS\Internet Logs\xDB34.tmp
    2007-03-31 08:31 3,689,472 ----a-w C:\WINDOWS\Internet Logs\xDB35.tmp
    2007-03-25 06:24 3,662,848 ----a-w C:\WINDOWS\Internet Logs\xDB33.tmp
    2007-03-25 06:24 2,219,008 ----a-w C:\WINDOWS\Internet Logs\xDB32.tmp
    2007-03-24 07:08 3,662,336 ----a-w C:\WINDOWS\Internet Logs\xDB31.tmp
    2007-03-24 07:08 2,791,936 ----a-w C:\WINDOWS\Internet Logs\xDB30.tmp
    2007-03-20 02:03 1,923,072 ----a-w C:\WINDOWS\Internet Logs\xDB2F.tmp
    2007-03-19 05:15 3,651,072 ----a-w C:\WINDOWS\Internet Logs\xDB2E.tmp
    2007-03-19 05:15 1,178,112 ----a-w C:\WINDOWS\Internet Logs\xDB2D.tmp
    2007-03-18 14:46 2,822,144 ----a-w C:\WINDOWS\Internet Logs\xDB2C.tmp
    2007-03-13 00:20 3,614,208 ----a-w C:\WINDOWS\Internet Logs\xDB2B.tmp
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
    "SuperCopier.exe"="C:\Program Files\SuperCopier\SuperCopier.exe" [2003-04-24 18:03 683520]
    "PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 05:10 536576]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-02-06 12:49 19490344]
    "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2005-05-25 07:07 188459]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 07:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-30 11:46 192512]
    "PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 05:56 1077327]
    "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-09-05 12:16 184320]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-10-28 09:37 88363 C:\WINDOWS\agrsmmsg.exe]
    "CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2005-01-21 16:48 675840]
    "TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-11-29 16:06 53248]
    "TOSHIBA Accessibility"="C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe" [2004-12-07 16:24 24576]
    "HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-12-23 13:07 28672]
    "SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2005-02-25 10:59 65536]
    "Zooming"="ZoomingHook.exe" [2004-07-14 11:07 24576 C:\WINDOWS\system32\ZoomingHook.exe]
    "TCtryIOHook"="TCtrlIOHook.exe" [2005-02-16 09:43 28672 C:\WINDOWS\system32\TCtrlIOHook.exe]
    "TPSMain"="TPSMain.exe" [2005-01-21 05:28 266240 C:\WINDOWS\system32\TPSMain.exe]
    "SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2004-11-15 05:49 118784]
    "Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2004-11-12 12:57 73728]
    "NDSTray.exe"="NDSTray.exe" []
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-01-13 20:05 122939]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-02 04:03 155648]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 03:59 126976]
    "TFncKy"="TFncKy.exe" []
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 09:00 79224]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-07-04 08:38 180269]
    "CFSServ.exe"="CFSServ.exe" []
    "eCarteBleue-LP-P1"="C:\Program Files\e-Carte Bleue\LA POSTE\CVD ADESIO\ECB.exe" [2002-12-20 03:49 188416]
    "RIP PopUp"="C:\Program Files\RIP PopUp\nopopup.exe" [ ]
    "CmUsbAudio"="cmcnfg2.cpl" []
    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-08 00:42 176128]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 07:00 15360]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"= %windir%\\system32\\sessmgr.exe:@xpsp2res.dll,-22019
    "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R1 SerTVOutCtlr;TOSHIBA Controls Driver -EPIOMngr;C:\WINDOWS\system32\drivers\EPIOMngr.sys [2004-07-30 10:05]
    R1 TPwSav;Common Driver;C:\WINDOWS\system32\Drivers\TPwSav.sys [2005-02-25 14:08]
    S1 StickyMesger;StickyMesger;C:\Program Files\TOSHIBA\Accessibility\StickyMesger.sys []
    S3 cmo_bus;Data Modem @ CDMA Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\cmo_bus.sys [2005-08-17 11:59]
    S3 cmo_mdfl;Data Modem @ CDMA Filter;C:\WINDOWS\system32\DRIVERS\cmo_mdfl.sys [2005-08-17 12:02]
    S3 cmo_mdm;Data Modem @ CDMA Drivers;C:\WINDOWS\system32\DRIVERS\cmo_mdm.sys [2005-08-17 12:02]
    S3 cmo_serd;Data Modem @ CDMA Diagnostic Serial Port (WDM);C:\WINDOWS\system32\DRIVERS\cmo_serd.sys [2005-08-17 12:04]
    S3 cmuda2;C-Media USB Audio Interface;C:\WINDOWS\system32\drivers\cmuda2.sys [2004-06-16 04:59]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f166cfe-a59f-11dc-be5d-000fb084009f}]
    \Shell\AutoRun\command - E:\p3r1ud.exe
    \Shell\explore\Command - E:\p3r1ud.exe
    \Shell\open\Command - E:\p3r1ud.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e41bd128-db42-11dc-beb0-000fb084009f}]
    \Shell\AutoRun\command - E:\p3r1ud.exe
    \Shell\explore\Command - E:\p3r1ud.exe
    \Shell\open\Command - E:\p3r1ud.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2005-03-18 08:54:28 C:\WINDOWS\Tasks\Symantec NetDetect.job"
    - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-23 18:26:47
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ACS.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-23 18:31:20 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-02-23 22:30:59
    t 2008-02-23 22:31:23
    0
  8. g!rly Messages postés 18462 Statut Contributeur 407
     
