Sujet Précédent Sujet Suivant

Virus Win32-adware-gen

Doudou62 Messages postés 1 Statut Membre -  
 Doudou62 -
Salut à tous,
Je vous expose mon problème, j'ai choppé un virus de m... son nom Win32 Adware-gen, je vous demande humblement votre aide. En regardant sur le forum, je vois que la majorité des personnes poste de le rapport de HijackThis alors je vais faire de même.J'ai essayé plusieur possibilité pour le supprimer mais il reviens toujours au démarrage alors la je sèche.

Merci d'avance de votre aides

CI-DESSOUS LE RAPPORT
Logfile of HijackThis v1.99.1
Scan saved at 13:15:15, on 08.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
C:\Program Files\Cobian Backup 8\cbService.exe
C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\PROGRA~1\DelFax\WFXSWTCH.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\DelFax\WFXMOD32.EXE
C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
C:\Program Files\Cobian Backup 8\cbInterface.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\windows\system32\kpwnw64r.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Nero\Nero8\InCD\InCD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DeTeWe\OpenCTI.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Corel\Corel Graphics 12\Programs\CorUpd.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\DelFax\WFXCTL32.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://english.ircfast2.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aceradvantage.com/stdreg
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\DelFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Cobian Backup 8 interface] "C:\Program Files\Cobian Backup 8\cbInterface.exe" -service
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\FR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=041908 serial=DR12WUG-9117671-vnl lang=FR
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [{D1-18-80-0E-DW}] C:\windows\system32\kpwnw64r.exe DWoli5FF
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
O4 - HKCU\..\Run: [OpenCTI] "C:\Program Files\DeTeWe\OpenCTI.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [c:_program files_corel_cor3c] C:\Program Files\Corel\Corel Graphics 12\Programs\CorUpd.exe /Watch /r="Software\Corel\CorelDRAW\12.0"
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\kpwnw64r.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Contrôleur.LNK = C:\Program Files\DelFax\WFXCTL32.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
O23 - Service: Cobian Backup 8 service (CobBMService) - Luis Cobian - C:\Program Files\Cobian Backup 8\cbService.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Droppix Service - Droppix - C:\Program Files\Fichiers communs\Droppix\DxService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: DelrinaFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

Merci d'avance
A voir également:

15 réponses

Réponse 1 / 15
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt,

télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\windows\system32\kpwnw64r.exe

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

_____________

Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
0
Doudou62
 
Salut JlpJlp,
D'abord un grand merci pour prendre du temps pour résoudre mon problème, j'apprécie fortement.

Comme demandé j'ai exécuter les différentes tâches que tu m'a conseillées , ci-dessous je te poste les 2 rapports.

1)OTVmov

C:\windows\system32\kpwnw64r.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04092008_065622

2)Combofix

ComboFix 08-04-08.7 - Didier 2008-04-09 7:11:44.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.490 [GMT 2:00]
Endroit: C:\Documents and Settings\Didier\Bureau\KillBagle.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.
TimedOut: progfile.dat

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Didier\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
C:\WINDOWS\system32\msnav32.ax

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-09 to 2008-04-09 ))))))))))))))))))))))))))))))))))))
.

2008-04-09 07:05 . 2008-04-09 07:05 49,228 --a------ C:\WINDOWS\system32\kpwnw64r.exe
2008-04-09 06:56 . 2008-04-09 06:56 <REP> d-------- C:\_OTMoveIt
2008-04-08 12:31 . 2008-04-08 12:32 <REP> d-------- C:\Program Files\RegCleaner
2008-04-08 11:57 . 2008-04-08 11:57 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-04-08 11:57 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-04-08 11:41 . 2008-04-08 11:41 49,215 --a------ C:\WINDOWS\system32\rwwnw64d.exe
2008-04-08 10:53 . 2008-04-08 08:57 141,525 --a------ C:\Capture01.jpg
2008-04-08 07:34 . 2005-02-16 11:06 218,112 --a------ C:\HijackThis.exe
2008-04-08 07:31 . 2008-04-08 07:31 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-08 07:31 . 2008-04-08 07:31 <REP> d-------- C:\Documents and Settings\Didier\Application Data\Malwarebytes
2008-04-08 07:31 . 2008-04-08 07:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-07 09:46 . 2008-04-07 09:46 <REP> d-------- C:\Documents and Settings\Didier\Application Data\Grisoft
2008-04-07 09:46 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-04 10:56 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-04 10:56 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-04-01 15:23 . 2008-04-01 15:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-01 07:54 . 2008-04-01 07:54 712,841 --a------ C:\Test aptitude.JPG
2008-03-29 03:09 . 2008-04-03 18:47 934 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-03-28 13:10 . 2008-03-28 13:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-03-27 08:52 . 2008-03-27 08:52 <REP> d-------- C:\Program Files\NeroInstall.bak
2008-03-27 08:50 . 2008-03-27 08:50 <REP> d-------- C:\Documents and Settings\Didier\Application Data\Nero
2008-03-27 08:47 . 2008-03-27 08:48 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-03-27 08:47 . 2008-03-27 08:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-03-27 08:32 . 2008-03-27 08:32 49,185 --a------ C:\WINDOWS\system32\kownw64r.exe
2008-03-26 16:50 . 2008-03-15 00:56 <REP> d-------- C:\Okoker.AVI.to.DVD.VCD.DIVX.MPEG.Converter&Burner.v4.9.Cracked-AHCU
2008-03-25 16:44 . 2008-03-25 16:44 33,792 --a------ C:\Devis CSF Batailles sans prix.xls
2008-03-25 15:22 . 2008-03-25 15:22 19,759 --a------ C:\8822 DV version client.xls
2008-03-25 11:42 . 2008-03-25 11:42 88,232 --a------ C:\bookmarks.html
2008-03-25 11:37 . 2008-03-25 11:40 851 --a------ C:\VSO ConvertXtoDvd.lnk
2008-03-25 11:23 . 2007-03-28 07:18 735 --a------ C:\VSO PhotoDVD.lnk
2008-03-18 11:56 . 2008-03-18 12:52 5,105 --a------ C:\Abieniste mail .htm
2008-03-18 10:34 . 2008-03-18 10:22 946,016 --a------ C:\Maison Sécurité Froid.bak
2008-03-18 10:13 . 2008-03-18 10:34 970,016 --a------ C:\Maison Sécurité Froid.dwg
2008-03-12 12:12 . 2008-03-12 12:12 21 --a------ C:\WINDOWS\TemplateWizard.INI

