Fichier vérolé Fermé

Question

Bonjour,


je me suis fait avoir part un fichier vérolé téléchargé sur MSN--->D'habitude je me fait pas avoir par ce genre de conneries mais c'est intervenu en pleine conversation. Le fichier en question s'appelait "Photo39". J'utilise McAfee à jour et au scan il a rien trouvé. J'ai fait le tour des posts d'infection suite à un fichier vérolé mais rien a marché.

Merci d'avance

Utilisateur anonyme · Answer

Salut,
tu as l'adresse du fichiers ?

si oui envoie le sur : https://www.virustotal.com/gui/ voir qui le détecte ;)

papyber · Answer

1/télécharge et installe le logiciel HijackThis 
https://www.pcastuces.com/logitheque/hijackthis.htm 
tuto pour l’utiliser 
regarde ici c'est parfaitement expliqué en images 
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm 
2/ 
télécharge AVG Antispyware 
https://www.avg.com/en-ww/free-antivirus-download 
mode d'utilisation : 
Lance AVG Anti-Spyware, mets le à jour, 
Clique sur le bouton « Analyse » onglet « paramètres » 
Puis « Comment réagir », clique sur Actions recommandées. Sélectionne Quarantaine 
3/ 
Télécharge : - CCleaner 
https://www.pcastuces.com/logitheque/ccleaner.htm 
Ce logiciel va permettre de supprimer tous les fichiers temporaires. Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C'est tout. 
Un tuto 
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm 
4/ 
Télécharge MSNFix.zip (de !aur3n7 et Regis59) sur le bureau : 
http://sosvirus.changelog.fr/MSNFix.zip 
Conseil : Toujours télécharger avant utilisation pour profiter des dernières mises à jour. 
Remarque: Il est possible que l'antivirus détecte un virus au téléchargement, il s'agit de Process.exe qui est un faux positif. 

Décompresse-le (clic droit : Extraire ici). 
A la racine du système, déplace le dossier décompressé, comme suit : 
C:\MSNFix. 
Ouvre-le et double clique sur le fichier MSNFix.bat 
Choisis l'option R. 
Si l'infection est détectée, il te suffit d'appuyer sur une touche du clavier. Un redémarrage du PC peut être demandé. 
Sauvegarde le rapport puis fais un copier/coller de ce rapport sur le forum, 
Recommande à tes contacts d'appliquer la même procédure MSNFix, pour freiner la propagation et indique si l'éradication est réussie. S'ils ont le moindre souci, ils viennent sur le forum et postent leur rapport pour lecture et conseils... 
5/ 
Télécharge clean.zip, de Malekal 
http://www.malekal.com/download/clean.zip 

décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean. 
Ouvre le dossier clean qui se trouve sur ton bureau, et double-clic sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laisse la ouverte. 
Choisis l'option 1 puis patiente 
Poste le rapport obtenu 
S’il te demande d’uploader un fichier, tu le fais… 


Comment aller en Mode sans échec 
1) Redémarre ton ordi 
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" 
3) Tu verras un écran avec options de démarrage apparaître 
4) Choisis la première option : Sans Échec, et valide avec "Entrée" 
5) Choisis ton compte habituel, et non Administrateur 

Redémarre en mode sans échec, copie ou imprime ce qui suit car tu n'auras pas accès à internet 

1* 
Lance CCleaner , nettoyeur, et supprime tout ce qu'il trouve 
lance CCleaner erreur et répare ce qu'il trouve, accepte les sauvegardes 
2* 
lance avg antispyware 
Retour à l'onglet Analyse. 
Clique sur Analyse complète du système. 
A la fin du scan, choisis " Appliquer toutes les actions " 
Clique sur "Enregistrer le rapport". Le fichier texte se trouve dans le dossier Rapports du dossier d'AVG Anti-Spyware 
3* 
si quelque chose a été trouvé avec clean.malekal , cela devrait être le cas... 
Ouvre le dossier jaune nommé clean sur ton bureau. 
Double-clique sur clean.cmd 
Choisis l'option 2 et copie sur le bureau le rapport généré. 
Si une fenêtre s'ouvre, laisse-la. 
Clique sur Q pour quitter le programme. 

redémarre normalement et poste moi les rapports obtenus 

MSNFix 
AVG antispyware 
Clean .txt 
ainsi qu'un scan HijackThis.

Bidji · Answer

Merci de ta réponse, malheureusement je n'ai plus le fichier mais étant donné que toutes les 30 minutes j'envoi automatiquement le virus à tout mes contacts sa ne doit pas être très difficile de le reprendre !

Bidji · Answer

Merci de ta réponse, je vais essayé tout de suite, je vous tiens au courent

PS : msnfix n'avait rien trouvé 

Merci beaucoup

papyber · Answer

je ne conseille pas de le reprendre!!
fais ce que je t'ai conseillé!!

Bidji · Answer

Oui je n'avait pas encore vu ton message. :-)

Bidji · Answer

Pour msnfix y vient de supprimé les fichiers (ma version n'était pas à jour).Je donnerais le rapport avec les autres à la fin.

Encore merci

Bidji · Answer

Alors je vais de donner tout les rapports:

msnfix



MSNFix 1.670-2  
 
C:\MSNFix 
Fix exécuté le lun. 25/02/2008 - 11:10:55,06 By Bijan Moutschen 
mode normal    
    
************************ Recherche les fichiers présents      
    
... C:\WINDOWS\system32\poolmc.exe 
... C:\DOCUME~1\BIJANM~1\LOCALS~1\Temp\photo*.zip 
... C:\DOCUME~1\BIJANM~1\LOCALS~1\Tempemovalfile.bat 
 
************************ Recherche les dossiers présents       
 
Aucun dossier trouvé 
 
 
 
 
************************ Suppression des fichiers       
    
.. OK ... C:\WINDOWS\system32\poolmc.exe  
.. OK ... C:\DOCUME~1\BIJANM~1\LOCALS~1\Temp\photo*.zip  
.. OK ... C:\DOCUME~1\BIJANM~1\LOCALS~1\Tempemovalfile.bat  
 
 
 
************************ Nettoyage du registre 
 
 
 
Les fichiers encore présents seront supprimés au prochain redémarrage 
 
 
Aucun Fichier trouvé 
 
 
 
************************ Fichiers suspects 
 
Aucun Fichier trouvé 
 
  
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier lun. 25022008_11175920.zip
 


------------------------------------------------------------------------  
Auteur : !aur3n7                     Contact: https://www.ionos.fr/     
------------------------------------------------------------------------   
 
---------------------------------------------   END   --------------------------------------------- 

AVG antispyware


---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	12:26:13 25/02/2008

 + Résultat de l'analyse:	



C:\MSNFix\lun. 25022008_11175920.zip/backup/removalfile.bat -> Not-A-Virus.Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP94\A0040388.bat -> Not-A-Virus.Adware.Virtumonde : Nettoyé.
:mozilla.11:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\y120mfam.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.8:C:\Documents and Settings\Famille\Application Data\Mozilla\Firefox\Profiles\zezrysqf.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.15:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\y120mfam.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.6:C:\Documents and Settings\Famille\Application Data\Mozilla\Firefox\Profiles\zezrysqf.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.10:C:\Documents and Settings\Famille\Application Data\Mozilla\Firefox\Profiles\zezrysqf.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.47:C:\Documents and Settings\Famille\Application Data\Mozilla\Firefox\Profiles\zezrysqf.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.48:C:\Documents and Settings\Famille\Application Data\Mozilla\Firefox\Profiles\zezrysqf.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.49:C:\Documents and Settings\Famille\Application Data\Mozilla\Firefox\Profiles\zezrysqf.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.50:C:\Documents and Settings\Famille\Application Data\Mozilla\Firefox\Profiles\zezrysqf.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.51:C:\Documents and Settings\Famille\Application Data\Mozilla\Firefox\Profiles\zezrysqf.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.45:C:\Documents and Settings\Famille\Application Data\Mozilla\Firefox\Profiles\zezrysqf.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.75:C:\Documents and Settings\Famille\Application Data\Mozilla\Firefox\Profiles\zezrysqf.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
:mozilla.12:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\y120mfam.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.13:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\y120mfam.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.14:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\y120mfam.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.


Fin du rapport


HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:12:39, on 25/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32
vraidservice.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\PROGRA~1\WI1F86~1\MESSEN~1\DEVICE~1\msgrdvmn.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\livecall.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.be/ig/dell?hl=fr&client=dell-row&channel=be&ibd=5070103
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/spresults.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.bing.com/?mkt=en-us&fdr=lc&toHttps=1&redig=E594EAA1B2B6456AB8E96DE14DB15E57
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/fr-be?c=be&l=fr&s=gen&redirect=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.be/ig/dell?hl=fr&client=dell-row&channel=be&ibd=5070103
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32
vraidservice.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [789fc415] rundll32.exe "C:\WINDOWS\system32\klwyokdl.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Pool Setup] poolmc.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WindowsLivePhone] "C:\PROGRA~1\WI1F86~1\MESSEN~1\DEVICE~1\msgrdvmn.exe" /AutoRun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Global Startup: Lancer l'utilitaire d'enregistrement.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apache2.2 - Unknown owner - K:\xampplite\apache\bin\apache.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: mysql - Unknown owner - K:\xampplite\mysql\bin\mysqld-nt.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\Program Files\xampplite\xampplite\service.exe (file missing)
O24 - Desktop Component 0: (no name) - https://www.ivao.aero/images/top.gif
O24 - Desktop Component 1: (no name) - https://upload.wikimedia.org/wikipedia/commons/thumb/a/a4/Thebeskouros.jpg/200px-Thebeskouros.jpg

papyber · Answer

oui mais il en reste encore pas mal!
Télécharge VundoFix.exe (par Atribune) sur ton Bureau
http://www.atribune.org/ccount/click.php?id=4
clic double sur VundoFix.exe afin de le lancer
clic sur le bouton Scan for Vundo
Lorsque le scan est complété, clic sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clic YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
 Tu verras une invite qui t'annonce que ton PC va redémarrer; 
clic OK
 Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci haut, à partir de "clic sur le bouton Scan for Vundo".
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse

Télécharge SDFix  d’ Andy Manchesta sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
 
clic double sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec
Comment aller en Mode sans échec lettre C 
Comment faire pour....tutos C4teur 
1) Redémarre ton ordi 
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" 
3) Tu verras un écran avec options de démarrage apparaître 
4) Choisi la première option : Sans Échec, et valide avec "Entrée" 
5) Choisi ton compte régulier, et non Administrateur 

Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et clic double sur RunThis.bat
 Appuie sur Y pour commencer le nettoyage.
Il va supprimer les services et les entrées du Registre infectés puis  te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter  et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, poste le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, 

Télécharge combofix.exe (par sUBs) sur ton Bureau
  http://download.bleepingcomputer.com/sUBs/ComboFix.exe
désactive ton antivirus, antispyware, et Spybot (résident) durant l'utilisation de ComboFix . Merci. Tu réactives ensuite.
Double clique combofix.exe.
Tape sur la touche Y (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse
NOTE : Le rapport se trouve également ici : C:\Combofix.txt

poste les rapports obtenus
VundoFix
SDFix
Combofix et un nouveau hijack this

Bidji · Answer

Vundofix VundoFix V6.7.9 Checking Java version... Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Java version is 1.5.0.10 Java version is 1.5.0.11 Scan started at 17:16:58 25/02/2008 Listing files found while scanning.... C:\windows\system32\ddaby.dll C:\WINDOWS\system32\klwyokdl.dll C:\WINDOWS\system32\ldkoywlk.ini C:\WINDOWS\system32\opnollj.dll C:\WINDOWS\system32\pmnnnll.dll C:\WINDOWS\system32 pyacpql.dll C:\WINDOWS\system32\ssqnnkh.dll C:\windows\system32\ybadd.ini C:\windows\system32\ybadd.ini2 Beginning removal... Attempting to delete C:\windows\system32\ddaby.dll C:\windows\system32\ddaby.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\klwyokdl.dll C:\WINDOWS\system32\klwyokdl.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\ldkoywlk.ini C:\WINDOWS\system32\ldkoywlk.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\opnollj.dll C:\WINDOWS\system32\opnollj.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\pmnnnll.dll C:\WINDOWS\system32\pmnnnll.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32 pyacpql.dll C:\WINDOWS\system32 pyacpql.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ssqnnkh.dll C:\WINDOWS\system32\ssqnnkh.dll Has been deleted! Attempting to delete C:\windows\system32\ybadd.ini C:\windows\system32\ybadd.ini Has been deleted! Attempting to delete C:\windows\system32\ybadd.ini2 C:\windows\system32\ybadd.ini2 Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\klwyokdl.dll C:\WINDOWS\system32\klwyokdl.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\pmnnnll.dll C:\WINDOWS\system32\pmnnnll.dll Could not be deleted. Performing Repairs to the registry. Done! SDfix SDFix: Version 1.147 Run by Bijan Moutschen on lun. 25/02/2008 at 18:14 Microsoft Windows XP [version 5.1.2600] Running From: C:\DOCUME~1\BIJANM~1\Bureau\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Combofix ComboFix 08-02-25.3 - Bijan Moutschen 2008-02-25 18:37:57.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1130 [GMT 1:00] Endroit: C:\Documents and Settings\Bijan Moutschen\Bureau\ComboFix.exe * Création d'un nouveau point de restauration [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\awvtt.dll C:\WINDOWS\system32 qstv.ini C:\WINDOWS\system32 qstv.ini2 C:\WINDOWS\system32\ovaiagkw.dll C:\WINDOWS\system32\pkeqedhh.dll C:\WINDOWS\system32\pmnnnll.dll C:\WINDOWS\system32 tvwa.ini C:\WINDOWS\system32 tvwa.ini2 C:\WINDOWS\system32\wkgaiavo.ini . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-25 to 2008-02-25 )))))))))))))))))))))))))))))))))))) . 2008-02-25 18:09 . 2008-02-25 18:09 d-------- C:\WINDOWS\ERUNT 2008-02-25 18:01 . 2008-02-25 15:14 d-------- C:\SDFix 2008-02-25 17:16 . 2008-02-25 17:49 d-------- C:\VundoFix Backups 2008-02-25 11:27 . 2008-02-25 11:27 514,806 --a------ C:\upload_moi_BIJAN.tar.gz 2008-02-25 11:08 . 2008-02-25 12:25 d-------- C:\MSNFix 2008-02-25 10:53 . 2008-02-25 10:53 d-------- C:\Program Files\CCleaner 2008-02-25 10:51 . 2008-02-25 10:51 d-------- C:\Documents and Settings\Bijan Moutschen\Application Data\Grisoft 2008-02-25 10:51 . 2008-02-25 10:51 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-25 10:51 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-02-25 10:46 . 2008-02-25 10:46 d-------- C:\Program Files\Trend Micro 2008-02-24 21:45 . 2008-02-24 21:45 d-------- C:\Documents and Settings\Bijan Moutschen\Application Data\McAfee 2008-02-24 20:17 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll 2008-02-24 19:01 . 2008-02-24 19:01 d-------- C:\Documents and Settings\Administrateur\Application Data\Talkback 2008-02-24 19:01 . 2008-02-24 19:01 d-------- C:\Documents and Settings\Administrateur\Application Data\SiteAdvisor 2008-02-24 18:28 . 2008-02-24 18:28 90 --a------ C:\WINDOWS\wininit.ini 2008-02-24 17:16 . 2008-02-24 17:16 d-------- C:\kav 2008-02-24 17:10 . 2008-02-24 17:10 d-------- C:\Program Files\Lavasoft 2008-02-24 17:10 . 2008-02-24 17:10 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-02-24 17:10 . 2008-02-24 17:10 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-02-24 16:54 . 2008-02-24 16:54 d-------- C:\Program Files\CleanUp! 2008-02-24 16:20 . 2008-02-24 14:15 78,848 --a------ C:\WINDOWS\system32\poolmc.MSNFix 2008-02-24 10:28 . 2008-02-24 10:28 d-------- C:\Program Files\iPod 2008-02-21 16:43 . 2008-02-21 16:43 71 --a------ C:\WINDOWS\fs_earth_link_9.ini 2008-02-16 18:52 . 2008-02-16 18:52 268 --ah----- C:\sqmdata03.sqm 2008-02-16 18:52 . 2008-02-16 18:52 244 --ah----- C:\sqmnoopt03.sqm 2008-02-12 17:37 . 2008-02-12 17:37 d-------- C:\Program Files\JoyToKey 2008-02-11 21:03 . 2008-02-11 21:03 57,623 --a------ C:\WINDOWS\BricoPackUninst.cmd 2008-02-11 21:02 . 2008-02-11 21:02 5,760,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp 2008-02-11 21:01 . 2008-02-11 21:03 6,120 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd 2008-02-11 21:00 . 2008-02-11 21:00 d-------- C:\WINDOWS\BricoPacks 2008-02-11 20:39 . 2008-02-11 20:39 d-------- C:\Program Files\SystemRequirementsLab 2008-02-10 20:22 . 2008-02-24 18:14 d-------- C:\Program Files\LiveKillCleanMessenger 2008-02-10 20:22 . 2008-02-10 20:22 d-------- C:\Documents and Settings\Bijan Moutschen\Application Data\Live-Prod 2008-02-10 16:31 . 2008-02-10 16:31 d-------- C:\Documents and Settings\All Users\Application Data View_Profiles 2008-02-10 16:29 . 2008-02-25 18:43 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm 2008-02-10 16:29 . 2008-02-25 18:43 1,080 --a------ C:\WINDOWS\system32\settings.sfm 2008-02-10 16:24 . 2008-02-11 20:49 d-------- C:\WINDOWS view 2008-02-10 16:24 . 2007-12-17 13:53 159,458 --a------ C:\WINDOWS\system32 vapps.nvb 2008-02-10 16:23 . 2008-02-10 16:23 d-------- C:\NVIDIA 2008-02-06 20:32 . 2008-02-06 20:32 d-------- C:\Documents and Settings\All Users\Application Data\Dell 2008-02-05 17:38 . 2008-02-05 17:38 d-------- C:\Program Files\Microsoft Silverlight 2008-02-03 20:20 . 2008-02-03 20:20 62 --a------ C:\WINDOWS\my.ini 2008-02-02 19:18 . 2008-02-02 19:18 32 --a------ C:\WINDOWS dlp32.ini 2008-02-02 19:17 . 2008-02-02 19:17 d-------- C:\Program Files\Xara 2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-25 17:34 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\Skype 2008-02-25 17:32 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\OpenOffice.org2 2008-02-25 16:54 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\skypePM 2008-02-25 11:47 --------- d-----w C:\Program Files\McAfee 2008-02-24 20:48 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-02-24 20:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee 2008-02-24 19:27 --------- d-----w C:\Program Files\Fichiers communs\McAfee 2008-02-24 18:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-24 16:57 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-24 16:01 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-02-24 16:01 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 2 2008-02-24 15:57 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-24 15:57 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\Download Manager 2008-02-24 09:28 --------- d-----w C:\Program Files\iTunes 2008-02-19 17:21 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\Apple Computer 2008-02-17 08:58 --------- d-----w C:\Program Files\QuickTime 2008-02-16 17:39 --------- d-----w C:\Program Files\DivX 2008-02-16 10:38 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\dvdcss 2008-02-12 16:36 --------- d-----w C:\Program Files\Fraps 2008-02-11 20:14 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\gtk-2.0 2008-02-11 19:36 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\SystemRequirementsLab 2008-02-10 17:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-02-10 17:29 --------- d-----w C:\Program Files\Fichiers communs\Corel 2008-02-10 15:28 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-10 15:22 --------- d-----w C:\Program Files\Broadcom 2008-02-10 15:00 --------- d-----w C:\Program Files\Google 2008-02-10 13:03 --------- d-----w C:\Program Files\Microsoft Works 2008-02-10 12:21 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-02-10 12:01 --------- d-----w C:\Program Files\Free Easy Burner 2008-02-10 11:57 --------- d--h--w C:\Documents and Settings\Famille\Application Data\Gtek 2008-02-10 11:57 --------- d--h--w C:\Documents and Settings\Bijan Moutschen\Application Data\Gtek 2008-02-10 11:57 --------- d--h--w C:\Documents and Settings\Administrateur\Application Data\GTek 2008-02-10 11:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2008-02-05 21:20 --------- d-----w C:\Program Files\YAFSScreen 2008-02-03 19:24 --------- d-----w C:\Program Files\Common Files 2008-01-22 15:58 --------- d-----w C:\Program Files\DIFX 2008-01-22 14:55 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\DivX 2008-01-21 19:26 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\Smart Recorder 2008-01-21 15:50 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data eamspeak2 2008-01-09 18:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-01-09 11:18 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys 2008-01-06 20:27 --------- d-----w C:\Program Files\OpenOffice.org 2.3 2008-01-06 20:27 --------- d-----w C:\Program Files\Java 2008-01-04 14:03 --------- d-----w C:\Program Files\Saitek 2008-01-04 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Saitek 2008-01-02 21:53 --------- d-----w C:\Program Files\Fichiers communs\Apple 2007-12-26 15:31 --------- d-----w C:\Program Files\DVD Decrypter 2007-11-21 19:06 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2007-09-16 08:29 166 -c--a-w C:\Documents and Settings\Bijan Moutschen\Application Data\wklnhst.dat 2007-01-30 16:43 61 --sh--w C:\WINDOWS\cnerolf.bin 2007-02-18 10:04 61 --sh--w C:\WINDOWS\cnerolf.dat 2007-10-21 16:14 248 --sh--r C:\WINDOWS\system32\84BDB62C2A.sys . [code]

