Sujet Précédent Sujet Suivant

Hacker dans mon PC ???

Résolu/Fermé
Serial - Killer Messages postés 331 Date d'inscription vendredi 24 novembre 2006 Statut Membre Dernière intervention 24 janvier 2009 - 24 mai 2008 à 16:52
ludsfa Messages postés 1284 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 15 janvier 2018 - 30 mai 2008 à 22:28
Bonjour,

j'ai eu un message dans mon msn via mon courrier qu'il y a ue une tentive de hacker dans mon pc mon courrier me donne les info du hack mes je ces pas ci il a reuci a me hacker car le message que j'ai eu dit ceci --->>> Quelqu'un avec l'adresse IP XXXXXXXXXXXXXX a tenté de changer le mot de passe de l'administrateur principal.

j'aimerais savoir doux ça proviens merci de m'aider @+

33 réponses

  • 1
  • 2
Réponse 1 / 33
ludsfa Messages postés 1284 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 15 janvier 2018 15
24 mai 2008 à 16:54
salut,


désactive l'uac

https://forum.malekal.com/viewtopic.php?f=59&t=6517


Téléchargez MSNFix.zip (de !aur3n7) sur ton bureau:

* http://sosvirus.changelog.fr/MSNFix.zip


Décompresse-le (clic droit >> Extraire ici) et place les fichiers dans C:\MSNFix (très important).
Double cliquer sur le fichier MSNFix.bat.
- Exécutez l'option R.
-- Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage.


Note :
-Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal

- Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt


poste le rapport.
0
Réponse 2 / 33
Serial - Killer Messages postés 331 Date d'inscription vendredi 24 novembre 2006 Statut Membre Dernière intervention 24 janvier 2009 24
24 mai 2008 à 17:15
salut voici ce que tu ma demander loll

MSNFix 1.717

C:\MSNFix
Fix exécuté le Sat 05/24/2008 - 10:59:22.84 By JockeR
mode normal

************************ Recherche les fichiers présents

... C:\Users\JockeR\AppData\Local\Temp\removalfile.bat

************************ Recherche les dossiers présents

Aucun dossier trouvé




************************ Suppression des fichiers

.. OK ... C:\Users\JockeR\AppData\Local\Temp\removalfile.bat



************************ Nettoyage du registre



Les fichiers encore présents seront supprimés au prochain redémarrage


Aucun Fichier trouvé



************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\Windows\system32\wininit.exe] 101BA3EA053480BB5D957EF37C06B5ED
[C:\Windows\system32\winload.exe] BB82A604FCC5A930696962A27F1C9760
[C:\Windows\system32\winresume.exe] E3770E54B0864B93DF82C2E35F5AB20D
[C:\Windows\system32\winrs.exe] 24AB1404A479AFEEC112079D9AF12A0D
[C:\Windows\system32\winrshost.exe] 8F26CCF26436315033192266A7135FF5
[C:\Windows\system32\WinSAT.exe] 550E83EEE739D1C25A49E70F038EC816
[C:\Windows\system32\nvvsvc.exe] F397A6FA4B83D243AD25A1DC401237A0

[color=#FF0000][b]==>/b/color SVP merci d'envoyer le fichier [b] C:\Users\JockeR\Desktop\Upload_Me.zip /b sur http://upload.changelog.fr



Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier Sat 05242008_111305.52.zip

************************ HKLM\...\Winlogon\Userinit

Userinit = C:\Windows\system32\userinit.exe,

------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

0
Réponse 3 / 33
ludsfa Messages postés 1284 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 15 janvier 2018 15
24 mai 2008 à 17:27
on continue,


Téléchargez HijackThis sur votre bureau:

https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html

Faîtes un clic droit sur HijackThis.exe et choisissez Renommer puis renommez-le Sanner.exe.

Ceci est très important car cette infection assez coriace peut être masquée sous HijackThis si l'outil n'est pas renommé avant tout scan !

Ensuite double-cliquez sur Scanner.exe puis sur OK sur le message qu'HijackThis va vous envoyer.

