Sujet Précédent Sujet Suivant

Probleme Winfixer...

Fermé
Bolga - 15 mai 2008 à 20:55
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 16 mai 2008 à 19:26
Bonjours,

Depuis quelque jours je me retrouve avec plein de pub d'anti virus, un gros ralentisement de pc, kaspersky a trouvé un trojan nomé winfixer mais biensur il ne peut pas le supprimé, j'ai essayé quelque manipulation sans aucun succé... quelqun pourai t'il m'aider svp...

17 réponses

Réponse 1 / 17
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
15 mai 2008 à 20:59
slt,



colle un rapport hijackthis


http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."

_______________


smit fraud fix (colle le rapport)

1/ telecharger :

http://siri.urz.free.fr/Fix/SmitfraudFix.php


2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes.
0
Réponse 2 / 17
Profil bloqué
15 mai 2008 à 21:02
slt, sui ttes ces etapes merci:

-etape 1 : Hijackthis poste le rapport ici meme
- etape 2:
prend sa Dr Web CureIt ! analyse rapide puis complete

-etape3 :
AVG Anti-spyware et A-squared mise a jour des 2

-etape 4 :
CCleaner repare et nettoie

-etape 5 :
Disk Defrag

-etape 6 :
SmitFraudFix choisit la deuxieme reponse puis au bout d'un moment il va te dire:"voulez vous nettoyer le registre" met o

-etape 7 :
poste 1nouveau log de hijack
0
Réponse 3 / 17
Bolga
15 mai 2008 à 21:16
Merci alors voila le raport HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:12:13, on 15/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\mixer.exe
E:\Office 2007 entreprise\Office12\GrooveMonitor.exe
D:\Antivirus\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
D:\T3D\T3D.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Darlya\Desktop\hijackthis\aeden.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\OFFICE~1\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinSys2] C:\Windows\system32\startup.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\gebcaWPf.dll,#1
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Office 2007 entreprise\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVP] "D:\Antivirus\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Darlya\AppData\Local\Temp\mlJAqpqo.dll,#1
O4 - HKCU\..\Run: [b07e14ee] rundll32.exe "C:\Users\Darlya\AppData\Local\Temp\rilvklrq.dll",b
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Darlya\AppData\Local\Temp\jkKEuVPI.dll,c
O4 - HKCU\..\Run: [BMb34d2772] Rundll32.exe "C:\Users\Darlya\AppData\Local\Temp\aggmject.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Antivirus\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\OFFICE~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\OFFICE~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: D:\ANTIVI~1\r3hook.dll
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - D:\Antivirus\avp.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\Windows\system32\pr2ah4nc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
0
Réponse 4 / 17
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
15 mai 2008 à 21:26
si tu paye pas vire spyware doctor de ton ordi


__________________

redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général) puis lance smitfraudfix , sélectionne l'option 2 et appuyer sur entrée pour commencer la désinfection. lorsque le programme demande si tu veut nettoyer le registre mets oui en tapant 0 et entrée (colle le rapport)
__________________





télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :
C:\Windows\system32\gebcaWPf.dll
C:\Users\Darlya\AppData\Local\Temp\mlJAqpqo.dll
C:\Users\Darlya\AppData\Local\Temp\rilvklrq.dll
C:\Users\Darlya\AppData\Local\Temp\jkKEuVPI.dll
C:\Users\Darlya\AppData\Local\Temp\aggmject.dll

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

__________________


Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.


télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 17
Bolga
15 mai 2008 à 21:42
Voila le raport du mode sans echec, je reboot et fait la suite :)

SmitFraudFix v2.320

Rapport fait à 21:32:09,50, 15/05/2008
Executé à partir de C:\Users\Darlya\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost
::1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1907366C-49F5-46C6-B2C1-4B58A82A78C0}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1907366C-49F5-46C6-B2C1-4B58A82A78C0}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS2\Services\Tcpip\..\{1907366C-49F5-46C6-B2C1-4B58A82A78C0}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 6 / 17
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
15 mai 2008 à 21:58
ok a plus
0
Réponse 7 / 17
Bolga
15 mai 2008 à 22:27
Voila le raport de combofix :

ComboFix 08-05-12.1 - Darlya 2008-05-15 22:14:24.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1422 [GMT 2:00]
Endroit: C:\Users\Darlya\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-15 to 2008-05-15 ))))))))))))))))))))))))))))))))))))
.