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-08 09:57 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-04-07 07:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-03 11:56 --------- d-----w C:\Program Files\DelFax
2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2008-03-27 06:47 --------- d-----w C:\Program Files\Nero
2008-03-27 06:38 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-03-27 02:37 --------- d-----w C:\Program Files\eMule
2008-03-12 09:08 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-06 06:44 --------- d-----w C:\Program Files\Scelte32
2008-03-03 13:53 --------- d-----w C:\Program Files\Yahoo!
2008-03-03 13:53 --------- d-----w C:\Program Files\Fichiers communs\ACD Systems
2008-03-03 08:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-03 06:59 --------- d-----w C:\Documents and Settings\Didier\Application Data\Corel
2008-03-03 06:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-03 06:29 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-03-03 06:29 --------- d-----w C:\Program Files\Fichiers communs\Corel
2008-03-03 06:28 --------- d-----w C:\Program Files\Corel
2008-03-03 06:24 --------- d-----w C:\Program Files\WinISO
2008-02-28 16:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-02-28 12:04 238,888 ----a-w C:\WINDOWS\NuNInst.exe
2008-02-28 12:03 40,360 ----a-w C:\WINDOWS\system32\drivers\InCDRm.sys
2008-02-28 12:03 38,952 ----a-w C:\WINDOWS\system32\drivers\InCDPass.sys
2008-02-28 12:03 17,448 ----a-w C:\WINDOWS\system32\drivers\InCDrec.sys
2008-02-28 12:03 128,424 ----a-w C:\WINDOWS\system32\drivers\InCDfs.sys
2008-02-26 15:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2008-02-26 13:30 9,216 ----a-w C:\WINDOWS\system32\avgwlntf.dll
2008-02-26 06:07 --------- d-----w C:\Program Files\iTunes
2008-02-26 06:07 --------- d-----w C:\Program Files\iPod
2008-02-26 06:05 --------- d-----w C:\Program Files\QuickTime
2008-02-18 15:21 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2008-02-18 15:21 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2008-02-18 15:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2008-02-18 06:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
2008-02-18 06:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Droppix
2008-02-18 06:52 --------- d-----w C:\Program Files\illiminable
2008-02-18 06:52 --------- d-----w C:\Program Files\Fichiers communs\LightScribe
2008-02-18 06:52 --------- d-----w C:\Program Files\Fichiers communs\Droppix
2008-02-18 06:52 --------- d-----w C:\Documents and Settings\Didier\Application Data\Droppix
2008-02-18 06:51 --------- d-----w C:\Program Files\Droppix
2008-02-15 14:14 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-02-14 12:40 --------- d-----w C:\Program Files\PowerpointImageExtractor_V1_2
2008-02-14 10:28 --------- d-----w C:\Documents and Settings\Didier\Application Data\Spamihilator
2008-02-14 10:08 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-14 06:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-02-12 05:48 --------- d-----w C:\Documents and Settings\Didier\Application Data\Else plus
2008-02-12 05:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sign scr mags for
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-10-02 11:28 667 ----a-w C:\Documents and Settings\Didier\Application Data\waver_2.95.dat
2007-02-15 10:02 87,608 ----a-w C:\Documents and Settings\Didier\Application Data\ezpinst.exe
2007-02-15 10:02 47,360 ----a-w C:\Documents and Settings\Didier\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@={8D2223A2-B3C6-4e32-B096-CDD11F628C60}

[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-02-28 14:04 97064 --a------ C:\Program Files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OpenCTI"="C:\Program Files\DeTeWe\OpenCTI.exe" [2004-12-03 14:22 221184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 15:07 1289000]
"LightScribe Control Panel"="C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2008-01-24 13:32 2289664]
"c:_program files_corel_cor3c"="C:\Program Files\Corel\Corel Graphics 12\Programs\CorUpd.exe" [2003-11-18 10:38 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
"SoundMan"="SOUNDMAN.EXE" [2005-08-16 23:39 90112 C:\WINDOWS\SOUNDMAN.EXE]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 15:40 413696]
"WFXSwtch"="C:\PROGRA~1\DelFax\WFXSWTCH.exe" [2006-12-27 10:52 28160]
"WinFaxAppPortStarter"="wfxsnt40.exe" [2006-12-27 10:52 45568 C:\WINDOWS\system32\WFXSNT40.EXE]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 15:46 28160 C:\WINDOWS\KHALMNPR.Exe]
"Cobian Backup 8 interface"="C:\Program Files\Cobian Backup 8\cbInterface.exe" [2007-03-21 00:35 2424320]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-17 14:12 135168]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\FR\Programs\Registration.exe" [2003-12-03 02:52 733184]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 13:41 196608]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-04-13 07:07 69632]
"{D1-18-80-0E-DW}"="c:\windows\system32\kpwnw64r.exe" [2008-04-09 07:05 49228]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 17:29 2221352]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"InCD"="C:\Program Files\Nero\Nero8\InCD\InCD.exe" [2008-02-28 14:03 1083176]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-12-11 09:18:31 1048576]
Contr“leur.LNK - C:\Program Files\DelFax\WFXCTL32.EXE [2006-12-27 10:20:35 549888]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-12-27 16:38:25 450560]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= C:\Program Files\DelFax\WfxSeh32.Dll [1998-07-27 09:54 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-02-26 15:30 9216 C:\WINDOWS\system32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= C:\WINDOWS\system32\l3codecp.acm
"msacm.l3codecp"=
"VIDC.ACDV"= ACDV.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"MsnMsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"PCMService"="C:\Program Files\Acer TV-FM\PCMService.exe"
"MediaSync"=C:\Program Files\Acer\Acer eConsole\MediaSync.exe
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
"SiSPower"=Rundll32.exe SiSPower.dll,ModeAgent
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE
"LaunchApp"=Alaunch
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
"AspireService"=C:\Program Files\Acer\Acer eMode Management\AspireService.exe
"OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"ntiMUI"=C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
"Device Detector"=DevDetect.exe -autorun
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
"Spamihilator"="C:\Program Files\Spamihilator\spamihilator.exe"
"SecurDisc"=C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
"NeroFilterCheck"=C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer TV-FM\\PowerCinema.exe"=
"C:\\Program Files\\Acer TV-FM\\PCMService.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"\\\\Serveur\\Gestion (O)\\ASTUCES\\Astuces.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\Namo\\WebEditor 6 Trial\\bin\\WebEditor.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Spamihilator\\dccproc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 PrecSim;PrecSim;C:\WINDOWS\system32\DRIVERS\precsim.sys [2002-04-26 01:00]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 NeroRegInCDSrv;Nero Registry InCD Service;C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-02-28 14:04]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 14:00]
R2 wfxsvc;DelrinaFax PRO;C:\WINDOWS\system32\WFXSVC.EXE [2000-05-15 17:37]
R3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 15:46]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 14:00]
S3 Droppix Service;Droppix Service;"C:\Program Files\Fichiers communs\Droppix\DxService.exe" [2008-02-01 17:12]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-08 11:57]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 11:38]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-07 18:42:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-09 05:04:10 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 07:15:02
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-09 7:15:43
ComboFix-quarantined-files.txt 2008-04-09 05:15:38
Pre-Run: 7,069,347,840 octets libres
Post-Run: 7,062,183,936 octets libres
.
2008-03-13 02:01:34 --- E O F ---

Franchement je ne comprend pas grand chose à tout cela , mais je te fait confiance.

Salutations et merci encore
0
Réponse 2 / 15
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
analyse ce fichier sur virus total et si infécté tu le vire: https://www.virustotal.com/gui/

C:\Okoker.AVI.to.DVD.VCD.DIVX.MPEG.Converter&Burner.v4.9.Crack­ed-AHCU

____

colle le rapport d'un scan en ligne
avec un des suivants:

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

scan en ligne firefox

https://www.trendmicro.com/fr_fr/business.html

Panda en ligne :
http://pandasoftware.fr

________________
puis

colle un rapport hijackthis et dis tes soucis actuels
0
Réponse 3 / 15
Doudou62
 
Salut à toi JlpJlp,
En fait le fichier que tu m'a demandé d'analyser est un répertoire, mais j'ai quand même analyser les fichiers qui s'y trouvais mais sans résultat et en plus après çà j'ai supprimer le répertoire qui me servais à rien.
Ci dessous les 2 rapport d'analyse.