Dans HijackThis, cliquez sur "Do a system scan and save a Logfile" : cela va scanner puis ouvrir un rapport dans le bloc-notes.


poste ce rapport.
0
Réponse 4 / 33
Serial - Killer Messages postés 331 Date d'inscription vendredi 24 novembre 2006 Statut Membre Dernière intervention 24 janvier 2009 24
24 mai 2008 à 17:34
re salut

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:33:40 AM, on 5/24/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\JockeR\Desktop\Sanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: (no name) - {2ECA87E3-FAC2-471B-B474-41EDE6AAAB88} - C:\Windows\system32\ssqOEUNF.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\SoundMAX.exe" /tray
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ddcDtRLd.dll,#1
O4 - HKLM\..\Run: [d21d4a0a] rundll32.exe "C:\Windows\system32\cwwabpms.dll",b
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 33
ludsfa Messages postés 1284 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 15 janvier 2018 15
24 mai 2008 à 17:41
on continue,



1) Affiche les fichiers et dossiers cachés …
Pour ce faire, tu vas dans un dossier, par ex. "Mes Images".
Ensuite, clique sur > Outils > Options des dossiers ...
clique sur l' onglet « Affichage » et ...
coche ---> Afficher les fichiers et dossiers cachés
décoche > Masquer les extensions des fichiers dont le type est connu
décoche > Masquer les fichiers protégés du système d' exploitation (recommandé).
« Appliquer » et « OK ».

2) Désactive toute protection résidente ( antivirus…) !
Déconnecte-toi d’internet, ferme tous les programmes en cours et laisse combofix travailler : ne fais donc pas autre chose en même temps !

Télécharge Combofix de sUBs: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Redémarre en mode sans échecs : aide ici >>>
http://forum.telecharger.01net.com/forum/high-tech/SECURITE/Securite/redemarrer-mode-echec-sujet_1526_1.htm
/!\ Ne jamais redémarrer en mode sans échec via msconfig ! /!\

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport. Il se trouve ici : C:\Combofix.txt

3) Copie/colle un nouveau rapport HiJackThis avec.
0
Réponse 6 / 33
Serial - Killer Messages postés 331 Date d'inscription vendredi 24 novembre 2006 Statut Membre Dernière intervention 24 janvier 2009 24
24 mai 2008 à 18:11
re salut voici un compte rendu du log de combofix et de hijackthis

ComboFix 08-05-21.3 - JockeR 2008-05-24 11:55:44.1 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.2.1036.18.1706 [GMT -4:00]
Endroit: C:\Users\JockeR\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\System32\cmnhiaai.ini
C:\Windows\system32\ddcDtRLd.dll
C:\Windows\System32\FNUEOqss.ini
C:\Windows\System32\FNUEOqss.ini2
C:\Windows\system32\lgrvpbyu.exe
C:\Windows\System32\qnoejdtj.ini
C:\Windows\system32\qoMgfDWm.dll
C:\Windows\System32\smpbawwc.ini
C:\Windows\system32\ssqOEUNF.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-24 to 2008-05-24 ))))))))))))))))))))))))))))))))))))
.