2008-05-15 22:20 . 2008-05-12 08:59 57,344 --a------ C:\Windows\System32\qoMdASJD.dll
2008-05-15 22:07 . 2008-05-15 22:10 1,905 --a------ C:\Windows\diagwrn.xml
2008-05-15 22:07 . 2008-05-15 22:10 1,905 --a------ C:\Windows\diagerr.xml
2008-05-15 21:51 . 2008-05-12 08:59 57,344 --a------ C:\Windows\System32\tuvUKEWM.dll
2008-05-15 21:51 . 2008-05-15 21:51 25 --a------ C:\Windows\mixerdef.ini
2008-05-15 21:40 . 2008-05-15 21:40 <REP> d-------- C:\_OTMoveIt
2008-05-15 18:37 . 2008-05-15 18:37 <REP> d-------- C:\Program Files\Trend Micro
2008-05-15 08:26 . 2008-05-15 08:26 0 --a------ C:\Windows\nsreg.dat
2008-05-15 07:51 . 2008-05-15 07:51 <REP> d-------- C:\Users\All Users\Avg8
2008-05-15 07:51 . 2008-05-15 07:51 <REP> d-------- C:\ProgramData\Avg8
2008-05-14 23:19 . 2008-05-14 23:19 <REP> d-------- C:\Program Files\AVG
2008-05-14 22:37 . 2008-05-15 21:32 691 --a------ C:\Users\Darlya\AppData\Roaming\GetValue.vbs
2008-05-14 22:37 . 2008-05-15 21:32 35 --a------ C:\Users\Darlya\AppData\Roaming\SetValue.bat
2008-05-14 22:30 . 2008-05-15 21:32 1,376 --a------ C:\Windows\System32\tmp.reg
2008-05-14 22:29 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-05-14 22:29 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-05-14 22:29 . 2008-04-24 08:10 86,528 --a------ C:\Windows\System32\VACFix.exe
2008-05-14 22:29 . 2008-04-28 08:03 82,944 --a------ C:\Windows\System32\IEDFix.exe
2008-05-14 22:29 . 2008-04-28 08:03 82,944 --a------ C:\Windows\System32\404Fix.exe
2008-05-14 22:29 . 2003-06-05 21:13 53,248 --a------ C:\Windows\System32\Process.exe
2008-05-14 22:29 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-05-14 22:29 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-05-13 07:52 . 2008-05-13 07:52 <REP> d--hs---- C:\VirusEffaceur
2008-05-13 07:51 . 2008-05-13 08:07 <REP> d-------- C:\Users\Darlya\AppData\Roaming\VirusEffaceur
2008-05-13 07:43 . 2004-10-07 13:39 1,060,864 --a------ C:\Windows\System32\mfc71.dll
2008-05-13 07:43 . 2004-10-07 13:39 499,712 --a------ C:\Windows\System32\msvcp71.dll
2008-05-13 07:43 . 2004-10-07 13:39 89,088 --a------ C:\Windows\System32\atl71.dll
2008-05-13 07:38 . 2008-05-13 07:38 <REP> d-------- C:\Program Files\Java
2008-05-13 07:38 . 2005-04-13 03:48 49,265 --a------ C:\Windows\System32\jpicpl32.cpl
2008-05-13 07:37 . 2008-05-13 07:37 <REP> d-------- C:\Program Files\Common Files\Java
2008-05-12 14:24 . 2008-05-12 14:25 <REP> d-------- C:\Program Files\Microsoft Works
2008-05-12 14:22 . 2008-05-15 07:45 <REP> d-a------ C:\Users\All Users\TEMP
2008-05-12 14:22 . 2008-05-15 07:45 <REP> d-a------ C:\ProgramData\TEMP
2008-05-12 14:22 . 2007-12-10 13:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-05-12 14:22 . 2007-12-10 13:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-05-12 14:22 . 2008-02-01 11:55 42,376 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-05-12 14:22 . 2007-12-10 13:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-05-12 14:21 . 2008-05-12 14:21 <REP> d-------- C:\Users\Darlya\AppData\Roaming\PC Tools
2008-05-12 14:21 . 2008-05-12 15:57 <REP> d-------- C:\Program Files\Spyware Doctor
2008-05-12 14:21 . 2008-05-12 14:21 <REP> d-------- C:\Program Files\Microsoft.NET
2008-05-12 14:21 . 2008-05-12 14:21 <REP> d-------- C:\Program Files\Google
2008-05-12 14:17 . 2008-05-12 14:17 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-12 13:17 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll
2008-05-12 13:00 . 2008-05-15 07:49 <REP> d-------- C:\Users\All Users\Microsoft Help
2008-05-12 13:00 . 2008-05-15 07:49 <REP> d-------- C:\ProgramData\Microsoft Help
2008-05-12 08:53 . 2008-05-12 12:11 <REP> d-------- C:\Users\Darlya\AppData\Roaming\uTorrent
2008-05-12 08:53 . 2008-05-12 08:53 <REP> d-------- C:\Program Files\uTorrent
2008-05-11 16:00 . 2008-05-11 16:00 <REP> d-------- C:\Users\Darlya\AppData\Roaming\DivX
2008-05-09 23:28 . 2008-05-09 23:28 <REP> d-------- C:\Program Files\MSXML 4.0
2008-05-08 17:02 . 2008-05-08 17:02 <REP> d-------- C:\Users\Darlya\AppData\Roaming\Samsung
2008-05-08 14:50 . 2008-05-08 14:50 <REP> d-------- C:\Update
2008-05-08 14:50 . 2008-05-08 14:50 <REP> d-------- C:\INF
2008-05-08 14:50 . 2006-06-13 18:37 380,808 --a------ C:\image.chm
2008-05-08 14:41 . 2008-05-08 14:41 <REP> d-------- C:\USER
2008-05-08 14:41 . 2008-05-08 14:50 <REP> d-------- C:\Help
2008-05-07 00:12 . 2008-05-15 18:19 <REP> d-------- C:\Users\Darlya\AppData\Roaming\Spyware Terminator
2008-05-07 00:12 . 2008-05-15 08:02 <REP> d-------- C:\Users\All Users\Spyware Terminator
2008-05-07 00:12 . 2008-05-15 08:02 <REP> d-------- C:\ProgramData\Spyware Terminator
2008-05-07 00:12 . 2008-05-12 13:52 <REP> d-------- C:\Program Files\Spyware Terminator
2008-05-07 00:12 . 2008-05-07 00:12 141,312 --a------ C:\Windows\System32\drivers\sp_rsdrv2.sys
2008-05-05 23:22 . 2008-05-05 23:24 <REP> d-------- C:\Users\All Users\Messenger Plus!
2008-05-05 23:22 . 2008-05-05 23:24 <REP> d-------- C:\ProgramData\Messenger Plus!
2008-05-05 23:20 . 2008-05-05 23:20 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-05-02 17:44 . 2008-05-02 17:44 <REP> d-------- C:\Users\All Users\eMule
2008-05-02 17:44 . 2008-05-02 17:44 <REP> d-------- C:\ProgramData\eMule
2008-05-02 17:43 . 2008-05-02 17:43 <REP> d-------- C:\Users\Darlya\AppData\Roaming\eMule
2008-04-27 20:39 . 2008-04-27 20:39 <REP> d-------- C:\Users\All Users\RoboForm
2008-04-27 20:39 . 2008-04-27 20:39 <REP> d-------- C:\ProgramData\RoboForm
2008-04-27 20:38 . 2008-04-27 20:38 <REP> d-------- C:\Program Files\Siber Systems
2008-04-27 19:48 . 2008-04-27 19:48 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-26 18:13 . 2008-04-26 18:15 <REP> d-------- C:\Users\Darlya\AppData\Roaming\Azureus
2008-04-26 18:13 . 2008-04-26 18:13 <REP> d-------- C:\Users\All Users\Azureus
2008-04-26 18:13 . 2008-04-26 18:13 <REP> d-------- C:\ProgramData\Azureus
2008-04-23 17:47 . 2008-04-23 17:47 <REP> d-------- C:\Program Files\Lavalys
2008-04-23 13:11 . 2008-04-23 13:11 <REP> d-------- C:\Users\Darlya\AppData\Roaming\skypePM
2008-04-23 13:11 . 2008-04-23 13:11 32 --a------ C:\Users\All Users\ezsid.dat
2008-04-23 13:11 . 2008-04-23 13:11 32 --a------ C:\ProgramData\ezsid.dat
2008-04-23 13:05 . 2008-04-23 13:13 <REP> d-------- C:\Users\Darlya\AppData\Roaming\Skype
2008-04-23 13:04 . 2008-04-23 13:04 <REP> d-------- C:\Program Files\Skype
2008-04-23 13:04 . 2008-04-23 13:04 <REP> d-------- C:\Program Files\Common Files\Skype
2008-04-23 13:03 . 2008-04-23 13:04 <REP> d-------- C:\Users\All Users\Skype
2008-04-23 13:03 . 2008-04-23 13:04 <REP> d-------- C:\ProgramData\Skype
2008-04-21 12:32 . 2008-05-08 14:44 <REP> d-------- C:\Windows\System32\Samsung_USB_Drivers
2008-04-21 12:32 . 2008-04-21 12:32 <REP> d-------- C:\Program Files\Samsung
2008-04-21 12:32 . 2007-05-02 11:11 109,704 --a------ C:\Windows\System32\drivers\ss_mdm.sys
2008-04-21 12:32 . 2007-05-02 11:11 83,592 --a------ C:\Windows\System32\drivers\ss_bus.sys
2008-04-21 12:32 . 2007-05-02 11:11 15,112 --a------ C:\Windows\System32\drivers\ss_mdfl.sys
2008-04-21 12:32 . 2007-05-02 11:11 12,424 --a------ C:\Windows\System32\drivers\ss_whnt.sys
2008-04-21 12:32 . 2007-05-02 11:11 12,424 --a------ C:\Windows\System32\drivers\ss_wh.sys
2008-04-21 12:32 . 2007-05-02 11:11 12,424 --a------ C:\Windows\System32\drivers\ss_cmnt.sys
2008-04-21 12:32 . 2007-05-02 11:11 12,424 --a------ C:\Windows\System32\drivers\ss_cm.sys
2008-04-21 12:32 . 2005-08-28 20:51 766 --a------ C:\Windows\System32\Uninstall.ico
2008-04-20 18:09 . 2008-04-20 18:07 917,504 --a------ C:\Windows\system\CMiDS3D3.dll
2008-04-20 18:09 . 2008-04-20 18:07 712,704 --a------ C:\Windows\system\AUDIO3D3.dll
2008-04-20 18:09 . 2008-04-20 18:07 712,704 --a------ C:\Windows\system\a3d.dll
2008-04-20 18:09 . 2008-04-20 18:07 458,752 --a------ C:\Windows\System32\Cmeaupci.exe
2008-04-20 18:09 . 2008-04-20 18:07 106,496 --a------ C:\Windows\Vmix.dll
2008-04-20 18:09 . 2008-04-20 18:07 32,768 --a------ C:\Windows\System32\CMUdaProp3.dll
2008-04-20 18:09 . 2008-04-20 18:09 132 --a------ C:\Windows\Cmicnfg3.ini.cfl
2008-04-20 18:08 . 2008-04-20 18:07 65,536 --a------ C:\Windows\System32\CmiInstallResAll.dll
2008-04-20 18:08 . 2008-04-20 18:07 3,189 --a------ C:\Windows\Cmicnfg3.ini.cfg
2008-04-20 18:08 . 2008-04-20 18:35 634 --a------ C:\Windows\Cmicnfg3.ini.imi
2008-04-20 18:08 . 2008-04-20 18:08 116 --a------ C:\Windows\system\Dlap.pfx
2008-04-20 18:07 . 2008-04-20 18:07 319,968 --a------ C:\Windows\difxapi.dll
2008-04-20 18:07 . 2008-04-20 18:07 725 --a------ C:\Windows\cmudax3.ini
2008-04-20 11:27 . 2008-04-20 11:27 <REP> d-------- C:\Users\Darlya\AppData\Roaming\teamspeak2
2008-04-20 11:09 . 2008-04-20 11:09 <REP> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-04-20 11:08 . 2008-04-20 11:09 <REP> d-------- C:\Program Files\DivX
2008-04-20 11:00 . 2008-04-20 11:00 <REP> d-------- C:\Program Files\WMV9_VCM
2008-04-20 01:40 . 2008-04-20 01:41 69,632 --a------ C:\Windows\ScUnin.exe
2008-04-20 01:40 . 2008-04-20 01:41 25,450 --a------ C:\Windows\scunin.dat
2008-04-20 01:40 . 2008-04-20 01:41 967 --a------ C:\Windows\ScUnin.pif
2008-04-20 01:06 . 2008-04-20 01:06 <REP> d-------- C:\Users\Darlya\AppData\Roaming\DAEMON Tools
2008-04-20 01:06 . 2008-04-20 01:06 717,296 --a------ C:\Windows\System32\drivers\sptd.sys
2008-04-20 00:15 . 2007-03-12 16:42 3,495,784 --a------ C:\Windows\System32\d3dx9_33.dll
2008-04-20 00:15 . 2007-04-04 18:55 261,480 --a------ C:\Windows\System32\xactengine2_7.dll
2008-04-20 00:15 . 2007-04-04 18:53 81,768 --a------ C:\Windows\System32\xinput1_3.dll
2008-04-20 00:12 . 2008-04-20 01:16 237,057 --a------ C:\Windows\System32\Office [Keygen].exe
2008-04-20 00:09 . 2008-05-12 09:10 463,153 --a------ C:\Windows\System32\Setup.exe
2008-04-19 21:17 . 2008-05-15 21:51 <REP> d-------- C:\Users\All Users\Kaspersky Lab
2008-04-19 21:17 . 2008-05-15 21:51 <REP> d-------- C:\ProgramData\Kaspersky Lab
2008-04-19 21:17 . 2008-05-15 22:20 153,393,440 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2008-04-19 21:17 . 2008-05-15 22:18 2,058,584 --ahs---- C:\Windows\System32\drivers\fidbox.idx
2008-04-19 21:17 . 2008-04-19 21:27 96,645 --a------ C:\Windows\System32\drivers\klin.dat
2008-04-19 21:17 . 2008-04-19 21:27 87,941 --a------ C:\Windows\System32\drivers\klick.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 05:50 --------- d-----w C:\Program Files\Windows Mail
2008-05-12 12:24 --------- d-----w C:\Program Files\MSBuild
2008-05-08 12:51 376,832 ----a-w C:\LiveUpdateReal.exe
2008-05-08 12:51 376,832 ----a-w C:\LiveUpdate.exe
2008-04-20 16:07 1,405,504 ----a-w C:\Windows\system32\drivers\cmudax3.sys
2008-04-19 11:43 --------- d-sh--w C:\ProgramData\Modèles
2008-04-19 11:43 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-04-19 11:43 --------- d-sh--w C:\ProgramData\Favoris
2008-04-19 11:43 --------- d-sh--w C:\ProgramData\Bureau
2008-04-19 11:43 --------- d-sh--w C:\Program Files\Fichiers communs
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D89A359-C154-4324-B62F-19AF678E45D3}]
C:\Users\Darlya\AppData\Local\Temp\pmnKeeCr.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 04:23 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 04:25 125952]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-04-27 20:38 160592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-25 23:47 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-25 23:47 8534560]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-25 23:47 81920]
"WinSys2"="C:\Windows\system32\startup.exe" [2007-10-30 10:52 57344]
"P17Helper"="P17.dll" [2005-05-03 13:38 64512 C:\Windows\System32\P17.DLL]
"CmPCIaudio"="CMICNFG3.cpl" []
"C-Media Mixer"="Mixer.exe" [2003-03-20 08:21 1855488 C:\Windows\mixer.exe]
"MSServer"="C:\Windows\system32\qoMdASJD.dll" [2008-05-12 08:59 57344]
"GrooveMonitor"="E:\Office 2007 entreprise\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"AVP"="D:\Antivirus\avp.exe" [2008-02-08 18:36 227856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{2AA0726C-95B7-4216-AA43-B5BDD524892F}"= C:\Windows\system32\qoMdASJD.dll [2008-05-12 08:59 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=D:\ANTIVI~1\r3hook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTRegRun]
--------- 1999-10-11 03:00 41984 C:\Windows\CTRegRun.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 11:39 486856 E:\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
--a------ 2002-12-03 11:16 49152 C:\Windows\MIDIDEF.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-21 04:23 1008184 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntivirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6FD7F27B-F3EA-4226-A720-9E629D1D900D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{DE82BE1D-BC1B-40E5-A13A-178492672423}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.325\\french\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 7.0
"UDP Query User{D08CED7D-64A1-45ED-B075-2F60FCC032A8}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.325\\french\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 7.0
"TCP Query User{5E389F07-8853-4B67-B8A0-B6F11E29C20E}D:\\collin mac ray\\dirt.exe"= UDP:D:\collin mac ray\dirt.exe:DiRT Executable
"UDP Query User{004D9A90-542E-4A11-9BC9-9A427504E094}D:\\collin mac ray\\dirt.exe"= TCP:D:\collin mac ray\dirt.exe:DiRT Executable
"TCP Query User{8116B6BA-2F32-4AA3-8276-3B892A0F4936}D:\\starcraft\\starcraft.exe"= UDP:D:\starcraft\starcraft.exe:Starcraft
"UDP Query User{759DAB70-5A71-4BD1-AACF-9AB9F2C9E28A}D:\\starcraft\\starcraft.exe"= TCP:D:\starcraft\starcraft.exe:Starcraft
"TCP Query User{28FDE752-0841-41B9-AAF8-34201921EC1B}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{12DDF24F-0019-4868-B6BE-CA8ACA51BC07}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{332BDD7E-F73E-44DB-9B6D-6A776FD53DCF}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{5371C304-2C4E-4C81-8BA6-F8239A357F08}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{B3BDE844-6C70-4D20-8428-A111CE5E8F66}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{78CC0834-7F2B-4579-965E-0652E8A91332}F:\\ares\\ares.exe"= UDP:F:\ares\ares.exe:Ares p2p for windows
"UDP Query User{83DC47BB-8408-4387-9248-48B32CB589CB}F:\\ares\\ares.exe"= TCP:F:\ares\ares.exe:Ares p2p for windows
"TCP Query User{B192C49D-39E9-4A03-A8EF-ABCF323B1D30}F:\\azureus\\azureus.exe"= UDP:F:\azureus\azureus.exe:Azureus
"UDP Query User{2DF99EE6-9142-464E-94D0-29CC39C62825}F:\\azureus\\azureus.exe"= TCP:F:\azureus\azureus.exe:Azureus
"TCP Query User{F0C03C1E-C24F-4289-8EFB-0BCABBD1C498}F:\\emule\\emule.exe"= UDP:F:\emule\emule.exe:eMule
"UDP Query User{11343971-7C2E-4551-B511-4F2BE4721472}F:\\emule\\emule.exe"= TCP:F:\emule\emule.exe:eMule
"TCP Query User{F267502A-693E-4CBD-8815-674BD528B5FB}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{E6DE3F03-FE52-406A-B2DD-FA98FE883B70}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{0914B2BD-CA0C-45B2-8449-4D5050CAADAD}"= TCP:6004|E:\Office 2007 entreprise\Office12\outlook.exe:Microsoft Office Outlook
"{23A9D64B-FDE8-40CD-9BCA-A01EC0BC794C}"= UDP:E:\Office 2007 entreprise\Office12\GROOVE.EXE:Microsoft Office Groove
"{8874DC39-87D5-40D8-8571-95331525CEDA}"= TCP:E:\Office 2007 entreprise\Office12\GROOVE.EXE:Microsoft Office Groove
"{4FCD40F5-A82F-4530-B3DA-949F69A945B2}"= UDP:E:\Office 2007 entreprise\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3D3121D9-7AFD-4CE1-8B9D-C89B22C2B562}"= TCP:E:\Office 2007 entreprise\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{BC961EFC-8AB3-449E-87E0-B1D8D433487E}C:\\windows\\explorer.exe"= UDP:C:\windows\explorer.exe:Explorateur Windows
"UDP Query User{EFB57C7C-B1DD-4D03-8248-71C051E14EC7}C:\\windows\\explorer.exe"= TCP:C:\windows\explorer.exe:Explorateur Windows