----a-w        29,193,625 2004-02-28 17:01:22  C:\Documents and Settings\Bijan Moutschen\Mes documents\FS Folder\fs2004\Aircraft\FS2004 - Aircraft - Eaglesoft - Cessna Citation X + SR1\Eaglesoft Cessna Citation X .exe

/code ------- Sigcheck ------- 456f6f2eeaa0d975581e745c6ecfd140 C:\WINDOWS\system32\wininet.dll -c----w 669,696 2007-06-26 14:36:02 C:\WINDOWS\$NtUninstallKB939653$\wininet.dll -c----w 669,696 2007-08-22 12:57:30 C:\WINDOWS\$NtUninstallKB942615$\wininet.dll -c----w 704,512 2007-10-11 05:59:29 C:\WINDOWS\$NtUninstallKB944533$\wininet.dll ----a-w 704,512 2007-12-07 00:47:21 C:\WINDOWS\system32\wininet.dll ----a-w 704,512 2007-12-07 00:47:21 C:\WINDOWS\system32\dllcache\wininet.dll 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe ----a-w 979,456 2007-06-13 13:22:28 C:\WINDOWS\explorer.exe ----a-w 979,456 2007-06-13 13:22:28 C:\WINDOWS\system32\dllcache\explorer.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A27274FA-811F-4EFC-841F-2DFB333E93EB}] C:\WINDOWS\system32\ddaby.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-11-12 15:48 21760296] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360] "RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 23:05 630784] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] "WindowsLivePhone"="C:\PROGRA~1\WI1F86~1\MESSEN~1\DEVICE~1\msgrdvmn.exe" [2007-03-29 11:21 722320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776] "CTHelper"="CTHELPER.EXE" [2005-11-08 20:30 16384 C:\WINDOWS\CTHELPER.EXE] "CTxfiHlp"="CTXFIHLP.EXE" [2006-03-02 12:00 18944 C:\WINDOWS\system32\CTXFIHLP.EXE] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12 94208] "NVRaidService"="C:\WINDOWS\system32 vraidservice.exe" [2007-05-15 16:25 137216] "PMX Daemon"="ICO.EXE" [2006-11-08 16:01 49152 C:\WINDOWS\system32\ico.exe] "CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 02:00 45056] "VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 12:01 122880] "AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 19:07 49152] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-29 11:16 1836544] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-03-05 20:10 36904] "LifeChat"="C:\Program Files\Microsoft LifeChat\LifeChat.exe" [2007-01-26 13:31 259440] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" [2007-11-19 20:35 185896] "ProfilerU"="C:\Program Files\Saitek\SD6\Software\ProfilerU.exe" [2007-10-02 10:10 233472] "SaiMfd"="C:\Program Files\Saitek\SD6\Software\SaiMfd.exe" [2007-10-02 10:10 131072] "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32 wiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992] "789fc415"="C:\WINDOWS\system32\klwyokdl.dll" [ ] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\EA GAMES\Medal of Honor Batailles du Pacifique(tm)\mohpa.exe"= "C:\Program Files\Messenger\msmsgs.exe"= "C:\Program Files\Microsoft Games\Microsoft Flight Simulator X\fsx.exe"= "C:\WINDOWS\system32\dpvsetup.exe"= "C:\WINDOWS\system32\rundll32.exe"= "C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe"= "C:\WINDOWS\system32\dpnsvr.exe"= "C:\Program Files\IVAO\IvAp\ivapnetint.exe"= "C:\Program Files\Mozilla Firefox\firefox.exe"= "C:\WINDOWS\system32\dxdiag.exe"= "C:\Program Files\adslTV\adsltv.exe"= "C:\Program Files\Microsoft Games\Flight Simulator 9\MADDOG2006\MDCP.exe"= "C:\Program Files\Bonjour\mDNSResponder.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "C:\Program Files\WiFiConnector\NintendoWFCReg.exe"= "C:\Program Files\IVAO\IvAp\ivapconfig.exe"= "C:\Program Files\Real\RealPlayer\realplay.exe"= "C:\Program Files\iTunes\iTunes.exe"= "C:\kav\kis7.0\french\setup.exe"= "C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe"= "C:\Program Files\Skype\Phone\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 12:56] R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-04-24 13:12] R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08] S2 Apache2.2;Apache2.2;"K:\xampplite\apache\bin\apache.exe" [] S2 XAMPP;XAMPP Service;C:\Program Files\xampplite\xampplite\service.exe [] S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-07-29 17:32] S3 pmxmouse;PMXMOUSE;C:\WINDOWS\system32\DRIVERS\pmxmouse.sys [2006-04-24 11:57] S3 pmxusblf;PMXUSBLF;C:\WINDOWS\system32\DRIVERS\pmxusblf.sys [2006-04-24 11:59] S3 SaiH075C;SaiH075C;C:\WINDOWS\system32\DRIVERS\SaiH075C.sys [2007-05-01 16:11] S3 SaiH0763;SaiH0763;C:\WINDOWS\system32\DRIVERS\SaiH0763.sys [2006-06-08 10:37] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a1dfc68-741d-11dc-a552-000d0bffc227}] \Shell\AutoRun\command - wd_windows_tools\setup.exe . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-02-06 21:08:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-07-09 13:39:25 C:\WINDOWS\Tasks\LifeChatTask.job" - C:\Program Files\Microsoft LifeChat\LifeChat.exe "2008-02-25 08:00:01 C:\WINDOWS\Tasks\Rappel.job" - c:\PROGRA~1\mcafee\mqc\QcConsol.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-25 18:44:15 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\system32 vsvc32.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\SiteAdvisor\6253\SAService.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\McAfee\MSC\mcuimgr.exe . ************************************************************************** . Temps d'accomplissement: 2008-02-25 18:50:02 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-25 17:49:59 . 2008-02-13 20:36:18 --- E O F --- Hisjack this Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:04:20, on 25/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32 vraidservice.exe C:\WINDOWS\system32\ICO.EXE C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\SiteAdvisor\6253\SiteAdv.exe C:\Program Files\Microsoft LifeChat\LifeChat.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe C:\Program Files\Saitek\SD6\Software\ProfilerU.exe C:\Program Files\Saitek\SD6\Software\SaiMfd.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\WI1F86~1\MESSEN~1\DEVICE~1\msgrdvmn.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe C:\Program Files\WiFiConnector\NintendoWFCReg.exe c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe C:\WINDOWS\system32 vsvc32.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\SiteAdvisor\6253\SAService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Windows Live\Messenger\livecall.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/spresults.aspx R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.bing.com/?mkt=en-us&fdr=lc&toHttps=1&redig=E594EAA1B2B6456AB8E96DE14DB15E57 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/fr-be?c=be&l=fr&s=gen&redirect=1 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.be/ig/dell?hl=fr&client=dell-row&channel=be&ibd=5070103 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bing.com/spresults.aspx R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O2 - BHO: (no name) - {2FA11ADF-3EF4-4B24-8558-02793F4A8E1E} - (no file) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer pbrowserrecordplugin.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll O2 - BHO: (no name) - {3A2FF3C5-EDFF-46CE-BBA0-7A68B2499DBA} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {89B9C4A6-7F4C-424A-931D-9DB76AD5C6B1} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing) O2 - BHO: (no name) - {A27274FA-811F-4EFC-841F-2DFB333E93EB} - C:\WINDOWS\system32\ddaby.dll (file missing) O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file) O2 - BHO: (no name) - {E256E6E5-CFBF-41CC-8281-D885A853CD93} - (no file) O2 - BHO: (no name) - {f4686172-f5bb-4388-951c-80f52534566f} - (no file) O2 - BHO: (no name) - {F512616D-2DD7-4A91-93E2-ADDEA26C1912} - (no file) O2 - BHO: (no name) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file) O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32 vraidservice.exe O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" -osboot O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [789fc415] rundll32.exe "C:\WINDOWS\system32\klwyokdl.dll",b O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [WindowsLivePhone] "C:\PROGRA~1\WI1F86~1\MESSEN~1\DEVICE~1\msgrdvmn.exe" /AutoRun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe O4 - Global Startup: Lancer l'utilitaire d'enregistrement.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apache2.2 - Unknown owner - K:\xampplite\apache\bin\apache.exe (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: mysql - Unknown owner - K:\xampplite\mysql\bin\mysqld-nt.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32 vsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\Program Files\xampplite\xampplite\service.exe (file missing) O24 - Desktop Component 0: (no name) - https://www.ivao.aero/images/top.gif O24 - Desktop Component 1: (no name) - https://upload.wikimedia.org/wikipedia/commons/thumb/a/a4/Thebeskouros.jpg/200px-Thebeskouros.jpg