2008-05-24 11:00 . 2008-05-24 11:00 115,200 --a------ C:\Windows\System32\cwwabpms.dll
2008-05-24 10:57 . 2008-05-24 11:13 <REP> d-------- C:\MSNFix
2008-05-24 08:47 . 2008-05-24 08:47 54,156 --ah----- C:\Windows\QTFont.qfn
2008-05-24 08:47 . 2008-05-24 08:47 1,409 --a------ C:\Windows\QTFont.for
2008-05-23 22:54 . 2008-05-23 22:54 <REP> d-------- C:\Program Files\MagicDVDRipper
2008-05-23 21:16 . 2008-05-23 21:17 38 --a------ C:\Windows\avisplitter.INI
2008-05-23 20:23 . 2008-05-23 21:10 <REP> d-------- C:\Temp\E--
2008-05-23 19:33 . 2008-05-23 19:35 <REP> d-------- C:\Users\All Users\DVD Shrink
2008-05-23 19:33 . 2008-05-23 19:35 <REP> d-------- C:\ProgramData\DVD Shrink
2008-05-23 19:11 . 2008-05-23 19:11 <REP> d-------- C:\Program Files\AVSMedia
2008-05-23 19:10 . 2008-05-23 19:26 <REP> d-------- C:\Program Files\Common Files\AVSMedia
2008-05-23 14:58 . 2008-05-23 15:36 <REP> d-------- C:\Program Files\DVDFab Platinum 4
2008-05-22 16:47 . 2008-05-22 16:47 <REP> d-------- C:\Program Files\Stardock
2008-05-22 16:32 . 2008-05-22 16:33 <REP> d-------- C:\Program Files\Unlocker
2008-05-22 16:14 . 2008-05-22 16:14 0 --------- C:\Windows\WB.ini
2008-05-22 16:12 . 2008-04-26 16:14 58,792 --------- C:\Windows\System32\wbload.dll
2008-05-22 16:12 . 2008-04-26 16:14 42,672 --------- C:\Windows\System32\wbsys.dll
2008-05-22 10:34 . 2008-05-22 10:53 <REP> d-------- C:\Program Files\Astonsoft
2008-05-22 07:04 . 2008-05-22 07:04 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-21 10:45 . 2008-05-23 20:23 <REP> d-------- C:\Temp
2008-05-21 10:42 . 2008-05-21 10:42 <REP> d-------- C:\Program Files\Xilisoft
2008-05-21 08:35 . 2008-05-21 08:35 <REP> d-------- C:\Program Files\eRightSoft
2008-05-21 08:35 . 2008-05-21 08:35 <REP> d-------- C:\Program Files\AviSynth 2.5
2008-05-20 23:02 . 2008-05-20 23:02 <REP> d-------- C:\Users\All Users\Ubisoft
2008-05-20 23:02 . 2008-05-20 23:02 <REP> d-------- C:\ProgramData\Ubisoft
2008-05-20 23:01 . 2007-10-12 15:14 3,734,536 --a------ C:\Windows\System32\d3dx9_36.dll
2008-05-20 23:01 . 2007-07-19 18:14 3,727,720 --a------ C:\Windows\System32\d3dx9_35.dll
2008-05-20 23:01 . 2008-05-20 23:01 2,337,865 --a------ C:\Windows\System32\pbsvc.exe
2008-05-20 23:01 . 2007-10-12 15:14 1,374,232 --a------ C:\Windows\System32\D3DCompiler_36.dll
2008-05-20 23:01 . 2007-07-19 18:14 1,358,192 --a------ C:\Windows\System32\D3DCompiler_35.dll
2008-05-20 23:01 . 2007-10-02 09:56 444,776 --a------ C:\Windows\System32\d3dx10_36.dll
2008-05-20 23:01 . 2007-07-19 18:14 444,776 --a------ C:\Windows\System32\d3dx10_35.dll
2008-05-20 23:01 . 2007-10-22 03:39 267,272 --a------ C:\Windows\System32\xactengine2_10.dll
2008-05-20 23:01 . 2007-07-20 00:57 267,112 --a------ C:\Windows\System32\xactengine2_9.dll
2008-05-20 23:01 . 2007-06-20 20:46 266,088 --a------ C:\Windows\System32\xactengine2_8.dll
2008-05-20 23:01 . 2007-10-22 03:37 17,928 --a------ C:\Windows\System32\X3DAudio1_2.dll
2008-05-20 22:51 . 2008-05-20 22:51 <REP> d-------- C:\Program Files\Ubisoft
2008-05-20 19:41 . 2008-05-20 19:41 <REP> d-------- C:\Windows\nvidia icons
2008-05-20 19:27 . 2008-05-20 19:27 <REP> d-------- C:\Program Files\Marvell
2008-05-20 17:35 . 2008-05-20 17:35 <REP> d-------- C:\Windows\PCHEALTH
2008-05-20 17:10 . 2008-05-20 17:11 <REP> d-------- C:\Program Files\vLite
2008-05-20 17:10 . 2008-01-19 00:43 131,000 --a------ C:\Windows\System32\drivers\WimFltr.sys