    Salut phige,

    # Télécharge RavAntivirus d'Evosla > http://ww25.evosla.com/compteur.php?soft=rav_antivirus
    # Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX
    # Fais un clic droit sur le fichier .ZIP > Extraire sur > le Bureau
    # Doucle-clique sur >> RAV.exe << afin de lancer l'outil.
    # Une fois RAV ANTIVIRUS lancé, laisse-le réagir , il scanne automatiquement tout les lecteurs (disques fixes et amovibles)
    # Si infection > un log s'établira, sinon le soft affichera (très rapide) ==>Votre Ordinateur est sain .
    # Retire tes disques amovibles et redémarrez votre ordinateur.
    # Poste le rapport, si infection!

    @+
    0
  9. g!rly Messages postés 18462 Statut Contributeur 407
     
    --

    Le meilleur moyen de faire tourner la tête à une femme, c'est de lui dire qu'elle a un joli profil
    0
    1. hamza_bba
       
      salut g!rly

      je suis vraiment désolé pour que j'ai pas tu répondre en tous cas merci bcp pour vous aide

      cordialement
      0
  10. g!rly Messages postés 18462 Statut Contributeur 407
     
    y a pas de mal phige n´as pas repondu non plus...

    hamza_bba

    on reprends si tu veux :

    Télécharge HijackThis ici :

    -> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

    Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)

    -> http://pageperso.aol.fr/balltrap34/Hijenr.gif

    Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

    -> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

    Post le rapport généré ici stp...

