Svp aide: virus cafards qui grignote ecran!

Résolu
titoska Messages postés 41 Statut Membre -  
 dhorn -
Bonjour a vous

J'ai depui recement des virus sur mon pc,ce sont des cafard qui apparaisse sur mon ecran au bout de 5 minutes d'inactivité,j'ai aussi mon image du bureau qui changé a chaque démarage,l'image qui revient toujours est un message indiquant que je suis infecté par des virus.
J'ai utilisé spybot,ad aware,mais rien ni fait.J'ai avast comme antivirus.
Sa fait deux jour que spybot me dit qu'il y a des clefs systeme qui demande a etre changé,j'avais jamais vu sa!

Si quelqu'un pourrait m'aider sa serai super sympa,la j'y arrive pas

++
Configuration: Windows XP
Internet Explorer 6.0

43 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Le problème central est une infection par des virus et malwares sous Windows XP qui affichent des messages d'infection et modifient l'image du bureau après l'inactivité, malgré Avast et des outils anti‑spyware.
Plusieurs recommandations passent par des outils spécialisés tels que HijackThis, VundoFix et Malwarebytes, lancés en mode sans échec et permettant d'analyser les rapports pour identifier et supprimer les éléments compromis.
D'autres propositions incluent des scans complémentaires via ComboFix, la restauration système et la réinstallation éventuelle du système d'exploitation lorsque les infections persistent et que les avertissements persistent.
Des mises à jour Windows et une réduction des droits d'utilisateur peuvent limiter les complications futures, et il est recommandé de maintenir les outils à jour et d'effectuer régulièrement des sauvegardes.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Rohmer37 Messages postés 5 Statut Membre 1
     
    Bonjours installe hijack this ==> http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

    Clique sur do i scan and save a log file

    Installe gen proc lien + tuto ici ==> https://astuces-pc.xooit.fr/t84-Tutoriel-d-utilisation-genproc.htm
    1
    1. titoska Messages postés 41 Statut Membre
       
      Merci beaucou pour votre aide,voila les rapports:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 19:26:04, on 13/05/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\WINDOWS\OEM02Mon.exe
      C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
      C:\WINDOWS\stsystra.exe
      C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
      C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
      C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
      C:\Program Files\Dell\QuickSet\quickset.exe
      C:\WINDOWS\system32\KADxMain.exe
      C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
      C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
      C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      C:\Program Files\Dell\MediaDirect\PCMService.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
      C:\Program Files\DAEMON Tools Lite\daemon.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\Digital Line Detect\DLG.exe
      C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
      C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\SNDVOL32.EXE
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\WINDOWS\system32\taskmgr.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\system32\notepad.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.google.com/smallbiz.dell.com/fr_fr?hl=fr&client=dell-row&channel=fr-smb&ibd=5080421
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/hws/sb/dell-row/fr/side.html?channel=fr-smb
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr/hws/sb/dell-row/fr/side.html?channel=fr-smb
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://partnerpage.google.com/smallbiz.dell.com/fr_fr?hl=fr&client=dell-row&channel=fr-smb&ibd=5080421
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/fr-fr?c=fr&l=fr&s=gen&redirect=1
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.dell.com/fr-fr?c=fr&l=fr&s=gen&redirect=1
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/hws/sb/dell-row/fr/side.html?channel=fr-smb
      R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://partnerpage.google.com/smallbiz.dell.com/fr_fr?hl=fr&client=dell-row&channel=fr-smb&ibd=5080421
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://partnerpage.google.com/smallbiz.dell.com/fr_fr?hl=fr&client=dell-row&channel=fr-smb&ibd=5080421
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {2F9CF9DE-394D-4A5A-A3FA-2B80D8FF77AB} - C:\WINDOWS\system32\cbXRIAQj.dll (file missing)
      O2 - BHO: (no name) - {33AA8EA0-80E7-4342-BF64-B4B062FC2734} - C:\WINDOWS\system32\wvUlijKd.dll (file missing)
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: (no name) - {C3A9074B-1E3C-45D6-9195-604CE2F1D5B8} - C:\WINDOWS\system32\vtUmKCvs.dll
      O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
      O2 - BHO: (no name) - {E1E4E0CB-1632-44C1-BBD4-F1B777C0B72C} - C:\WINDOWS\system32\awtusqpo.dll (file missing)
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
      O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
      O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
      O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
      O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
      O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
      O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
      O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
      O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
      O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
      O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
      O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
      O4 - HKLM\..\RunOnce: [SpybotDeletingA6721] command /c del "C:\WINDOWS\system32\cbXRIAQj.dll_old"
      O4 - HKLM\..\RunOnce: [SpybotDeletingC8857] cmd /c del "C:\WINDOWS\system32\cbXRIAQj.dll_old"
      O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\RunOnce: [SpybotDeletingB5038] command /c del "C:\WINDOWS\system32\cbXRIAQj.dll_old"
      O4 - HKCU\..\RunOnce: [SpybotDeletingD6529] cmd /c del "C:\WINDOWS\system32\cbXRIAQj.dll_old"
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
      O20 - Winlogon Notify: vtUmKCvs - C:\WINDOWS\SYSTEM32\vtUmKCvs.dll
      O21 - SSODL: mpfanvqg - {A873E136-11FB-46F0-B817-34CD4A6A2F27} - C:\WINDOWS\mpfanvqg.dll (file missing)
      O21 - SSODL: vbksrofa - {A8C90E2E-FDD3-4FF7-BD81-B8CC592682B4} - C:\WINDOWS\vbksrofa.dll (file missing)
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
      O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
      O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
      O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
      O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
      0
  2. Utilisateur anonyme
     
    Titoska, tu choisis de suivre les instructions de Rohmer ou les miennes ? C'est juste pour savoir.

    Si tu suis les miennes :
    *Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
    http://www.atribune.org/ccount/click.php?id=4
    *Double-clique VundoFix.exe afin de le lancer.
    *Clique sur le bouton Scan for Vundo.
    *Lorsque le scan est complété, clique sur le bouton Fix Vundo.
    *Une invite te demandera si tu veux supprimer les fichiers, clique YES
    *Après avoir cliqué Yes, le Bureau disparaîtra un moment lors de la suppression des fichiers.
    *Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
    *Démarre ton PC à nouveau.
    *Copie/colle le contenu du rapport situé dans C:\vundofix.txt

    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo"

    *Télécharge MalwareByte's :
    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
    *Poste le rapport final
    1
    1. titoska Messages postés 41 Statut Membre
       
      Merci pour ton aide 12.eleven,je vai suivre tes instruction
      Petite info les mise a jour windows se sont desactivé et l'ordi rame enormément,j'ai presque du mal a t'envoyé ce message.
      Vundo ne trouve rien
      Voici le rapport fixnavi:

      Search Navipromo version 3.5.7 commencé le 13/05/2008 à 19:34:15,50

      !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
      !!! Postez ce rapport sur le forum pour le faire analyser !!!
      !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

      Outil exécuté depuis C:\Program Files\navilog1
      Session actuelle : "Richard"

      Mise à jour le 11.05.2008 à 18h00 par IL-MAFIOSO


      Microsoft Windows XP [version 5.1.2600]
      Internet Explorer : 6.0.2900.2180
      Système de fichiers : NTFS

      Recherche executé en mode normal

      *** Recherche Programmes installés ***


      *** Recherche dossiers dans "C:\WINDOWS" ***


      *** Recherche dossiers dans "C:\Program Files" ***


      *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


      *** Recherche dossiers dans "c:\docume~1\alluse~1\menudÉ~1\progra~1" ***


      *** Recherche dossiers dans "C:\Documents and Settings\Richard\applic~1" ***


      *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***


      *** Recherche dossiers dans "C:\Documents and Settings\Richard\locals~1\applic~1" ***


      *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***


      *** Recherche dossiers dans "C:\Documents and Settings\Richard\menudm~1\progra~1" ***

      *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
      pour + d'infos : http://www.gmer.net

      Aucun Fichier trouvé


      *** Recherche avec GenericNaviSearch ***
      !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
      !!! A vérifier impérativement avant toute suppression manuelle !!!

      * Recherche dans "C:\WINDOWS\system32" *

      * Recherche dans "C:\Documents and Settings\Richard\locals~1\applic~1" *

      * Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *



      *** Recherche fichiers ***



      *** Recherche clés spécifiques dans le Registre ***


      *** Module de Recherche complémentaire ***
      (Recherche fichiers spécifiques)

      1)Recherche nouveaux fichiers Instant Access :


      2)Recherche Heuristique :

      * Dans "C:\WINDOWS\system32" :


      * Dans "C:\Documents and Settings\Richard\locals~1\applic~1" :


      * Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :


      3)Recherche Certificats :

      Certificat Egroup absent !
      Certificat Electronic-Group absent !
      Certificat OOO-Favorit absent !
      Certificat Sunny-Day-Design-Ltd absent !

      4)Recherche fichiers connus :

      C:\WINDOWS\system32\dKjilUvw.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
      C:\WINDOWS\system32\jQAIRXbc.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
      C:\WINDOWS\system32\opqsutwa.ini2 trouvé ! infection Vundo possible non traitée par cet outil !


      *** Analyse terminée le 13/05/2008 à 19:41:33,70 ***
      0
    2. titoska Messages postés 41 Statut Membre
       
      Une autre question,Spybot me harcele de message comme quoi un élement important du registre a été modifié,j'en ai recu une bonne cinquantaine en 20 min,et je ne sai pa quoi faire,est ce que jeccepte les modif ou pas,au début jcroyai qu'il fallait dire oui mmaintenant je dit non a chaque fois,sa m'inquiete.
      Et j'arive pa a remettre l'exécution des mises a jour windows.
      J'ai l'impression que c'est du costaud ce virus...
      Et encore merci pour votre aide
      0
  3. Utilisateur anonyme
     
    Bonjour,

    Télécharge Navilog1 sur ton Bureau.
    http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
    Double-clique sur navilog1.exe pour lancer l'installation.
    Une fois l'installation effectuée, le fix s'exécutera automatiquement.
    (Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
    Laisse-toi guider. Au menu principal, choisis 1 et valide.

    Ne fais pas les choix 2, 3 ou 4 sans mon accord!