2008-05-20 12:37 . 2008-05-20 12:37 <REP> d-------- C:\Program Files\Common Files\Steam
2008-05-20 12:32 . 2008-05-20 21:10 <REP> d-------- C:\Program Files\Steam
2008-05-20 12:16 . 2008-05-20 12:26 <REP> d-------- C:\Users\All Users\Xfire
2008-05-20 12:16 . 2008-05-20 12:26 <REP> d-------- C:\ProgramData\Xfire
2008-05-20 12:16 . 2008-05-20 12:16 <REP> d-------- C:\Program Files\Xfire
2008-05-20 11:40 . 2008-05-20 11:41 <REP> d-------- C:\Program Files\Project64 1.6
2008-05-20 11:29 . 2008-05-20 11:29 <REP> d-------- C:\Users\All Users\FLEXnet
2008-05-20 11:29 . 2008-05-20 11:29 <REP> d-------- C:\ProgramData\FLEXnet
2008-05-20 10:49 . 2008-05-20 10:49 <REP> d-------- C:\Program Files\Common Files\Control Panels
2008-05-20 10:48 . 2008-05-20 10:48 <REP> d-------- C:\Users\All Users\ALM
2008-05-20 10:48 . 2008-05-20 10:48 <REP> d-------- C:\ProgramData\ALM
2008-05-20 10:40 . 2008-05-20 10:40 <REP> d-------- C:\Program Files\QuickTime
2008-05-20 10:38 . 2007-03-23 04:05 29,272 -ra------ C:\Windows\System32\AdobePDF.dll
2008-05-20 10:36 . 2007-02-20 16:04 2,463,976 --a------ C:\Windows\System32\NPSWF32.dll
2008-05-20 10:36 . 2007-02-20 16:04 190,696 --a------ C:\Windows\System32\NPSWF32_FlashUtil.exe
2008-05-20 10:34 . 2008-05-20 11:29 <REP> d-------- C:\Users\All Users\Adobe
2008-05-20 10:31 . 2008-05-20 10:31 <REP> d-------- C:\Program Files\Bonjour
2008-05-20 10:28 . 2008-05-20 10:28 <REP> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-20 10:26 . 2008-05-20 10:50 <REP> d-------- C:\Program Files\Common Files\Adobe
2008-05-20 09:53 . 2008-05-20 09:53 <REP> d-------- C:\Program Files\FileZilla FTP Client
2008-05-19 03:59 . 2008-05-19 04:01 <REP> d-------- C:\Program Files\rFactor
2008-05-19 01:57 . 2008-05-19 01:57 <REP> d-------- C:\Program Files\Ventrilo
2008-05-18 09:22 . 2008-05-18 09:22 <REP> d-------- C:\Program Files\Cool Beans NFO Creator
2008-05-18 09:21 . 2008-05-18 09:21 <REP> d-------- C:\Program Files\MediaInfo
2008-05-18 09:00 . 2008-05-18 09:00 <REP> d-------- C:\Program Files\DAMN NFO Viewer
2008-05-17 15:20 . 2008-05-17 15:20 <REP> d-------- C:\Program Files\UltraISO
2008-05-17 15:20 . 2008-05-17 15:20 <REP> d-------- C:\Program Files\Common Files\EZB Systems
2008-05-17 13:38 . 2008-05-23 15:30 <REP> d-------- C:\Users\All Users\vsosdk
2008-05-17 13:38 . 2008-05-23 15:30 <REP> d-------- C:\ProgramData\vsosdk
2008-05-17 13:06 . 2008-05-17 13:06 <REP> d-------- C:\Program Files\VSO
2008-05-17 13:06 . 2004-05-04 12:53 1,645,320 --a------ C:\Windows\gdiplus.dll
2008-05-17 13:06 . 2006-05-20 17:16 1,184,984 --a------ C:\Windows\System32\wvc1dmod.dll
2008-05-17 13:06 . 2006-05-11 20:21 626,688 --a------ C:\Windows\System32\vp7vfw.dll
2008-05-17 13:06 . 2006-09-29 13:24 217,127 --a------ C:\Windows\System32\drv43260.dll
2008-05-17 13:06 . 2006-09-29 13:25 208,935 --a------ C:\Windows\System32\drv33260.dll
2008-05-17 13:06 . 2006-09-29 13:26 176,165 --a------ C:\Windows\System32\drv23260.dll
2008-05-17 13:06 . 2007-03-18 21:37 65,602 --a------ C:\Windows\System32\cook3260.dll
2008-05-17 13:06 . 2008-05-17 13:06 47,360 --a------ C:\Windows\System32\drivers\pcouffin.sys
2008-05-17 12:10 . 2008-05-17 12:10 <REP> d-------- C:\Users\All Users\Messenger Plus!
2008-05-17 12:10 . 2008-05-17 12:10 <REP> d-------- C:\ProgramData\Messenger Plus!
2008-05-17 11:10 . 2008-05-17 11:10 <REP> d-------- C:\Users\All Users\TechSmith
2008-05-17 11:10 . 2008-05-17 11:10 <REP> d-------- C:\ProgramData\TechSmith