Bidji · Answer

Vundofix VundoFix V6.7.9 Checking Java version... Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Java version is 1.5.0.10 Java version is 1.5.0.11 Scan started at 17:16:58 25/02/2008 Listing files found while scanning.... C:\windows\system32\ddaby.dll C:\WINDOWS\system32\klwyokdl.dll C:\WINDOWS\system32\ldkoywlk.ini C:\WINDOWS\system32\opnollj.dll C:\WINDOWS\system32\pmnnnll.dll C:\WINDOWS\system32 pyacpql.dll C:\WINDOWS\system32\ssqnnkh.dll C:\windows\system32\ybadd.ini C:\windows\system32\ybadd.ini2 Beginning removal... Attempting to delete C:\windows\system32\ddaby.dll C:\windows\system32\ddaby.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\klwyokdl.dll C:\WINDOWS\system32\klwyokdl.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\ldkoywlk.ini C:\WINDOWS\system32\ldkoywlk.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\opnollj.dll C:\WINDOWS\system32\opnollj.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\pmnnnll.dll C:\WINDOWS\system32\pmnnnll.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32 pyacpql.dll C:\WINDOWS\system32 pyacpql.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ssqnnkh.dll C:\WINDOWS\system32\ssqnnkh.dll Has been deleted! Attempting to delete C:\windows\system32\ybadd.ini C:\windows\system32\ybadd.ini Has been deleted! Attempting to delete C:\windows\system32\ybadd.ini2 C:\windows\system32\ybadd.ini2 Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\klwyokdl.dll C:\WINDOWS\system32\klwyokdl.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\pmnnnll.dll C:\WINDOWS\system32\pmnnnll.dll Could not be deleted. Performing Repairs to the registry. Done! SDfix SDFix: Version 1.147 Run by Bijan Moutschen on lun. 25/02/2008 at 18:14 Microsoft Windows XP [version 5.1.2600] Running From: C:\DOCUME~1\BIJANM~1\Bureau\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Combofix ComboFix 08-02-25.3 - Bijan Moutschen 2008-02-25 18:37:57.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1130 [GMT 1:00] Endroit: C:\Documents and Settings\Bijan Moutschen\Bureau\ComboFix.exe * Création d'un nouveau point de restauration [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\awvtt.dll C:\WINDOWS\system32 qstv.ini C:\WINDOWS\system32 qstv.ini2 C:\WINDOWS\system32\ovaiagkw.dll C:\WINDOWS\system32\pkeqedhh.dll C:\WINDOWS\system32\pmnnnll.dll C:\WINDOWS\system32 tvwa.ini C:\WINDOWS\system32 tvwa.ini2 C:\WINDOWS\system32\wkgaiavo.ini . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-25 to 2008-02-25 )))))))))))))))))))))))))))))))))))) . 2008-02-25 18:09 . 2008-02-25 18:09 d-------- C:\WINDOWS\ERUNT 2008-02-25 18:01 . 2008-02-25 15:14 d-------- C:\SDFix 2008-02-25 17:16 . 2008-02-25 17:49 d-------- C:\VundoFix Backups 2008-02-25 11:27 . 2008-02-25 11:27 514,806 --a------ C:\upload_moi_BIJAN.tar.gz 2008-02-25 11:08 . 2008-02-25 12:25 d-------- C:\MSNFix 2008-02-25 10:53 . 2008-02-25 10:53 d-------- C:\Program Files\CCleaner 2008-02-25 10:51 . 2008-02-25 10:51 d-------- C:\Documents and Settings\Bijan Moutschen\Application Data\Grisoft 2008-02-25 10:51 . 2008-02-25 10:51 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-25 10:51 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-02-25 10:46 . 2008-02-25 10:46 d-------- C:\Program Files\Trend Micro 2008-02-24 21:45 . 2008-02-24 21:45 d-------- C:\Documents and Settings\Bijan Moutschen\Application Data\McAfee 2008-02-24 20:17 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll 2008-02-24 19:01 . 2008-02-24 19:01 d-------- C:\Documents and Settings\Administrateur\Application Data\Talkback 2008-02-24 19:01 . 2008-02-24 19:01 d-------- C:\Documents and Settings\Administrateur\Application Data\SiteAdvisor 2008-02-24 18:28 . 2008-02-24 18:28 90 --a------ C:\WINDOWS\wininit.ini 2008-02-24 17:16 . 2008-02-24 17:16 d-------- C:\kav 2008-02-24 17:10 . 2008-02-24 17:10 d-------- C:\Program Files\Lavasoft 2008-02-24 17:10 . 2008-02-24 17:10 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-02-24 17:10 . 2008-02-24 17:10 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-02-24 16:54 . 2008-02-24 16:54 d-------- C:\Program Files\CleanUp! 2008-02-24 16:20 . 2008-02-24 14:15 78,848 --a------ C:\WINDOWS\system32\poolmc.MSNFix 2008-02-24 10:28 . 2008-02-24 10:28 d-------- C:\Program Files\iPod 2008-02-21 16:43 . 2008-02-21 16:43 71 --a------ C:\WINDOWS\fs_earth_link_9.ini 2008-02-16 18:52 . 2008-02-16 18:52 268 --ah----- C:\sqmdata03.sqm 2008-02-16 18:52 . 2008-02-16 18:52 244 --ah----- C:\sqmnoopt03.sqm 2008-02-12 17:37 . 2008-02-12 17:37 d-------- C:\Program Files\JoyToKey 2008-02-11 21:03 . 2008-02-11 21:03 57,623 --a------ C:\WINDOWS\BricoPackUninst.cmd 2008-02-11 21:02 . 2008-02-11 21:02 5,760,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp 2008-02-11 21:01 . 2008-02-11 21:03 6,120 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd 2008-02-11 21:00 . 2008-02-11 21:00 d-------- C:\WINDOWS\BricoPacks 2008-02-11 20:39 . 2008-02-11 20:39 d-------- C:\Program Files\SystemRequirementsLab 2008-02-10 20:22 . 2008-02-24 18:14 d-------- C:\Program Files\LiveKillCleanMessenger 2008-02-10 20:22 . 2008-02-10 20:22 d-------- C:\Documents and Settings\Bijan Moutschen\Application Data\Live-Prod 2008-02-10 16:31 . 2008-02-10 16:31 d-------- C:\Documents and Settings\All Users\Application Data View_Profiles 2008-02-10 16:29 . 2008-02-25 18:43 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm 2008-02-10 16:29 . 2008-02-25 18:43 1,080 --a------ C:\WINDOWS\system32\settings.sfm 2008-02-10 16:24 . 2008-02-11 20:49 d-------- C:\WINDOWS view 2008-02-10 16:24 . 2007-12-17 13:53 159,458 --a------ C:\WINDOWS\system32 vapps.nvb 2008-02-10 16:23 . 2008-02-10 16:23 d-------- C:\NVIDIA 2008-02-06 20:32 . 2008-02-06 20:32 d-------- C:\Documents and Settings\All Users\Application Data\Dell 2008-02-05 17:38 . 2008-02-05 17:38 d-------- C:\Program Files\Microsoft Silverlight 2008-02-03 20:20 . 2008-02-03 20:20 62 --a------ C:\WINDOWS\my.ini 2008-02-02 19:18 . 2008-02-02 19:18 32 --a------ C:\WINDOWS dlp32.ini 2008-02-02 19:17 . 2008-02-02 19:17 d-------- C:\Program Files\Xara 2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-25 17:34 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\Skype 2008-02-25 17:32 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\OpenOffice.org2 2008-02-25 16:54 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\skypePM 2008-02-25 11:47 --------- d-----w C:\Program Files\McAfee 2008-02-24 20:48 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-02-24 20:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee 2008-02-24 19:27 --------- d-----w C:\Program Files\Fichiers communs\McAfee 2008-02-24 18:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-24 16:57 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-24 16:01 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-02-24 16:01 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 2 2008-02-24 15:57 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-24 15:57 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\Download Manager 2008-02-24 09:28 --------- d-----w C:\Program Files\iTunes 2008-02-19 17:21 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\Apple Computer 2008-02-17 08:58 --------- d-----w C:\Program Files\QuickTime 2008-02-16 17:39 --------- d-----w C:\Program Files\DivX 2008-02-16 10:38 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\dvdcss 2008-02-12 16:36 --------- d-----w C:\Program Files\Fraps 2008-02-11 20:14 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\gtk-2.0 2008-02-11 19:36 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\SystemRequirementsLab 2008-02-10 17:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-02-10 17:29 --------- d-----w C:\Program Files\Fichiers communs\Corel 2008-02-10 15:28 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-10 15:22 --------- d-----w C:\Program Files\Broadcom 2008-02-10 15:00 --------- d-----w C:\Program Files\Google 2008-02-10 13:03 --------- d-----w C:\Program Files\Microsoft Works 2008-02-10 12:21 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-02-10 12:01 --------- d-----w C:\Program Files\Free Easy Burner 2008-02-10 11:57 --------- d--h--w C:\Documents and Settings\Famille\Application Data\Gtek 2008-02-10 11:57 --------- d--h--w C:\Documents and Settings\Bijan Moutschen\Application Data\Gtek 2008-02-10 11:57 --------- d--h--w C:\Documents and Settings\Administrateur\Application Data\GTek 2008-02-10 11:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2008-02-05 21:20 --------- d-----w C:\Program Files\YAFSScreen 2008-02-03 19:24 --------- d-----w C:\Program Files\Common Files 2008-01-22 15:58 --------- d-----w C:\Program Files\DIFX 2008-01-22 14:55 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\DivX 2008-01-21 19:26 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\Smart Recorder 2008-01-21 15:50 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data eamspeak2 2008-01-09 18:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-01-09 11:18 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys 2008-01-06 20:27 --------- d-----w C:\Program Files\OpenOffice.org 2.3 2008-01-06 20:27 --------- d-----w C:\Program Files\Java 2008-01-04 14:03 --------- d-----w C:\Program Files\Saitek 2008-01-04 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Saitek 2008-01-02 21:53 --------- d-----w C:\Program Files\Fichiers communs\Apple 2007-12-26 15:31 --------- d-----w C:\Program Files\DVD Decrypter 2007-11-21 19:06 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2007-09-16 08:29 166 -c--a-w C:\Documents and Settings\Bijan Moutschen\Application Data\wklnhst.dat 2007-01-30 16:43 61 --sh--w C:\WINDOWS\cnerolf.bin 2007-02-18 10:04 61 --sh--w C:\WINDOWS\cnerolf.dat 2007-10-21 16:14 248 --sh--r C:\WINDOWS\system32\84BDB62C2A.sys . [code]