    Patiente jusqu'au message :
    *** Analyse Termine le ..... ***

    Appuie sur une touche comme demandé, le bloc-notes va s'ouvrir.
    Copie-colle l'intégralité du rapport dans ta réponse. Referme le bloc-note.
    (Le rapport est sauvegardé à la racine du disque (C:\fixnavi.txt)

    Télécharge HijackThis
    http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
    Installe le à la racine de ton disque dur
    Lance HijackThis en double-cliquant sur l'icône HijackThis
    Clique sur Do a system Scan only and Save a Logfile
    Un rapport sera généré dans le bloc-note (le rapport est également situé ici : C:\hijackthis.log)
    Copie/colle le rapport dans ton prochain message.
    0
  4. Utilisateur anonyme
     
    C'est le TeaTimer, désactive le pour l'instant, ça va plus gêner qu'autre chose

    Ensuite fais ceci :
    Rends toi ici :
    http://uploadmalware.com/
    Remplis les informations demandées
    Dans File To Submit, clique sur Parcourir et cherche ces 3 fichiers :
    C:\WINDOWS\system32\dKjilUvw.ini2
    C:\WINDOWS\system32\jQAIRXbc.ini2
    C:\WINDOWS\system32\opqsutwa.ini2
    Clique sur Send File

    ---------------------------------------------------------------------------------------------------------------------------------------------

    Ensuite,
    Ouvre Vundofix.exe
    Clique-droit dans la carré blanc
    Clique sur Add more files?
    Navigue jusqu'au fichier :
    C:\WINDOWS\system32\dKjilUvw.ini2
    Le chemin complet du fichier s'affiche dans le carré blanc.
    Coche-le
    Clique sur Fix Vundo
    Clique oui à la question " Are you sure you want to remove these files?"
    Si un message s'affiche comme celui-ci par exemple :
    "C:\WINDOWS\system32\dKjilUvw.ini2 could not be deleted, VundoFix will load on reboot to attempt removal.Please Clic remove vundo once your machine has rebooted."
    Clique sur ok
    Clique ok pour redémarrer le pc
    Clique droit dans le carré blanc
    Clique sur Add more files?
    Navigue jusqu'au fichier :
    C:\WINDOWS\system32\dKjilUvw.ini2
    Le chemin complet du fichier s'affiche dans le carré blanc.
    Coche-le.
    Clique sur Fix Vundo
    Clique sur ok pour redémarrer le pc.
    Copie/colle le rapport C:\VundoFix.txt

    ---------------------------------------------------------------------------------------------------------------------------------------------

    Refais exactement la même manip pour ces 2 fichiers :
    C:\WINDOWS\system32\jQAIRXbc.ini2
    C:\WINDOWS\system32\opqsutwa.ini2

    Poste les rapports.
    0
    1. v2p4ever Messages postés 5 Statut Membre
       
      j'ai le meme probleme merci de m'aider!
      voici le rapport hijackthis
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 22:25:07, on 13/05/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\SYSTEM32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Windows Defender\MsMpEng.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
      C:\WINDOWS\System32\FTRTSVC.exe
      C:\WINDOWS\SYSTEM32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\lxcrcoms.exe
      C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
      C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
      C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
      C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
      C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE
      C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
      c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
      C:\PROGRA~1\AVG\AVG8\avgrsx.exe
      C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\AVG\AVG8\avgemc.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\WINDOWS\ALCWZRD.EXE
      C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
      C:\Program Files\Lexmark 2400 Series\ezprint.exe
      C:\Program Files\RFA Platinum\rfagent.exe
      C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
      C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE
      C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
      C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
      C:\PROGRA~1\Wanadoo\ComComp.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\PROGRA~1\Wanadoo\Toaster.exe
      C:\PROGRA~1\Wanadoo\Inactivity.exe
      C:\PROGRA~1\Wanadoo\PollingModule.exe
      C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
      C:\Program Files\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE
      C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe
      C:\Program Files\Panda Security\Panda Internet Security 2008\PavBckPT.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files\AVG\AVG8\avgssie.dll
      O2 - BHO: (no name) - {88ebbe0b-5ff8-4b84-b043-71a216374a5b} - C:\WINDOWS\system32\geBqQJYR.dll
      O2 - BHO: (no name) - {f0dacccb-99fa-4ed9-8fd2-7fa8677b5df5} - (no file)
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
      O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
      O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
      O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
      O4 - HKLM\..\Run: [WOOTASKBARICON] "C:\PROGRA~1\Wanadoo\GestMaj.exe" TaskBarIcon.exe
      O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
      O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA Platinum\rfagent.exe"
      O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s
      O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe"
      O4 - HKCU\..\Run: [WOOKIT] "C:\PROGRA~1\Wanadoo\Shell.exe" appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
      O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
      O16 - DPF: {5d86ddb5-bdf9-441b-9e9e-d4730f4ee499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
      O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
      O20 - AppInit_DLLs: avgrsstx.dll
      O20 - Winlogon Notify: crypt - crypts.dll (file missing)
      O20 - Winlogon Notify: geBqQJYR - C:\WINDOWS\SYSTEM32\geBqQJYR.dll
      O20 - Winlogon Notify: WinNt32 - C:\WINDOWS\SYSTEM32\WinNt32.dll
      O21 - SSODL: mpfanvqg - {84DBB626-46AF-4A22-8999-9B692EC103B1} - (no file)
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
      O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
      O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
      O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
      O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
      O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
      O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
      O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
      O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
      O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
      O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    Crée ton propre sujet stp.

    Tu n'as pas la meme configuration etc etc ...
    Et ici, c'est le sujet de Titoska.

    Crée ton propre sujet, je viendrais t'y répondre ;)
    0
    1. v2p4ever Messages postés 5 Statut Membre
       
      ok je sais pas comment on fait mais je vais essayer
      Merci
      0
  7. Utilisateur anonyme
     
    Clique sur "Posez votre question"
    0
    1. titoska
       
      Je viens d'effacé les 3 fichiers
      J'ai toujour des popup mais j'ai l'impression qu'il y a un mieux ;°).Par contre je sais toujour pa ce que je doi répondre a spybot quand i me demande d'autorisé ou non les modification systeme,et le probleme des mises a jour windows!
      Vraiment merci pour ton aide
      voici le nouveau rapport hijackthis:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 23:15:08, on 13/05/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\WINDOWS\OEM02Mon.exe
      C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
      C:\WINDOWS\stsystra.exe
      C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
      C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      C:\Program Files\Dell\QuickSet\quickset.exe
      C:\WINDOWS\system32\KADxMain.exe
      C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
      C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
      C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      C:\Program Files\Dell\MediaDirect\PCMService.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
      C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\DAEMON Tools Lite\daemon.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Digital Line Detect\DLG.exe
      C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
      C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\WINDOWS\system32\taskmgr.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.google.com/smallbiz.dell.com/fr_fr?hl=fr&client=dell-row&channel=fr-smb&ibd=5080421
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/hws/sb/dell-row/fr/side.html?channel=fr-smb
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr/hws/sb/dell-row/fr/side.html?channel=fr-smb
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://partnerpage.google.com/smallbiz.dell.com/fr_fr?hl=fr&client=dell-row&channel=fr-smb&ibd=5080421
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/fr-fr?c=fr&l=fr&s=gen&redirect=1
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.dell.com/fr-fr?c=fr&l=fr&s=gen&redirect=1
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/hws/sb/dell-row/fr/side.html?channel=fr-smb
      R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://partnerpage.google.com/smallbiz.dell.com/fr_fr?hl=fr&client=dell-row&channel=fr-smb&ibd=5080421
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://partnerpage.google.com/smallbiz.dell.com/fr_fr?hl=fr&client=dell-row&channel=fr-smb&ibd=5080421
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
      O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
      O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
      O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
      O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
      O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
      O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
      O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
      O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
      O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
      O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
      O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKLM\..\Run: [ec652a42] rundll32.exe "C:\WINDOWS\system32\dcpadbuf.dll",b
      O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
      O21 - SSODL: mpfanvqg - {A873E136-11FB-46F0-B817-34CD4A6A2F27} - C:\WINDOWS\mpfanvqg.dll (file missing)
      O21 - SSODL: vbksrofa - {A8C90E2E-FDD3-4FF7-BD81-B8CC592682B4} - C:\WINDOWS\vbksrofa.dll (file missing)
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
      O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
      O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
      O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
      O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
      0
    2. titoska Messages postés 41 Statut Membre
       
      bonjour a toi 12.eleven
      Malgré de petite amélioration j'ai toujours le probleme des cafards qui apparaisse sur l'écran,et avast ma enfin détecté un nom de virus,il s'appel

      C:\WINDOWS\system32\vtUmKCvs.dll , c'est un Win32:Rootkit-gen [Rtk] et apparament avast ne sait pas tro comment le gerer car il revient tout le temp,surtout quand j'utilise internet explorer ou alors quand je tente de remettre les mises a jour windows(qui sont tjr désactivé)

      C'est une grande bataille que ces virus,j'avais jamais vu des trucs aussi résistant

      Merci encore de m'accordé ton aide précieuse,je fais de la musique sur ordi et sans toi mon ordi serai une mobylette(qui tousse) la ou il devrai etre une bonne moto,surtout qu'il est neuf!!

      Bonne journée
      ++
      0
  8. Utilisateur anonyme
     
    On va y aller un peu plus fort alors.

    Télécharge ComboFix (place-le dans un dossier où tu pourras le retrouver facilement !)
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Exécute-le.
    Choisis l'option 1.
    Le bureau peut disparaître pendant le scan : c'est normal.
    À la fin, il va créer un rapport situé à la racine de ton disque dur. (C:\ComboFix.txt)
    Ouvre-le et colle-le ici.

    PS : Si l'écran ne réapparaît pas :
    Appuie simultanément sur CTRL + ALT + SUPPR.
    Le Gestionnaire des tâches s'ouvre. Clique sur Fichier puis sur Exécuter. Tape explorer et valide. Le bureau s'affichera à nouveau.
    0
  9. titoska Messages postés 41 Statut Membre
     
    J'ai telechargé ton logiciel,mais avast me dit que c'est un virus Win32:Rootkit-gen [Rtk]
    Donc je l'installe quand meme?
    0
  10. Utilisateur anonyme
     
    Oui, désactive Avast! On changera après et on mettre Antivir plutôt, plus performant.

    Ne clique pas dans la fenêtre pendant le scan, ça provoquerait le gel du programme
    0
  11. titoska Messages postés 41 Statut Membre
     
    ComboFix 08-05-12.1 - Richard 2008-05-14 14:35:30.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2461 [GMT 2:00]
    Endroit: C:\ComboFix.exe
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\cookies.ini
    C:\WINDOWS\system32\aqktbibx.ini
    C:\WINDOWS\system32\ipoadgth.ini
    C:\WINDOWS\system32\jQAIRXbc.ini
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\opqsutwa.ini
    C:\WINDOWS\system32\qslinxng.ini
    C:\WINDOWS\system32\TBHQYJjl.ini
    C:\WINDOWS\system32\TBHQYJjl.ini2
    C:\WINDOWS\system32\tduprqgq.ini
    C:\WINDOWS\system32\ykfhutxs.ini