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-04-10 10:22:18
PROTECTIONS: 1
MALWARE: 4
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Avira AntiVir PersonalEdition 7.0.3.136
Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Didier\Cookies\didier@xiti[1].txt
01185375 Application/Psexec.A HackTools No 0 Yes No C:\WINDOWS\PSEXESVC.EXE
01192683 Adware/Lop Adware No 0 Yes No C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP514\A0064328.exe
02906128 Adware/Zenosearch Adware No 0 Yes No C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP514\A0064321.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location =
;===================================================================================================================================================================================
Yes C:\WINDOWS\system32\rcntqldn.exe =
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description =
;===================================================================================================================================================================================
;===================================================================================================================================================================================

Logfile of HijackThis v1.99.1
Scan saved at 10:37:15, on 10.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
C:\Program Files\Cobian Backup 8\cbService.exe
C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
C:\Program Files\DelFax\WFXMOD32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\PROGRA~1\DelFax\WFXSWTCH.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\Cobian Backup 8\cbInterface.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\windows\system32\kpwnw64r.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\DeTeWe\OpenCTI.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Corel\Corel Graphics 12\Programs\CorUpd.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\DelFax\WFXCTL32.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\rcntqldn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://english.ircfast2.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aceradvantage.com/stdreg
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\DelFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Cobian Backup 8 interface] "C:\Program Files\Cobian Backup 8\cbInterface.exe" -service
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\FR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=041908 serial=DR12WUG-9117671-vnl lang=FR
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [{D1-18-80-0E-DW}] C:\windows\system32\kpwnw64r.exe DWoli5FF
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [g]eeV\mWhjlnspB] C:\WINDOWS\system32\rcntqldn.exe DWoli5FF
O4 - HKCU\..\Run: [OpenCTI] "C:\Program Files\DeTeWe\OpenCTI.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [c:_program files_corel_cor3c] C:\Program Files\Corel\Corel Graphics 12\Programs\CorUpd.exe /Watch /r="Software\Corel\CorelDRAW\12.0"
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\rcntqldn.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\kpwnw64r.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Contrôleur.LNK = C:\Program Files\DelFax\WFXCTL32.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
O23 - Service: Cobian Backup 8 service (CobBMService) - Luis Cobian - C:\Program Files\Cobian Backup 8\cbService.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Droppix Service - Droppix - C:\Program Files\Fichiers communs\Droppix\DxService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: DelrinaFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

Voila c'est fait... dis moi ce que tu pense, merci d'avance

Salutations
0
Réponse 4 / 15
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
C:\WINDOWS\system32\rcntqldn.exe
C:\WINDOWS\system32\kpwnw64r.exe
C:\WINDOWS\system32\rwwnw64d.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayide­ntifiers\NBHShellExt]
@={8D2223A2-B3C6-4e32-B096-CDD11F628C60}
"{D1-18-80-0E-DW}"="-

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 15
Doudou62
 
Salut à toi JlpJlp, quel patience...j'ai fait mes devoirs et je te poste ci-dessous les 2 rapports.

Merci encore.

ComboFix 08-04-08.7 - Didier 2008-04-10 13:24:32.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.490 [GMT 2:00]
Endroit: C:\Documents and Settings\Didier\Bureau\KillBagle.exe
Command switches used :: C:\Documents and Settings\Didier\Bureau\CFscript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\WINDOWS\system32\kpwnw64r.exe
C:\WINDOWS\system32\rcntqldn.exe
C:\WINDOWS\system32\rwwnw64d.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Didier\Menu Démarrer\Programmes\Démarrage\Deewoo.lnk
C:\Documents and Settings\Didier\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
C:\WINDOWS\system32\kpwnw64r.exe
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\rcntqldn.exe
C:\WINDOWS\system32\rwwnw64d.exe
C:\WINDOWS\system32\zxdnt3d.cfg

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-10 to 2008-04-10 ))))))))))))))))))))))))))))))))))))
.

2008-04-10 12:50 . 2008-04-10 12:50 100,469,258 --a------ C:\SAUVEGARDE REGISTRE LE 10-4-2008.reg
2008-04-10 07:40 . 2008-04-10 07:42 <REP> d-------- C:\Program Files\Panda Security
2008-04-10 03:00 . 2008-04-10 03:03 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-04-09 13:26 . 2008-04-09 13:25 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-09 13:25 . 2008-04-09 13:34 <REP> d-------- C:\Documents and Settings\Didier\.housecall6.6
2008-04-09 12:09 . 2008-04-09 12:09 361,429 --a------ C:\Img005.jpg
2008-04-09 09:39 . 2008-04-09 09:39 <REP> d-------- C:\Program Files\Avira
2008-04-09 09:39 . 2008-04-09 09:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-09 07:34 . 2008-04-10 13:05 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-09 07:34 . 2008-04-09 07:34 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-09 06:56 . 2008-04-09 06:56 <REP> d-------- C:\_OTMoveIt
2008-04-08 12:31 . 2008-04-08 12:32 <REP> d-------- C:\Program Files\RegCleaner
2008-04-08 11:57 . 2008-04-08 11:57 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-04-08 11:57 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-04-08 10:53 . 2008-04-08 08:57 141,525 --a------ C:\Capture01.jpg
2008-04-08 07:34 . 2005-02-16 11:06 218,112 --a------ C:\HijackThis.exe
2008-04-08 07:31 . 2008-04-08 07:31 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-08 07:31 . 2008-04-08 07:31 <REP> d-------- C:\Documents and Settings\Didier\Application Data\Malwarebytes
2008-04-08 07:31 . 2008-04-08 07:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-07 09:46 . 2008-04-07 09:46 <REP> d-------- C:\Documents and Settings\Didier\Application Data\Grisoft
2008-04-07 09:46 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-01 15:23 . 2008-04-01 15:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-01 07:54 . 2008-04-01 07:54 712,841 --a------ C:\Test aptitude.JPG
2008-03-29 03:09 . 2008-04-10 06:49 933 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-03-28 13:10 . 2008-03-28 13:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-03-27 08:52 . 2008-03-27 08:52 <REP> d-------- C:\Program Files\NeroInstall.bak
2008-03-27 08:50 . 2008-03-27 08:50 <REP> d-------- C:\Documents and Settings\Didier\Application Data\Nero
2008-03-27 08:47 . 2008-03-27 08:48 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-03-27 08:47 . 2008-03-27 08:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-03-27 08:32 . 2008-03-27 08:32 49,185 --a------ C:\WINDOWS\system32\kownw64r.exe
2008-03-25 16:44 . 2008-03-25 16:44 33,792 --a------ C:\Devis CSF Batailles sans prix.xls
2008-03-25 15:22 . 2008-03-25 15:22 19,759 --a------ C:\8822 DV version client.xls
2008-03-25 11:42 . 2008-03-25 11:42 88,232 --a------ C:\bookmarks.html
2008-03-25 11:37 . 2008-03-25 11:40 851 --a------ C:\VSO ConvertXtoDvd.lnk
2008-03-25 11:23 . 2007-03-28 07:18 735 --a------ C:\VSO PhotoDVD.lnk
2008-03-18 11:56 . 2008-03-18 12:52 5,105 --a------ C:\Abieniste mail .htm
2008-03-18 10:34 . 2008-03-18 10:22 946,016 --a------ C:\Maison Sécurité Froid.bak
2008-03-18 10:13 . 2008-03-18 10:34 970,016 --a------ C:\Maison Sécurité Froid.dwg
2008-03-12 12:12 . 2008-03-12 12:12 21 --a------ C:\WINDOWS\TemplateWizard.INI