----a-w        29,193,625 2004-02-28 17:01:22  C:\Documents and Settings\Bijan Moutschen\Mes documents\FS Folder\fs2004\Aircraft\FS2004 - Aircraft - Eaglesoft - Cessna Citation X + SR1\Eaglesoft Cessna Citation X .exe

/code ------- Sigcheck ------- 456f6f2eeaa0d975581e745c6ecfd140 C:\WINDOWS\system32\wininet.dll -c----w 669,696 2007-06-26 14:36:02 C:\WINDOWS\$NtUninstallKB939653$\wininet.dll -c----w 669,696 2007-08-22 12:57:30 C:\WINDOWS\$NtUninstallKB942615$\wininet.dll -c----w 704,512 2007-10-11 05:59:29 C:\WINDOWS\$NtUninstallKB944533$\wininet.dll ----a-w 704,512 2007-12-07 00:47:21 C:\WINDOWS\system32\wininet.dll ----a-w 704,512 2007-12-07 00:47:21 C:\WINDOWS\system32\dllcache\wininet.dll 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe ----a-w 979,456 2007-06-13 13:22:28 C:\WINDOWS\explorer.exe ----a-w 979,456 2007-06-13 13:22:28 C:\WINDOWS\system32\dllcache\explorer.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A27274FA-811F-4EFC-841F-2DFB333E93EB}] C:\WINDOWS\system32\ddaby.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-11-12 15:48 21760296] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360] "RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 23:05 630784] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] "WindowsLivePhone"="C:\PROGRA~1\WI1F86~1\MESSEN~1\DEVICE~1\msgrdvmn.exe" [2007-03-29 11:21 722320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776] "CTHelper"="CTHELPER.EXE" [2005-11-08 20:30 16384 C:\WINDOWS\CTHELPER.EXE] "CTxfiHlp"="CTXFIHLP.EXE" [2006-03-02 12:00 18944 C:\WINDOWS\system32\CTXFIHLP.EXE] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12 94208] "NVRaidService"="C:\WINDOWS\system32 vraidservice.exe" [2007-05-15 16:25 137216] "PMX Daemon"="ICO.EXE" [2006-11-08 16:01 49152 C:\WINDOWS\system32\ico.exe] "CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 02:00 45056] "VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 12:01 122880] "AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 19:07 49152] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-29 11:16 1836544] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-03-05 20:10 36904] "LifeChat"="C:\Program Files\Microsoft LifeChat\LifeChat.exe" [2007-01-26 13:31 259440] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" [2007-11-19 20:35 185896] "ProfilerU"="C:\Program Files\Saitek\SD6\Software\ProfilerU.exe" [2007-10-02 10:10 233472] "SaiMfd"="C:\Program Files\Saitek\SD6\Software\SaiMfd.exe" [2007-10-02 10:10 131072] "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32 wiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992] "789fc415"="C:\WINDOWS\system32\klwyokdl.dll" [ ] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\EA GAMES\Medal of Honor Batailles du Pacifique(tm)\mohpa.exe"= "C:\Program Files\Messenger\msmsgs.exe"= "C:\Program Files\Microsoft Games\Microsoft Flight Simulator X\fsx.exe"= "C:\WINDOWS\system32\dpvsetup.exe"= "C:\WINDOWS\system32\rundll32.exe"= "C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe"= "C:\WINDOWS\system32\dpnsvr.exe"= "C:\Program Files\IVAO\IvAp\ivapnetint.exe"= "C:\Program Files\Mozilla Firefox\firefox.exe"= "C:\WINDOWS\system32\dxdiag.exe"= "C:\Program Files\adslTV\adsltv.exe"= "C:\Program Files\Microsoft Games\Flight Simulator 9\MADDOG2006\MDCP.exe"= "C:\Program Files\Bonjour\mDNSResponder.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "C:\Program Files\WiFiConnector\NintendoWFCReg.exe"= "C:\Program Files\IVAO\IvAp\ivapconfig.exe"= "C:\Program Files\Real\RealPlayer\realplay.exe"= "C:\Program Files\iTunes\iTunes.exe"= "C:\kav\kis7.0\french\setup.exe"= "C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe"= "C:\Program Files\Skype\Phone\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 12:56] R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-04-24 13:12] R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08] S2 Apache2.2;Apache2.2;"K:\xampplite\apache\bin\apache.exe" [] S2 XAMPP;XAMPP Service;C:\Program Files\xampplite\xampplite\service.exe [] S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-07-29 17:32] S3 pmxmouse;PMXMOUSE;C:\WINDOWS\system32\DRIVERS\pmxmouse.sys [2006-04-24 11:57] S3 pmxusblf;PMXUSBLF;C:\WINDOWS\system32\DRIVERS\pmxusblf.sys [2006-04-24 11:59] S3 SaiH075C;SaiH075C;C:\WINDOWS\system32\DRIVERS\SaiH075C.sys [2007-05-01 16:11] S3 SaiH0763;SaiH0763;C:\WINDOWS\system32\DRIVERS\SaiH0763.sys [2006-06-08 10:37] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a1dfc68-741d-11dc-a552-000d0bffc227}] \Shell\AutoRun\command - wd_windows_tools\setup.exe . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-02-06 21:08:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-07-09 13:39:25 C:\WINDOWS\Tasks\LifeChatTask.job" - C:\Program Files\Microsoft LifeChat\LifeChat.exe "2008-02-25 08:00:01 C:\WINDOWS\Tasks\Rappel.job" - c:\PROGRA~1\mcafee\mqc\QcConsol.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-25 18:44:15 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\system32 vsvc32.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\SiteAdvisor\6253\SAService.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\McAfee\MSC\mcuimgr.exe . ************************************************************************** . Temps d'accomplissement: 2008-02-25 18:50:02 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-25 17:49:59 . 2008-02-13 20:36:18 --- E O F --- Hisjack this Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:04:20, on 25/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32 vraidservice.exe C:\WINDOWS\system32\ICO.EXE C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\SiteAdvisor\6253\SiteAdv.exe C:\Program Files\Microsoft LifeChat\LifeChat.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe C:\Program Files\Saitek\SD6\Software\ProfilerU.exe C:\Program Files\Saitek\SD6\Software\SaiMfd.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\WI1F86~1\MESSEN~1\DEVICE~1\msgrdvmn.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe C:\Program Files\WiFiConnector\NintendoWFCReg.exe c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe C:\WINDOWS\system32 vsvc32.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\SiteAdvisor\6253\SAService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Windows Live\Messenger\livecall.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/spresults.aspx R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.bing.com/?mkt=en-us&fdr=lc&toHttps=1&redig=E594EAA1B2B6456AB8E96DE14DB15E57 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/fr-be?c=be&l=fr&s=gen&redirect=1 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.be/ig/dell?hl=fr&client=dell-row&channel=be&ibd=5070103 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bing.com/spresults.aspx R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O2 - BHO: (no name) - {2FA11ADF-3EF4-4B24-8558-02793F4A8E1E} - (no file) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer pbrowserrecordplugin.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll O2 - BHO: (no name) - {3A2FF3C5-EDFF-46CE-BBA0-7A68B2499DBA} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {89B9C4A6-7F4C-424A-931D-9DB76AD5C6B1} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing) O2 - BHO: (no name) - {A27274FA-811F-4EFC-841F-2DFB333E93EB} - C:\WINDOWS\system32\ddaby.dll (file missing) O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file) O2 - BHO: (no name) - {E256E6E5-CFBF-41CC-8281-D885A853CD93} - (no file) O2 - BHO: (no name) - {f4686172-f5bb-4388-951c-80f52534566f} - (no file) O2 - BHO: (no name) - {F512616D-2DD7-4A91-93E2-ADDEA26C1912} - (no file) O2 - BHO: (no name) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file) O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32 vraidservice.exe O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" -osboot O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [789fc415] rundll32.exe "C:\WINDOWS\system32\klwyokdl.dll",b O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [WindowsLivePhone] "C:\PROGRA~1\WI1F86~1\MESSEN~1\DEVICE~1\msgrdvmn.exe" /AutoRun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe O4 - Global Startup: Lancer l'utilitaire d'enregistrement.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apache2.2 - Unknown owner - K:\xampplite\apache\bin\apache.exe (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: mysql - Unknown owner - K:\xampplite\mysql\bin\mysqld-nt.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32 vsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\Program Files\xampplite\xampplite\service.exe (file missing) O24 - Desktop Component 0: (no name) - https://www.ivao.aero/images/top.gif O24 - Desktop Component 1: (no name) - https://upload.wikimedia.org/wikipedia/commons/thumb/a/a4/Thebeskouros.jpg/200px-Thebeskouros.jpg

papyber · Answer

Ouvre le bloc-note (Démarrer>programmes>Accessoires>Bloc-note) et copie-colle le texte entre tirets : 
---------------------------------------------------------------------------------------------------------------------------------------------------
RENV::
C:\Documents and Settings\Bijan Moutschen\Mes documents\FS Folder\fs2004\Aircraft\FS2004 - Aircraft - Eaglesoft - Cessna Citation X + SR1\Eaglesoft Cessna Citation X .exe 
--------------------------------------------------------------------------------------------------------------------------------------------------- 
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié. 