2008-05-17 11:10 . 2008-05-17 11:10 <REP> d-------- C:\Program Files\TechSmith
2008-05-17 11:09 . 2008-05-19 01:57 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-17 10:46 . 2008-05-17 10:46 <REP> d-------- C:\Users\All Users\Apple Computer
2008-05-17 10:46 . 2008-05-17 10:46 <REP> d-------- C:\ProgramData\Apple Computer
2008-05-17 10:46 . 2008-05-22 17:01 <REP> d-------- C:\Program Files\QuickTime Alternative
2008-05-17 10:46 . 2008-03-28 21:07 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx
2008-05-17 10:46 . 2008-03-28 21:07 57,344 --a------ C:\Windows\System32\QuickTime.qts
2008-05-17 10:09 . 2008-05-17 10:09 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-05-17 09:38 . 2008-05-17 09:38 <REP> d-------- C:\Users\All Users\Google
2008-05-17 09:33 . 2008-05-17 09:33 <REP> d-------- C:\Program Files\KC Softwares
2008-05-17 09:27 . 2008-05-17 09:27 <REP> d-------- C:\Users\All Users\GRETECH
2008-05-17 09:27 . 2008-05-17 09:27 <REP> d-------- C:\ProgramData\GRETECH
2008-05-17 09:24 . 2008-05-17 09:24 <REP> d-------- C:\Program Files\GRETECH
2008-05-17 09:18 . 2008-05-17 09:18 <REP> d-------- C:\Program Files\GlobalSCAPE
2008-05-17 08:32 . 2008-05-17 08:54 <REP> d-------- C:\Program Files\uTorrent
2008-05-16 22:39 . 2008-05-16 22:39 <REP> d-------- C:\Program Files\CCleaner
2008-05-16 21:00 . 2008-05-16 21:01 <REP> d-------- C:\Program Files\RivaTuner v2.07
2008-05-16 20:29 . 2008-05-16 20:29 <REP> d-------- C:\Users\All Users\SonicFocus
2008-05-16 20:29 . 2008-05-16 20:29 <REP> d-------- C:\ProgramData\SonicFocus
2008-05-16 20:29 . 2008-05-16 20:29 <REP> d-------- C:\Program Files\Creative
2008-05-16 20:29 . 2007-02-26 13:57 1,495,040 --------- C:\Windows\System32\adi_oal.dll
2008-05-16 20:29 . 2008-05-16 20:29 409,600 --a------ C:\Windows\System32\wrap_oal.dll
2008-05-16 20:29 . 2008-05-16 20:29 114,688 --a------ C:\Windows\System32\OpenAL32.dll
2008-05-16 20:28 . 2008-05-16 20:29 <REP> d-------- C:\Program Files\Analog Devices
2008-05-16 20:25 . 2008-05-16 20:25 <REP> d-------- C:\Program Files\TeamSpeak3
2008-05-16 17:48 . 2008-05-16 17:49 <REP> d-------- C:\Program Files\OpenOffice.org 2.4
2008-05-16 16:38 . 2008-05-16 16:38 268 --ah----- C:\sqmdata00.sqm
2008-05-16 16:38 . 2008-05-16 16:38 244 --ah----- C:\sqmnoopt00.sqm
2008-05-16 16:33 . 2008-05-16 16:34 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-16 16:32 . 2008-05-16 16:32 <REP> d-------- C:\Windows\System32\Macromed
2008-05-16 16:32 . 2008-05-20 17:32 <REP> d-------- C:\Users\All Users\WLInstaller
2008-05-16 16:32 . 2008-05-20 17:32 <REP> d-------- C:\ProgramData\WLInstaller
2008-05-16 16:32 . 2008-05-20 17:36 <REP> d-------- C:\Program Files\Windows Live
2008-05-16 16:30 . 2008-05-16 16:30 <REP> d-------- C:\Windows\Sun
2008-05-16 16:29 . 2008-05-16 16:30 <REP> d-------- C:\Program Files\Java
2008-05-16 16:29 . 2008-05-16 16:29 <REP> d-------- C:\Program Files\Common Files\Java
2008-05-16 14:41 . 2008-05-16 14:41 <REP> d-------- C:\PerfLogs
2008-05-16 14:32 . 2008-05-16 14:16 152,576 --a------ C:\Windows\System32\SPWizUI.dll
2008-05-16 14:32 . 2008-05-16 14:16 47,560 --a------ C:\Windows\System32\SPReview.exe
2008-05-16 14:19 . 2008-01-18 23:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-05-16 14:19 . 2008-01-18 23:33 193,024 --a------ C:\Windows\System32\recdisc.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 18:50 174 --sha-w C:\Program Files\desktop.ini