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-08 09:57 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-04-07 07:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-03 11:56 --------- d-----w C:\Program Files\DelFax
2008-03-27 06:47 --------- d-----w C:\Program Files\Nero
2008-03-27 06:38 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-03-27 02:37 --------- d-----w C:\Program Files\eMule
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-12 09:08 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-06 06:44 --------- d-----w C:\Program Files\Scelte32
2008-03-03 13:53 --------- d-----w C:\Program Files\Yahoo!
2008-03-03 13:53 --------- d-----w C:\Program Files\Fichiers communs\ACD Systems
2008-03-03 08:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-03 06:59 --------- d-----w C:\Documents and Settings\Didier\Application Data\Corel
2008-03-03 06:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-03 06:29 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-03-03 06:29 --------- d-----w C:\Program Files\Fichiers communs\Corel
2008-03-03 06:28 --------- d-----w C:\Program Files\Corel
2008-03-03 06:24 --------- d-----w C:\Program Files\WinISO
2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:57 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:56 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-28 16:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-02-28 12:04 238,888 ----a-w C:\WINDOWS\NuNInst.exe
2008-02-28 12:03 40,360 ----a-w C:\WINDOWS\system32\drivers\InCDRm.sys
2008-02-28 12:03 38,952 ----a-w C:\WINDOWS\system32\drivers\InCDPass.sys
2008-02-28 12:03 17,448 ----a-w C:\WINDOWS\system32\drivers\InCDrec.sys
2008-02-28 12:03 128,424 ----a-w C:\WINDOWS\system32\drivers\InCDfs.sys
2008-02-26 15:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2008-02-26 13:30 9,216 ----a-w C:\WINDOWS\system32\avgwlntf.dll
2008-02-26 06:07 --------- d-----w C:\Program Files\iTunes
2008-02-26 06:07 --------- d-----w C:\Program Files\iPod
2008-02-26 06:05 --------- d-----w C:\Program Files\QuickTime
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-18 15:21 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2008-02-18 15:21 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2008-02-18 15:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2008-02-18 06:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
2008-02-18 06:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Droppix
2008-02-18 06:52 --------- d-----w C:\Program Files\illiminable
2008-02-18 06:52 --------- d-----w C:\Program Files\Fichiers communs\LightScribe
2008-02-18 06:52 --------- d-----w C:\Program Files\Fichiers communs\Droppix
2008-02-18 06:52 --------- d-----w C:\Documents and Settings\Didier\Application Data\Droppix
2008-02-18 06:51 --------- d-----w C:\Program Files\Droppix
2008-02-15 14:14 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-02-14 12:40 --------- d-----w C:\Program Files\PowerpointImageExtractor_V1_2
2008-02-14 10:28 --------- d-----w C:\Documents and Settings\Didier\Application Data\Spamihilator
2008-02-14 10:08 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-14 06:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-02-12 05:48 --------- d-----w C:\Documents and Settings\Didier\Application Data\Else plus
2008-02-12 05:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sign scr mags for
2007-10-02 11:28 667 ----a-w C:\Documents and Settings\Didier\Application Data\waver_2.95.dat
2007-02-15 10:02 87,608 ----a-w C:\Documents and Settings\Didier\Application Data\ezpinst.exe
2007-02-15 10:02 47,360 ----a-w C:\Documents and Settings\Didier\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((( snapshot@2008-04-09_ 7.15.21.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-20 07:56:50 1,846,016 ----a-w C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\updspapi.dll
+ 2008-02-20 05:20:23 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsapi.dll
+ 2008-02-20 18:50:24 45,568 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\updspapi.dll
+ 2008-02-20 06:52:42 282,624 ----a-w C:\WINDOWS\$hf_mig$\KB948590\SP2QFE\gdi32.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\updspapi.dll
+ 2007-12-07 02:08:32 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
+ 2007-12-19 22:53:23 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
+ 2007-12-07 02:08:32 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
+ 2007-12-07 02:08:32 133,120 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
+ 2007-12-07 02:08:32 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
+ 2007-12-06 11:02:31 70,656 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
+ 2007-12-07 02:08:32 153,088 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
+ 2007-12-07 02:08:32 230,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
+ 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
+ 2007-12-07 02:08:32 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
+ 2007-12-07 02:08:32 384,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
+ 2007-12-07 02:08:33 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
+ 2007-12-07 02:08:33 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
+ 2007-12-07 02:08:33 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
+ 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
+ 2007-12-06 11:03:16 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
+ 2007-12-07 02:08:33 27,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
+ 2007-12-07 02:08:33 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
+ 2007-12-07 02:08:33 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
+ 2007-12-08 05:08:36 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
+ 2007-12-07 02:08:34 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
+ 2007-12-07 02:08:34 193,024 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
+ 2007-12-07 02:08:34 671,232 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
+ 2007-12-07 02:08:34 102,912 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
+ 2008-01-11 05:36:55 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
+ 2007-12-07 02:08:34 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
+ 2007-12-07 02:08:34 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
+ 2007-12-07 02:08:34 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
+ 2007-12-07 02:08:34 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
- 2007-12-07 02:08:32 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-03-01 12:58:06 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2007-12-07 02:08:32 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-03-01 12:58:06 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
- 2007-12-19 22:53:23 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-03-01 12:58:06 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-12-07 02:08:32 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-03-01 12:58:06 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-12-07 02:08:32 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-03-01 12:58:06 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-12-07 02:08:32 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-03-01 12:58:06 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
- 2007-12-07 02:08:32 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-03-01 12:58:06 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2007-12-07 02:08:32 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-03-01 12:58:06 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2007-12-07 02:08:32 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-03-01 12:58:07 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2007-12-07 02:08:32 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-03-01 12:58:07 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-12-07 02:08:33 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-03-01 12:58:08 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2007-12-07 02:08:33 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-03-01 12:58:08 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2007-12-07 02:08:33 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-03-01 12:58:08 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2007-12-07 02:08:33 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-03-01 12:58:08 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2007-12-07 02:08:33 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-03-01 12:58:08 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2007-12-07 02:08:33 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-03-01 12:58:08 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2007-12-07 02:08:34 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-03-01 12:58:09 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-12-07 02:08:34 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-03-01 12:58:10 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-12-07 02:08:34 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-03-01 12:58:10 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-12-07 02:08:34 102,912 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-03-01 12:58:10 102,912 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-01-11 05:36:55 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-03-01 12:58:10 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-12-07 02:08:34 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-03-01 12:58:10 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
- 2007-12-07 02:08:34 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-03-01 12:58:10 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-12-07 02:08:34 233,472 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-03-01 12:58:11 233,472 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-12-07 02:08:34 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-03-01 12:58:11 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2006-06-26 17:41:32 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-02-20 05:35:05 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2007-08-09 11:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 12:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-04-09 07:41:55 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 08:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
- 2007-12-19 22:53:23 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-03-01 12:58:06 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-12-07 02:08:32 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-03-01 12:58:06 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-12-07 02:08:32 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-03-01 12:58:06 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-03-03 08:09:08 654,656 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-04-10 01:10:53 654,656 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2007-12-07 02:08:32 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-03-01 12:58:06 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2007-12-06 11:02:31 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-02-29 08:56:41 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2007-12-07 02:08:32 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-03-01 12:58:06 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2007-12-07 02:08:32 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-03-01 12:58:06 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2007-12-06 04:59:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2007-12-07 02:08:32 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-03-01 12:58:07 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2007-12-07 02:08:32 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-03-01 12:58:07 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2007-12-07 02:08:33 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-03-01 12:58:08 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-12-07 02:08:33 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-03-01 12:58:08 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2007-12-07 02:08:33 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-03-01 12:58:08 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2007-12-06 11:00:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-12-07 02:08:33 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-03-01 12:58:08 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-12-07 02:08:33 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-03-01 12:58:08 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2007-12-07 02:08:33 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-03-01 12:58:08 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2007-12-08 05:08:36 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-03-01 16:28:10 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-12-07 02:08:34 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-03-01 12:58:09 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-12-07 02:08:34 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-03-01 12:58:10 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-12-07 02:08:34 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-03-01 12:58:10 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2007-12-07 02:08:34 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-03-01 12:58:10 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-03-31 05:03:31 63,860 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-10 11:09:20 63,860 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-31 05:03:31 77,014 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-04-10 11:09:20 77,014 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-03-31 05:03:31 405,310 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-10 11:09:20 405,310 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-03-31 05:03:31 472,378 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-04-10 11:09:20 472,378 ----a-w C:\WINDOWS\system32\perfh00C.dat
- 2008-01-11 05:36:55 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-03-01 12:58:10 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-12-07 02:08:34 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-03-01 12:58:10 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-12-07 02:08:34 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-03-01 12:58:10 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-12-07 02:08:34 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-03-01 12:58:11 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2007-12-07 02:08:34 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-03-01 12:58:11 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-04-10 11:04:37 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_230.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@={8D2223A2-B3C6-4e32-B096-CDD11F628C60}