Sauvegarde ce fichier sous le nom de CFScript.txt 

http://img115.imageshack.us/img115/6742/cfscriptws3.gif
 
Comme l'image le montre, fait glisser CFScript.txt sur Combofix.exe 

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide. 

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal! 

Ne touche à rien tant que le scan n'est pas terminé. 

Une fois le scan achevé, un rapport va s'afficher: poste son contenu. 

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Bidji · Answer

ComboFix 08-02-25.3 - Bijan Moutschen 2008-02-26 17:13:16.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1015 [GMT 1:00] Endroit: C:\Documents and Settings\Bijan Moutschen\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Bijan Moutschen\Bureau\CFScript.txt * Création d'un nouveau point de restauration [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . ((((((((((((((((((((((((((((( Fichiers créés 2008-01-26 to 2008-02-26 )))))))))))))))))))))))))))))))))))) . 2008-02-25 18:09 . 2008-02-25 18:09 d-------- C:\WINDOWS\ERUNT 2008-02-25 18:01 . 2008-02-25 15:14 d-------- C:\SDFix 2008-02-25 17:16 . 2008-02-25 17:49 d-------- C:\VundoFix Backups 2008-02-25 11:27 . 2008-02-25 11:27 514,806 --a------ C:\upload_moi_BIJAN.tar.gz 2008-02-25 11:08 . 2008-02-25 12:25 d-------- C:\MSNFix 2008-02-25 10:53 . 2008-02-25 10:53 d-------- C:\Program Files\CCleaner 2008-02-25 10:51 . 2008-02-25 10:51 d-------- C:\Documents and Settings\Bijan Moutschen\Application Data\Grisoft 2008-02-25 10:51 . 2008-02-25 10:51 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-25 10:51 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-02-25 10:46 . 2008-02-25 10:46 d-------- C:\Program Files\Trend Micro 2008-02-24 21:45 . 2008-02-24 21:45 d-------- C:\Documents and Settings\Bijan Moutschen\Application Data\McAfee 2008-02-24 20:17 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll 2008-02-24 19:01 . 2008-02-24 19:01 d-------- C:\Documents and Settings\Administrateur\Application Data\Talkback 2008-02-24 19:01 . 2008-02-24 19:01 d-------- C:\Documents and Settings\Administrateur\Application Data\SiteAdvisor 2008-02-24 18:28 . 2008-02-24 18:28 90 --a------ C:\WINDOWS\wininit.ini 2008-02-24 17:16 . 2008-02-24 17:16 d-------- C:\kav 2008-02-24 17:10 . 2008-02-24 17:10 d-------- C:\Program Files\Lavasoft 2008-02-24 17:10 . 2008-02-24 17:10 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-02-24 17:10 . 2008-02-24 17:10 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-02-24 16:54 . 2008-02-24 16:54 d-------- C:\Program Files\CleanUp! 2008-02-24 16:20 . 2008-02-24 14:15 78,848 --a------ C:\WINDOWS\system32\poolmc.MSNFix 2008-02-24 10:28 . 2008-02-24 10:28 d-------- C:\Program Files\iPod 2008-02-21 16:43 . 2008-02-21 16:43 71 --a------ C:\WINDOWS\fs_earth_link_9.ini 2008-02-16 18:52 . 2008-02-16 18:52 268 --ah----- C:\sqmdata03.sqm 2008-02-16 18:52 . 2008-02-16 18:52 244 --ah----- C:\sqmnoopt03.sqm 2008-02-12 17:37 . 2008-02-12 17:37 d-------- C:\Program Files\JoyToKey 2008-02-11 21:03 . 2008-02-11 21:03 57,623 --a------ C:\WINDOWS\BricoPackUninst.cmd 2008-02-11 21:02 . 2008-02-11 21:02 5,760,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp 2008-02-11 21:01 . 2008-02-11 21:03 6,120 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd 2008-02-11 21:00 . 2008-02-11 21:00 d-------- C:\WINDOWS\BricoPacks 2008-02-11 20:39 . 2008-02-11 20:39 d-------- C:\Program Files\SystemRequirementsLab 2008-02-10 20:22 . 2008-02-24 18:14 d-------- C:\Program Files\LiveKillCleanMessenger 2008-02-10 20:22 . 2008-02-10 20:22 d-------- C:\Documents and Settings\Bijan Moutschen\Application Data\Live-Prod 2008-02-10 16:31 . 2008-02-10 16:31 d-------- C:\Documents and Settings\All Users\Application Data View_Profiles 2008-02-10 16:29 . 2008-02-25 21:49 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm 2008-02-10 16:29 . 2008-02-25 21:49 1,080 --a------ C:\WINDOWS\system32\settings.sfm 2008-02-10 16:24 . 2008-02-11 20:49 d-------- C:\WINDOWS view 2008-02-10 16:24 . 2007-12-17 13:53 159,458 --a------ C:\WINDOWS\system32 vapps.nvb 2008-02-10 16:23 . 2008-02-10 16:23 d-------- C:\NVIDIA 2008-02-06 20:32 . 2008-02-06 20:32 d-------- C:\Documents and Settings\All Users\Application Data\Dell 2008-02-05 17:38 . 2008-02-05 17:38 d-------- C:\Program Files\Microsoft Silverlight 2008-02-03 20:20 . 2008-02-03 20:20 62 --a------ C:\WINDOWS\my.ini 2008-02-02 19:18 . 2008-02-02 19:18 32 --a------ C:\WINDOWS dlp32.ini 2008-02-02 19:17 . 2008-02-02 19:17 d-------- C:\Program Files\Xara 2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-26 16:08 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\Skype 2008-02-26 16:07 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\skypePM 2008-02-26 16:07 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\OpenOffice.org2 2008-02-25 11:47 --------- d-----w C:\Program Files\McAfee 2008-02-24 20:48 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-02-24 20:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee 2008-02-24 19:27 --------- d-----w C:\Program Files\Fichiers communs\McAfee 2008-02-24 18:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-24 16:57 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-24 16:01 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-02-24 16:01 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 2 2008-02-24 15:57 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-24 15:57 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\Download Manager 2008-02-24 09:28 --------- d-----w C:\Program Files\iTunes 2008-02-19 17:21 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\Apple Computer 2008-02-17 08:58 --------- d-----w C:\Program Files\QuickTime 2008-02-16 17:39 --------- d-----w C:\Program Files\DivX 2008-02-16 10:38 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\dvdcss 2008-02-12 16:36 --------- d-----w C:\Program Files\Fraps 2008-02-11 20:14 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\gtk-2.0 2008-02-11 20:03 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll 2008-02-11 19:36 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\SystemRequirementsLab 2008-02-10 17:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-02-10 17:29 --------- d-----w C:\Program Files\Fichiers communs\Corel 2008-02-10 15:28 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-10 15:22 --------- d-----w C:\Program Files\Broadcom 2008-02-10 15:00 --------- d-----w C:\Program Files\Google 2008-02-10 13:03 --------- d-----w C:\Program Files\Microsoft Works 2008-02-10 12:21 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-02-10 12:01 --------- d-----w C:\Program Files\Free Easy Burner 2008-02-10 11:57 --------- d--h--w C:\Documents and Settings\Famille\Application Data\Gtek 2008-02-10 11:57 --------- d--h--w C:\Documents and Settings\Bijan Moutschen\Application Data\Gtek 2008-02-10 11:57 --------- d--h--w C:\Documents and Settings\Administrateur\Application Data\GTek 2008-02-10 11:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2008-02-05 21:20 --------- d-----w C:\Program Files\YAFSScreen 2008-02-03 19:24 --------- d-----w C:\Program Files\Common Files 2008-01-22 15:58 --------- d-----w C:\Program Files\DIFX 2008-01-22 14:55 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\DivX 2008-01-21 19:26 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\Smart Recorder 2008-01-21 15:50 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data eamspeak2 2008-01-12 17:11 10,796 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-01-09 18:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-01-09 11:18 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-01-09 11:18 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys 2008-01-09 11:18 3,596,288 -c--a-w C:\WINDOWS\system32\qt-dx331.dll 2008-01-09 11:18 200,704 -c--a-w C:\WINDOWS\system32\ssldivx.dll 2008-01-09 11:18 129,784 -c----w C:\WINDOWS\system32\pxafs.dll 2008-01-09 11:18 120,056 -c----w C:\WINDOWS\system32\pxcpyi64.exe 2008-01-09 11:18 118,520 -c----w C:\WINDOWS\system32\pxinsi64.exe 2008-01-09 11:18 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll 2008-01-09 11:16 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-01-09 11:16 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-01-09 11:16 81,920 -c--a-w C:\WINDOWS\system32\dpl100.dll 2008-01-09 11:16 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-01-09 11:16 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2008-01-09 11:16 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll 2008-01-06 20:27 --------- d-----w C:\Program Files\OpenOffice.org 2.3 2008-01-06 20:27 --------- d-----w C:\Program Files\Java 2008-01-04 14:03 --------- d-----w C:\Program Files\Saitek 2008-01-04 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Saitek 2008-01-02 21:53 --------- d-----w C:\Program Files\Fichiers communs\Apple 2007-12-26 15:31 --------- d-----w C:\Program Files\DVD Decrypter 2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys 2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2007-12-11 19:44 593,920 -c--a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-12-11 19:44 57,344 -c--a-w C:\WINDOWS\system32\dpv11.dll 2007-12-11 19:44 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-12-11 19:44 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll 2007-12-11 19:44 294,912 -c--a-w C:\WINDOWS\system32\dpu11.dll 2007-12-11 19:44 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll 2007-12-11 19:44 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-12-11 19:43 12,288 -c--a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-12-06 10:05 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe 2007-12-05 01:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE 2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll 2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll 2007-11-21 19:06 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2007-09-16 08:29 166 -c--a-w C:\Documents and Settings\Bijan Moutschen\Application Data\wklnhst.dat 2007-01-30 16:43 61 --sh--w C:\WINDOWS\cnerolf.bin 2007-02-18 10:04 61 --sh--w C:\WINDOWS\cnerolf.dat 2007-10-21 16:14 248 --sh--r C:\WINDOWS\system32\84BDB62C2A.sys