    @+
    0
  11. hamza_bba
     
    salut

    merci bcp bcp j'ai déjâ régler le problème

    bonne journée
    0
  12. colon47
     
    Rapport combofix :
    ComboFix 08-05-09.1 - Escudié 2008-05-10 14:36:28.1 - [color=red][b]FAT32[/b][/color]x86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.723 [GMT 2:00]
    Endroit: C:\Documents and Settings\Escudié\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\autorun.inf
    C:\Documents and Settings\Jean-louis\Local Settings\Temporary Internet Files\temp.dmf
    C:\Documents and Settings\maman\Local Settings\Temporary Internet Files\temp.dmf
    C:\Documents and Settings\Pti IgloOo's$.MAXDATA\Application Data\SMANTE~1
    C:\Documents and Settings\Pti IgloOo's$.MAXDATA\Application Data\SSTEM3~1
    C:\WINDOWS.0\Downloaded Program Files\setup.inf
    C:\WINDOWS.0\system32\auto.exe
    C:\WINDOWS.0\system32\kavo.exe
    C:\WINDOWS.0\system32\kavo0.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-04-10 to 2008-05-10 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-10 13:07 . 2008-05-10 13:07 <REP> d--hs---- C:\FOUND.014
    2008-05-10 11:14 . 2008-05-10 09:55 118,914 -r-hs---- C:\uqb0julr.bat
    2008-05-09 12:26 . 2008-05-09 12:25 117,386 -r-hs---- C:\ka1nk.bat
    2008-05-08 19:32 . 2008-05-08 19:32 54,156 --ah----- C:\WINDOWS.0\QTFont.qfn
    2008-05-08 19:32 . 2008-05-08 19:32 1,409 --a------ C:\WINDOWS.0\QTFont.for
    2008-05-08 09:00 . 2008-05-08 09:00 <REP> d--hs---- C:\FOUND.013
    2008-05-08 08:01 . 2008-05-08 08:00 119,068 -r-hs---- C:\qjatw9aj.exe
    2008-05-07 19:14 . 2008-05-07 19:15 <REP> d-------- C:\Program Files\SceneCaster
    2008-05-07 17:48 . 2008-05-07 17:48 <REP> d-------- C:\Program Files\Microids
    2008-05-05 18:57 . 2008-05-05 18:57 <REP> d--hs---- C:\FOUND.012
    2008-05-04 10:16 . 2008-05-07 13:07 119,007 -r-hs---- C:\qpe6.com
    2008-05-03 09:49 . 2008-05-03 09:49 <REP> d--hs---- C:\FOUND.011
    2008-05-02 18:39 . 2008-05-03 22:33 119,274 -r-hs---- C:\x.bat
    2008-05-02 09:21 . 2008-05-02 09:20 119,181 -r-hs---- C:\imt8.cmd
    2008-04-30 10:48 . 2008-04-30 10:48 <REP> d--hs---- C:\FOUND.010
    2008-04-30 00:36 . 2008-04-30 00:36 118,845 -r-hs---- C:\930jn.bat
    2008-04-26 11:33 . 2008-04-28 18:41 118,688 -r-hs---- C:\mka.bat
    2008-04-25 12:55 . 2008-04-25 12:55 <REP> d-------- C:\Documents and Settings\IgloO\Application Data\TransRender
    2008-04-25 12:55 . 2008-04-25 12:55 <REP> d-------- C:\Documents and Settings\IgloO\Application Data\Temporary
    2008-04-25 12:55 . 2008-04-25 12:55 <REP> d-------- C:\Documents and Settings\IgloO\Application Data\ConvertTemp
    2008-04-25 10:10 . 2008-04-25 23:37 117,357 -r-hs---- C:\8386nac.com
    2008-04-22 10:40 . 2008-04-23 10:37 117,594 -r-hs---- C:\1.bat
    2008-04-20 12:06 . 2008-04-20 12:06 115,878 -r-hs---- C:\h8i.com
    2008-04-20 12:05 . 2008-04-10 12:35 117,020 -r-hs---- C:\co.com

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-04 10:09 1,664 ----a-w C:\Documents and Settings\FaShIOn VIcTIm\Application Data\wklnhst.dat
    2008-04-16 16:48 458 ----a-w C:\Documents and Settings\IgloO\Application Data\wklnhst.dat
    2008-03-30 14:46 --------- d-----w C:\Program Files\Alwil Software
    2008-03-30 14:34 81,984 ----a-w C:\WINDOWS.0\system32\bdod.bin
    2008-03-28 19:22 --------- d-----w C:\Documents and Settings\IgloO\Application Data\Samsung
    2008-03-28 18:59 --------- d-----w C:\Program Files\Samsung
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS.0\system32\win32k.sys
    2008-03-20 08:09 1,845,376 ------w C:\WINDOWS.0\system32\dllcache\win32k.sys
    2008-03-16 10:10 --------- d-----w C:\Program Files\Windows Media Components
    2008-03-16 10:09 --------- d-----w C:\Program Files\NRJ
    2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS.0\system32\dllcache\mshtml.dll
    2008-02-29 08:57 625,664 ------w C:\WINDOWS.0\system32\dllcache\iexplore.exe
    2008-02-29 08:56 70,656 ------w C:\WINDOWS.0\system32\dllcache\ie4uinit.exe
    2008-02-22 10:00 13,824 ------w C:\WINDOWS.0\system32\dllcache\ieudinit.exe
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS.0\system32\gdi32.dll
    2008-02-20 06:51 282,624 ------w C:\WINDOWS.0\system32\dllcache\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS.0\system32\dnsrslvr.dll
    2008-02-20 05:35 45,568 ------w C:\WINDOWS.0\system32\dllcache\dnsrslvr.dll
    2008-02-20 05:35 148,992 ------w C:\WINDOWS.0\system32\dllcache\dnsapi.dll
    2008-02-20 04:45 691,545 ----a-w C:\WINDOWS.0\unins000.exe
    2008-02-15 05:44 161,792 ----a-w C:\WINDOWS.0\system32\dllcache\ieakui.dll
    2007-12-31 10:20 5,650 ----a-w C:\Documents and Settings\Escudié\Application Data\wklnhst.dat
    2006-03-14 16:05 578 ----a-w C:\Program Files\INSTALL.LOG
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS.0\system32\ctfmon.exe" [2004-08-20 01:09 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-08-20 17:39 185632]
    "LXSUPMON"="C:\WINDOWS.0\system32\LXSUPMON.exe" [2002-08-15 03:56 886272]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-16 11:45 63712]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS.0\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
    "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304]