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);C:\Windows\system32\drivers\pe3ah4nc.sys [2007-05-18 21:53]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);C:\Windows\system32\drivers\ps6ah4nc.sys [2007-05-18 21:52]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 11:05]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\Windows\system32\drivers\sp_rsdrv2.sys [2008-05-07 00:12]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);C:\Windows\system32\pr2ah4nc.exe svc []
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 00:00]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2007-05-02 11:11]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2007-05-02 11:11]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2007-05-02 11:11]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 04:23]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 04:23]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54e27845-0e67-11dd-9392-000c76cee1a7}]
\shell\AutoRun\command - I:\7sinsLauncher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d94dc3a8-0e26-11dd-978f-806e6f6e6963}]
\shell\AutoRun\command - H:\SETUP.EXE

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-15 06:43:29 C:\Windows\Tasks\User_Feed_Synchronization-{BA32F13C-9EC8-437B-8AE8-715FEE188EBD}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 22:20:30
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\Windows\system32\winlogon.exe
-> C:\Windows\system32\qoMdASJD.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\wbem\WMIADAP.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-15 22:24:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-15 20:23:47

Pre-Run: 11,309,514,752 octets libres
Post-Run: 12,142,723,072 octets libres

275 --- E O F --- 2008-05-15 05:50:29
0
Réponse 8 / 17
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
15 mai 2008 à 22:28
le rapport otmovit?

_____

recolle un hijakchtis

a plus
0
Réponse 9 / 17
Bolga
15 mai 2008 à 22:32
Alors voila pour le ormovit : DllUnregisterServer procedure not found in C:\Windows\system32\gebcaWPf.dll
C:\Windows\system32\gebcaWPf.dll NOT unregistered.
File move failed. C:\Windows\system32\gebcaWPf.dll scheduled to be moved on reboot.
File/Folder C:\Users\Darlya\AppData\Local\Temp\mlJAqpqo.dll not found.
File/Folder C:\Users\Darlya\AppData\Local\Temp\rilvklrq.dll not found.
File/Folder C:\Users\Darlya\AppData\Local\Temp\jkKEuVPI.dll not found.
File/Folder C:\Users\Darlya\AppData\Local\Temp\aggmject.dll not found.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05152008_214023


et HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:27:27, on 15/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\mixer.exe
C:\Windows\System32\mobsync.exe
E:\Office 2007 entreprise\Office12\GrooveMonitor.exe
D:\Antivirus\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\Explorer.exe
D:\T3D\T3D.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Users\Darlya\Desktop\hijackthis\aeden.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {0D89A359-C154-4324-B62F-19AF678E45D3} - C:\Users\Darlya\AppData\Local\Temp\pmnKeeCr.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\OFFICE~1\Office12\GRA8E1~1.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinSys2] C:\Windows\system32\startup.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\qoMdASJD.dll,#1
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Office 2007 entreprise\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVP] "D:\Antivirus\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Antivirus\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\OFFICE~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\OFFICE~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: D:\ANTIVI~1\r3hook.dll
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - D:\Antivirus\avp.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\Windows\system32\pr2ah4nc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
0
Réponse 10 / 17
Bolga
16 mai 2008 à 07:40
Rien de plus a faire ? :p

j'ai fait une analyse Ccleaner et defragmentation de disque,
0
Réponse 11 / 17
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
16 mai 2008 à 11:19
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {0D89A359-C154-4324-B62F-19AF678E45D3} - C:\Users\Darlya\AppData\Local\Temp\pmnKeeCr.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\qoMdASJD.dll,#1


____________________

pour fusionner:

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

___________________



Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :






File::
C:\Users\Darlya\AppData\Local\Temp\pmnKeeCr.dll
C:\Windows\system32\qoMdASJD.dll



Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D89A359-C154-4324-B62F-19AF678E45D3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSServer"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{2AA0726C-95B7-4216-AA43-B5BDD524892F}"=-








Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
0
Réponse 12 / 17
Bolga
16 mai 2008 à 12:41
Voila pour combo,

ComboFix 08-05-12.1 - Darlya 2008-05-16 12:32:19.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1183 [GMT 2:00]
Endroit: C:\Users\Darlya\Desktop\ComboFix.exe
Command switches used :: C:\Users\Darlya\Desktop\CFscript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\Users\Darlya\AppData\Local\Temp\pmnKeeCr.dll
C:\Windows\system32\qoMdASJD.dll
.

((((((((((((((((((((((((((((( Fichiers créés 2008-04-16 to 2008-05-16 ))))))))))))))))))))))))))))))))))))
.