[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-02-28 14:04 97064 --a------ C:\Program Files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OpenCTI"="C:\Program Files\DeTeWe\OpenCTI.exe" [2004-12-03 14:22 221184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 15:07 1289000]
"LightScribe Control Panel"="C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2008-01-24 13:32 2289664]
"c:_program files_corel_cor3c"="C:\Program Files\Corel\Corel Graphics 12\Programs\CorUpd.exe" [2003-11-18 10:38 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
"SoundMan"="SOUNDMAN.EXE" [2005-08-16 23:39 90112 C:\WINDOWS\SOUNDMAN.EXE]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 15:40 413696]
"WFXSwtch"="C:\PROGRA~1\DelFax\WFXSWTCH.exe" [2006-12-27 10:52 28160]
"WinFaxAppPortStarter"="wfxsnt40.exe" [2006-12-27 10:52 45568 C:\WINDOWS\system32\WFXSNT40.EXE]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 15:46 28160 C:\WINDOWS\KHALMNPR.Exe]
"Cobian Backup 8 interface"="C:\Program Files\Cobian Backup 8\cbInterface.exe" [2007-03-21 00:35 2424320]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-17 14:12 135168]
"CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\FR\Programs\Registration.exe" [2003-12-03 02:52 733184]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 13:41 196608]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-04-13 07:07 69632]
"{D1-18-80-0E-DW}"="C:\windows\system32\kpwnw64r.exe" [ ]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 17:29 2221352]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"InCD"="C:\Program Files\Nero\Nero8\InCD\InCD.exe" [2008-02-28 14:03 1083176]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-09 09:41 249896]
"g]eeV\mWhjlnspB"="C:\WINDOWS\system32\rcntqldn.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-12-11 09:18:31 1048576]
Contr“leur.LNK - C:\Program Files\DelFax\WFXCTL32.EXE [2006-12-27 10:20:35 549888]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-12-27 16:38:25 450560]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= C:\Program Files\DelFax\WfxSeh32.Dll [1998-07-27 09:54 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-02-26 15:30 9216 C:\WINDOWS\system32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= C:\WINDOWS\system32\l3codecp.acm
"msacm.l3codecp"=
"VIDC.ACDV"= ACDV.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"MsnMsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"PCMService"="C:\Program Files\Acer TV-FM\PCMService.exe"
"MediaSync"=C:\Program Files\Acer\Acer eConsole\MediaSync.exe
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
"SiSPower"=Rundll32.exe SiSPower.dll,ModeAgent
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE
"LaunchApp"=Alaunch
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
"AspireService"=C:\Program Files\Acer\Acer eMode Management\AspireService.exe
"OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"ntiMUI"=C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
"Device Detector"=DevDetect.exe -autorun
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
"Spamihilator"="C:\Program Files\Spamihilator\spamihilator.exe"
"SecurDisc"=C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
"NeroFilterCheck"=C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer TV-FM\\PowerCinema.exe"=
"C:\\Program Files\\Acer TV-FM\\PCMService.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"\\\\Serveur\\Gestion (O)\\ASTUCES\\Astuces.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\Namo\\WebEditor 6 Trial\\bin\\WebEditor.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Spamihilator\\dccproc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 PrecSim;PrecSim;C:\WINDOWS\system32\DRIVERS\precsim.sys [2002-04-26 01:00]
R2 NeroRegInCDSrv;Nero Registry InCD Service;C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-02-28 14:04]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 14:00]
R2 wfxsvc;DelrinaFax PRO;C:\WINDOWS\system32\WFXSVC.EXE [2000-05-15 17:37]
R3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 15:46]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 14:00]
S3 Droppix Service;Droppix Service;"C:\Program Files\Fichiers communs\Droppix\DxService.exe" [2008-02-01 17:12]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-08 11:57]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 11:38]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-07 18:42:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-10 11:04:44 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 13:29:32
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"g]eeV\\mWhjlnspB"="C:\\WINDOWS\\system32\\rcntqldn.exe DWoli5FF"
.
Temps d'accomplissement: 2008-04-10 13:30:52
ComboFix-quarantined-files.txt 2008-04-10 11:30:39
ComboFix2.txt 2008-04-09 05:15:44
Pre-Run: 6,906,867,712 octets libres
Post-Run: 6,895,140,864 octets libres
.
2008-04-10 01:03:14 --- E O F ---

Logfile of HijackThis v1.99.1
Scan saved at 06:55:40, on 11.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
C:\Program Files\Cobian Backup 8\cbService.exe
C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
C:\Program Files\DelFax\WFXMOD32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\PROGRA~1\DelFax\WFXSWTCH.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\Cobian Backup 8\cbInterface.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\DeTeWe\OpenCTI.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Corel\Corel Graphics 12\Programs\CorUpd.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\DelFax\WFXCTL32.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://english.ircfast2.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aceradvantage.com/stdreg
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\DelFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Cobian Backup 8 interface] "C:\Program Files\Cobian Backup 8\cbInterface.exe" -service
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\FR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=041908 serial=DR12WUG-9117671-vnl lang=FR
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [{D1-18-80-0E-DW}] C:\windows\system32\kpwnw64r.exe DWoli5FF
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [g]eeV\mWhjlnspB] C:\WINDOWS\system32\rcntqldn.exe DWoli5FF
O4 - HKCU\..\Run: [OpenCTI] "C:\Program Files\DeTeWe\OpenCTI.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [c:_program files_corel_cor3c] C:\Program Files\Corel\Corel Graphics 12\Programs\CorUpd.exe /Watch /r="Software\Corel\CorelDRAW\12.0"
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Contrôleur.LNK = C:\Program Files\DelFax\WFXCTL32.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
O23 - Service: Cobian Backup 8 service (CobBMService) - Luis Cobian - C:\Program Files\Cobian Backup 8\cbService.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Droppix Service - Droppix - C:\Program Files\Fichiers communs\Droppix\DxService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: DelrinaFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

Et voila que te dire de plus

Salutations
0
Réponse 6 / 15
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
analyse ces fichiers sur virus total et si infécté tu le rajoute dans la partie file
https://www.virustotal.com/gui/

C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\kownw64r.exe

_________________________

Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
C:\Documents and Settings\Didier\Menu Démarrer\Programmes\Démarrage\Deewoo.lnk
C:\Documents and Settings\Didier\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
C:\WINDOWS\system32\kpwnw64r.exe
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\rcntqldn.exe
C:\WINDOWS\system32\rwwnw64d.exe
C:\WINDOWS\system32\zxdnt3d.cfg

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayide­­ntifiers\NBHShellExt]
@={8D2223A2-B3C6-4e32-B096-CDD11F628C60}
"{D1-18-80-0E-DW}"=-
"g]eeV\mWhjlnspB"=-

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
0
Réponse 7 / 15
Doudou62
 
Salut à toi JlpJlp,
Effectivement le fichier kownw64r.exe était infecter donc j'ai suivis tes recommandations ci-dessous les 2 rapports demandés.

ComboFix 08-04-08.7 - Didier 2008-04-11 11:36:24.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.452 [GMT 2:00]
Endroit: C:\Documents and Settings\Didier\Bureau\KillBagle.exe
Command switches used :: C:\Documents and Settings\Didier\Bureau\CFscript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\Documents and Settings\Didier\Menu Démarrer\Programmes\Démarrage\Deewoo.lnk
C:\Documents and Settings\Didier\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
C:\WINDOWS\system32\kownw64r.exe
C:\WINDOWS\system32\kpwnw64r.exe
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\rcntqldn.exe
C:\WINDOWS\system32\rwwnw64d.exe
C:\WINDOWS\system32\zxdnt3d.cfg
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\kownw64r.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-11 to 2008-04-11 ))))))))))))))))))))))))))))))))))))
.