    C:\Documents and Settings\FaShIOn VIcTIm\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 21:26:34 393216]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.D263"= xl_x263dec.dll
    "VIDC.YV12"= xl_yv12.dll
    "VIDC.XJPG"= camfc.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Menu Démarrer^Programmes^Démarrage^Desktop Manager.lnk]
    path=C:\Documents and Settings\All Users.WINDOWS.0\Menu Démarrer\Programmes\Démarrage\Desktop Manager.lnk
    backup=C:\WINDOWS.0\pss\Desktop Manager.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=C:\Documents and Settings\All Users.WINDOWS.0\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=C:\WINDOWS.0\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
    path=C:\Documents and Settings\All Users.WINDOWS.0\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
    backup=C:\WINDOWS.0\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
    path=C:\Documents and Settings\All Users.WINDOWS.0\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk
    backup=C:\WINDOWS.0\pss\Logitech SetPoint.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
    path=C:\Documents and Settings\All Users.WINDOWS.0\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
    backup=C:\WINDOWS.0\pss\Outil de mise à jour Google.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Menu Démarrer^Programmes^Démarrage^Supervision de Photo Loader.lnk]
    path=C:\Documents and Settings\All Users.WINDOWS.0\Menu Démarrer\Programmes\Démarrage\Supervision de Photo Loader.lnk
    backup=C:\WINDOWS.0\pss\Supervision de Photo Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Escudié^Menu Démarrer^Programmes^Démarrage^Dragon NaturallySpeaking.lnk]
    path=C:\Documents and Settings\Escudié\Menu Démarrer\Programmes\Démarrage\Dragon NaturallySpeaking.lnk
    backup=C:\WINDOWS.0\pss\Dragon NaturallySpeaking.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Escudié^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
    path=C:\Documents and Settings\Escudié\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
    backup=C:\WINDOWS.0\pss\OpenOffice.org 2.0.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    --a------ 2007-03-16 11:45 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
    --a------ 2007-04-04 15:13 69632 C:\Program Files\Softwin\BitDefender10\bdagent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]
    --a------ 2007-04-17 19:15 290816 C:\Program Files\Softwin\BitDefender10\bdmcon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
    --a------ 2002-10-15 18:00 1818624 C:\WINDOWS.0\mixer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cld2000.exe]
    C:\Program Files\Calendrier\Cld2000.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    --a------ 2004-08-20 01:09 15360 C:\WINDOWS.0\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EssentialPIM]
    C:\Program Files\EssentialPIM\EssentialPIM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
    --a------ 2002-08-20 10:29 40960 C:\WINDOWS.0\System32\ezSP_Px.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
    --a------ 2006-05-05 12:19 40960 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2007-09-26 14:42 267064 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kava]
    C:\WINDOWS.0\system32\kavo.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
    --a------ 2007-08-24 23:20 67128 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
    --a------ 2005-07-19 10:17 135168 C:\PROGRA~1\MUSICM~2\MUSICM~2\mm_tray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    --a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    -ra------ 2002-07-30 17:50 372736 C:\WINDOWS.0\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
    --a------ 2006-03-21 13:19 69632 C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
    --a------ 2006-05-05 12:18 36864 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
    --a------ 2007-01-23 11:19 223232 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
    --a------ 2008-02-26 03:23 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPScheduler]
    --a------ 2006-05-05 12:36 98304 C:\Program Files\ScanSoft\PaperPort\PPScheduler.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    --a------ 2006-12-11 20:41 25343016 C:\Program Files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
    --a------ 2006-05-08 05:17 81920 C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    -ra------ 2003-09-30 00:14 155648 C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2006-12-15 03:23 75520 C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2007-10-08 19:19 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ub4TrayApp]
    --a------ 2004-10-21 14:40 1381376 C:\Program Files\Astase\UltraBackup\4.0\bin\ubtray.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\WINDOWS.0\\System32\\LEXPPS.EXE"=
    "C:\\StubInstaller.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Messenger\\MSMSGS.EXE"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS.0\system32\drivers\aswSP.sys [2008-03-29 19:31]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS.0\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
    R3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS.0\system32\DRIVERS\fbxusb.sys [2003-12-31 11:35]
    R3 XIRLINK;Veo PC Camera;C:\WINDOWS.0\system32\DRIVERS\ucdnt.sys [2002-03-12 21:50]
    S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-08-12 16:50]
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS.0\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS.0\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS.0\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c195703c-eb88-11db-94fa-0007cb0000ff}]
    \Shell\AutoRun\command - F:\930jn.bat
    \Shell\explore\Command - F:\930jn.bat
    \Shell\open\Command - F:\930jn.bat