papyber · Answer

le rapport est incomplet, il me le faut entier, même en plusieurs morceaux...

Bidji · Answer

Voila ComboFix 08-02-25.3 - Bijan Moutschen 2008-02-26 19:07:54.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1213 [GMT 1:00] Endroit: C:\Documents and Settings\Bijan Moutschen\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Bijan Moutschen\Bureau\CFScript.txt * Création d'un nouveau point de restauration [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . ((((((((((((((((((((((((((((( Fichiers créés 2008-01-26 to 2008-02-26 )))))))))))))))))))))))))))))))))))) . 2008-02-25 18:09 . 2008-02-25 18:09 d-------- C:\WINDOWS\ERUNT 2008-02-25 18:01 . 2008-02-25 15:14 d-------- C:\SDFix 2008-02-25 17:16 . 2008-02-25 17:49 d-------- C:\VundoFix Backups 2008-02-25 11:27 . 2008-02-25 11:27 514,806 --a------ C:\upload_moi_BIJAN.tar.gz 2008-02-25 11:08 . 2008-02-25 12:25 d-------- C:\MSNFix 2008-02-25 10:53 . 2008-02-25 10:53 d-------- C:\Program Files\CCleaner 2008-02-25 10:51 . 2008-02-25 10:51 d-------- C:\Documents and Settings\Bijan Moutschen\Application Data\Grisoft 2008-02-25 10:51 . 2008-02-25 10:51 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-25 10:51 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-02-25 10:46 . 2008-02-25 10:46 d-------- C:\Program Files\Trend Micro 2008-02-24 21:45 . 2008-02-24 21:45 d-------- C:\Documents and Settings\Bijan Moutschen\Application Data\McAfee 2008-02-24 20:17 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll 2008-02-24 19:01 . 2008-02-24 19:01 d-------- C:\Documents and Settings\Administrateur\Application Data\Talkback 2008-02-24 19:01 . 2008-02-24 19:01 d-------- C:\Documents and Settings\Administrateur\Application Data\SiteAdvisor 2008-02-24 18:28 . 2008-02-24 18:28 90 --a------ C:\WINDOWS\wininit.ini 2008-02-24 17:16 . 2008-02-24 17:16 d-------- C:\kav 2008-02-24 17:10 . 2008-02-24 17:10 d-------- C:\Program Files\Lavasoft 2008-02-24 17:10 . 2008-02-24 17:10 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-02-24 17:10 . 2008-02-24 17:10 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-02-24 16:54 . 2008-02-24 16:54 d-------- C:\Program Files\CleanUp! 2008-02-24 16:20 . 2008-02-24 14:15 78,848 --a------ C:\WINDOWS\system32\poolmc.MSNFix 2008-02-24 10:28 . 2008-02-24 10:28 d-------- C:\Program Files\iPod 2008-02-21 16:43 . 2008-02-21 16:43 71 --a------ C:\WINDOWS\fs_earth_link_9.ini 2008-02-16 18:52 . 2008-02-16 18:52 268 --ah----- C:\sqmdata03.sqm 2008-02-16 18:52 . 2008-02-16 18:52 244 --ah----- C:\sqmnoopt03.sqm 2008-02-12 17:37 . 2008-02-12 17:37 d-------- C:\Program Files\JoyToKey 2008-02-11 21:03 . 2008-02-11 21:03 57,623 --a------ C:\WINDOWS\BricoPackUninst.cmd 2008-02-11 21:02 . 2008-02-11 21:02 5,760,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp 2008-02-11 21:01 . 2008-02-11 21:03 6,120 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd 2008-02-11 21:00 . 2008-02-11 21:00 d-------- C:\WINDOWS\BricoPacks 2008-02-11 20:39 . 2008-02-11 20:39 d-------- C:\Program Files\SystemRequirementsLab 2008-02-10 20:22 . 2008-02-24 18:14 d-------- C:\Program Files\LiveKillCleanMessenger 2008-02-10 20:22 . 2008-02-10 20:22 d-------- C:\Documents and Settings\Bijan Moutschen\Application Data\Live-Prod 2008-02-10 16:31 . 2008-02-10 16:31 d-------- C:\Documents and Settings\All Users\Application Data View_Profiles 2008-02-10 16:29 . 2008-02-26 17:23 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm 2008-02-10 16:29 . 2008-02-26 17:23 1,080 --a------ C:\WINDOWS\system32\settings.sfm 2008-02-10 16:24 . 2008-02-11 20:49 d-------- C:\WINDOWS view 2008-02-10 16:24 . 2007-12-17 13:53 159,458 --a------ C:\WINDOWS\system32 vapps.nvb 2008-02-10 16:23 . 2008-02-10 16:23 d-------- C:\NVIDIA 2008-02-06 20:32 . 2008-02-06 20:32 d-------- C:\Documents and Settings\All Users\Application Data\Dell 2008-02-05 17:38 . 2008-02-05 17:38 d-------- C:\Program Files\Microsoft Silverlight 2008-02-03 20:20 . 2008-02-03 20:20 62 --a------ C:\WINDOWS\my.ini 2008-02-02 19:18 . 2008-02-02 19:18 32 --a------ C:\WINDOWS dlp32.ini 2008-02-02 19:17 . 2008-02-02 19:17 d-------- C:\Program Files\Xara 2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-26 18:12 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\Skype 2008-02-26 17:39 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\gtk-2.0 2008-02-26 16:25 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\skypePM 2008-02-26 16:24 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\OpenOffice.org2 2008-02-25 11:47 --------- d-----w C:\Program Files\McAfee 2008-02-24 20:48 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-02-24 20:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee 2008-02-24 19:27 --------- d-----w C:\Program Files\Fichiers communs\McAfee 2008-02-24 18:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-24 16:57 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-24 16:01 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-02-24 16:01 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 2 2008-02-24 15:57 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-24 15:57 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\Download Manager 2008-02-24 09:28 --------- d-----w C:\Program Files\iTunes 2008-02-19 17:21 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\Apple Computer 2008-02-17 08:58 --------- d-----w C:\Program Files\QuickTime 2008-02-16 17:39 --------- d-----w C:\Program Files\DivX 2008-02-16 10:38 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\dvdcss 2008-02-12 16:36 --------- d-----w C:\Program Files\Fraps 2008-02-11 20:03 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll 2008-02-11 19:36 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\SystemRequirementsLab 2008-02-10 17:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-02-10 17:29 --------- d-----w C:\Program Files\Fichiers communs\Corel 2008-02-10 15:28 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-10 15:22 --------- d-----w C:\Program Files\Broadcom 2008-02-10 15:00 --------- d-----w C:\Program Files\Google 2008-02-10 13:03 --------- d-----w C:\Program Files\Microsoft Works 2008-02-10 12:21 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-02-10 12:01 --------- d-----w C:\Program Files\Free Easy Burner 2008-02-10 11:57 --------- d--h--w C:\Documents and Settings\Famille\Application Data\Gtek 2008-02-10 11:57 --------- d--h--w C:\Documents and Settings\Bijan Moutschen\Application Data\Gtek 2008-02-10 11:57 --------- d--h--w C:\Documents and Settings\Administrateur\Application Data\GTek 2008-02-10 11:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2008-02-05 21:20 --------- d-----w C:\Program Files\YAFSScreen 2008-02-03 19:24 --------- d-----w C:\Program Files\Common Files 2008-01-22 15:58 --------- d-----w C:\Program Files\DIFX 2008-01-22 14:55 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\DivX 2008-01-21 19:26 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\Smart Recorder 2008-01-21 15:50 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data eamspeak2 2008-01-12 17:11 10,796 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-01-09 18:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-01-09 11:18 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-01-09 11:18 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys 2008-01-09 11:18 3,596,288 -c--a-w C:\WINDOWS\system32\qt-dx331.dll 2008-01-09 11:18 200,704 -c--a-w C:\WINDOWS\system32\ssldivx.dll 2008-01-09 11:18 129,784 -c----w C:\WINDOWS\system32\pxafs.dll 2008-01-09 11:18 120,056 -c----w C:\WINDOWS\system32\pxcpyi64.exe 2008-01-09 11:18 118,520 -c----w C:\WINDOWS\system32\pxinsi64.exe 2008-01-09 11:18 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll 2008-01-09 11:16 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-01-09 11:16 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-01-09 11:16 81,920 -c--a-w C:\WINDOWS\system32\dpl100.dll 2008-01-09 11:16 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-01-09 11:16 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2008-01-09 11:16 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll 2008-01-06 20:27 --------- d-----w C:\Program Files\OpenOffice.org 2.3 2008-01-06 20:27 --------- d-----w C:\Program Files\Java 2008-01-04 14:03 --------- d-----w C:\Program Files\Saitek 2008-01-04 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Saitek 2008-01-02 21:53 --------- d-----w C:\Program Files\Fichiers communs\Apple 2007-12-26 15:31 --------- d-----w C:\Program Files\DVD Decrypter 2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys 2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2007-12-11 19:44 593,920 -c--a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-12-11 19:44 57,344 -c--a-w C:\WINDOWS\system32\dpv11.dll 2007-12-11 19:44 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-12-11 19:44 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll 2007-12-11 19:44 294,912 -c--a-w C:\WINDOWS\system32\dpu11.dll 2007-12-11 19:44 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll 2007-12-11 19:44 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-12-11 19:43 12,288 -c--a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-12-06 10:05 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe 2007-12-05 01:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE 2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll 2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll 2007-11-21 19:06 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2007-09-16 08:29 166 -c--a-w C:\Documents and Settings\Bijan Moutschen\Application Data\wklnhst.dat 2007-01-30 16:43 61 --sh--w C:\WINDOWS\cnerolf.bin 2007-02-18 10:04 61 --sh--w C:\WINDOWS\cnerolf.dat 2007-10-21 16:14 248 --sh--r C:\WINDOWS\system32\84BDB62C2A.sys . ------- Sigcheck ------- 456f6f2eeaa0d975581e745c6ecfd140 C:\WINDOWS\system32\wininet.dll -c----w 669,696 2007-06-26 14:36:02 C:\WINDOWS\$NtUninstallKB939653$\wininet.dll -c----w 669,696 2007-08-22 12:57:30 C:\WINDOWS\$NtUninstallKB942615$\wininet.dll -c----w 704,512 2007-10-11 05:59:29 C:\WINDOWS\$NtUninstallKB944533$\wininet.dll ----a-w 704,512 2007-12-07 00:47:21 C:\WINDOWS\system32\wininet.dll ----a-w 704,512 2007-12-07 00:47:21 C:\WINDOWS\system32\dllcache\wininet.dll 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe ----a-w 979,456 2007-06-13 13:22:28 C:\WINDOWS\explorer.exe ----a-w 979,456 2007-06-13 13:22:28 C:\WINDOWS\system32\dllcache\explorer.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2FA11ADF-3EF4-4B24-8558-02793F4A8E1E}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3A2FF3C5-EDFF-46CE-BBA0-7A68B2499DBA}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89B9C4A6-7F4C-424A-931D-9DB76AD5C6B1}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A27274FA-811F-4EFC-841F-2DFB333E93EB}] C:\WINDOWS\system32\ddaby.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E256E6E5-CFBF-41CC-8281-D885A853CD93}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f4686172-f5bb-4388-951c-80f52534566f}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F512616D-2DD7-4A91-93E2-ADDEA26C1912}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-11-12 15:48 21760296] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360] "RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 23:05 630784] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] "WindowsLivePhone"="C:\PROGRA~1\WI1F86~1\MESSEN~1\DEVICE~1\msgrdvmn.exe" [2007-03-29 11:21 722320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776] "CTHelper"="CTHELPER.EXE" [2005-11-08 20:30 16384 C:\WINDOWS\CTHELPER.EXE] "CTxfiHlp"="CTXFIHLP.EXE" [2006-03-02 12:00 18944 C:\WINDOWS\system32\CTXFIHLP.EXE] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12 94208] "NVRaidService"="C:\WINDOWS\system32 vraidservice.exe" [2007-05-15 16:25 137216] "PMX Daemon"="ICO.EXE" [2006-11-08 16:01 49152 C:\WINDOWS\system32\ico.exe] "CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 02:00 45056] "VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 12:01 122880] "AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 19:07 49152] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-29 11:16 1836544] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-03-05 20:10 36904] "LifeChat"="C:\Program Files\Microsoft LifeChat\LifeChat.exe" [2007-01-26 13:31 259440] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" [2007-11-19 20:35 185896] "ProfilerU"="C:\Program Files\Saitek\SD6\Software\ProfilerU.exe" [2007-10-02 10:10 233472] "SaiMfd"="C:\Program Files\Saitek\SD6\Software\SaiMfd.exe" [2007-10-02 10:10 131072] "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32 wiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992] "789fc415"="C:\WINDOWS\system32\klwyokdl.dll" [ ] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360] C:\Documents and Settings\Bijan Moutschen\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216] RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 23:05:02 630784] TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 20:41:18 65536] UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 08:43:08 180224] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Lancer l'utilitaire d'enregistrement.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2007-09-17 18:31:29 1175552] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\EA GAMES\Medal of Honor Batailles du Pacifique(tm)\mohpa.exe"= "C:\Program Files\Messenger\msmsgs.exe"= "C:\Program Files\Microsoft Games\Microsoft Flight Simulator X\fsx.exe"= "C:\WINDOWS\system32\dpvsetup.exe"= "C:\WINDOWS\system32\rundll32.exe"= "C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe"= "C:\WINDOWS\system32\dpnsvr.exe"= "C:\Program Files\IVAO\IvAp\ivapnetint.exe"= "C:\Program Files\Mozilla Firefox\firefox.exe"= "C:\WINDOWS\system32\dxdiag.exe"= "C:\Program Files\adslTV\adsltv.exe"= "C:\Program Files\Microsoft Games\Flight Simulator 9\MADDOG2006\MDCP.exe"= "C:\Program Files\Bonjour\mDNSResponder.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "C:\Program Files\WiFiConnector\NintendoWFCReg.exe"= "C:\Program Files\IVAO\IvAp\ivapconfig.exe"= "C:\Program Files\Real\RealPlayer\realplay.exe"= "C:\Program Files\iTunes\iTunes.exe"= "C:\kav\kis7.0\french\setup.exe"= "C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe"= "C:\Program Files\Skype\Phone\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 12:56] R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-04-24 13:12] R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08] S2 Apache2.2;Apache2.2;"K:\xampplite\apache\bin\apache.exe" [] S2 XAMPP;XAMPP Service;C:\Program Files\xampplite\xampplite\service.exe [] S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-07-29 17:32] S3 pmxmouse;PMXMOUSE;C:\WINDOWS\system32\DRIVERS\pmxmouse.sys [2006-04-24 11:57] S3 pmxusblf;PMXUSBLF;C:\WINDOWS\system32\DRIVERS\pmxusblf.sys [2006-04-24 11:59] S3 SaiH075C;SaiH075C;C:\WINDOWS\system32\DRIVERS\SaiH075C.sys [2007-05-01 16:11] S3 SaiH0763;SaiH0763;C:\WINDOWS\system32\DRIVERS\SaiH0763.sys [2006-06-08 10:37] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a1dfc68-741d-11dc-a552-000d0bffc227}] \Shell\AutoRun\command - wd_windows_tools\setup.exe . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-02-06 21:08:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-07-09 13:39:25 C:\WINDOWS\Tasks\LifeChatTask.job" - C:\Program Files\Microsoft LifeChat\LifeChat.exe "2008-02-25 08:00:01 C:\WINDOWS\Tasks\Rappel.job" - c:\PROGRA~1\mcafee\mqc\QcConsol.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-26 19:12:26 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . --------------------- DLLs a chargé sous des processus courants --------------------- PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156] -> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll -> C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll . Temps d'accomplissement: 2008-02-26 19:15:01 ComboFix-quarantined-files.txt 2008-02-26 18:14:58 ComboFix2.txt 2008-02-25 17:50:02 . 2008-02-13 20:36:18 --- E O F ---