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-14 to 2008-05-14 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-14 14:12 . 2008-05-14 14:12 1,914,914 --a------ C:\ComboFix.exe
    2008-05-14 02:42 . 2008-05-14 02:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    2008-05-14 02:41 . 2008-05-14 02:41 <REP> d-------- C:\Program Files\NCH Swift Sound
    2008-05-14 02:41 . 2008-05-14 02:41 <REP> d-------- C:\Documents and Settings\Richard\Application Data\NCH Swift Sound
    2008-05-14 01:02 . 2008-05-14 01:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-05-14 01:02 . 2008-05-14 01:02 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-05-14 00:17 . 2008-05-14 00:17 <REP> d-------- C:\Documents and Settings\Richard\Application Data\Ubisoft
    2008-05-14 00:13 . 2008-05-14 00:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
    2008-05-14 00:11 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
    2008-05-14 00:00 . 2008-05-14 00:00 <REP> d-------- C:\Program Files\Ubisoft
    2008-05-13 21:13 . 2008-05-13 21:13 <REP> d-------- C:\Program Files\CCleaner
    2008-05-13 20:56 . 2008-05-13 23:11 534 ---hs---- C:\WINDOWS\system32\fubdapcd.ini
    2008-05-13 20:54 . 2008-05-13 23:09 <REP> d-------- C:\VundoFix Backups
    2008-05-13 19:30 . 2008-05-13 20:48 <REP> d-------- C:\Program Files\Navilog1
    2008-05-13 19:09 . 2008-05-13 19:09 <REP> d-------- C:\Program Files\Trend Micro
    2008-05-13 10:23 . 2008-05-13 10:23 <REP> d-------- C:\Documents and Settings\Richard\Application Data\Grisoft
    2008-05-13 10:22 . 2008-05-13 10:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-05-13 10:22 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-05-12 18:10 . 2008-05-12 18:10 <REP> d-------- C:\Program Files\Big Tick Angelina 1.1
    2008-05-12 18:07 . 2008-05-12 18:07 <REP> d-------- C:\Program Files\crusherXLive3
    2008-05-12 18:05 . 2008-05-12 18:05 <REP> d-------- C:\Audio
    2008-05-12 08:06 . 2008-05-12 08:06 91,776 --------- C:\WINDOWS\system32\htgdaopi.dll
    2008-05-12 07:54 . 2008-05-12 21:37 97,762 --ahs---- C:\WINDOWS\system32\dKjilUvw.ini
    2008-05-10 15:19 . 2008-05-10 15:23 <REP> d-------- C:\Documents and Settings\Richard\Application Data\Propellerhead Software
    2008-05-10 15:19 . 2008-05-10 15:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
    2008-05-10 15:19 . 2008-05-10 15:19 233,472 --a------ C:\WINDOWS\system32\REX Shared Library.dll
    2008-05-10 15:18 . 2008-05-10 15:18 <REP> d-------- C:\Program Files\Propellerhead
    2008-05-10 14:25 . 2008-05-10 14:25 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-05-10 14:25 . 2008-05-10 15:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-05-09 15:21 . 2008-05-09 15:21 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
    2008-05-09 13:40 . 2008-05-09 13:40 <REP> d-------- C:\Program Files\EDIROL
    2008-05-09 13:18 . 2008-05-09 13:18 90,752 --------- C:\WINDOWS\system32\gnxnilsq.dll
    2008-05-09 13:12 . 2008-05-09 13:12 30,336 --a------ C:\WINDOWS\system32\ljJBQJAt.dll
    2008-05-09 13:12 . 2008-05-09 13:12 1 --a------ C:\WINDOWS\system32\kr_done1de
    2008-05-09 13:11 . 2008-05-10 09:40 160,256 --a------ C:\WINDOWS\system32\blackster.scr
    2008-05-09 12:56 . 2008-05-09 12:56 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2008-05-08 12:41 . 2008-05-08 12:41 <REP> d-------- C:\Program Files\Capcom
    2008-05-07 23:05 . 2008-05-07 23:05 <REP> d-------- C:\Program Files\Common Files
    2008-05-07 23:00 . 2008-05-07 23:00 <REP> d-------- C:\Program Files\Spectrasonics2
    2008-05-07 12:08 . 2008-05-07 12:08 22,328 --a------ C:\Documents and Settings\Richard\Application Data\PnkBstrK.sys
    2008-05-07 11:57 . 2008-05-07 11:57 <REP> d-------- C:\Program Files\Electronic Arts
    2008-05-06 15:50 . 2008-05-06 15:50 <REP> d-------- C:\Documents and Settings\Richard\Application Data\Apple Computer
    2008-05-06 15:37 . 2008-05-06 15:38 <REP> d-------- C:\Program Files\QuickTime
    2008-05-06 15:37 . 2008-05-06 15:37 <REP> d-------- C:\Program Files\Apple Software Update
    2008-05-06 15:37 . 2008-05-06 15:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-05-06 15:37 . 2008-05-06 15:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2008-05-02 10:37 . 2008-05-02 10:37 <REP> d-------- C:\Program Files\Arturia
    2008-05-02 10:37 . 2003-09-10 17:00 163,840 --a------ C:\WINDOWS\system32\ArtFfct.dll
    2008-04-28 14:50 . 2008-04-28 14:50 <REP> d-------- C:\Program Files\rgcaudio software
    2008-04-27 18:26 . 2008-04-27 18:26 <REP> d-------- C:\Program Files\iZotope
    2008-04-27 18:26 . 2008-04-27 18:26 <REP> d-------- C:\Program Files\Fichiers communs\iZotope
    2008-04-27 15:32 . 2008-04-27 15:32 <REP> d-------- C:\Program Files\MSBuild
    2008-04-27 15:31 . 2008-04-27 15:31 <REP> d-------- C:\Program Files\Microsoft.NET
    2008-04-27 15:29 . 2008-04-27 15:32 <REP> d-------- C:\WINDOWS\SHELLNEW
    2008-04-27 15:28 . 2008-04-27 15:28 <REP> dr-h----- C:\MSOCache
    2008-04-27 15:28 . 2008-04-28 03:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-04-26 14:12 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2008-04-26 14:12 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
    2008-04-26 14:12 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2008-04-26 13:53 . 2008-04-26 13:53 <REP> d-------- C:\Program Files\uTorrent
    2008-04-26 13:53 . 2008-05-13 19:04 <REP> d-------- C:\Documents and Settings\Richard\Application Data\uTorrent
    2008-04-26 13:47 . 2008-05-09 06:45 <REP> d-------- C:\Program Files\eMule
    2008-04-26 03:02 . 2006-08-21 11:14 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
    2008-04-26 03:02 . 2006-08-21 11:14 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
    2008-04-26 03:02 . 2006-08-21 14:26 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
    2008-04-26 03:01 . 2008-04-26 03:01 <REP> d-------- C:\Program Files\MSXML 4.0
    2008-04-25 23:37 . 2008-04-25 23:37 <REP> d-------- C:\Program Files\Fichiers communs\Native Instruments
    2008-04-25 23:37 . 2008-04-25 23:37 <REP> d-------- C:\Program Files\Fichiers communs\Digidesign
    2008-04-25 23:36 . 2008-04-26 14:43 <REP> d-------- C:\Program Files\Native Instruments
    2008-04-25 22:25 . 2008-05-07 23:07 <REP> d-------- C:\Program Files\Spectrasonics
    2008-04-25 22:06 . 2003-07-31 19:28 147,425 --a------ C:\WINDOWS\system32\SYNSOACC-Aide.chm
    2008-04-25 22:06 . 2003-05-26 14:29 120,468 --a------ C:\WINDOWS\system32\SYNSOACC-Hilfe.chm
    2008-04-25 22:06 . 2003-05-26 14:29 114,279 --a------ C:\WINDOWS\system32\SYNSOACC-Help.chm
    2008-04-25 22:06 . 2005-05-09 20:08 33,792 --a------ C:\WINDOWS\system32\drivers\cledx.sys
    2008-04-25 22:05 . 2008-04-25 22:06 <REP> d-------- C:\Program Files\Syncrosoft
    2008-04-25 22:05 . 2005-11-08 20:02 708,608 --a------ C:\WINDOWS\system32\SYNSOACC.dll
    2008-04-25 22:05 . 2005-11-08 11:20 147,456 --a------ C:\WINDOWS\system32\SynsoLChk.dll
    2008-04-25 22:05 . 2005-11-03 17:14 45,056 --a------ C:\WINDOWS\system32\Synsopos.exe
    2008-04-25 22:05 . 2005-11-03 12:17 16,896 --a------ C:\WINDOWS\system32\drivers\synasUSB.sys
    2008-04-25 22:02 . 2008-05-12 18:16 <REP> d-------- C:\Program Files\Steinberg
    2008-04-25 21:35 . 2008-04-25 21:35 1,160 --a------ C:\WINDOWS\mozver.dat
    2008-04-25 21:31 . 2008-04-25 22:14 <REP> d-------- C:\Documents and Settings\Richard\Contacts
    2008-04-25 21:27 . 2008-04-25 21:27 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
    2008-04-25 21:25 . 2008-04-25 21:25 <REP> d-------- C:\Program Files\Alwil Software
    2008-04-25 21:23 . 2008-05-07 11:19 <REP> d-------- C:\Documents and Settings\Richard\dwhelper
    2008-04-25 21:06 . 2008-04-25 21:06 <REP> d-------- C:\Documents and Settings\Richard\Application Data\MSNInstaller
    2008-04-25 21:01 . 2008-04-25 21:27 <REP> d-------- C:\Program Files\Windows Live
    2008-04-25 21:01 . 2008-04-25 21:27 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-04-25 21:01 . 2008-04-25 21:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-04-25 20:53 . 2008-04-25 20:53 0 --a------ C:\WINDOWS\nsreg.dat
    2008-04-25 20:47 . 2008-04-25 20:47 <REP> d---s---- C:\Documents and Settings\Richard\UserData
    2008-04-25 19:40 . 2008-04-25 19:40 <REP> d-------- C:\Documents and Settings\Richard\Application Data\Media Player Classic
    2008-04-25 18:49 . 2008-04-25 18:49 <REP> d-------- C:\Documents and Settings\Richard\Application Data\tmp
    2008-04-25 18:49 . 2008-04-25 18:49 <REP> d-------- C:\Documents and Settings\Richard\Application Data\Reallusion
    2008-04-25 18:49 . 2008-04-25 18:49 <REP> d-------- C:\Documents and Settings\Richard\Application Data\Creative
    2008-04-25 17:33 . 2008-04-25 17:33 <REP> d-------- C:\Program Files\SLD Codec Pack
    2008-04-25 17:20 . 2008-04-25 17:20 <REP> d-------- C:\Program Files\DAEMON Tools Lite
    2008-04-25 17:19 . 2008-04-25 17:19 4,128 --a------ C:\INFCACHE.1
    2008-04-25 17:17 . 2008-04-25 17:17 <REP> d-------- C:\Documents and Settings\Richard\Application Data\DAEMON Tools
    2008-04-25 17:17 . 2008-04-25 17:17 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-04-25 15:42 . 2008-04-25 15:42 <REP> d-------- C:\Documents and Settings\Richard\Application Data\vlc
    2008-04-25 15:41 . 2008-04-25 15:41 <REP> d-------- C:\Program Files\VideoLAN
    2008-04-25 14:42 . 2008-04-25 21:59 <REP> d-------- C:\Program Files\Ableton
    2008-04-25 14:42 . 2008-04-25 14:42 <REP> d-------- C:\Documents and Settings\Richard\Application Data\Ableton
    2008-04-25 14:42 . 2007-02-12 17:58 368,640 --a------ C:\WINDOWS\system32\ReWire.dll
    2008-04-25 14:40 . 2003-06-20 13:28 1,777,664 --a------ C:\WINDOWS\system32\gdiplus.dll
    2008-04-25 14:29 . 2008-04-25 14:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
    2008-04-25 14:21 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
    2008-04-25 14:01 . 2008-04-21 17:31 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Roxio
    2008-04-25 14:01 . 2008-04-21 17:19 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\InstallShield
    2008-04-25 14:01 . 2004-08-19 14:10 <REP> d--h----- C:\Documents and Settings\Richard\Voisinage r‚seau
    2008-04-25 14:01 . 2004-08-19 14:10 <REP> d--h----- C:\Documents and Settings\Richard\Voisinage d'impression
    2008-04-25 14:01 . 2004-08-19 14:10 <REP> d--h----- C:\Documents and Settings\Richard\ModŠles
    2008-04-25 14:01 . 2008-05-14 13:52 <REP> dr------- C:\Documents and Settings\Richard\Mes documents
    2008-04-25 14:01 . 2008-04-26 13:53 <REP> dr------- C:\Documents and Settings\Richard\Menu D‚marrer
    2008-04-25 14:01 . 2008-05-14 02:41 <REP> dr------- C:\Documents and Settings\Richard\Favoris
    2008-04-25 14:01 . 2008-05-14 02:44 <REP> d-------- C:\Documents and Settings\Richard\Bureau
    2008-04-25 14:01 . 2008-04-21 17:31 <REP> d-------- C:\Documents and Settings\Richard\Application Data\Roxio
    2008-04-25 14:01 . 2008-04-21 17:18 <REP> d-------- C:\Documents and Settings\Richard\Application Data\Intel
    2008-04-25 14:01 . 2008-04-21 17:19 <REP> d-------- C:\Documents and Settings\Richard\Application Data\InstallShield
    2008-04-25 14:01 . 2008-04-25 14:01 <REP> d-------- C:\Documents and Settings\Richard\Application Data\Dell
    2008-04-25 14:01 . 2008-05-14 13:08 <REP> d-------- C:\Documents and Settings\Richard
    2008-04-25 14:01 . 2008-05-14 14:39 1,024 --ah----- C:\Documents and Settings\Richard\ntuser.dat.LOG
    2008-04-25 14:01 . 2008-05-14 14:36 1,024 --ah----- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
    2008-04-25 13:49 . 2008-04-25 13:49 8,192 --a------ C:\WINDOWS\REGLOCS.OLD