    *Newly Created Service* - CATCHME
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-04-22 16:31:10 C:\WINDOWS.0\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-05-10 09:04:02 C:\WINDOWS.0\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    "2008-05-09 12:30:10 C:\WINDOWS.0\Tasks\User_Feed_Synchronization-{6A75B4D0-CF75-4276-837C-E4D8715CC9B3}.job"
    - C:\WINDOWS.0\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-10 14:40:07
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-10 14:40:51
    ComboFix-quarantined-files.txt 2008-05-10 12:40:50

    Pre-Run: 22,150,922,240 octets libres
    Post-Run: 25,078,464,512 octets libres

    227 --- E O F --- 2008-04-08 19:35

    rapport hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:02:47, on 10/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS.0\System32\smss.exe
    C:\WINDOWS.0\system32\winlogon.exe
    C:\WINDOWS.0\system32\services.exe
    C:\WINDOWS.0\system32\lsass.exe
    C:\WINDOWS.0\system32\svchost.exe
    C:\WINDOWS.0\System32\svchost.exe
    C:\WINDOWS.0\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS.0\system32\LEXBCES.EXE
    C:\WINDOWS.0\system32\LEXPPS.EXE
    C:\WINDOWS.0\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS.0\system32\LXSUPMON.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\WINDOWS.0\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS.0\System32\cisvc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS.0\System32\nvsvc32.exe
    C:\WINDOWS.0\System32\svchost.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\WINDOWS.0\system32\wscntfy.exe
    C:\WINDOWS.0\system32\cidaemon.exe
    C:\WINDOWS.0\system32\notepad.exe
    C:\WINDOWS.0\explorer.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\FreeCommander\FreeCommander.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Documents and Settings\Escudié\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.free.fr/freebox/index.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS.0\system32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586-jc.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
    O16 - DPF: {E1AF091A-9F23-4059-89D7-C05EE073285D} (Canal+ Active MSWAY) - https://www.canalplus.com/canalplay/
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS.0\system32\LEXBCES.EXE
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\System32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    0
  13. colon47
     