2008-05-16 07:28 . 2008-05-12 08:59 57,344 --a------ C:\Windows\System32\urqPgdeB.dll
2008-05-16 07:19 . 2008-05-16 07:19 0 --a------ C:\Windows\msicpl.ini
2008-05-15 22:07 . 2008-05-15 22:10 1,905 --a------ C:\Windows\diagwrn.xml
2008-05-15 22:07 . 2008-05-15 22:10 1,905 --a------ C:\Windows\diagerr.xml
2008-05-15 21:51 . 2008-05-12 08:59 57,344 --a------ C:\Windows\System32\tuvUKEWM.dll
2008-05-15 21:51 . 2008-05-15 21:51 25 --a------ C:\Windows\mixerdef.ini
2008-05-15 21:40 . 2008-05-15 21:40 <REP> d-------- C:\_OTMoveIt
2008-05-15 18:37 . 2008-05-15 18:37 <REP> d-------- C:\Program Files\Trend Micro
2008-05-15 08:26 . 2008-05-15 08:26 0 --a------ C:\Windows\nsreg.dat
2008-05-15 07:51 . 2008-05-15 07:51 <REP> d-------- C:\Users\All Users\Avg8
2008-05-15 07:51 . 2008-05-15 07:51 <REP> d-------- C:\ProgramData\Avg8
2008-05-14 23:19 . 2008-05-14 23:19 <REP> d-------- C:\Program Files\AVG
2008-05-14 22:37 . 2008-05-15 21:32 691 --a------ C:\Users\Darlya\AppData\Roaming\GetValue.vbs
2008-05-14 22:37 . 2008-05-15 21:32 35 --a------ C:\Users\Darlya\AppData\Roaming\SetValue.bat
2008-05-14 22:30 . 2008-05-15 21:32 1,376 --a------ C:\Windows\System32\tmp.reg
2008-05-14 22:29 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-05-14 22:29 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-05-14 22:29 . 2008-04-24 08:10 86,528 --a------ C:\Windows\System32\VACFix.exe
2008-05-14 22:29 . 2008-04-28 08:03 82,944 --a------ C:\Windows\System32\IEDFix.exe
2008-05-14 22:29 . 2008-04-28 08:03 82,944 --a------ C:\Windows\System32\404Fix.exe
2008-05-14 22:29 . 2003-06-05 21:13 53,248 --a------ C:\Windows\System32\Process.exe
2008-05-14 22:29 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-05-14 22:29 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-05-13 07:52 . 2008-05-13 07:52 <REP> d--hs---- C:\VirusEffaceur
2008-05-13 07:51 . 2008-05-13 08:07 <REP> d-------- C:\Users\Darlya\AppData\Roaming\VirusEffaceur
2008-05-13 07:43 . 2004-10-07 13:39 1,060,864 --a------ C:\Windows\System32\mfc71.dll
2008-05-13 07:43 . 2004-10-07 13:39 499,712 --a------ C:\Windows\System32\msvcp71.dll
2008-05-13 07:43 . 2004-10-07 13:39 89,088 --a------ C:\Windows\System32\atl71.dll
2008-05-13 07:38 . 2008-05-13 07:38 <REP> d-------- C:\Program Files\Java
2008-05-13 07:38 . 2005-04-13 03:48 49,265 --a------ C:\Windows\System32\jpicpl32.cpl
2008-05-13 07:37 . 2008-05-13 07:37 <REP> d-------- C:\Program Files\Common Files\Java
2008-05-12 14:24 . 2008-05-12 14:25 <REP> d-------- C:\Program Files\Microsoft Works
2008-05-12 14:22 . 2008-05-15 22:46 <REP> d-a------ C:\Users\All Users\TEMP
2008-05-12 14:22 . 2008-05-15 22:46 <REP> d-a------ C:\ProgramData\TEMP
2008-05-12 14:21 . 2008-05-12 14:21 <REP> d-------- C:\Program Files\Microsoft.NET
2008-05-12 14:21 . 2008-05-12 14:21 <REP> d-------- C:\Program Files\Google
2008-05-12 14:17 . 2008-05-12 14:17 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-12 13:17 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll
2008-05-12 13:00 . 2008-05-15 07:49 <REP> d-------- C:\Users\All Users\Microsoft Help
2008-05-12 13:00 . 2008-05-15 07:49 <REP> d-------- C:\ProgramData\Microsoft Help
2008-05-12 08:53 . 2008-05-12 12:11 <REP> d-------- C:\Users\Darlya\AppData\Roaming\uTorrent
2008-05-12 08:53 . 2008-05-12 08:53 <REP> d-------- C:\Program Files\uTorrent
2008-05-11 16:00 . 2008-05-11 16:00 <REP> d-------- C:\Users\Darlya\AppData\Roaming\DivX
2008-05-09 23:28 . 2008-05-09 23:28 <REP> d-------- C:\Program Files\MSXML 4.0
2008-05-08 17:02 . 2008-05-08 17:02 <REP> d-------- C:\Users\Darlya\AppData\Roaming\Samsung
2008-05-08 14:50 . 2008-05-08 14:50 <REP> d-------- C:\Update
2008-05-08 14:50 . 2008-05-08 14:50 <REP> d-------- C:\INF
2008-05-08 14:50 . 2006-06-13 18:37 380,808 --a------ C:\image.chm
2008-05-08 14:41 . 2008-05-08 14:41 <REP> d-------- C:\USER
2008-05-08 14:41 . 2008-05-08 14:50 <REP> d-------- C:\Help
2008-05-05 23:22 . 2008-05-05 23:24 <REP> d-------- C:\Users\All Users\Messenger Plus!
2008-05-05 23:22 . 2008-05-05 23:24 <REP> d-------- C:\ProgramData\Messenger Plus!
2008-05-05 23:20 . 2008-05-05 23:20 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-05-02 17:44 . 2008-05-02 17:44 <REP> d-------- C:\Users\All Users\eMule
2008-05-02 17:44 . 2008-05-02 17:44 <REP> d-------- C:\ProgramData\eMule
2008-05-02 17:43 . 2008-05-02 17:43 <REP> d-------- C:\Users\Darlya\AppData\Roaming\eMule
2008-04-27 20:39 . 2008-04-27 20:39 <REP> d-------- C:\Users\All Users\RoboForm
2008-04-27 20:39 . 2008-04-27 20:39 <REP> d-------- C:\ProgramData\RoboForm
2008-04-27 20:38 . 2008-04-27 20:38 <REP> d-------- C:\Program Files\Siber Systems
2008-04-27 19:48 . 2008-04-27 19:48 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-26 18:13 . 2008-04-26 18:15 <REP> d-------- C:\Users\Darlya\AppData\Roaming\Azureus
2008-04-26 18:13 . 2008-04-26 18:13 <REP> d-------- C:\Users\All Users\Azureus
2008-04-26 18:13 . 2008-04-26 18:13 <REP> d-------- C:\ProgramData\Azureus
2008-04-23 17:47 . 2008-04-23 17:47 <REP> d-------- C:\Program Files\Lavalys
2008-04-23 13:11 . 2008-04-23 13:11 <REP> d-------- C:\Users\Darlya\AppData\Roaming\skypePM
2008-04-23 13:11 . 2008-04-23 13:11 32 --a------ C:\Users\All Users\ezsid.dat
2008-04-23 13:11 . 2008-04-23 13:11 32 --a------ C:\ProgramData\ezsid.dat
2008-04-23 13:05 . 2008-04-23 13:13 <REP> d-------- C:\Users\Darlya\AppData\Roaming\Skype
2008-04-23 13:04 . 2008-04-23 13:04 <REP> d-------- C:\Program Files\Skype
2008-04-23 13:04 . 2008-04-23 13:04 <REP> d-------- C:\Program Files\Common Files\Skype
2008-04-23 13:03 . 2008-04-23 13:04 <REP> d-------- C:\Users\All Users\Skype
2008-04-23 13:03 . 2008-04-23 13:04 <REP> d-------- C:\ProgramData\Skype
2008-04-21 12:32 . 2008-05-08 14:44 <REP> d-------- C:\Windows\System32\Samsung_USB_Drivers
2008-04-21 12:32 . 2008-04-21 12:32 <REP> d-------- C:\Program Files\Samsung
2008-04-21 12:32 . 2007-05-02 11:11 109,704 --a------ C:\Windows\System32\drivers\ss_mdm.sys
2008-04-21 12:32 . 2007-05-02 11:11 83,592 --a------ C:\Windows\System32\drivers\ss_bus.sys
2008-04-21 12:32 . 2007-05-02 11:11 15,112 --a------ C:\Windows\System32\drivers\ss_mdfl.sys
2008-04-21 12:32 . 2007-05-02 11:11 12,424 --a------ C:\Windows\System32\drivers\ss_whnt.sys
2008-04-21 12:32 . 2007-05-02 11:11 12,424 --a------ C:\Windows\System32\drivers\ss_wh.sys
2008-04-21 12:32 . 2007-05-02 11:11 12,424 --a------ C:\Windows\System32\drivers\ss_cmnt.sys
2008-04-21 12:32 . 2007-05-02 11:11 12,424 --a------ C:\Windows\System32\drivers\ss_cm.sys
2008-04-21 12:32 . 2005-08-28 20:51 766 --a------ C:\Windows\System32\Uninstall.ico
2008-04-20 18:09 . 2008-04-20 18:07 917,504 --a------ C:\Windows\system\CMiDS3D3.dll
2008-04-20 18:09 . 2008-04-20 18:07 712,704 --a------ C:\Windows\system\AUDIO3D3.dll
2008-04-20 18:09 . 2008-04-20 18:07 712,704 --a------ C:\Windows\system\a3d.dll
2008-04-20 18:09 . 2008-04-20 18:07 458,752 --a------ C:\Windows\System32\Cmeaupci.exe
2008-04-20 18:09 . 2008-04-20 18:07 106,496 --a------ C:\Windows\Vmix.dll
2008-04-20 18:09 . 2008-04-20 18:07 32,768 --a------ C:\Windows\System32\CMUdaProp3.dll
2008-04-20 18:09 . 2008-04-20 18:09 132 --a------ C:\Windows\Cmicnfg3.ini.cfl
2008-04-20 18:08 . 2008-04-20 18:07 65,536 --a------ C:\Windows\System32\CmiInstallResAll.dll
2008-04-20 18:08 . 2008-04-20 18:07 3,189 --a------ C:\Windows\Cmicnfg3.ini.cfg
2008-04-20 18:08 . 2008-05-15 23:08 634 --a------ C:\Windows\Cmicnfg3.ini.imi
2008-04-20 18:08 . 2008-04-20 18:08 116 --a------ C:\Windows\system\Dlap.pfx
2008-04-20 18:07 . 2008-04-20 18:07 319,968 --a------ C:\Windows\difxapi.dll
2008-04-20 18:07 . 2008-04-20 18:07 725 --a------ C:\Windows\cmudax3.ini
2008-04-20 11:27 . 2008-04-20 11:27 <REP> d-------- C:\Users\Darlya\AppData\Roaming\teamspeak2
2008-04-20 11:09 . 2008-04-20 11:09 <REP> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-04-20 11:08 . 2008-04-20 11:09 <REP> d-------- C:\Program Files\DivX
2008-04-20 11:00 . 2008-04-20 11:00 <REP> d-------- C:\Program Files\WMV9_VCM
2008-04-20 01:40 . 2008-04-20 01:41 69,632 --a------ C:\Windows\ScUnin.exe
2008-04-20 01:40 . 2008-04-20 01:41 25,450 --a------ C:\Windows\scunin.dat
2008-04-20 01:40 . 2008-04-20 01:41 967 --a------ C:\Windows\ScUnin.pif
2008-04-20 01:06 . 2008-04-20 01:06 <REP> d-------- C:\Users\Darlya\AppData\Roaming\DAEMON Tools
2008-04-20 01:06 . 2008-04-20 01:06 717,296 --a------ C:\Windows\System32\drivers\sptd.sys
2008-04-20 00:15 . 2007-03-12 16:42 3,495,784 --a------ C:\Windows\System32\d3dx9_33.dll
2008-04-20 00:15 . 2007-04-04 18:55 261,480 --a------ C:\Windows\System32\xactengine2_7.dll
2008-04-20 00:15 . 2007-04-04 18:53 81,768 --a------ C:\Windows\System32\xinput1_3.dll
2008-04-20 00:12 . 2008-04-20 01:16 237,057 --a------ C:\Windows\System32\Office [Keygen].exe
2008-04-20 00:09 . 2008-05-12 09:10 463,153 --a------ C:\Windows\System32\Setup.exe
2008-04-19 21:17 . 2008-05-16 08:08 <REP> d-------- C:\Users\All Users\Kaspersky Lab
2008-04-19 21:17 . 2008-05-16 08:08 <REP> d-------- C:\ProgramData\Kaspersky Lab
2008-04-19 21:17 . 2008-05-16 12:34 155,911,200 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2008-04-19 21:17 . 2008-05-16 07:25 2,073,104 --ahs---- C:\Windows\System32\drivers\fidbox.idx
2008-04-19 21:17 . 2008-04-19 21:27 96,645 --a------ C:\Windows\System32\drivers\klin.dat
2008-04-19 21:17 . 2008-04-19 21:27 87,941 --a------ C:\Windows\System32\drivers\klick.dat
2008-04-19 21:15 . 2008-04-19 21:15 <REP> d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-04-19 21:15 . 2008-04-19 21:15 <REP> d-------- C:\ProgramData\Kaspersky Lab Setup Files
2008-04-19 20:07 . 2008-04-19 20:07 <REP> d-------- C:\Program Files\C-Media
2008-04-19 19:38 . 2008-05-15 23:08 344 --a------ C:\Windows\system\CMICNFG3.INI
2008-04-19 19:03 . 2008-04-19 19:03 <REP> d-------- C:\Windows\System32\Macromed
2008-04-19 18:49 . 2008-04-19 18:49 <REP> d-------- C:\Windows\PCHEALTH
2008-04-19 18:45 . 2008-05-15 07:50 <REP> d--hs---- C:\Windows\Installer
2008-04-19 18:45 . 2008-04-23 18:07 <REP> d-------- C:\Users\All Users\WLInstaller
2008-04-19 18:45 . 2008-04-23 18:07 <REP> d-------- C:\ProgramData\WLInstaller
2008-04-19 18:45 . 2008-04-23 18:09 <REP> d-------- C:\Program Files\Windows Live