2008-05-16 18:44 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-16 18:44 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-16 18:44 --------- d-----w C:\Program Files\Windows Mail
2008-05-16 18:44 --------- d-----w C:\Program Files\Windows Journal
2008-05-16 18:44 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-16 18:44 --------- d-----w C:\Program Files\Windows Calendar
2008-05-16 18:43 --------- d-----w C:\Program Files\Windows Defender
2008-05-16 16:40 --------- d-----w C:\Program Files\Microsoft Games
2008-05-16 14:10 --------- d-sh--w C:\ProgramData\Modèles
2008-05-16 14:10 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-05-16 14:10 --------- d-sh--w C:\ProgramData\Favoris
2008-05-16 14:10 --------- d-sh--w C:\ProgramData\Bureau
2008-05-16 14:10 --------- d-sh--w C:\Program Files\Fichiers communs
2008-05-03 09:46 7,460,320 ----a-w C:\Windows\system32\drivers\nvlddmkm.sys
2006-05-03 09:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w C:\Windows\System32\Smab0.dll
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\Windows\KHALMNPR.Exe]
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 17:43 2051096]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-06-06 14:35 1261568]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-03 05:46 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-03 05:46 92704]
"d21d4a0a"="C:\Windows\system32\cwwabpms.dll" [2008-05-24 11:00 115200]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [16/05/2008 12:23:16 789008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{BDD714BC-D36C-487B-8142-8BA020FB6535}"= C:\Windows\system32\ddcDtRLd.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"msacm.divxa32"= msaud32_divx.acm
"VIDC.XFR1"= xfcodec.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2997138340-1022646316-1929679594-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C8CD5254-DEFD-4D1A-970F-6B6FE9D91F54}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{576AAA20-FE94-4823-A8A9-E2324C5813B6}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{E0F018B3-FFB0-43F6-9117-5ADC38EF8524}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{65FC2579-C8C9-48C4-BDEE-1367955D5D83}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{F64DB2C3-342B-4590-BB39-092CD71AF1FF}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{0619A9E4-D784-4745-8264-D1AED4DEC2AD}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{7384CA2C-75D3-471B-9977-B49C856FE84D}C:\\program files\\hlsw\\hlsw.exe"= UDP:C:\program files\hlsw\hlsw.exe:HLSW Application
"UDP Query User{ED773FE5-48A5-4208-9E33-FFD636230A84}C:\\program files\\hlsw\\hlsw.exe"= TCP:C:\program files\hlsw\hlsw.exe:HLSW Application
"{30DBA507-68D8-4E19-B483-D297240E962C}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{D6CDC10E-C931-4D89-B8E6-A8F278852FDD}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{6BC89D51-1E47-49EB-99F5-9DD2BBEAD9F9}C:\\program files\\globalscape\\cuteftp 8 professional\\ftpte.exe"= UDP:C:\program files\globalscape\cuteftp 8 professional\ftpte.exe:FTP Transfer Engine
"UDP Query User{7E776437-2262-43FB-8184-3713DD0A2FE0}C:\\program files\\globalscape\\cuteftp 8 professional\\ftpte.exe"= TCP:C:\program files\globalscape\cuteftp 8 professional\ftpte.exe:FTP Transfer Engine
"{42FBC8DF-826A-481B-8F9E-63BF06E4ECF8}"= UDP:D:\ENREGISTREMENT DE DOSSIER DU NET !!!!!\Serials FounderTM\Serials FounderTM.exe:Serials FounderTM.exe
"{94D51C92-BB8F-49BF-861B-F65BF7976987}"= TCP:D:\ENREGISTREMENT DE DOSSIER DU NET !!!!!\Serials FounderTM\Serials FounderTM.exe:Serials FounderTM.exe