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-07 10:08 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-04-21 14:48 7,107 ----a-w C:\WINDOWS\system32\drivers\1028_Dell_VOS_1500.mrk
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F9CF9DE-394D-4A5A-A3FA-2B80D8FF77AB}]
    C:\WINDOWS\system32\cbXRIAQj.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{33AA8EA0-80E7-4342-BF64-B4B062FC2734}]
    C:\WINDOWS\system32\wvUlijKd.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A606BA1D-1F3E-436F-B514-A532108DDAAB}]
    C:\WINDOWS\system32\ljJYQHBT.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3A9074B-1E3C-45D6-9195-604CE2F1D5B8}]
    C:\WINDOWS\system32\vtUmKCvs.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1E4E0CB-1632-44C1-BBD4-F1B777C0B72C}]
    C:\WINDOWS\system32\awtusqpo.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-03 15:20 851968]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-06 16:39 8429568]
    "nwiz"="nwiz.exe" [2007-06-06 16:40 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NVHotkey"="nvHotkey.dll" [2007-06-06 16:39 67584 C:\WINDOWS\system32\nvhotkey.dll]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-06 16:39 81920]
    "OEM02Mon.exe"="C:\WINDOWS\OEM02Mon.exe" [2007-08-28 15:54 36864]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03 36975]
    "SigmatelSysTrayApp"="stsystra.exe" [2007-06-06 16:28 405504 C:\WINDOWS\stsystra.exe]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 17:32 823296]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 17:30 974848]
    "DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 17:43 118784]
    "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-07-20 17:55 1228800]
    "KADxMain"="C:\WINDOWS\system32\KADxMain.exe" [2006-11-02 15:05 282624]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 12:35 221184]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37 81920]
    "RoxWatchTray"="C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 12:22 221184]
    "RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 10:00 1116920]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-21 17:24 29744]
    "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 13:44 16384]
    "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-11-01 16:39 189736]
    "H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-12-18 14:18 307200]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
    "ec652a42"="C:\WINDOWS\system32\dcpadbuf.dll" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{C3A9074B-1E3C-45D6-9195-604CE2F1D5B8}"= C:\WINDOWS\system32\vtUmKCvs.dll [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "mpfanvqg"= {A873E136-11FB-46F0-B817-34CD4A6A2F27} - C:\WINDOWS\mpfanvqg.dll [ ]
    "vbksrofa"= {A8C90E2E-FDD3-4FF7-BD81-B8CC592682B4} - C:\WINDOWS\vbksrofa.dll [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUmKCvs]
    vtUmKCvs.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3acm"= l3codecp.acm

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
    "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
    "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
    "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-12 18:36]
    R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 11:35]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-12 18:38]
    R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
    R3 DXEC02;DXEC02;C:\WINDOWS\system32\drivers\dxec02.sys [2006-11-02 13:31]
    R3 OEM02Dev;Creative Camera OEM002 Driver;C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-08-28 15:54]
    R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-08-28 15:55]
    S3 GoogleDesktopManager-010708-104812;Google Desktop Manager 5.7.801.7324;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-21 17:24]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0042b7c7-15dc-11dd-98ae-001d09d3001f}]
    \Shell\AutoRun\command - E:\WD_Windows_Tools\Setup.exe

    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-14 14:38:12
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-14 14:43:08 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-05-14 12:43:06

    Pre-Run: 136,760,197,120 octets libres
    Post-Run: 136,686,211,072 octets libres

    279 --- E O F --- 2008-05-07 20:54:50
    0
  12. Utilisateur anonyme
     
    Ouvre le bloc note
    Copie/Colle ceci dedans :

    File::
    C:\WINDOWS\system32\htgdaopi.dll
    C:\WINDOWS\system32\dKjilUvw.ini
    C:\WINDOWS\system32\gnxnilsq.dll
    C:\WINDOWS\system32\ljJBQJAt.dll
    C:\WINDOWS\system32\blackster.scr

    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUmKCvs]


    Sauvegarde ce fichier sous le nom de CFScript.txt

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe
    Une fenêtre bleue va apparaître avec ce message "Type 1 to continue, or 2 to abort" , tape 1 puis valide .
    Ton Bureau va disparaître à plusieurs reprises, pas d'inquiétude c'est normal, ne touche surtout à rien pendant le scan de Combofix.

    Une fois le scan terminé, poste le contenu du rapport obtenu.
    -------

    Poste également un nouveau rapport HijackThis.
    0
    1. titoska Messages postés 41 Statut Membre
       
      ComboFix 08-05-12.1 - Richard 2008-05-14 15:44:22.2 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2436 [GMT 2:00]
      Endroit: C:\ComboFix.exe
      Command switches used :: C:\Documents and Settings\Richard\Bureau\CFScript.txt
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

      FILE ::
      C:\WINDOWS\system32\blackster.scr
      C:\WINDOWS\system32\dKjilUvw.ini
      C:\WINDOWS\system32\gnxnilsq.dll
      C:\WINDOWS\system32\htgdaopi.dll
      C:\WINDOWS\system32\ljJBQJAt.dll
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\system32\blackster.scr
      C:\WINDOWS\system32\dKjilUvw.ini
      C:\WINDOWS\system32\gnxnilsq.dll
      C:\WINDOWS\system32\htgdaopi.dll
      C:\WINDOWS\system32\ljJBQJAt.dll

      .
      ((((((((((((((((((((((((((((( Fichiers créés 2008-04-14 to 2008-05-14 ))))))))))))))))))))))))))))))))))))
      .