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 05:50 --------- d-----w C:\Program Files\Windows Mail
2008-05-12 12:24 --------- d-----w C:\Program Files\MSBuild
2008-05-08 12:51 376,832 ----a-w C:\LiveUpdateReal.exe
2008-05-08 12:51 376,832 ----a-w C:\LiveUpdate.exe
2008-04-20 16:07 36,864 ----a-w C:\Windows\System32\cmudax3.DLL
2008-04-20 16:07 1,405,504 ----a-w C:\Windows\system32\drivers\cmudax3.sys
2008-04-19 11:43 --------- d-sh--w C:\ProgramData\Modèles
2008-04-19 11:43 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-04-19 11:43 --------- d-sh--w C:\ProgramData\Favoris
2008-04-19 11:43 --------- d-sh--w C:\ProgramData\Bureau
2008-04-19 11:43 --------- d-sh--w C:\Program Files\Fichiers communs
2008-03-31 21:25 831,488 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-03-21 20:30 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll
2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot@2008-05-15_22.22.45.68 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-15 20:19:28 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-16 10:23:01 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-15 20:19:29 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-16 05:28:11 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-05-15 20:19:29 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-05-16 05:28:11 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-13 04:49:23 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-16 06:09:11 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-13 04:49:23 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-16 06:09:11 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-13 04:49:23 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-16 06:09:11 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-15 20:20:05 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-16 05:30:03 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-16 05:30:03 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-05-15 20:20:05 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-16 05:29:58 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-16 05:29:58 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-05-15 20:13:41 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-16 06:11:04 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-15 20:13:41 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-16 06:11:04 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-15 20:13:41 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-16 06:11:04 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-05 20:56:22 19,836,024 ----a-w C:\Windows\System32\mrt.exe
+ 2008-05-09 21:35:04 16,863,864 ----a-w C:\Windows\System32\mrt.exe
- 2008-05-15 19:58:41 101,052 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-16 05:35:50 101,052 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-15 19:58:41 123,350 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-05-16 05:35:50 123,350 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-05-15 19:58:41 586,980 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-16 05:35:50 586,980 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-15 19:58:41 669,340 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-05-16 05:35:50 669,340 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-05-14 20:09:39 4,232 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2228878219-1548373529-4257470935-1000_UserData.bin
+ 2008-05-15 20:21:54 4,618 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2228878219-1548373529-4257470935-1000_UserData.bin
- 2008-05-14 20:09:39 58,948 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-15 20:21:54 60,638 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-15 05:55:52 28,468 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-15 20:59:16 28,856 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 04:23 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 04:25 125952]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-04-27 20:38 160592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-25 23:47 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-25 23:47 8534560]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-25 23:47 81920]
"WinSys2"="C:\Windows\system32\startup.exe" [2007-10-30 10:52 57344]
"P17Helper"="P17.dll" [2005-05-03 13:38 64512 C:\Windows\System32\P17.DLL]
"CmPCIaudio"="CMICNFG3.cpl" []
"C-Media Mixer"="Mixer.exe" [2003-03-20 08:21 1855488 C:\Windows\mixer.exe]
"GrooveMonitor"="E:\Office 2007 entreprise\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"AVP"="D:\Antivirus\avp.exe" [2008-02-08 18:36 227856]
"MSServer"="C:\Windows\system32\urqPgdeB.dll" [2008-05-12 08:59 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{2AA0726C-95B7-4216-AA43-B5BDD524892F}"= C:\Windows\system32\urqPgdeB.dll [2008-05-12 08:59 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=D:\ANTIVI~1\r3hook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTRegRun]
--------- 1999-10-11 03:00 41984 C:\Windows\CTRegRun.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 11:39 486856 E:\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
--a------ 2002-12-03 11:16 49152 C:\Windows\MIDIDEF.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-21 04:23 1008184 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntivirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6FD7F27B-F3EA-4226-A720-9E629D1D900D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{DE82BE1D-BC1B-40E5-A13A-178492672423}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.325\\french\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 7.0
"UDP Query User{D08CED7D-64A1-45ED-B075-2F60FCC032A8}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.325\\french\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 7.0
"TCP Query User{5E389F07-8853-4B67-B8A0-B6F11E29C20E}D:\\collin mac ray\\dirt.exe"= UDP:D:\collin mac ray\dirt.exe:DiRT Executable
"UDP Query User{004D9A90-542E-4A11-9BC9-9A427504E094}D:\\collin mac ray\\dirt.exe"= TCP:D:\collin mac ray\dirt.exe:DiRT Executable
"TCP Query User{8116B6BA-2F32-4AA3-8276-3B892A0F4936}D:\\starcraft\\starcraft.exe"= UDP:D:\starcraft\starcraft.exe:Starcraft
"UDP Query User{759DAB70-5A71-4BD1-AACF-9AB9F2C9E28A}D:\\starcraft\\starcraft.exe"= TCP:D:\starcraft\starcraft.exe:Starcraft
"TCP Query User{28FDE752-0841-41B9-AAF8-34201921EC1B}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{12DDF24F-0019-4868-B6BE-CA8ACA51BC07}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{332BDD7E-F73E-44DB-9B6D-6A776FD53DCF}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{5371C304-2C4E-4C81-8BA6-F8239A357F08}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{B3BDE844-6C70-4D20-8428-A111CE5E8F66}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{78CC0834-7F2B-4579-965E-0652E8A91332}F:\\ares\\ares.exe"= UDP:F:\ares\ares.exe:Ares p2p for windows
"UDP Query User{83DC47BB-8408-4387-9248-48B32CB589CB}F:\\ares\\ares.exe"= TCP:F:\ares\ares.exe:Ares p2p for windows
"TCP Query User{B192C49D-39E9-4A03-A8EF-ABCF323B1D30}F:\\azureus\\azureus.exe"= UDP:F:\azureus\azureus.exe:Azureus
"UDP Query User{2DF99EE6-9142-464E-94D0-29CC39C62825}F:\\azureus\\azureus.exe"= TCP:F:\azureus\azureus.exe:Azureus
"TCP Query User{F0C03C1E-C24F-4289-8EFB-0BCABBD1C498}F:\\emule\\emule.exe"= UDP:F:\emule\emule.exe:eMule
"UDP Query User{11343971-7C2E-4551-B511-4F2BE4721472}F:\\emule\\emule.exe"= TCP:F:\emule\emule.exe:eMule
"TCP Query User{F267502A-693E-4CBD-8815-674BD528B5FB}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{E6DE3F03-FE52-406A-B2DD-FA98FE883B70}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{0914B2BD-CA0C-45B2-8449-4D5050CAADAD}"= TCP:6004|E:\Office 2007 entreprise\Office12\outlook.exe:Microsoft Office Outlook
"{23A9D64B-FDE8-40CD-9BCA-A01EC0BC794C}"= UDP:E:\Office 2007 entreprise\Office12\GROOVE.EXE:Microsoft Office Groove
"{8874DC39-87D5-40D8-8571-95331525CEDA}"= TCP:E:\Office 2007 entreprise\Office12\GROOVE.EXE:Microsoft Office Groove
"{4FCD40F5-A82F-4530-B3DA-949F69A945B2}"= UDP:E:\Office 2007 entreprise\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3D3121D9-7AFD-4CE1-8B9D-C89B22C2B562}"= TCP:E:\Office 2007 entreprise\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{BC961EFC-8AB3-449E-87E0-B1D8D433487E}C:\\windows\\explorer.exe"= UDP:C:\windows\explorer.exe:Explorateur Windows
"UDP Query User{EFB57C7C-B1DD-4D03-8248-71C051E14EC7}C:\\windows\\explorer.exe"= TCP:C:\windows\explorer.exe:Explorateur Windows