    Rapport combofix :
    ComboFix 08-05-09.1 - Escudié 2008-05-10 14:36:28.1 - [color=red][b]FAT32[/b][/color]x86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.723 [GMT 2:00]
    Endroit: C:\Documents and Settings\Escudié\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\autorun.inf
    C:\Documents and Settings\Jean-louis\Local Settings\Temporary Internet Files\temp.dmf
    C:\Documents and Settings\maman\Local Settings\Temporary Internet Files\temp.dmf
    C:\Documents and Settings\Pti IgloOo's$.MAXDATA\Application Data\SMANTE~1
    C:\Documents and Settings\Pti IgloOo's$.MAXDATA\Application Data\SSTEM3~1
    C:\WINDOWS.0\Downloaded Program Files\setup.inf
    C:\WINDOWS.0\system32\auto.exe
    C:\WINDOWS.0\system32\kavo.exe
    C:\WINDOWS.0\system32\kavo0.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-04-10 to 2008-05-10 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-10 13:07 . 2008-05-10 13:07 <REP> d--hs---- C:\FOUND.014
    2008-05-10 11:14 . 2008-05-10 09:55 118,914 -r-hs---- C:\uqb0julr.bat
    2008-05-09 12:26 . 2008-05-09 12:25 117,386 -r-hs---- C:\ka1nk.bat
    2008-05-08 19:32 . 2008-05-08 19:32 54,156 --ah----- C:\WINDOWS.0\QTFont.qfn
    2008-05-08 19:32 . 2008-05-08 19:32 1,409 --a------ C:\WINDOWS.0\QTFont.for
    2008-05-08 09:00 . 2008-05-08 09:00 <REP> d--hs---- C:\FOUND.013
    2008-05-08 08:01 . 2008-05-08 08:00 119,068 -r-hs---- C:\qjatw9aj.exe
    2008-05-07 19:14 . 2008-05-07 19:15 <REP> d-------- C:\Program Files\SceneCaster
    2008-05-07 17:48 . 2008-05-07 17:48 <REP> d-------- C:\Program Files\Microids
    2008-05-05 18:57 . 2008-05-05 18:57 <REP> d--hs---- C:\FOUND.012
    2008-05-04 10:16 . 2008-05-07 13:07 119,007 -r-hs---- C:\qpe6.com
    2008-05-03 09:49 . 2008-05-03 09:49 <REP> d--hs---- C:\FOUND.011
    2008-05-02 18:39 . 2008-05-03 22:33 119,274 -r-hs---- C:\x.bat
    2008-05-02 09:21 . 2008-05-02 09:20 119,181 -r-hs---- C:\imt8.cmd
    2008-04-30 10:48 . 2008-04-30 10:48 <REP> d--hs---- C:\FOUND.010
    2008-04-30 00:36 . 2008-04-30 00:36 118,845 -r-hs---- C:\930jn.bat
    2008-04-26 11:33 . 2008-04-28 18:41 118,688 -r-hs---- C:\mka.bat
    2008-04-25 12:55 . 2008-04-25 12:55 <REP> d-------- C:\Documents and Settings\IgloO\Application Data\TransRender
    2008-04-25 12:55 . 2008-04-25 12:55 <REP> d-------- C:\Documents and Settings\IgloO\Application Data\Temporary
    2008-04-25 12:55 . 2008-04-25 12:55 <REP> d-------- C:\Documents and Settings\IgloO\Application Data\ConvertTemp
    2008-04-25 10:10 . 2008-04-25 23:37 117,357 -r-hs---- C:\8386nac.com
    2008-04-22 10:40 . 2008-04-23 10:37 117,594 -r-hs---- C:\1.bat
    2008-04-20 12:06 . 2008-04-20 12:06 115,878 -r-hs---- C:\h8i.com
    2008-04-20 12:05 . 2008-04-10 12:35 117,020 -r-hs---- C:\co.com