2008-04-10 12:50 . 2008-04-10 12:50 100,469,258 --------- C:\SAUVEGARDE REGISTRE LE 10-4-2008.reg
2008-04-10 07:40 . 2008-04-10 07:42 <REP> d-------- C:\Program Files\Panda Security
2008-04-10 03:00 . 2008-04-10 03:03 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-04-09 13:26 . 2008-04-09 13:25 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-09 13:25 . 2008-04-09 13:34 <REP> d-------- C:\Documents and Settings\Didier\.housecall6.6
2008-04-09 12:09 . 2008-04-09 12:09 361,429 --------- C:\Img005.jpg
2008-04-09 09:39 . 2008-04-09 09:39 <REP> d-------- C:\Program Files\Avira
2008-04-09 09:39 . 2008-04-09 09:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-09 07:34 . 2008-04-10 13:34 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-09 07:34 . 2008-04-09 07:34 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-09 06:56 . 2008-04-09 06:56 <REP> d-------- C:\_OTMoveIt
2008-04-08 12:31 . 2008-04-08 12:32 <REP> d-------- C:\Program Files\RegCleaner
2008-04-08 11:57 . 2008-04-08 11:57 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-04-08 11:57 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-04-08 10:53 . 2008-04-08 08:57 141,525 --------- C:\Capture01.jpg
2008-04-08 07:34 . 2005-02-16 11:06 218,112 --------- C:\HijackThis.exe
2008-04-08 07:31 . 2008-04-08 07:31 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-08 07:31 . 2008-04-08 07:31 <REP> d-------- C:\Documents and Settings\Didier\Application Data\Malwarebytes
2008-04-08 07:31 . 2008-04-08 07:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-07 09:46 . 2008-04-07 09:46 <REP> d-------- C:\Documents and Settings\Didier\Application Data\Grisoft
2008-04-07 09:46 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-01 15:23 . 2008-04-01 15:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-01 07:54 . 2008-04-01 07:54 712,841 --------- C:\Test aptitude.JPG
2008-03-29 03:09 . 2008-04-10 06:49 933 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-03-28 13:10 . 2008-03-28 13:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-03-27 08:52 . 2008-03-27 08:52 <REP> d-------- C:\Program Files\NeroInstall.bak
2008-03-27 08:50 . 2008-03-27 08:50 <REP> d-------- C:\Documents and Settings\Didier\Application Data\Nero
2008-03-27 08:47 . 2008-03-27 08:48 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-03-27 08:47 . 2008-03-27 08:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-03-25 16:44 . 2008-03-25 16:44 33,792 --a------ C:\Devis CSF Batailles sans prix.xls
2008-03-25 15:22 . 2008-03-25 15:22 19,759 --a------ C:\8822 DV version client.xls
2008-03-25 11:42 . 2008-03-25 11:42 88,232 --a------ C:\bookmarks.html
2008-03-25 11:37 . 2008-03-25 11:40 851 --a------ C:\VSO ConvertXtoDvd.lnk
2008-03-25 11:23 . 2007-03-28 07:18 735 --a------ C:\VSO PhotoDVD.lnk
2008-03-18 11:56 . 2008-03-18 12:52 5,105 --------- C:\Abieniste mail .htm
2008-03-18 10:34 . 2008-03-18 10:22 946,016 --a------ C:\Maison Sécurité Froid.bak
2008-03-18 10:13 . 2008-03-18 10:34 970,016 --------- C:\Maison Sécurité Froid.dwg
2008-03-12 12:12 . 2008-03-12 12:12 21 --a------ C:\WINDOWS\TemplateWizard.INI

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-11 05:37 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-04-08 09:57 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-04-07 07:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-03 11:56 --------- d-----w C:\Program Files\DelFax
2008-03-27 06:47 --------- d-----w C:\Program Files\Nero
2008-03-27 06:38 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-03-27 02:37 --------- d-----w C:\Program Files\eMule
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-12 09:08 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-06 06:44 --------- d-----w C:\Program Files\Scelte32
2008-03-03 13:53 --------- d-----w C:\Program Files\Yahoo!
2008-03-03 13:53 --------- d-----w C:\Program Files\Fichiers communs\ACD Systems
2008-03-03 08:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-03 06:59 --------- d-----w C:\Documents and Settings\Didier\Application Data\Corel
2008-03-03 06:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-03 06:29 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-03-03 06:29 --------- d-----w C:\Program Files\Fichiers communs\Corel
2008-03-03 06:28 --------- d-----w C:\Program Files\Corel
2008-03-03 06:24 --------- d-----w C:\Program Files\WinISO
2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:57 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:56 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-28 16:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-02-28 12:04 238,888 ----a-w C:\WINDOWS\NuNInst.exe
2008-02-28 12:03 40,360 ----a-w C:\WINDOWS\system32\drivers\InCDRm.sys
2008-02-28 12:03 38,952 ----a-w C:\WINDOWS\system32\drivers\InCDPass.sys
2008-02-28 12:03 17,448 ----a-w C:\WINDOWS\system32\drivers\InCDrec.sys
2008-02-28 12:03 128,424 ----a-w C:\WINDOWS\system32\drivers\InCDfs.sys
2008-02-26 15:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2008-02-26 13:30 9,216 ----a-w C:\WINDOWS\system32\avgwlntf.dll
2008-02-26 06:07 --------- d-----w C:\Program Files\iTunes
2008-02-26 06:07 --------- d-----w C:\Program Files\iPod
2008-02-26 06:05 --------- d-----w C:\Program Files\QuickTime
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-18 15:21 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2008-02-18 15:21 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2008-02-18 15:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2008-02-18 06:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
2008-02-18 06:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Droppix
2008-02-18 06:52 --------- d-----w C:\Program Files\illiminable
2008-02-18 06:52 --------- d-----w C:\Program Files\Fichiers communs\LightScribe
2008-02-18 06:52 --------- d-----w C:\Program Files\Fichiers communs\Droppix
2008-02-18 06:52 --------- d-----w C:\Documents and Settings\Didier\Application Data\Droppix
2008-02-18 06:51 --------- d-----w C:\Program Files\Droppix
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-02-14 12:40 --------- d-----w C:\Program Files\PowerpointImageExtractor_V1_2
2008-02-14 10:28 --------- d-----w C:\Documents and Settings\Didier\Application Data\Spamihilator
2008-02-14 10:08 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-14 06:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-02-12 05:48 --------- d-----w C:\Documents and Settings\Didier\Application Data\Else plus
2008-02-12 05:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sign scr mags for
2007-10-02 11:28 667 ----a-w C:\Documents and Settings\Didier\Application Data\waver_2.95.dat
2007-02-15 10:02 87,608 ----a-w C:\Documents and Settings\Didier\Application Data\ezpinst.exe
2007-02-15 10:02 47,360 ----a-w C:\Documents and Settings\Didier\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((( snapshot_2008-04-10_13.30.02.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-08 06:34:42 593,920 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-04-11 05:38:31 593,920 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-04-08 06:34:42 12,288 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-04-11 05:38:31 12,288 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-04-08 06:34:42 86,016 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-04-11 05:38:31 86,016 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-04-08 06:34:42 135,168 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-04-11 05:38:31 135,168 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-04-08 06:34:42 11,264 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-04-11 05:38:31 11,264 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-04-08 06:34:42 27,136 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-04-11 05:38:32 27,136 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-04-08 06:34:42 4,096 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-04-11 05:38:32 4,096 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-04-08 06:34:42 794,624 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-04-11 05:38:32 794,624 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-04-08 06:34:42 249,856 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-04-11 05:38:31 249,856 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-04-08 06:34:42 61,440 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-04-11 05:38:31 61,440 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-04-08 06:34:42 23,040 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-04-11 05:38:32 23,040 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-04-08 06:34:42 286,720 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-04-11 05:38:31 286,720 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-04-08 06:34:42 409,600 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-04-11 05:38:30 409,600 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-04-10 11:09:20 63,860 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-11 07:36:05 63,860 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-10 11:09:20 77,014 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-04-11 07:36:05 77,014 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-04-10 11:09:20 405,310 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-11 07:36:05 405,310 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-04-10 11:09:20 472,378 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-04-11 07:36:05 472,378 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-04-10 11:33:34 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_cc.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@={8D2223A2-B3C6-4e32-B096-CDD11F628C60}