R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);C:\Windows\system32\drivers\pe3ah4nc.sys [2007-05-18 21:53]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);C:\Windows\system32\drivers\ps6ah4nc.sys [2007-05-18 21:52]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 11:05]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);C:\Windows\system32\pr2ah4nc.exe svc []
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 00:00]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2007-05-02 11:11]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2007-05-02 11:11]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2007-05-02 11:11]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 04:23]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 04:23]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54e27845-0e67-11dd-9392-000c76cee1a7}]
\shell\AutoRun\command - I:\7sinsLauncher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d94dc3a8-0e26-11dd-978f-806e6f6e6963}]
\shell\AutoRun\command - H:\SETUP.EXE

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-16 07:53:07 C:\Windows\Tasks\User_Feed_Synchronization-{BA32F13C-9EC8-437B-8AE8-715FEE188EBD}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-16 12:35:22
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...


C:\Users\Darlya\AppData\Local\Microsoft\Messenger\Bolgashamy@hotmail.fr\SharingMetadata\Working\database_86B0_7E1D_B07E_1441\$db_clean$ 0 bytes

Scan terminé avec succès
Les fichiers cachés: 1

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\Windows\system32\winlogon.exe
-> C:\Windows\system32\urqPgdeB.dll
.
Temps d'accomplissement: 2008-05-16 12:36:58
ComboFix-quarantined-files.txt 2008-05-16 10:36:47
ComboFix2.txt 2008-05-15 20:24:20

Pre-Run: 14,702,817,280 octets libres
Post-Run: 14,178,516,992 octets libres

337 --- E O F --- 2008-05-16 05:25:28


Et voila pour : HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:54, on 16/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\mixer.exe
C:\Windows\System32\rundll32.exe
E:\Office 2007 entreprise\Office12\GrooveMonitor.exe
D:\Antivirus\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\wermgr.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\OFFICE~1\Office12\GRA8E1~1.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinSys2] C:\Windows\system32\startup.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Office 2007 entreprise\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVP] "D:\Antivirus\avp.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\urqPgdeB.dll,#1
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Antivirus\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\OFFICE~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\OFFICE~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: D:\ANTIVI~1\r3hook.dll
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - D:\Antivirus\avp.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\Windows\system32\pr2ah4nc.exe
0
Réponse 13 / 17
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
16 mai 2008 à 14:12
scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
___________________



Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :






File::
C:\Windows\system32\urqPgdeB.dll



Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSServer"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{2AA0726C-95B7-4216-AA43-B5BDD524892F}"=-








Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis et dis moi tes problèmes actuels


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
0
Réponse 14 / 17
Bolga
16 mai 2008 à 19:02
Alors voila le rapport de malware :

Malwarebytes' Anti-Malware 1.12
Version de la base de données: 755

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|)
Eléments examinés: 137782
Temps écoulé: 40 minute(s), 23 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Windows\System32\geBrqppo.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2aa0726c-95b7-4216-aa43-b5bdd524892f} (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{2aa0726c-95b7-4216-aa43-b5bdd524892f} (Trojan.Vundo) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Windows\System32\geBrqppo.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\tuvUKEWM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.


Celui de combo :

ComboFix 08-05-12.1 - Darlya 2008-05-16 18:46:13.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1350 [GMT 2:00]
Endroit: C:\Users\Darlya\Desktop\ComboFix.exe
Command switches used :: C:\Users\Darlya\Desktop\CFscript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\Windows\system32\urqPgdeB.dll
.

((((((((((((((((((((((((((((( Fichiers créés 2008-04-16 to 2008-05-16 ))))))))))))))))))))))))))))))))))))
.