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-04 10:09 1,664 ----a-w C:\Documents and Settings\FaShIOn VIcTIm\Application Data\wklnhst.dat
    2008-04-16 16:48 458 ----a-w C:\Documents and Settings\IgloO\Application Data\wklnhst.dat
    2008-03-30 14:46 --------- d-----w C:\Program Files\Alwil Software
    2008-03-30 14:34 81,984 ----a-w C:\WINDOWS.0\system32\bdod.bin
    2008-03-28 19:22 --------- d-----w C:\Documents and Settings\IgloO\Application Data\Samsung
    2008-03-28 18:59 --------- d-----w C:\Program Files\Samsung
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS.0\system32\win32k.sys
    2008-03-20 08:09 1,845,376 ------w C:\WINDOWS.0\system32\dllcache\win32k.sys
    2008-03-16 10:10 --------- d-----w C:\Program Files\Windows Media Components
    2008-03-16 10:09 --------- d-----w C:\Program Files\NRJ
    2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS.0\system32\dllcache\mshtml.dll
    2008-02-29 08:57 625,664 ------w C:\WINDOWS.0\system32\dllcache\iexplore.exe
    2008-02-29 08:56 70,656 ------w C:\WINDOWS.0\system32\dllcache\ie4uinit.exe
    2008-02-22 10:00 13,824 ------w C:\WINDOWS.0\system32\dllcache\ieudinit.exe
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS.0\system32\gdi32.dll
    2008-02-20 06:51 282,624 ------w C:\WINDOWS.0\system32\dllcache\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS.0\system32\dnsrslvr.dll
    2008-02-20 05:35 45,568 ------w C:\WINDOWS.0\system32\dllcache\dnsrslvr.dll
    2008-02-20 05:35 148,992 ------w C:\WINDOWS.0\system32\dllcache\dnsapi.dll
    2008-02-20 04:45 691,545 ----a-w C:\WINDOWS.0\unins000.exe
    2008-02-15 05:44 161,792 ----a-w C:\WINDOWS.0\system32\dllcache\ieakui.dll
    2007-12-31 10:20 5,650 ----a-w C:\Documents and Settings\Escudié\Application Data\wklnhst.dat
    2006-03-14 16:05 578 ----a-w C:\Program Files\INSTALL.LOG
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS.0\system32\ctfmon.exe" [2004-08-20 01:09 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-08-20 17:39 185632]
    "LXSUPMON"="C:\WINDOWS.0\system32\LXSUPMON.exe" [2002-08-15 03:56 886272]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-16 11:45 63712]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS.0\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
    "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304]

    C:\Documents and Settings\FaShIOn VIcTIm\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 21:26:34 393216]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.D263"= xl_x263dec.dll
    "VIDC.YV12"= xl_yv12.dll
    "VIDC.XJPG"= camfc.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Menu Démarrer^Programmes^Démarrage^Desktop Manager.lnk]
    path=C:\Documents and Settings\All Users.WINDOWS.0\Menu Démarrer\Programmes\Démarrage\Desktop Manager.lnk
    backup=C:\WINDOWS.0\pss\Desktop Manager.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=C:\Documents and Settings\All Users.WINDOWS.0\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=C:\WINDOWS.0\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
    path=C:\Documents and Settings\All Users.WINDOWS.0\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
    backup=C:\WINDOWS.0\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
    path=C:\Documents and Settings\All Users.WINDOWS.0\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk
    backup=C:\WINDOWS.0\pss\Logitech SetPoint.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
    path=C:\Documents and Settings\All Users.WINDOWS.0\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
    backup=C:\WINDOWS.0\pss\Outil de mise à jour Google.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Menu Démarrer^Programmes^Démarrage^Supervision de Photo Loader.lnk]
    path=C:\Documents and Settings\All Users.WINDOWS.0\Menu Démarrer\Programmes\Démarrage\Supervision de Photo Loader.lnk
    backup=C:\WINDOWS.0\pss\Supervision de Photo Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Escudié^Menu Démarrer^Programmes^Démarrage^Dragon NaturallySpeaking.lnk]
    path=C:\Documents and Settings\Escudié\Menu Démarrer\Programmes\Démarrage\Dragon NaturallySpeaking.lnk
    backup=C:\WINDOWS.0\pss\Dragon NaturallySpeaking.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Escudié^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
    path=C:\Documents and Settings\Escudié\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
    backup=C:\WINDOWS.0\pss\OpenOffice.org 2.0.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    --a------ 2007-03-16 11:45 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
    --a------ 2007-04-04 15:13 69632 C:\Program Files\Softwin\BitDefender10\bdagent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]
    --a------ 2007-04-17 19:15 290816 C:\Program Files\Softwin\BitDefender10\bdmcon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
    --a------ 2002-10-15 18:00 1818624 C:\WINDOWS.0\mixer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cld2000.exe]
    C:\Program Files\Calendrier\Cld2000.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    --a------ 2004-08-20 01:09 15360 C:\WINDOWS.0\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EssentialPIM]
    C:\Program Files\EssentialPIM\EssentialPIM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
    --a------ 2002-08-20 10:29 40960 C:\WINDOWS.0\System32\ezSP_Px.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
    --a------ 2006-05-05 12:19 40960 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2007-09-26 14:42 267064 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kava]
    C:\WINDOWS.0\system32\kavo.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
    --a------ 2007-08-24 23:20 67128 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
    --a------ 2005-07-19 10:17 135168 C:\PROGRA~1\MUSICM~2\MUSICM~2\mm_tray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    --a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    -ra------ 2002-07-30 17:50 372736 C:\WINDOWS.0\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
    --a------ 2006-03-21 13:19 69632 C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
    --a------ 2006-05-05 12:18 36864 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
    --a------ 2007-01-23 11:19 223232 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
    --a------ 2008-02-26 03:23 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPScheduler]
    --a------ 2006-05-05 12:36 98304 C:\Program Files\ScanSoft\PaperPort\PPScheduler.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    --a------ 2006-12-11 20:41 25343016 C:\Program Files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
    --a------ 2006-05-08 05:17 81920 C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    -ra------ 2003-09-30 00:14 155648 C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2006-12-15 03:23 75520 C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2007-10-08 19:19 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ub4TrayApp]
    --a------ 2004-10-21 14:40 1381376 C:\Program Files\Astase\UltraBackup\4.0\bin\ubtray.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\WINDOWS.0\\System32\\LEXPPS.EXE"=
    "C:\\StubInstaller.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Messenger\\MSMSGS.EXE"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS.0\system32\drivers\aswSP.sys [2008-03-29 19:31]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS.0\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
    R3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS.0\system32\DRIVERS\fbxusb.sys [2003-12-31 11:35]
    R3 XIRLINK;Veo PC Camera;C:\WINDOWS.0\system32\DRIVERS\ucdnt.sys [2002-03-12 21:50]
    S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-08-12 16:50]
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS.0\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS.0\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS.0\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c195703c-eb88-11db-94fa-0007cb0000ff}]
    \Shell\AutoRun\command - F:\930jn.bat
    \Shell\explore\Command - F:\930jn.bat
    \Shell\open\Command - F:\930jn.bat