      2008-05-14 14:47 . 2008-05-14 14:47 <REP> d-------- C:\WINDOWS\LastGood
      2008-05-14 14:12 . 2008-05-14 14:12 1,914,914 --a------ C:\ComboFix.exe
      2008-05-14 02:42 . 2008-05-14 02:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
      2008-05-14 02:41 . 2008-05-14 02:41 <REP> d-------- C:\Program Files\NCH Swift Sound
      2008-05-14 02:41 . 2008-05-14 02:41 <REP> d-------- C:\Documents and Settings\Richard\Application Data\NCH Swift Sound
      2008-05-14 01:02 . 2008-05-14 01:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn
      2008-05-14 01:02 . 2008-05-14 01:02 1,409 --a------ C:\WINDOWS\QTFont.for
      2008-05-14 00:17 . 2008-05-14 00:17 <REP> d-------- C:\Documents and Settings\Richard\Application Data\Ubisoft
      2008-05-14 00:13 . 2008-05-14 00:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
      2008-05-14 00:11 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
      2008-05-14 00:00 . 2008-05-14 00:00 <REP> d-------- C:\Program Files\Ubisoft
      2008-05-13 21:13 . 2008-05-13 21:13 <REP> d-------- C:\Program Files\CCleaner
      2008-05-13 20:56 . 2008-05-13 23:11 534 ---hs---- C:\WINDOWS\system32\fubdapcd.ini
      2008-05-13 20:54 . 2008-05-13 23:09 <REP> d-------- C:\VundoFix Backups
      2008-05-13 19:30 . 2008-05-13 20:48 <REP> d-------- C:\Program Files\Navilog1
      2008-05-13 19:09 . 2008-05-13 19:09 <REP> d-------- C:\Program Files\Trend Micro
      2008-05-13 10:23 . 2008-05-13 10:23 <REP> d-------- C:\Documents and Settings\Richard\Application Data\Grisoft
      2008-05-13 10:22 . 2008-05-13 10:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
      2008-05-13 10:22 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
      2008-05-12 18:10 . 2008-05-12 18:10 <REP> d-------- C:\Program Files\Big Tick Angelina 1.1
      2008-05-12 18:07 . 2008-05-12 18:07 <REP> d-------- C:\Program Files\crusherXLive3
      2008-05-12 18:05 . 2008-05-12 18:05 <REP> d-------- C:\Audio
      2008-05-10 15:19 . 2008-05-10 15:23 <REP> d-------- C:\Documents and Settings\Richard\Application Data\Propellerhead Software
      2008-05-10 15:19 . 2008-05-10 15:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
      2008-05-10 15:19 . 2008-05-10 15:19 233,472 --a------ C:\WINDOWS\system32\REX Shared Library.dll
      2008-05-10 15:18 . 2008-05-10 15:18 <REP> d-------- C:\Program Files\Propellerhead
      2008-05-10 14:25 . 2008-05-10 14:25 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
      2008-05-10 14:25 . 2008-05-10 15:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-05-09 15:21 . 2008-05-09 15:21 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
      2008-05-09 13:40 . 2008-05-09 13:40 <REP> d-------- C:\Program Files\EDIROL
      2008-05-09 13:12 . 2008-05-09 13:12 1 --a------ C:\WINDOWS\system32\kr_done1de
      2008-05-09 12:56 . 2008-05-09 12:56 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
      2008-05-08 12:41 . 2008-05-08 12:41 <REP> d-------- C:\Program Files\Capcom
      2008-05-07 23:05 . 2008-05-07 23:05 <REP> d-------- C:\Program Files\Common Files
      2008-05-07 23:00 . 2008-05-07 23:00 <REP> d-------- C:\Program Files\Spectrasonics2
      2008-05-07 12:08 . 2008-05-07 12:08 22,328 --a------ C:\Documents and Settings\Richard\Application Data\PnkBstrK.sys
      2008-05-07 11:57 . 2008-05-07 11:57 <REP> d-------- C:\Program Files\Electronic Arts
      2008-05-06 15:50 . 2008-05-06 15:50 <REP> d-------- C:\Documents and Settings\Richard\Application Data\Apple Computer
      2008-05-06 15:37 . 2008-05-06 15:38 <REP> d-------- C:\Program Files\QuickTime
      2008-05-06 15:37 . 2008-05-06 15:37 <REP> d-------- C:\Program Files\Apple Software Update
      2008-05-06 15:37 . 2008-05-06 15:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
      2008-05-06 15:37 . 2008-05-06 15:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
      2008-05-02 10:37 . 2008-05-02 10:37 <REP> d-------- C:\Program Files\Arturia
      2008-05-02 10:37 . 2003-09-10 17:00 163,840 --a------ C:\WINDOWS\system32\ArtFfct.dll
      2008-04-28 14:50 . 2008-04-28 14:50 <REP> d-------- C:\Program Files\rgcaudio software
      2008-04-27 18:26 . 2008-04-27 18:26 <REP> d-------- C:\Program Files\iZotope
      2008-04-27 18:26 . 2008-04-27 18:26 <REP> d-------- C:\Program Files\Fichiers communs\iZotope
      2008-04-27 15:32 . 2008-04-27 15:32 <REP> d-------- C:\Program Files\MSBuild
      2008-04-27 15:31 . 2008-04-27 15:31 <REP> d-------- C:\Program Files\Microsoft.NET
      2008-04-27 15:29 . 2008-04-27 15:32 <REP> d-------- C:\WINDOWS\SHELLNEW
      2008-04-27 15:28 . 2008-04-27 15:28 <REP> dr-h----- C:\MSOCache
      2008-04-27 15:28 . 2008-04-28 03:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
      2008-04-26 14:12 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
      2008-04-26 14:12 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
      2008-04-26 14:12 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
      2008-04-26 13:53 . 2008-04-26 13:53 <REP> d-------- C:\Program Files\uTorrent
      2008-04-26 13:53 . 2008-05-13 19:04 <REP> d-------- C:\Documents and Settings\Richard\Application Data\uTorrent
      2008-04-26 13:47 . 2008-05-09 06:45 <REP> d-------- C:\Program Files\eMule
      2008-04-26 03:02 . 2006-08-21 11:14 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
      2008-04-26 03:02 . 2006-08-21 11:14 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
      2008-04-26 03:02 . 2006-08-21 14:26 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
      2008-04-26 03:01 . 2008-04-26 03:01 <REP> d-------- C:\Program Files\MSXML 4.0
      2008-04-25 23:37 . 2008-04-25 23:37 <REP> d-------- C:\Program Files\Fichiers communs\Native Instruments
      2008-04-25 23:37 . 2008-04-25 23:37 <REP> d-------- C:\Program Files\Fichiers communs\Digidesign
      2008-04-25 23:36 . 2008-04-26 14:43 <REP> d-------- C:\Program Files\Native Instruments
      2008-04-25 22:25 . 2008-05-07 23:07 <REP> d-------- C:\Program Files\Spectrasonics
      2008-04-25 22:06 . 2003-07-31 19:28 147,425 --a------ C:\WINDOWS\system32\SYNSOACC-Aide.chm
      2008-04-25 22:06 . 2003-05-26 14:29 120,468 --a------ C:\WINDOWS\system32\SYNSOACC-Hilfe.chm
      2008-04-25 22:06 . 2003-05-26 14:29 114,279 --a------ C:\WINDOWS\system32\SYNSOACC-Help.chm
      2008-04-25 22:06 . 2005-05-09 20:08 33,792 --a------ C:\WINDOWS\system32\drivers\cledx.sys
      2008-04-25 22:05 . 2008-04-25 22:06 <REP> d-------- C:\Program Files\Syncrosoft
      2008-04-25 22:05 . 2005-11-08 20:02 708,608 --a------ C:\WINDOWS\system32\SYNSOACC.dll
      2008-04-25 22:05 . 2005-11-08 11:20 147,456 --a------ C:\WINDOWS\system32\SynsoLChk.dll
      2008-04-25 22:05 . 2005-11-03 17:14 45,056 --a------ C:\WINDOWS\system32\Synsopos.exe
      2008-04-25 22:05 . 2005-11-03 12:17 16,896 --a------ C:\WINDOWS\system32\drivers\synasUSB.sys
      2008-04-25 22:02 . 2008-05-12 18:16 <REP> d-------- C:\Program Files\Steinberg
      2008-04-25 21:35 . 2008-04-25 21:35 1,160 --a------ C:\WINDOWS\mozver.dat
      2008-04-25 21:31 . 2008-04-25 22:14 <REP> d-------- C:\Documents and Settings\Richard\Contacts
      2008-04-25 21:27 . 2008-04-25 21:27 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
      2008-04-25 21:25 . 2008-04-25 21:25 <REP> d-------- C:\Program Files\Alwil Software
      2008-04-25 21:23 . 2008-05-07 11:19 <REP> d-------- C:\Documents and Settings\Richard\dwhelper
      2008-04-25 21:06 . 2008-04-25 21:06 <REP> d-------- C:\Documents and Settings\Richard\Application Data\MSNInstaller
      2008-04-25 21:01 . 2008-04-25 21:27 <REP> d-------- C:\Program Files\Windows Live
      2008-04-25 21:01 . 2008-04-25 21:27 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
      2008-04-25 21:01 . 2008-04-25 21:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
      2008-04-25 20:53 . 2008-04-25 20:53 0 --a------ C:\WINDOWS\nsreg.dat
      2008-04-25 20:47 . 2008-04-25 20:47 <REP> d---s---- C:\Documents and Settings\Richard\UserData
      2008-04-25 19:40 . 2008-04-25 19:40 <REP> d-------- C:\Documents and Settings\Richard\Application Data\Media Player Classic
      2008-04-25 18:49 . 2008-04-25 18:49 <REP> d-------- C:\Documents and Settings\Richard\Application Data\tmp
      2008-04-25 18:49 . 2008-04-25 18:49 <REP> d-------- C:\Documents and Settings\Richard\Application Data\Reallusion
      2008-04-25 18:49 . 2008-04-25 18:49 <REP> d-------- C:\Documents and Settings\Richard\Application Data\Creative
      2008-04-25 17:33 . 2008-04-25 17:33 <REP> d-------- C:\Program Files\SLD Codec Pack
      2008-04-25 17:20 . 2008-04-25 17:20 <REP> d-------- C:\Program Files\DAEMON Tools Lite
      2008-04-25 17:19 . 2008-04-25 17:19 4,128 --a------ C:\INFCACHE.1
      2008-04-25 17:17 . 2008-04-25 17:17 <REP> d-------- C:\Documents and Settings\Richard\Application Data\DAEMON Tools
      2008-04-25 17:17 . 2008-04-25 17:17 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
      2008-04-25 15:42 . 2008-04-25 15:42 <REP> d-------- C:\Documents and Settings\Richard\Application Data\vlc
      2008-04-25 15:41 . 2008-04-25 15:41 <REP> d-------- C:\Program Files\VideoLAN
      2008-04-25 14:42 . 2008-04-25 21:59 <REP> d-------- C:\Program Files\Ableton
      2008-04-25 14:42 . 2008-04-25 14:42 <REP> d-------- C:\Documents and Settings\Richard\Application Data\Ableton
      2008-04-25 14:42 . 2007-02-12 17:58 368,640 --a------ C:\WINDOWS\system32\ReWire.dll
      2008-04-25 14:40 . 2003-06-20 13:28 1,777,664 --a------ C:\WINDOWS\system32\gdiplus.dll
      2008-04-25 14:29 . 2008-04-25 14:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
      2008-04-25 14:21 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
      2008-04-25 14:01 . 2008-04-21 17:31 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Roxio
      2008-04-25 14:01 . 2008-04-21 17:19 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\InstallShield
      2008-04-25 14:01 . 2004-08-19 14:10 <REP> d--h----- C:\Documents and Settings\Richard\Voisinage réseau
      2008-04-25 14:01 . 2004-08-19 14:10 <REP> d--h----- C:\Documents and Settings\Richard\Voisinage d'impression
      2008-04-25 14:01 . 2004-08-19 14:10 <REP> d--h----- C:\Documents and Settings\Richard\Modèles
      2008-04-25 14:01 . 2008-05-14 15:42 <REP> dr------- C:\Documents and Settings\Richard\Mes documents
      2008-04-25 14:01 . 2008-04-26 13:53 <REP> dr------- C:\Documents and Settings\Richard\Menu Démarrer
      2008-04-25 14:01 . 2008-05-14 02:41 <REP> dr------- C:\Documents and Settings\Richard\Favoris
      2008-04-25 14:01 . 2008-05-14 15:44 <REP> d-------- C:\Documents and Settings\Richard\Bureau
      2008-04-25 14:01 . 2008-04-21 17:31 <REP> d-------- C:\Documents and Settings\Richard\Application Data\Roxio
      2008-04-25 14:01 . 2008-04-21 17:18 <REP> d-------- C:\Documents and Settings\Richard\Application Data\Intel
      2008-04-25 14:01 . 2008-04-21 17:19 <REP> d-------- C:\Documents and Settings\Richard\Application Data\InstallShield
      2008-04-25 14:01 . 2008-04-25 14:01 <REP> d-------- C:\Documents and Settings\Richard\Application Data\Dell
      2008-04-25 14:01 . 2008-05-14 13:08 <REP> d-------- C:\Documents and Settings\Richard
      2008-04-25 14:01 . 2008-05-14 15:45 233,472 --ah----- C:\Documents and Settings\Richard\ntuser.dat.LOG
      2008-04-25 14:01 . 2008-05-14 14:36 1,024 --ah----- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
      2008-04-25 13:49 . 2008-04-25 13:49 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
      2008-04-21 17:31 . 2008-04-21 17:31 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
      2008-04-21 17:31 . 2008-04-21 17:31 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Roxio
      2008-04-21 17:31 . 2008-04-21 17:31 61 --a------ C:\WINDOWS\smscfg.ini
      2008-04-21 17:29 . 2008-04-21 17:29 <REP> d-------- C:\Program Files\MSECache

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-05-07 10:08 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
      2008-05-07 10:08 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
      2008-05-07 10:08 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
      2008-05-07 10:08 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
      2008-04-21 14:48 7,107 ----a-w C:\WINDOWS\system32\drivers\1028_Dell_VOS_1500.mrk
      2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
      2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
      2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
      2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
      2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
      2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
      2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
      2008-02-16 22:32 3,080,704 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
      2008-02-15 09:23 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
      .