2008-05-16 18:44 . 2008-05-16 18:44 <REP> d-------- C:\327882R2FWJFW
2008-05-16 17:46 . 2008-05-16 17:46 <REP> d-------- C:\Users\Darlya\AppData\Roaming\Malwarebytes
2008-05-16 17:45 . 2008-05-16 17:45 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-05-16 17:45 . 2008-05-16 17:45 <REP> d-------- C:\ProgramData\Malwarebytes
2008-05-16 17:44 . 2008-05-05 20:46 27,048 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-05-16 17:44 . 2008-05-05 20:46 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-05-16 17:43 . 2008-05-16 18:34 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-16 07:19 . 2008-05-16 07:19 0 --a------ C:\Windows\msicpl.ini
2008-05-15 22:07 . 2008-05-15 22:10 1,905 --a------ C:\Windows\diagwrn.xml
2008-05-15 22:07 . 2008-05-15 22:10 1,905 --a------ C:\Windows\diagerr.xml
2008-05-15 21:51 . 2008-05-15 21:51 25 --a------ C:\Windows\mixerdef.ini
2008-05-15 21:40 . 2008-05-15 21:40 <REP> d-------- C:\_OTMoveIt
2008-05-15 18:37 . 2008-05-15 18:37 <REP> d-------- C:\Program Files\Trend Micro
2008-05-15 08:26 . 2008-05-15 08:26 0 --a------ C:\Windows\nsreg.dat
2008-05-15 07:51 . 2008-05-15 07:51 <REP> d-------- C:\Users\All Users\Avg8
2008-05-15 07:51 . 2008-05-15 07:51 <REP> d-------- C:\ProgramData\Avg8
2008-05-14 23:19 . 2008-05-14 23:19 <REP> d-------- C:\Program Files\AVG
2008-05-14 22:37 . 2008-05-15 21:32 691 --a------ C:\Users\Darlya\AppData\Roaming\GetValue.vbs
2008-05-14 22:37 . 2008-05-15 21:32 35 --a------ C:\Users\Darlya\AppData\Roaming\SetValue.bat
2008-05-14 22:30 . 2008-05-15 21:32 1,376 --a------ C:\Windows\System32\tmp.reg
2008-05-14 22:29 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-05-14 22:29 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-05-14 22:29 . 2008-04-24 08:10 86,528 --a------ C:\Windows\System32\VACFix.exe
2008-05-14 22:29 . 2008-04-28 08:03 82,944 --a------ C:\Windows\System32\IEDFix.exe
2008-05-14 22:29 . 2008-04-28 08:03 82,944 --a------ C:\Windows\System32\404Fix.exe
2008-05-14 22:29 . 2003-06-05 21:13 53,248 --a------ C:\Windows\System32\Process.exe
2008-05-14 22:29 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-05-14 22:29 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-05-13 07:52 . 2008-05-13 07:52 <REP> d--hs---- C:\VirusEffaceur
2008-05-13 07:51 . 2008-05-13 08:07 <REP> d-------- C:\Users\Darlya\AppData\Roaming\VirusEffaceur
2008-05-13 07:43 . 2004-10-07 13:39 1,060,864 --a------ C:\Windows\System32\mfc71.dll
2008-05-13 07:43 . 2004-10-07 13:39 499,712 --a------ C:\Windows\System32\msvcp71.dll
2008-05-13 07:43 . 2004-10-07 13:39 89,088 --a------ C:\Windows\System32\atl71.dll
2008-05-13 07:38 . 2008-05-13 07:38 <REP> d-------- C:\Program Files\Java
2008-05-13 07:38 . 2005-04-13 03:48 49,265 --a------ C:\Windows\System32\jpicpl32.cpl
2008-05-13 07:37 . 2008-05-13 07:37 <REP> d-------- C:\Program Files\Common Files\Java
2008-05-12 14:24 . 2008-05-12 14:25 <REP> d-------- C:\Program Files\Microsoft Works
2008-05-12 14:22 . 2008-05-15 22:46 <REP> d-a------ C:\Users\All Users\TEMP
2008-05-12 14:22 . 2008-05-15 22:46 <REP> d-a------ C:\ProgramData\TEMP
2008-05-12 14:21 . 2008-05-12 14:21 <REP> d-------- C:\Program Files\Microsoft.NET
2008-05-12 14:21 . 2008-05-12 14:21 <REP> d-------- C:\Program Files\Google
2008-05-12 14:17 . 2008-05-12 14:17 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-12 13:17 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll
2008-05-12 13:00 . 2008-05-15 07:49 <REP> d-------- C:\Users\All Users\Microsoft Help
2008-05-12 13:00 . 2008-05-15 07:49 <REP> d-------- C:\ProgramData\Microsoft Help
2008-05-12 08:53 . 2008-05-12 12:11 <REP> d-------- C:\Users\Darlya\AppData\Roaming\uTorrent
2008-05-12 08:53 . 2008-05-12 08:53 <REP> d-------- C:\Program Files\uTorrent
2008-05-11 16:00 . 2008-05-11 16:00 <REP> d-------- C:\Users\Darlya\AppData\Roaming\DivX
2008-05-09 23:28 . 2008-05-09 23:28 <REP> d-------- C:\Program Files\MSXML 4.0
2008-05-08 17:02 . 2008-05-08 17:02 <REP> d-------- C:\Users\Darlya\AppData\Roaming\Samsung
2008-05-08 14:50 . 2008-05-08 14:50 <REP> d-------- C:\Update
2008-05-08 14:50 . 2008-05-08 14:50 <REP> d-------- C:\INF
2008-05-08 14:50 . 2006-06-13 18:37 380,808 --a------ C:\image.chm
2008-05-08 14:41 . 2008-05-08 14:41 <REP> d-------- C:\USER
2008-05-08 14:41 . 2008-05-08 14:50 <REP> d-------- C:\Help
2008-05-05 23:22 . 2008-05-05 23:24 <REP> d-------- C:\Users\All Users\Messenger Plus!
2008-05-05 23:22 . 2008-05-05 23:24 <REP> d-------- C:\ProgramData\Messenger Plus!
2008-05-05 23:20 . 2008-05-05 23:20 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-05-02 17:44 . 2008-05-02 17:44 <REP> d-------- C:\Users\All Users\eMule
2008-05-02 17:44 . 2008-05-02 17:44 <REP> d-------- C:\ProgramData\eMule
2008-05-02 17:43 . 2008-05-02 17:43 <REP> d-------- C:\Users\Darlya\AppData\Roaming\eMule
2008-04-27 20:39 . 2008-04-27 20:39 <REP> d-------- C:\Users\All Users\RoboForm
2008-04-27 20:39 . 2008-04-27 20:39 <REP> d-------- C:\ProgramData\RoboForm
2008-04-27 20:38 . 2008-04-27 20:38 <REP> d-------- C:\Program Files\Siber Systems
2008-04-27 19:48 . 2008-04-27 19:48 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-26 18:13 . 2008-04-26 18:15 <REP> d-------- C:\Users\Darlya\AppData\Roaming\Azureus
2008-04-26 18:13 . 2008-04-26 18:13 <REP> d-------- C:\Users\All Users\Azureus
2008-04-26 18:13 . 2008-04-26 18:13 <REP> d-------- C:\ProgramData\Azureus
2008-04-23 17:47 . 2008-04-23 17:47 <REP> d-------- C:\Program Files\Lavalys
2008-04-23 13:11 . 2008-04-23 13:11 <REP> d-------- C:\Users\Darlya\AppData\Roaming\skypePM
2008-04-23 13:11 . 2008-04-23 13:11 32 --a------ C:\Users\All Users\ezsid.dat
2008-04-23 13:11 . 2008-04-23 13:11 32 --a------ C:\ProgramData\ezsid.dat
2008-04-23 13:05 . 2008-04-23 13:13 <REP> d-------- C:\Users\Darlya\AppData\Roaming\Skype
2008-04-23 13:04 . 2008-04-23 13:04 <REP> d-------- C:\Program Files\Skype
2008-04-23 13:04 . 2008-04-23 13:04 <REP> d-------- C:\Program Files\Common Files\Skype
2008-04-23 13:03 . 2008-04-23 13:04 <REP> d-------- C:\Users\All Users\Skype
2008-04-23 13:03 . 2008-04-23 13:04 <REP> d-------- C:\ProgramData\Skype
2008-04-21 12:32 . 2008-05-08 14:44 <REP> d-------- C:\Windows\System32\Samsung_USB_Drivers
2008-04-21 12:32 . 2008-04-21 12:32 <REP> d-------- C:\Program Files\Samsung
2008-04-21 12:32 . 2007-05-02 11:11 109,704 --a------ C:\Windows\System32\drivers\ss_mdm.sys
2008-04-21 12:32 . 2007-05-02 11:11 83,592 --a------ C:\Windows\System32\drivers\ss_bus.sys
2008-04-21 12:32 . 2007-05-02 11:11 15,112 --a------ C:\Windows\System32\drivers\ss_mdfl.sys
2008-04-21 12:32 . 2007-05-02 11:11 12,424 --a------ C:\Windows\System32\drivers\ss_whnt.sys
2008-04-21 12:32 . 2007-05-02 11:11 12,424 --a------ C:\Windows\System32\drivers\ss_wh.sys
2008-04-21 12:32 . 2007-05-02 11:11 12,424 --a------ C:\Windows\System32\drivers\ss_cmnt.sys
2008-04-21 12:32 . 2007-05-02 11:11 12,424 --a------ C:\Windows\System32\drivers\ss_cm.sys
2008-04-21 12:32 . 2005-08-28 20:51 766 --a------ C:\Windows\System32\Uninstall.ico
2008-04-20 18:09 . 2008-04-20 18:07 917,504 --a------ C:\Windows\system\CMiDS3D3.dll
2008-04-20 18:09 . 2008-04-20 18:07 712,704 --a------ C:\Windows\system\AUDIO3D3.dll
2008-04-20 18:09 . 2008-04-20 18:07 712,704 --a------ C:\Windows\system\a3d.dll
2008-04-20 18:09 . 2008-04-20 18:07 458,752 --a------ C:\Windows\System32\Cmeaupci.exe
2008-04-20 18:09 . 2008-04-20 18:07 106,496 --a------ C:\Windows\Vmix.dll
2008-04-20 18:09 . 2008-04-20 18:07 32,768 --a------ C:\Windows\System32\CMUdaProp3.dll
2008-04-20 18:09 . 2008-04-20 18:09 132 --a------ C:\Windows\Cmicnfg3.ini.cfl
2008-04-20 18:08 . 2008-04-20 18:07 65,536 --a------ C:\Windows\System32\CmiInstallResAll.dll
2008-04-20 18:08 . 2008-04-20 18:07 3,189 --a------ C:\Windows\Cmicnfg3.ini.cfg
2008-04-20 18:08 . 2008-05-15 23:08 634 --a------ C:\Windows\Cmicnfg3.ini.imi
2008-04-20 18:08 . 2008-04-20 18:08 116 --a------ C:\Windows\system\Dlap.pfx
2008-04-20 18:07 . 2008-04-20 18:07 319,968 --a------ C:\Windows\difxapi.dll
2008-04-20 18:07 . 2008-04-20 18:07 725 --a------ C:\Windows\cmudax3.ini
2008-04-20 11:27 . 2008-04-20 11:27 <REP> d-------- C:\Users\Darlya\AppData\Roaming\teamspeak2
2008-04-20 11:09 . 2008-04-20 11:09 <REP> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-04-20 11:08 . 2008-04-20 11:09 <REP> d-------- C:\Program Files\DivX
2008-04-20 11:00 . 2008-04-20 11:00 <REP> d-------- C:\Program Files\WMV9_VCM
2008-04-20 01:40 . 2008-04-20 01:41 69,632 --a------ C:\Windows\ScUnin.exe
2008-04-20 01:40 . 2008-04-20 01:41 25,450 --a------ C:\Windows\scunin.dat
2008-04-20 01:40 . 2008-04-20 01:41 967 --a------ C:\Windows\ScUnin.pif
2008-04-20 01:06 . 2008-04-20 01:06 <REP> d-------- C:\Users\Darlya\AppData\Roaming\DAEMON Tools
2008-04-20 01:06 . 2008-04-20 01:06 717,296 --a------ C:\Windows\System32\drivers\sptd.sys
2008-04-20 00:15 . 2007-03-12 16:42 3,495,784 --a------ C:\Windows\System32\d3dx9_33.dll
2008-04-20 00:15 . 2007-04-04 18:55 261,480 --a------ C:\Windows\System32\xactengine2_7.dll
2008-04-20 00:15 . 2007-04-04 18:53 81,768 --a------ C:\Windows\System32\xinput1_3.dll
2008-04-20 00:12 . 2008-04-20 01:16 237,057 --a------ C:\Windows\System32\Office [Keygen].exe
2008-04-20 00:09 . 2008-05-12 09:10 463,153 --a------ C:\Windows\System32\Setup.exe
2008-04-19 21:17 . 2008-05-16 18:38 <REP> d-------- C:\Users\All Users\Kaspersky Lab
2008-04-19 21:17 . 2008-05-16 18:38 <REP> d-------- C:\ProgramData\Kaspersky Lab
2008-04-19 21:17 . 2008-05-16 18:50 159,133,216 --ahs---- C:\Windows\System32\drivers\fidbox.dat
2008-04-19 21:17 . 2008-05-16 18:36 2,131,472 --ahs---- C:\Windows\System32\drivers\fidbox.idx
2008-04-19 21:17 . 2008-04-19 21:27 96,645 --a------ C:\Windows\System32\drivers\klin.dat
2008-04-19 21:17 . 2008-04-19 21:27 87,941 --a------ C:\Windows\System32\drivers\klick.dat
2008-04-19 21:15 . 2008-04-19 21:15 <REP> d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-04-19 21:15 . 2008-04-19 21:15 <REP> d-------- C:\ProgramData\Kaspersky Lab Setup Files
2008-04-19 20:07 . 2008-04-19 20:07 <REP> d-------- C:\Program Files\C-Media
2008-04-19 19:38 . 2008-05-15 23:08 344 --a------ C:\Windows\system\CMICNFG3.INI
2008-04-19 19:03 . 2008-04-19 19:03 <REP> d-------- C:\Windows\System32\Macromed