papyber · Answer

Ouvre le bloc-note (Démarrer>programmes>Accessoires>Bloc-note) et copie-colle le texte en citation : 
File::
C:\WINDOWS\system32\poolmc.MSNFix
C:\WINDOWS\fs_earth_link_9.ini 
C:\WINDOWS\system32\ddaby.dll 
C:\WINDOWS\system32\klwyokdl.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2FA11ADF-3EF4-4B24-8558-02793F4A8E1E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3A2FF3C5-EDFF-46CE-BBA0-7A68B2499DBA}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89B9C4A6-7F4C-424A-931D-9DB76AD5C6B1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A27274FA-811F-4EFC-841F-2DFB333E93EB}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E256E6E5-CFBF-41CC-8281-D885A853CD93}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f4686172-f5bb-4388-951c-80f52534566f}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F512616D-2DD7-4A91-93E2-ADDEA26C1912}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"789fc415"=-
 
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié. 

Sauvegarde ce fichier sous le nom de CFScript.txt 

http://img115.imageshack.us/img115/6742/cfscriptws3.gif
 
Comme l'image le montre, fait glisser CFScript.txt sur Combofix.exe 

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide. 

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal! 

Ne touche à rien tant que le scan n'est pas terminé. 

Une fois le scan achevé, un rapport va s'afficher: poste son contenu. 

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt 
 

Rends toi sur ESET Online Scanner Link 
https://www.eset.com/int/home/online-scanner/ 
Coche la case YES, I accept the Terms Of Use 
Clique sur le bouton Start 
Clique maintenant sur Install button 
Clique a nouveau sur Start 

Les mises à jours du scan en ligne vont se faire. 
Ne coche pas Remove found threats 
Clique sur Scan button 

Le scan va démarrer, sois patient. 

Quand le scan sera terminé, clique sur Details tab 

Copie colle en réponse le contenu de C:\Program Files\EsetOnlineScanner\log.txt back

Fichier vérolé

16 réponses

Discussions similaires