      ((((((((((((((((((((((((((((( snapshot@2008-05-14_14.42.57.85 )))))))))))))))))))))))))))))))))))))))))
      .
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F9CF9DE-394D-4A5A-A3FA-2B80D8FF77AB}]
      C:\WINDOWS\system32\cbXRIAQj.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{33AA8EA0-80E7-4342-BF64-B4B062FC2734}]
      C:\WINDOWS\system32\wvUlijKd.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A606BA1D-1F3E-436F-B514-A532108DDAAB}]
      C:\WINDOWS\system32\ljJYQHBT.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3A9074B-1E3C-45D6-9195-604CE2F1D5B8}]
      C:\WINDOWS\system32\vtUmKCvs.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1E4E0CB-1632-44C1-BBD4-F1B777C0B72C}]
      C:\WINDOWS\system32\awtusqpo.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
      "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
      "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-03 15:20 851968]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-06 16:39 8429568]
      "nwiz"="nwiz.exe" [2007-06-06 16:40 1626112 C:\WINDOWS\system32\nwiz.exe]
      "NVHotkey"="nvHotkey.dll" [2007-06-06 16:39 67584 C:\WINDOWS\system32\nvhotkey.dll]
      "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-06 16:39 81920]
      "OEM02Mon.exe"="C:\WINDOWS\OEM02Mon.exe" [2007-08-28 15:54 36864]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03 36975]
      "SigmatelSysTrayApp"="stsystra.exe" [2007-06-06 16:28 405504 C:\WINDOWS\stsystra.exe]
      "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 17:32 823296]
      "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 17:30 974848]
      "DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 17:43 118784]
      "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-07-20 17:55 1228800]
      "KADxMain"="C:\WINDOWS\system32\KADxMain.exe" [2006-11-02 15:05 282624]
      "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 12:35 221184]
      "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37 81920]
      "RoxWatchTray"="C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 12:22 221184]
      "RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 10:00 1116920]
      "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-21 17:24 29744]
      "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 13:44 16384]
      "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-11-01 16:39 189736]
      "H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-12-18 14:18 307200]
      "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
      "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
      "ec652a42"="C:\WINDOWS\system32\dcpadbuf.dll" [ ]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

      C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
      Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-04-21 17:20:31 50688]

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
      "{C3A9074B-1E3C-45D6-9195-604CE2F1D5B8}"= C:\WINDOWS\system32\vtUmKCvs.dll [ ]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
      "mpfanvqg"= {A873E136-11FB-46F0-B817-34CD4A6A2F27} - C:\WINDOWS\mpfanvqg.dll [ ]
      "vbksrofa"= {A8C90E2E-FDD3-4FF7-BD81-B8CC592682B4} - C:\WINDOWS\vbksrofa.dll [ ]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUmKCvs]
      vtUmKCvs.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "msacm.l3acm"= l3codecp.acm

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
      "C:\\Program Files\\eMule\\emule.exe"=
      "C:\\Program Files\\uTorrent\\uTorrent.exe"=
      "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
      "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
      "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
      "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
      "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
      "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
      "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
      "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

      R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-12 18:36]
      R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 11:35]
      R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-12 18:38]
      R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
      R3 DXEC02;DXEC02;C:\WINDOWS\system32\drivers\dxec02.sys [2006-11-02 13:31]
      R3 OEM02Dev;Creative Camera OEM002 Driver;C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-08-28 15:54]
      R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-08-28 15:55]
      S3 GoogleDesktopManager-010708-104812;Google Desktop Manager 5.7.801.7324;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-21 17:24]
      S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0042b7c7-15dc-11dd-98ae-001d09d3001f}]
      \Shell\AutoRun\command - E:\WD_Windows_Tools\Setup.exe

      .
      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-05-14 15:45:46
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      Temps d'accomplissement: 2008-05-14 15:46:32
      ComboFix-quarantined-files.txt 2008-05-14 13:46:28
      ComboFix2.txt 2008-05-14 12:43:09

      Pre-Run: 136,636,964,864 octets libres
      Post-Run: 136,627,048,448 octets libres

      274 --- E O F --- 2008-05-07 20:54:50
      0
    2. titoska Messages postés 41 Statut Membre
       
      ComboFix 08-05-12.1 - Richard 2008-05-14 15:44:22.2 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2436 [GMT 2:00]
      Endroit: C:\ComboFix.exe
      Command switches used :: C:\Documents and Settings\Richard\Bureau\CFScript.txt
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

      FILE ::
      C:\WINDOWS\system32\blackster.scr
      C:\WINDOWS\system32\dKjilUvw.ini
      C:\WINDOWS\system32\gnxnilsq.dll
      C:\WINDOWS\system32\htgdaopi.dll
      C:\WINDOWS\system32\ljJBQJAt.dll
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\system32\blackster.scr
      C:\WINDOWS\system32\dKjilUvw.ini
      C:\WINDOWS\system32\gnxnilsq.dll
      C:\WINDOWS\system32\htgdaopi.dll
      C:\WINDOWS\system32\ljJBQJAt.dll

      .
      ((((((((((((((((((((((((((((( Fichiers créés 2008-04-14 to 2008-05-14 ))))))))))))))))))))))))))))))))))))
      .