[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-02-28 14:04 97064 --a------ C:\Program Files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OpenCTI"="C:\Program Files\DeTeWe\OpenCTI.exe" [2004-12-03 14:22 221184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 15:07 1289000]
"LightScribe Control Panel"="C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2008-01-24 13:32 2289664]
"c:_program files_corel_cor3c"="C:\Program Files\Corel\Corel Graphics 12\Programs\CorUpd.exe" [2003-11-18 10:38 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
"SoundMan"="SOUNDMAN.EXE" [2005-08-16 23:39 90112 C:\WINDOWS\SOUNDMAN.EXE]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 15:40 413696]
"WFXSwtch"="C:\PROGRA~1\DelFax\WFXSWTCH.exe" [2006-12-27 10:52 28160]
"WinFaxAppPortStarter"="wfxsnt40.exe" [2006-12-27 10:52 45568 C:\WINDOWS\system32\WFXSNT40.EXE]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 15:46 28160 C:\WINDOWS\KHALMNPR.Exe]
"Cobian Backup 8 interface"="C:\Program Files\Cobian Backup 8\cbInterface.exe" [2007-03-21 00:35 2424320]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-17 14:12 135168]
"CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\FR\Programs\Registration.exe" [2003-12-03 02:52 733184]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 13:41 196608]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-04-13 07:07 69632]
"{D1-18-80-0E-DW}"="C:\windows\system32\kpwnw64r.exe" [ ]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 17:29 2221352]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"InCD"="C:\Program Files\Nero\Nero8\InCD\InCD.exe" [2008-02-28 14:03 1083176]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-09 09:41 249896]
"g]eeV\mWhjlnspB"="C:\WINDOWS\system32\rcntqldn.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-12-11 09:18:31 1048576]
Contr“leur.LNK - C:\Program Files\DelFax\WFXCTL32.EXE [2006-12-27 10:20:35 549888]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-12-27 16:38:25 450560]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= C:\Program Files\DelFax\WfxSeh32.Dll [1998-07-27 09:54 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-02-26 15:30 9216 C:\WINDOWS\system32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= C:\WINDOWS\system32\l3codecp.acm
"msacm.l3codecp"=
"VIDC.ACDV"= ACDV.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"MsnMsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"PCMService"="C:\Program Files\Acer TV-FM\PCMService.exe"
"MediaSync"=C:\Program Files\Acer\Acer eConsole\MediaSync.exe
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
"SiSPower"=Rundll32.exe SiSPower.dll,ModeAgent
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE
"LaunchApp"=Alaunch
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
"AspireService"=C:\Program Files\Acer\Acer eMode Management\AspireService.exe
"OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"ntiMUI"=C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
"Device Detector"=DevDetect.exe -autorun
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
"Spamihilator"="C:\Program Files\Spamihilator\spamihilator.exe"
"SecurDisc"=C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
"NeroFilterCheck"=C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer TV-FM\\PowerCinema.exe"=
"C:\\Program Files\\Acer TV-FM\\PCMService.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"\\\\Serveur\\Gestion (O)\\ASTUCES\\Astuces.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\Namo\\WebEditor 6 Trial\\bin\\WebEditor.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Spamihilator\\dccproc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 PrecSim;PrecSim;C:\WINDOWS\system32\DRIVERS\precsim.sys [2002-04-26 01:00]
R2 NeroRegInCDSrv;Nero Registry InCD Service;C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-02-28 14:04]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 14:00]
R2 wfxsvc;DelrinaFax PRO;C:\WINDOWS\system32\WFXSVC.EXE [2000-05-15 17:37]
R3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 15:46]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 14:00]
S3 Droppix Service;Droppix Service;"C:\Program Files\Fichiers communs\Droppix\DxService.exe" [2008-02-01 17:12]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-08 11:57]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 11:38]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-07 18:42:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-11 09:00:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-11 11:41:32
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"g]eeV\\mWhjlnspB"="C:\\WINDOWS\\system32\\rcntqldn.exe DWoli5FF"
.
Temps d'accomplissement: 2008-04-11 11:42:56
ComboFix-quarantined-files.txt 2008-04-11 09:42:43
ComboFix2.txt 2008-04-10 11:30:53
ComboFix3.txt 2008-04-09 05:15:44
Pre-Run: 6,598,123,520 octets libres
Post-Run: 6,585,888,768 octets libres
.
2008-04-10 01:03:14 --- E O F ---

Logfile of HijackThis v1.99.1
Scan saved at 13:48:27, on 11.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
C:\Program Files\Cobian Backup 8\cbService.exe
C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
C:\Program Files\DelFax\WFXMOD32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\PROGRA~1\DelFax\WFXSWTCH.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\Cobian Backup 8\cbInterface.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
C:\Program Files\DeTeWe\OpenCTI.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Corel\Corel Graphics 12\Programs\CorUpd.exe
C:\Program Files\DelFax\WFXCTL32.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://english.ircfast2.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aceradvantage.com/stdreg
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\DelFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Cobian Backup 8 interface] "C:\Program Files\Cobian Backup 8\cbInterface.exe" -service
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\FR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=041908 serial=DR12WUG-9117671-vnl lang=FR
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [{D1-18-80-0E-DW}] C:\windows\system32\kpwnw64r.exe DWoli5FF
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [g]eeV\mWhjlnspB] C:\WINDOWS\system32\rcntqldn.exe DWoli5FF
O4 - HKCU\..\Run: [OpenCTI] "C:\Program Files\DeTeWe\OpenCTI.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [c:_program files_corel_cor3c] C:\Program Files\Corel\Corel Graphics 12\Programs\CorUpd.exe /Watch /r="Software\Corel\CorelDRAW\12.0"
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Contrôleur.LNK = C:\Program Files\DelFax\WFXCTL32.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
O23 - Service: Cobian Backup 8 service (CobBMService) - Luis Cobian - C:\Program Files\Cobian Backup 8\cbService.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Droppix Service - Droppix - C:\Program Files\Fichiers communs\Droppix\DxService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: DelrinaFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

Et voila , apparement tu cerne le problème, je te l'avoue je suis impresionné, un grand merci et salutations.
0
Réponse 8 / 15
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
0
Réponse 9 / 15
Doudou62
 
Salut à toi JlpJlp,
J'ai suivi tes instructions et voila ci-dessous le rapport de SDfix.