    *Newly Created Service* - CATCHME
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-04-22 16:31:10 C:\WINDOWS.0\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-05-10 09:04:02 C:\WINDOWS.0\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    "2008-05-09 12:30:10 C:\WINDOWS.0\Tasks\User_Feed_Synchronization-{6A75B4D0-CF75-4276-837C-E4D8715CC9B3}.job"
    - C:\WINDOWS.0\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-10 14:40:07
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-10 14:40:51
    ComboFix-quarantined-files.txt 2008-05-10 12:40:50

    Pre-Run: 22,150,922,240 octets libres
    Post-Run: 25,078,464,512 octets libres

    227 --- E O F --- 2008-04-08 19:35

    rapport hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:02:47, on 10/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS.0\System32\smss.exe
    C:\WINDOWS.0\system32\winlogon.exe
    C:\WINDOWS.0\system32\services.exe
    C:\WINDOWS.0\system32\lsass.exe
    C:\WINDOWS.0\system32\svchost.exe
    C:\WINDOWS.0\System32\svchost.exe
    C:\WINDOWS.0\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS.0\system32\LEXBCES.EXE
    C:\WINDOWS.0\system32\LEXPPS.EXE
    C:\WINDOWS.0\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS.0\system32\LXSUPMON.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\WINDOWS.0\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS.0\System32\cisvc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS.0\System32\nvsvc32.exe
    C:\WINDOWS.0\System32\svchost.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\WINDOWS.0\system32\wscntfy.exe
    C:\WINDOWS.0\system32\cidaemon.exe
    C:\WINDOWS.0\system32\notepad.exe
    C:\WINDOWS.0\explorer.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\FreeCommander\FreeCommander.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Documents and Settings\Escudié\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.free.fr/freebox/index.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS.0\system32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586-jc.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
    O16 - DPF: {E1AF091A-9F23-4059-89D7-C05EE073285D} (Canal+ Active MSWAY) - https://www.canalplus.com/canalplay/
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS.0\system32\LEXBCES.EXE
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\System32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    0
  14. g!rly Messages postés 18462 Statut Contributeur 407
     
    --

    Le meilleur moyen de faire tourner la tête à une femme, c'est de lui dire qu'elle a un joli profil
    0