      2008-05-14 14:47 . 2008-05-14 14:47 <REP> d-------- C:\WINDOWS\LastGood
      2008-05-14 14:12 . 2008-05-14 14:12 1,914,914 --a------ C:\ComboFix.exe
      2008-05-14 02:42 . 2008-05-14 02:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
      2008-05-14 02:41 . 2008-05-14 02:41 <REP> d-------- C:\Program Files\NCH Swift Sound
      2008-05-14 02:41 . 2008-05-14 02:41 <REP> d-------- C:\Documents and Settings\Richard\Application Data\NCH Swift Sound
      2008-05-14 01:02 . 2008-05-14 01:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn
      2008-05-14 01:02 . 2008-05-14 01:02 1,409 --a------ C:\WINDOWS\QTFont.for
      2008-05-14 00:17 . 2008-05-14 00:17 <REP> d-------- C:\Documents and Settings\Richard\Application Data\Ubisoft
      2008-05-14 00:13 . 2008-05-14 00:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
      2008-05-14 00:11 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
      2008-05-14 00:00 . 2008-05-14 00:00 <REP> d-------- C:\Program Files\Ubisoft
      2008-05-13 21:13 . 2008-05-13 21:13 <REP> d-------- C:\Program Files\CCleaner
      2008-05-13 20:56 . 2008-05-13 23:11 534 ---hs---- C:\WINDOWS\system32\fubdapcd.ini
      2008-05-13 20:54 . 2008-05-13 23:09 <REP> d-------- C:\VundoFix Backups
      2008-05-13 19:30 . 2008-05-13 20:48 <REP> d-------- C:\Program Files\Navilog1
      2008-05-13 19:09 . 2008-05-13 19:09 <REP> d-------- C:\Program Files\Trend Micro
      2008-05-13 10:23 . 2008-05-13 10:23 <REP> d-------- C:\Documents and Settings\Richard\Application Data\Grisoft
      2008-05-13 10:22 . 2008-05-13 10:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
      2008-05-13 10:22 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
      2008-05-12 18:10 . 2008-05-12 18:10 <REP> d-------- C:\Program Files\Big Tick Angelina 1.1
      2008-05-12 18:07 . 2008-05-12 18:07 <REP> d-------- C:\Program Files\crusherXLive3
      2008-05-12 18:05 . 2008-05-12 18:05 <REP> d-------- C:\Audio
      2008-05-10 15:19 . 2008-05-10 15:23 <REP> d-------- C:\Documents and Settings\Richard\Application Data\Propellerhead Software
      2008-05-10 15:19 . 2008-05-10 15:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
      2008-05-10 15:19 . 2008-05-10 15:19 233,472 --a------ C:\WINDOWS\system32\REX Shared Library.dll
      2008-05-10 15:18 . 2008-05-10 15:18 <REP> d-------- C:\Program Files\Propellerhead
      2008-05-10 14:25 . 2008-05-10 14:25 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
      2008-05-10 14:25 . 2008-05-10 15:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-05-09 15:21 . 2008-05-09 15:21 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
      2008-05-09 13:40 . 2008-05-09 13:40 <REP> d-------- C:\Program Files\EDIROL
      2008-05-09 13:12 . 2008-05-09 13:12 1 --a------ C:\WINDOWS\system32\kr_done1de
      2008-05-09 12:56 . 2008-05-09 12:56 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
      2008-05-08 12:41 . 2008-05-08 12:41 <REP> d-------- C:\Program Files\Capcom
      2008-05-07 23:05 . 2008-05-07 23:05 <REP> d-------- C:\Program Files\Common Files
      2008-05-07 23:00 . 2008-05-07 23:00 <REP> d-------- C:\Program Files\Spectrasonics2
      2008-05-07 12:08 . 2008-05-07 12:08 22,328 --a------ C:\Documents and Settings\Richard\Application Data\PnkBstrK.sys
      2008-05-07 11:57 . 2008-05-07 11:57 <REP> d-------- C:\Program Files\Electronic Arts
      2008-05-06 15:50 . 2008-05-06 15:50 <REP> d-------- C:\Documents and Settings\Richard\Application Data\Apple Computer
      2008-05-06 15:37 . 2008-05-06 15:38 <REP> d-------- C:\Program Files\QuickTime
      2008-05-06 15:37 . 2008-05-06 15:37 <REP> d-------- C:\Program Files\Apple Software Update
      2008-05-06 15:37 . 2008-05-06 15:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
      2008-05-06 15:37 . 2008-05-06 15:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
      2008-05-02 10:37 . 2008-05-02 10:37 <REP> d-------- C:\Program Files\Arturia
      2008-05-02 10:37 . 2003-09-10 17:00 163,840 --a------ C:\WINDOWS\system32\ArtFfct.dll
      2008-04-28 14:50 . 2008-04-28 14:50 <REP> d-------- C:\Program Files\rgcaudio software
      2008-04-27 18:26 . 2008-04-27 18:26 <REP> d-------- C:\Program Files\iZotope
      2008-04-27 18:26 . 2008-04-27 18:26 <REP> d-------- C:\Program Files\Fichiers communs\iZotope
      2008-04-27 15:32 . 2008-04-27 15:32 <REP> d-------- C:\Program Files\MSBuild
      2008-04-27 15:31 . 2008-04-27 15:31 <REP> d-------- C:\Program Files\Microsoft.NET
      2008-04-27 15:29 . 2008-04-27 15:32 <REP> d-------- C:\WINDOWS\SHELLNEW
      2008-04-27 15:28 . 2008-04-27 15:28 <REP> dr-h----- C:\MSOCache
      2008-04-27 15:28 . 2008-04-28 03:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
      2008-04-26 14:12 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
      2008-04-26 14:12 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
      2008-04-26 14:12 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
      2008-04-26 13:53 . 2008-04-26 13:53 <REP> d-------- C:\Program Files\uTorrent
      2008-04-26 13:53 . 2008-05-13 19:04 <REP> d-------- C:\Documents and Settings\Richard\Application Data\uTorrent
      2008-04-26 13:47 . 2008-05-09 06:45 <REP> d-------- C:\Program Files\eMule
      2008-04-26 03:02 . 2006-08-21 11:14 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
      2008-04-26 03:02 . 2006-08-21 11:14 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
      2008-04-26 03:02 . 2006-08-21 14:26 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
      2008-04-26 03:01 . 2008-04-26 03:01 <REP> d-------- C:\Program Files\MSXML 4.0
      2008-04-25 23:37 . 2008-04-25 23:37 <REP> d-------- C:\Program Files\Fichiers communs\Native Instruments
      2008-04-25 23:37 . 2008-04-25 23:37 <REP> d-------- C:\Program Files\Fichiers communs\Digidesign
      2008-04-25 23:36 . 2008-04-26 14:43 <REP> d-------- C:\Program Files\Native Instruments
      2008-04-25 22:25 . 2008-05-07 23:07 <REP> d-------- C:\Program Files\Spectrasonics
      2008-04-25 22:06 . 2003-07-31 19:28 147,425 --a------ C:\WINDOWS\system32\SYNSOACC-Aide.chm
      2008-04-25 22:06 . 2003-05-26 14:29 120,468 --a------ C:\WINDOWS\system32\SYNSOACC-Hilfe.chm
      2008-04-25 22:06 . 2003-05-26 14:29 114,279 --a------ C:\WINDOWS\system32\SYNSOACC-Help.chm
      2008-04-25 22:06 . 2005-05-09 20:08 33,792 --a------ C:\WINDOWS\system32\drivers\cledx.sys
      2008-04-25 22:05 . 2008-04-25 22:06 <REP> d-------- C:\Program Files\Syncrosoft
      2008-04-25 22:05 . 2005-11-08 20:02 708,608 --a------ C:\WINDOWS\system32\SYNSOACC.dll
      2008-04-25 22:05 . 2005-11-08 11:20 147,456 --a------ C:\WINDOWS\system32\SynsoLChk.dll
      2008-04-25 22:05 . 2005-11-03 17:14 45,056 --a------ C:\WINDOWS\system32\Synsopos.exe
      2008-04-25 22:05 . 2005-11-03 12:17 16,896 --a------ C:\WINDOWS\system32\drivers\synasUSB.sys
      2008-04-25 22:02 . 2008-05-12 18:16 <REP> d-------- C:\Program Files\Steinberg
      2008-04-25 21:35 . 2008-04-25 21:35 1,160 --a------ C:\WINDOWS\mozver.dat
      2008-04-25 21:31 . 2008-04-25 22:14 <REP> d-------- C:\Documents and Settings\Richard\Contacts
      2008-04-25 21:27 . 2008-04-25 21:27 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
      2008-04-25 21:25 . 2008-04-25 21:25 <REP> d-------- C:\Program Files\Alwil Software
      2008-04-25 21:23 . 2008-05-07 11:19 <REP> d-------- C:\Documents and Settings\Richard\dwhelper
      2008-04-25 21:06 . 2008-04-25 21:06 <REP> d-------- C:\Documents and Settings\Richard\Application Data\MSNInstaller
      2008-04-25 21:01 . 2008-04-25 21:27 <REP> d-------- C:\Program Files\Windows Live
      2008-04-25 21:01 . 2008-04-25 21:27 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
      2008-04-25 21:01 . 2008-04-25 21:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
      2008-04-25 20:53 . 2008-04-25 20:53 0 --a------ C:\WINDOWS\nsreg.dat
      2008-04-25 20:47 . 2008-04-25 20:47 <REP> d---s---- C:\Documents and Settings\Richard\UserData
      2008-04-25 19:40 . 2008-04-25 19:40 <REP> d-------- C:\Documents and Settings\Richard\Application Data\Media Player Classic
      2008-04-25 18:49 . 2008-04-25 18:49 <REP> d-------- C:\Documents and Settings\Richard\Application Data\tmp
      2008-04-25 18:49 . 2008-04-25 18:49 <REP> d-------- C:\Documents and Settings\Richard\Application Data\Reallusion
      2008-04-25 18:49 . 2008-04-25 18:49 <REP> d-------- C:\Documents and Settings\Richard\Application Data\Creative
      2008-04-25 17:33 . 2008-04-25 17:33 <REP> d-------- C:\Program Files\SLD Codec Pack
      2008-04-25 17:20 . 2008-04-25 17:20 <REP> d-------- C:\Program Files\DAEMON Tools Lite
      2008-04-25 17:19 . 2008-04-25 17:19 4,128 --a------ C:\INFCACHE.1
      2008-04-25 17:17 . 2008-04-25 17:17 <REP> d-------- C:\Documents and Settings\Richard\Application Data\DAEMON Tools
      2008-04-25 17:17 . 2008-04-25 17:17 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
      2008-04-25 15:42 . 2008-04-25 15:42 <REP> d-------- C:\Documents and Settings\Richard\Application Data\vlc
      2008-04-25 15:41 . 2008-04-25 15:41 <REP> d-------- C:\Program Files\VideoLAN
      2008-04-25 14:42 . 2008-04-25 21:59 <REP> d-------- C:\Program Files\Ableton
      2008-04-25 14:42 . 2008-04-25 14:42 <REP> d-------- C:\Documents and Settings\Richard\Application Data\Ableton
      2008-04-25 14:42 . 2007-02-12 17:58 368,640 --a------ C:\WINDOWS\system32\ReWire.dll
      2008-04-25 14:40 . 2003-06-20 13:28 1,777,664 --a------ C:\WINDOWS\system32\gdiplus.dll
      2008-04-25 14:29 . 2008-04-25 14:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
      2008-04-25 14:21 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
      2008-04-25 14:01 . 2008-04-21 17:31 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Roxio
      2008-04-25 14:01 . 2008-04-21 17:19 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\InstallShield
      2008-04-25 14:01 . 2004-08-19 14:10 <REP> d--h----- C:\Documents and Settings\Richard\Voisinage réseau
      2008-04-25 14:01 . 2004-08-19 14:10 <REP> d--h----- C:\Documents and Settings\Richard\Voisinage d'impression
      2008-04-25 14:01 . 2004-08-19 14:10 <REP> d--h----- C:\Documents and Settings\Richard\Modèles
      2008-04-25 14:01 . 2008-05-14 15:42 <REP> dr------- C:\Documents and Settings\Richard\Mes documents
      2008-04-25 14:01 . 2008-04-26 13:53 <REP> dr------- C:\Documents and Settings\Richard\Menu Démarrer
      2008-04-25 14:01 . 2008-05-14 02:41 <REP> dr------- C:\Documents and Settings\Richard\Favoris
      2008-04-25 14:01 . 2008-05-14 15:44 <REP> d-------- C:\Documents and Settings\Richard\Bureau
      2008-04-25 14:01 . 2008-04-21 17:31 <REP> d-------- C:\Documents and Settings\Richard\Application Data\Roxio
      2008-04-25 14:01 . 2008-04-21 17:18 <REP> d-------- C:\Documents and Settings\Richard\Application Data\Intel
      2008-04-25 14:01 . 2008-04-21 17:19 <REP> d-------- C:\Documents and Settings\Richard\Application Data\InstallShield
      2008-04-25 14:01 . 2008-04-25 14:01 <REP> d-------- C:\Documents and Settings\Richard\Application Data\Dell
      2008-04-25 14:01 . 2008-05-14 13:08 <REP> d-------- C:\Documents and Settings\Richard
      2008-04-25 14:01 . 2008-05-14 15:45 233,472 --ah----- C:\Documents and Settings\Richard\ntuser.dat.LOG
      2008-04-25 14:01 . 2008-05-14 14:36 1,024 --ah----- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
      2008-04-25 13:49 . 2008-04-25 13:49 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
      2008-04-21 17:31 . 2008-04-21 17:31 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
      2008-04-21 17:31 . 2008-04-21 17:31 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Roxio
      2008-04-21 17:31 . 2008-04-21 17:31 61 --a------ C:\WINDOWS\smscfg.ini
      2008-04-21 17:29 . 2008-04-21 17:29 <REP> d-------- C:\Program Files\MSECache

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-05-07 10:08 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
      2008-05-07 10:08 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
      2008-05-07 10:08 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
      2008-05-07 10:08 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
      2008-04-21 14:48 7,107 ----a-w C:\WINDOWS\system32\drivers\1028_Dell_VOS_1500.mrk
      2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
      2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
      2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
      2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
      2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
      2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
      2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
      2008-02-16 22:32 3,080,704 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
      2008-02-15 09:23 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
      .

      ((((((((((((((((((((((((((((( snapshot@2008-05-14_14.42.57.85 )))))))))))))))))))))))))))))))))))))))))
      .
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F9CF9DE-394D-4A5A-A3FA-2B80D8FF77AB}]
      C:\WINDOWS\system32\cbXRIAQj.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{33AA8EA0-80E7-4342-BF64-B4B062FC2734}]
      C:\WINDOWS\system32\wvUlijKd.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A606BA1D-1F3E-436F-B514-A532108DDAAB}]
      C:\WINDOWS\system32\ljJYQHBT.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3A9074B-1E3C-45D6-9195-604CE2F1D5B8}]
      C:\WINDOWS\system32\vtUmKCvs.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1E4E0CB-1632-44C1-BBD4-F1B777C0B72C}]
      C:\WINDOWS\system32\awtusqpo.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
      "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
      "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-03 15:20 851968]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-06 16:39 8429568]
      "nwiz"="nwiz.exe" [2007-06-06 16:40 1626112 C:\WINDOWS\system32\nwiz.exe]
      "NVHotkey"="nvHotkey.dll" [2007-06-06 16:39 67584 C:\WINDOWS\system32\nvhotkey.dll]
      "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-06 16:39 81920]
      "OEM02Mon.exe"="C:\WINDOWS\OEM02Mon.exe" [2007-08-28 15:54 36864]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03 36975]
      "SigmatelSysTrayApp"="stsystra.exe" [2007-06-06 16:28 405504 C:\WINDOWS\stsystra.exe]
      "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 17:32 823296]
      "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 17:30 974848]
      "DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 17:43 118784]
      "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-07-20 17:55 1228800]
      "KADxMain"="C:\WINDOWS\system32\KADxMain.exe" [2006-11-02 15:05 282624]
      "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 12:35 221184]
      "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37 81920]
      "RoxWatchTray"="C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 12:22 221184]
      "RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 10:00 1116920]
      "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-21 17:24 29744]
      "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 13:44 16384]
      "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-11-01 16:39 189736]
      "H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-12-18 14:18 307200]
      "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
      "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
      "ec652a42"="C:\WINDOWS\system32\dcpadbuf.dll" [ ]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

      C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
      Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-04-21 17:20:31 50688]

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
      "{C3A9074B-1E3C-45D6-9195-604CE2F1D5B8}"= C:\WINDOWS\system32\vtUmKCvs.dll [ ]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
      "mpfanvqg"= {A873E136-11FB-46F0-B817-34CD4A6A2F27} - C:\WINDOWS\mpfanvqg.dll [ ]
      "vbksrofa"= {A8C90E2E-FDD3-4FF7-BD81-B8CC592682B4} - C:\WINDOWS\vbksrofa.dll [ ]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUmKCvs]
      vtUmKCvs.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "msacm.l3acm"= l3codecp.acm

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
      "C:\\Program Files\\eMule\\emule.exe"=
      "C:\\Program Files\\uTorrent\\uTorrent.exe"=
      "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
      "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
      "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
      "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
      "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
      "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
      "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
      "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