[b]SDFix: Version 1.171 [/b]
Run by Didier on 14.04.2008 at 07:20

Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\Didier\Bureau\SDFix

[b]Checking Services [/b]:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

[b]Checking Files [/b]:

No Trojan Files Found

Removing Temp Files

[b]ADS Check [/b]:

[b]Final Check [/b]:

catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-14 07:30:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000000af
"TracesSuccessful"=dword:00000004

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

[b]Remaining Services [/b]:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe"="C:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe:LocalSubNet:Enabled:Media Synchoronizer"
"C:\\Program Files\\Acer\\Acer eConsole\\eConsole.exe"="C:\\Program Files\\Acer\\Acer eConsole\\eConsole.exe:LocalSubNet:Enabled:eConsole"
"C:\\Program Files\\Acer\\Acer eConsole\\MediaServerService.exe"="C:\\Program Files\\Acer\\Acer eConsole\\MediaServerService.exe:LocalSubNet:Enabled:Acer Media Server"
"C:\\Program Files\\Acer TV-FM\\PowerCinema.exe"="C:\\Program Files\\Acer TV-FM\\PowerCinema.exe:*:Enabled:CyberLink PowerCinema"
"C:\\Program Files\\Acer TV-FM\\PCMService.exe"="C:\\Program Files\\Acer TV-FM\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"\\\\Serveur\\Gestion (O)\\ASTUCES\\Astuces.exe"="\\\\Serveur\\Gestion (O)\\ASTUCES\\Astuces.exe:*:Enabled:Astuces.exe"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
"C:\\Program Files\\Namo\\WebEditor 6 Trial\\bin\\WebEditor.exe"="C:\\Program Files\\Namo\\WebEditor 6 Trial\\bin\\WebEditor.exe:*:Enabled:Namo WebEditor 6.0"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Spamihilator\\dccproc.exe"="C:\\Program Files\\Spamihilator\\dccproc.exe:*:Enabled:dccproc"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[b]Remaining Files [/b]:

File Backups: - C:\DOCUME~1\Didier\Bureau\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Fri 26 Apr 2002 8,704 A..H. --- "C:\Program Files\CDRWIN5\burnRPAI.exe"
Mon 5 Nov 2007 6,219,320 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Sat 20 Nov 2004 26,112 A..H. --- "C:\WINDOWS\AcerDRV\InsD1211.exe"
Tue 15 Nov 2005 26,112 A..H. --- "C:\WINDOWS\AcerDRV\InsD1215.exe"
Mon 30 Aug 2004 44,032 A..H. --- "C:\WINDOWS\AcerDRV\rescan.exe"
Sat 20 Nov 2004 26,112 A..H. --- "C:\WINDOWS\system32\InsD1211.exe"
Tue 15 Nov 2005 26,112 A..H. --- "C:\WINDOWS\system32\InsD1215.exe"
Wed 16 Nov 2005 24,576 A..HR --- "C:\WINDOWS\system32\Kill1211.exe"
Thu 3 Nov 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Thu 3 Nov 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Thu 3 Nov 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Thu 3 Nov 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Thu 3 Nov 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Thu 7 Aug 2003 24,576 A..H. --- "C:\WINDOWS\system32\reboot.exe"
Sat 20 Nov 2004 26,112 A..H. --- "C:\WINDOWS\system32\RemD1211.exe"
Tue 15 Nov 2005 26,112 A..H. --- "C:\WINDOWS\system32\RemD1215.exe"
Mon 30 Aug 2004 44,032 A..H. --- "C:\WINDOWS\system32\rescan.exe"
Thu 4 Dec 1997 5,969,408 ...H. --- "C:\Corel\Graphics8\Programs\CNSFlt80.dll"
Wed 3 Dec 1997 431,104 ...H. --- "C:\Corel\Graphics8\Programs\convintl.dll"
Wed 5 Nov 1997 77,312 ...H. --- "C:\Corel\Graphics8\Programs\Mos1680.dll"
Thu 6 Nov 1997 4,608 ...H. --- "C:\Corel\Graphics8\Programs\Mos3280.dll"
Mon 14 May 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 15 Nov 2005 78,104 ..SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe"
Thu 24 Nov 2005 17,920 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setup.dll"
Thu 24 Nov 2005 12,880 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll"
Thu 22 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

[b]Finished![/b]

Voila je te laisse en tirer les conclusions, encore merci de ton aide
0
Réponse 10 / 15
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aceradvantage.com/stdreg

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [g]eeV\mWhjlnspB] C:\WINDOWS\system32\rcntqldn.exe DWoli5FF

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

____________________________

télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :
C:\WINDOWS\system32\rcntqldn.exe

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

_____________________________

scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
____________________________

si tout c'est bien passé désactive la restauration système pour purger les virus qui seraient dedans puis réactive là : https://www.informatruc.com
___________________________

recolle un hijackhtis et dis tes soucis actuels
0
Réponse 11 / 15
Doudou62
 
Salut à toi JlpJlp,
J'ai éffectué les opérations demandées
Selon toute vraissemblance tout me semble OK, je te poste les 3 rapports, tu me dira ce que tu en pense.

File/Folder C:\WINDOWS\system32\rcntqldn.exe not found.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04142008_101405

Malwarebytes' Anti-Malware 1.11
Version de la base de données: 623

Type de recherche: Examen complet (C:\|D:\|H:\|I:\|J:\|K:\|O:\|P:\|Q:\|R:\|T:\|)
Eléments examinés: 265203
Temps écoulé: 1 hour(s), 15 minute(s), 49 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Logfile of HijackThis v1.99.1
Scan saved at 13:17:07, on 14.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
C:\Program Files\Cobian Backup 8\cbService.exe
C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\DelFax\WFXMOD32.EXE
C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\PROGRA~1\DelFax\WFXSWTCH.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\Cobian Backup 8\cbInterface.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\DeTeWe\OpenCTI.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Corel\Corel Graphics 12\Programs\CorUpd.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\DelFax\WFXCTL32.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://english.ircfast2.com/index.php?rvs=hompag
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\DelFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Cobian Backup 8 interface] "C:\Program Files\Cobian Backup 8\cbInterface.exe" -service
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\FR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=041908 serial=DR12WUG-9117671-vnl lang=FR
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [OpenCTI] "C:\Program Files\DeTeWe\OpenCTI.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [c:_program files_corel_cor3c] C:\Program Files\Corel\Corel Graphics 12\Programs\CorUpd.exe /Watch /r="Software\Corel\CorelDRAW\12.0"
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Contrôleur.LNK = C:\Program Files\DelFax\WFXCTL32.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
O23 - Service: Cobian Backup 8 service (CobBMService) - Luis Cobian - C:\Program Files\Cobian Backup 8\cbService.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Droppix Service - Droppix - C:\Program Files\Fichiers communs\Droppix\DxService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: DelrinaFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

Un grand merci
0
Réponse 12 / 15
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok c'est bon

encore des problèmes?????,
0
Réponse 13 / 15
Doudou62
 
Salut à toi JlpJlp,
Un grand merci pour ton aide, je suis content que l'on soie arriver au bout de ces virus. Une dernière petit questions que me conseille tu comme anti-virus pour éviter ce genre de problème, j'avais Avast, maintenant j'ai installé anti-Vir selon les test comparatif il serait mieux, quand pense tu??

Un grand merci encore
0
Réponse 14 / 15
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok c'est bon!

mets a jour java et adobe reader

pour java: DEMARRER puis PANNEAU DE CONFIGRATION puis JAVA
pour adobe : https://www.commentcamarche.net/telecharger/bureautique/2625-adobe-reader/

pour protéger gratos ton ordi

securite

mettre un antivirus

ANTIVIR (en anglais mais très efficace)
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions:

MalwareByte's Anti-Malware+ SPYBOT

+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

--------
un pare feu :
celui de Windows ou mieux KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
zonealarm

-----------

CCLEANER pour effacer les traces de surf
0
Réponse 15 / 15
Doudou62
 
Salut à toi JlpJlp,

J'ai suivis tes instructions et cela fonctionne comme il faut, un grand merci pour ton aide et tes conseils

Bonne continuation
0

Discussions similaires

win32:malware-gen bloqué par avast
ikkual -
Utilisateur anonyme -

69 réponses
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Win32:Adware-gen [Adw]
nico -
nico -

98 réponses
Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
Win64 malware gen
jules555 -
bazfile -

1 réponse