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 05:50 --------- d-----w C:\Program Files\Windows Mail
2008-05-12 12:24 --------- d-----w C:\Program Files\MSBuild
2008-05-08 12:51 376,832 ----a-w C:\LiveUpdateReal.exe
2008-05-08 12:51 376,832 ----a-w C:\LiveUpdate.exe
2008-04-20 16:07 36,864 ----a-w C:\Windows\System32\cmudax3.DLL
2008-04-20 16:07 1,405,504 ----a-w C:\Windows\system32\drivers\cmudax3.sys
2008-04-19 11:43 --------- d-sh--w C:\ProgramData\Modèles
2008-04-19 11:43 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-04-19 11:43 --------- d-sh--w C:\ProgramData\Favoris
2008-04-19 11:43 --------- d-sh--w C:\ProgramData\Bureau
2008-04-19 11:43 --------- d-sh--w C:\Program Files\Fichiers communs
2008-03-31 21:25 831,488 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-03-21 20:30 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll
2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot_2008-05-16_12.36.13,38 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-16 10:23:01 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-16 16:37:15 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-16 05:28:11 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-16 16:37:16 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-05-16 05:28:11 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-05-16 16:37:16 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-16 05:30:03 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-16 16:39:16 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-16 16:39:16 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-05-16 05:29:58 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-16 16:39:21 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-16 16:39:21 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-05-16 06:11:04 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-16 15:35:30 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-16 06:11:04 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-16 15:35:30 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-16 06:11:04 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-16 15:35:30 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-16 05:35:50 101,052 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-16 16:42:23 101,052 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-16 05:35:50 123,350 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-05-16 16:42:23 123,350 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-05-16 05:35:50 586,980 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-16 16:42:23 586,980 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-16 05:35:50 669,340 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-05-16 16:42:23 669,340 ----a-w C:\Windows\System32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 04:23 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 04:25 125952]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-04-27 20:38 160592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-25 23:47 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-25 23:47 8534560]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-25 23:47 81920]
"WinSys2"="C:\Windows\system32\startup.exe" [2007-10-30 10:52 57344]
"P17Helper"="P17.dll" [2005-05-03 13:38 64512 C:\Windows\System32\P17.DLL]
"CmPCIaudio"="CMICNFG3.cpl" []
"C-Media Mixer"="Mixer.exe" [2003-03-20 08:21 1855488 C:\Windows\mixer.exe]
"GrooveMonitor"="E:\Office 2007 entreprise\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"AVP"="D:\Antivirus\avp.exe" [2008-02-08 18:36 227856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=D:\ANTIVI~1\r3hook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTRegRun]
--------- 1999-10-11 03:00 41984 C:\Windows\CTRegRun.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 11:39 486856 E:\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
--a------ 2002-12-03 11:16 49152 C:\Windows\MIDIDEF.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-21 04:23 1008184 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntivirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6FD7F27B-F3EA-4226-A720-9E629D1D900D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{DE82BE1D-BC1B-40E5-A13A-178492672423}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.325\\french\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 7.0
"UDP Query User{D08CED7D-64A1-45ED-B075-2F60FCC032A8}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.325\\french\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 7.0
"TCP Query User{5E389F07-8853-4B67-B8A0-B6F11E29C20E}D:\\collin mac ray\\dirt.exe"= UDP:D:\collin mac ray\dirt.exe:DiRT Executable
"UDP Query User{004D9A90-542E-4A11-9BC9-9A427504E094}D:\\collin mac ray\\dirt.exe"= TCP:D:\collin mac ray\dirt.exe:DiRT Executable
"TCP Query User{8116B6BA-2F32-4AA3-8276-3B892A0F4936}D:\\starcraft\\starcraft.exe"= UDP:D:\starcraft\starcraft.exe:Starcraft
"UDP Query User{759DAB70-5A71-4BD1-AACF-9AB9F2C9E28A}D:\\starcraft\\starcraft.exe"= TCP:D:\starcraft\starcraft.exe:Starcraft
"TCP Query User{28FDE752-0841-41B9-AAF8-34201921EC1B}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{12DDF24F-0019-4868-B6BE-CA8ACA51BC07}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{332BDD7E-F73E-44DB-9B6D-6A776FD53DCF}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{5371C304-2C4E-4C81-8BA6-F8239A357F08}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{B3BDE844-6C70-4D20-8428-A111CE5E8F66}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{78CC0834-7F2B-4579-965E-0652E8A91332}F:\\ares\\ares.exe"= UDP:F:\ares\ares.exe:Ares p2p for windows
"UDP Query User{83DC47BB-8408-4387-9248-48B32CB589CB}F:\\ares\\ares.exe"= TCP:F:\ares\ares.exe:Ares p2p for windows
"TCP Query User{B192C49D-39E9-4A03-A8EF-ABCF323B1D30}F:\\azureus\\azureus.exe"= UDP:F:\azureus\azureus.exe:Azureus
"UDP Query User{2DF99EE6-9142-464E-94D0-29CC39C62825}F:\\azureus\\azureus.exe"= TCP:F:\azureus\azureus.exe:Azureus
"TCP Query User{F0C03C1E-C24F-4289-8EFB-0BCABBD1C498}F:\\emule\\emule.exe"= UDP:F:\emule\emule.exe:eMule
"UDP Query User{11343971-7C2E-4551-B511-4F2BE4721472}F:\\emule\\emule.exe"= TCP:F:\emule\emule.exe:eMule
"TCP Query User{F267502A-693E-4CBD-8815-674BD528B5FB}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{E6DE3F03-FE52-406A-B2DD-FA98FE883B70}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{0914B2BD-CA0C-45B2-8449-4D5050CAADAD}"= TCP:6004|E:\Office 2007 entreprise\Office12\outlook.exe:Microsoft Office Outlook
"{23A9D64B-FDE8-40CD-9BCA-A01EC0BC794C}"= UDP:E:\Office 2007 entreprise\Office12\GROOVE.EXE:Microsoft Office Groove
"{8874DC39-87D5-40D8-8571-95331525CEDA}"= TCP:E:\Office 2007 entreprise\Office12\GROOVE.EXE:Microsoft Office Groove
"{4FCD40F5-A82F-4530-B3DA-949F69A945B2}"= UDP:E:\Office 2007 entreprise\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3D3121D9-7AFD-4CE1-8B9D-C89B22C2B562}"= TCP:E:\Office 2007 entreprise\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{BC961EFC-8AB3-449E-87E0-B1D8D433487E}C:\\windows\\explorer.exe"= UDP:C:\windows\explorer.exe:Explorateur Windows
"UDP Query User{EFB57C7C-B1DD-4D03-8248-71C051E14EC7}C:\\windows\\explorer.exe"= TCP:C:\windows\explorer.exe:Explorateur Windows

R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);C:\Windows\system32\drivers\pe3ah4nc.sys [2007-05-18 21:53]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);C:\Windows\system32\drivers\ps6ah4nc.sys [2007-05-18 21:52]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 11:05]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);C:\Windows\system32\pr2ah4nc.exe svc []
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 00:00]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2007-05-02 11:11]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2007-05-02 11:11]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2007-05-02 11:11]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 04:23]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 04:23]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54e27845-0e67-11dd-9392-000c76cee1a7}]
\shell\AutoRun\command - I:\7sinsLauncher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d94dc3a8-0e26-11dd-978f-806e6f6e6963}]
\shell\AutoRun\command - H:\SETUP.EXE

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-16 07:53:07 C:\Windows\Tasks\User_Feed_Synchronization-{BA32F13C-9EC8-437B-8AE8-715FEE188EBD}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-16 18:51:03
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

***********************************************************************
.
Temps d'accomplissement: 2008-05-16 18:53:17
ComboFix-quarantined-files.txt 2008-05-16 16:53:03
ComboFix2.txt 2008-05-16 10:36:59
ComboFix3.txt 2008-05-15 20:24:20

Pre-Run: 13,946,769,408 octets libres
Post-Run: 13,638,934,528 octets libres

313 --- E O F --- 2008-05-16 05:25:28


Et enfin celui d'hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:53:43, on 16/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\mixer.exe
E:\Office 2007 entreprise\Office12\GrooveMonitor.exe
D:\Antivirus\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\OFFICE~1\Office12\GRA8E1~1.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinSys2] C:\Windows\system32\startup.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Office 2007 entreprise\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVP] "D:\Antivirus\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Antivirus\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\OFFICE~1\Office12\ONBttnIE.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\OFFICE~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\OFFICE~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: D:\ANTIVI~1\r3hook.dll
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - D:\Antivirus\avp.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\Windows\system32\pr2ah4nc.exe
0
Réponse 15 / 17
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
16 mai 2008 à 19:07
tu peux peux garde malwarebyte's en complement de kaspersky

vire le reste

scan avec kaspersky pour verifier sinon c'est bon pour toi
0
Réponse 16 / 17
Bolga
16 mai 2008 à 19:16
ok ok je garde malware ! encore merci de ton aide rapide et efficasse :)
0
Réponse 17 / 17
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
16 mai 2008 à 19:26
de rien

bonne continuation
0

Discussions similaires

[victime de winfixer et de exploit.chm
franois -
car -

16 réponses
Conseils pour effacer WinFixer et Exploit.CHM
chapada -
annibal39 -

28 réponses