      R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-12 18:36]
      R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 11:35]
      R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-12 18:38]
      R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
      R3 DXEC02;DXEC02;C:\WINDOWS\system32\drivers\dxec02.sys [2006-11-02 13:31]
      R3 OEM02Dev;Creative Camera OEM002 Driver;C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-08-28 15:54]
      R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-08-28 15:55]
      S3 GoogleDesktopManager-010708-104812;Google Desktop Manager 5.7.801.7324;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-21 17:24]
      S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0042b7c7-15dc-11dd-98ae-001d09d3001f}]
      \Shell\AutoRun\command - E:\WD_Windows_Tools\Setup.exe

      .
      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-05-14 15:45:46
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      Temps d'accomplissement: 2008-05-14 15:46:32
      ComboFix-quarantined-files.txt 2008-05-14 13:46:28
      ComboFix2.txt 2008-05-14 12:43:09

      Pre-Run: 136,636,964,864 octets libres
      Post-Run: 136,627,048,448 octets libres

      274 --- E O F --- 2008-05-07 20:54:50
      0
  13. titoska Messages postés 41 Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:59:30, on 14/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\OEM02Mon.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\system32\KADxMain.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\ihijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://partnerpage.google.com/smallbiz.dell.com/fr_fr?hl=fr&client=dell-row&channel=fr-smb&ibd=5080421
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.dell.com/fr-fr?c=fr&l=fr&s=gen&redirect=1
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://partnerpage.google.com/smallbiz.dell.com/fr_fr?hl=fr&client=dell-row&channel=fr-smb&ibd=5080421
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://partnerpage.google.com/smallbiz.dell.com/fr_fr?hl=fr&client=dell-row&channel=fr-smb&ibd=5080421
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2F9CF9DE-394D-4A5A-A3FA-2B80D8FF77AB} - C:\WINDOWS\system32\cbXRIAQj.dll (file missing)
    O2 - BHO: (no name) - {33AA8EA0-80E7-4342-BF64-B4B062FC2734} - C:\WINDOWS\system32\wvUlijKd.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {A606BA1D-1F3E-436F-B514-A532108DDAAB} - C:\WINDOWS\system32\ljJYQHBT.dll (file missing)
    O2 - BHO: (no name) - {C3A9074B-1E3C-45D6-9195-604CE2F1D5B8} - C:\WINDOWS\system32\vtUmKCvs.dll (file missing)
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O2 - BHO: (no name) - {E1E4E0CB-1632-44C1-BBD4-F1B777C0B72C} - C:\WINDOWS\system32\awtusqpo.dll (file missing)
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [ec652a42] rundll32.exe "C:\WINDOWS\system32\dcpadbuf.dll",b
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O20 - Winlogon Notify: vtUmKCvs - vtUmKCvs.dll (file missing)
    O21 - SSODL: mpfanvqg - {A873E136-11FB-46F0-B817-34CD4A6A2F27} - C:\WINDOWS\mpfanvqg.dll (file missing)
    O21 - SSODL: vbksrofa - {A8C90E2E-FDD3-4FF7-BD81-B8CC592682B4} - C:\WINDOWS\vbksrofa.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    0
  14. Utilisateur anonyme
     
    L'infection fait du zêle j'ai bien l'impression.

    Télécharge OTMoveIt (d’Old_Timer) sur ton Bureau.
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

    Double-clique sur [b]OTMoveIt.exe[/b] pour le lancer.
    Copie la liste qui se trouve en citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt: Paste List of Files/Folders to be moved.

    c:\windows\system32\dcpadbuf.dll

    Clique sur MoveIt! Pour lancer la suppression.
    Le résultat apparaitra dans le cadre Results.
    Clique sur Exit pour fermer.
    Poste le rapport situé dans C:\_OTMoveIt\MovedFiles. Exemple:(01282008_131348.log )

    Il te sera peut-être demander de redémarrer le PC pour achever la suppression.
    Si c'est le cas accepte par Yes

    Ensuite,
    Relance HijackThis > Do a system scan only
    Coche ces lignes :
    O2 - BHO: (no name) - {2F9CF9DE-394D-4A5A-A3FA-2B80D8FF77AB} - C:\WINDOWS\system32\cbXRIAQj.dll (file missing)
    O2 - BHO: (no name) - {33AA8EA0-80E7-4342-BF64-B4B062FC2734} - C:\WINDOWS\system32\wvUlijKd.dll (file missing)
    O2 - BHO: (no name) - {A606BA1D-1F3E-436F-B514-A532108DDAAB} - C:\WINDOWS\system32\ljJYQHBT.dll (file missing)
    O2 - BHO: (no name) - {C3A9074B-1E3C-45D6-9195-604CE2F1D5B8} - C:\WINDOWS\system32\vtUmKCvs.dll (file missing)
    O2 - BHO: (no name) - {E1E4E0CB-1632-44C1-BBD4-F1B777C0B72C} - C:\WINDOWS\system32\awtusqpo.dll (file missing)
    O20 - Winlogon Notify: vtUmKCvs - vtUmKCvs.dll (file missing)
    O21 - SSODL: mpfanvqg - {A873E136-11FB-46F0-B817-34CD4A6A2F27} - C:\WINDOWS\mpfanvqg.dll (file missing)
    O21 - SSODL: vbksrofa - {A8C90E2E-FDD3-4FF7-BD81-B8CC592682B4} - C:\WINDOWS\vbksrofa.dll (file missing)
    Clique sur Fix Checked
    0
  15. titoska Messages postés 41 Statut Membre
     
    File/Folder c:\windows\system32\dcpadbuf.dll not found.

    OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05142008_161432
    0
  16. Utilisateur anonyme
     
    # Télécharge GenProc sur ton bureau
    http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip
    # Dézippe-le (clique-droit > Extraire ici)
    # Ouvre le nouveau dossier crée et clique sur genproc.bat
    # Copie/colle le rapport
    Aide en images :
    http://www.alt-shift-return.org/Info/GenProc-HowTo.html
    0
  17. titoska Messages postés 41 Statut Membre
     
    GenProc 1.951 [2] 14/05/2008 - Windows [XP] : Aucune infection caractéristique trouvée
    0
  18. Utilisateur anonyme
     
    BitDefender
    Fais un scan en ligne Bitdefender
    https://www.bitdefender.fr/
    Une fois sur le site clique sur le bouton BitDefender Scan Online
    Vois la démo de Balltrap34 ici si tu n'y arrives pas !
    http://pageperso.aol.fr/balltrap34/defender.htm
    Copie/colle le rapport final.
    0
    1. titoska Messages postés 41 Statut Membre
       
      J'ai deux rapport,je sai pas lequel t'envoyé donc je met les deux
      Merci!

      BitDefender Online Scanner







      Rapport d'analyse généré à: Wed, May 14, 2008 - 17:04:26









      Voie d'analyse: C:\;D:\;G:\;















      Statistiques

      Temps


      00:11:23

      Fichiers


      70630

      Directoires


      6503

      Secteurs de boot


      5

      Archives


      1109

      Paquets programmes


      6430







      Résultats

      Virus identifiés


      6

      Fichiers infectés


      8

      Fichiers suspects


      0

      Avertissements


      0

      Désinfectés


      0

      Fichiers effacés


      8







      Info sur les moteurs

      Définition virus


      1191836

      Version des moteurs


      AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

      Analyse des plugins


      16

      Archive des plugins


      42

      Unpack des plugins


      7

      E-mail plugins


      6

      Système plugins


      5







      Paramètres d'analyse

      Première action


      Désinfecté

      Seconde Action


      Supprimé

      Heuristique


      Oui

      Acceptez les avertissements


      Oui

      Extensions analysées


      exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;

      Excludez les extensions




      Analyse d'emails


      Oui

      Analyse des Archives


      Oui

      Analyser paquets programmes


      Oui

      Analyse des fichiers


      Oui

      Analyse de boot


      Oui








      Fichier analysé


      Statut

      C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP1\A0000004.ini


      Infecté par: Trojan.Vundo.DVS

      C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP1\A0000004.ini


      Echec de la désinfection

      C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP1\A0000004.ini


      Supprimé

      C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP1\A0000008.exe


      Infecté par: Trojan.Downloader.JJZG

      C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP1\A0000008.exe


      Echec de la désinfection

      C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP1\A0000008.exe


      Supprimé

      C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP1\A0000023.dll


      Détecté avec: Adware.Vundo.BE

      C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP1\A0000023.dll


      Supprimé

      C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP2\A0000055.dll


      Infecté par: Trojan.Vundo.ELK

      C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP2\A0000055.dll


      Supprimé

      C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP5\A0001333.dll


      Infecté par: Trojan.Vundo.ELH

      C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP5\A0001333.dll


      Supprimé

      C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP7\A0001547.dll


      Détecté avec: Adware.Vundo.BE

      C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP7\A0001547.dll


      Supprimé

      C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP7\A0001548.dll


      Infecté par: Trojan.Vundo.ELN

      C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP7\A0001548.dll


      Supprimé

      C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP7\A0001549.dll


      Infecté par: Trojan.Vundo.ELH

      C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP7\A0001549.dll


      Supprimé




      le 2 eme:

      BitDefender Online Scanner - Rapport virus en temps réel







      Généré à: Wed, May 14, 2008 - 17:09:13









      Info d'analyse







      Fichiers scannés


      77143

      Infectés Fichiers


      8















      Virus Détectés







      Trojan.Vundo.ELK


      1

      Trojan.Downloader.JJZG


      1

      Trojan.Vundo.ELN


      1

      Adware.Vundo.BE


      2

      Trojan.Vundo.ELH


      2

      Trojan.Vundo.DVS


      1























      Ce sommaire du processus d'analyse sera utilisé par les laboratoires Antivirus BitDefender pour créer des statistiques agréguées sur l'activité des virus dans le monde.
      0
  19. Utilisateur anonyme
     
    Poste un rapport HijackThis stp.
    0
  20. titoska Messages postés 41 Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:18:20, on 14/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\OEM02Mon.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\system32\KADxMain.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\ihijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://partnerpage.google.com/smallbiz.dell.com/fr_fr?hl=fr&client=dell-row&channel=fr-smb&ibd=5080421
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.dell.com/fr-fr?c=fr&l=fr&s=gen&redirect=1
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://partnerpage.google.com/smallbiz.dell.com/fr_fr?hl=fr&client=dell-row&channel=fr-smb&ibd=5080421
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://partnerpage.google.com/smallbiz.dell.com/fr_fr?hl=fr&client=dell-row&channel=fr-smb&ibd=5080421
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [ec652a42] rundll32.exe "C:\WINDOWS\system32\dcpadbuf.dll",b
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    0
  21. Utilisateur anonyme
     
    * Télécharge Killbox sur ton bureau
    http://killbox.net/downloads/KillBox.exe
    * Double-clique sur Killbox.exe
    * Copie/colle C:\WINDOWS\system32\dcpadbuf.dll dans Full path or File to delete
    * Coche Delete on reboot
    * Clique sur la croix rouge
    * A la question proposée, réponds par Oui
    * Poste le contenu du rapport qui se trouve ici C:\!KillBox\Logs.
    0
  • 1
  • 2
  • 3