"TCP Query User{8E5581EF-3E1C-4F79-9920-314FC480D9FB}C:\\program files\\rfactor\\rfactor.exe"= UDP:C:\program files\rfactor\rfactor.exe:rFactor
"UDP Query User{D2540E1F-EC10-4E93-92AF-8E8D1F1222A1}C:\\program files\\rfactor\\rfactor.exe"= TCP:C:\program files\rfactor\rfactor.exe:rFactor
"{59CB7524-6317-4B3C-B7FA-F3229F776EC2}"= UDP:3703:Adobe Version Cue CS3 Server
"{A68218A4-8097-4826-8FBC-9D9A3F59ECA5}"= UDP:3704:Adobe Version Cue CS3 Server
"{EFC767DE-0A8E-45CF-B30C-D1A6E32D4E36}"= UDP:50900:Adobe Version Cue CS3 Server
"{BB37AD3F-152F-4D29-9141-DCF103A2829A}"= UDP:50901:Adobe Version Cue CS3 Server
"{0EC44F04-BAD6-4FA8-B8C9-618D7178B509}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{299E6CA6-2C60-49FD-B1E7-CBA114C92F3D}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"TCP Query User{38731B1B-7875-47ED-AFF4-9EE84DA16DC6}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{9E2F476B-0144-4552-A774-8C75F1B5BE99}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"TCP Query User{58233186-4C51-4141-B305-3E4D1EAFF84A}C:\\program files\\steam\\steamapps\\blingbling7684\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\blingbling7684\counter-strike source\hl2.exe:hl2
"UDP Query User{0782E032-9BB1-4C91-A910-18DAB8306499}C:\\program files\\steam\\steamapps\\blingbling7684\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\blingbling7684\counter-strike source\hl2.exe:hl2
"{FE031A15-AEA0-4D34-AFEA-C05BE0FC89DC}"= C:\Program Files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone)
"{C4A642A0-D16F-4946-A236-40762F9424CD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8857FBB6-8E02-496C-82D4-A86F7F96B869}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{09EBD0D5-7CB7-4E00-91E0-0EE1DC4CD32E}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{A7ACFF30-6AA4-4505-ACDA-735144BCCA2B}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"{806DF4FF-2E8C-49AD-AED7-FB4988FA00F3}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"TCP Query User{18BD902E-F7F5-4A67-B0D4-EA65F9D1E821}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{DFD2BBD2-F3B8-42DF-8F8F-8149A9B8DEFF}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{943AB690-82C9-40EA-8D3C-B940E0EBAFC3}F:\\liberkey\\apps\\hfs\\hfs.exe"= UDP:F:\liberkey\apps\hfs\hfs.exe:hfs
"UDP Query User{42EBFF02-E7C2-42D4-9D95-B970C7718828}F:\\liberkey\\apps\\hfs\\hfs.exe"= TCP:F:\liberkey\apps\hfs\hfs.exe:hfs

R0 mv61xx;mv61xx;C:\Windows\system32\DRIVERS\mv61xx.sys [2007-06-15 03:52]
R2 AEADIFilters;Andrea ADI Filters Service;C:\Windows\system32\AEADISRV.EXE [2007-06-07 07:41]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-20 12:37]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-24 12:02:24
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\nvvsvc.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\PnkBstrA.exe
C:\Windows\System32\PnkBstrB.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-24 12:07:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-24 16:06:41

Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 188,524,060,672 octets libres

286 --- E O F --- 2008-05-23 12:24:40

----------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:19 PM, on 5/24/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\JockeR\Desktop\Sanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [d21d4a0a] rundll32.exe "C:\Windows\system32\cwwabpms.dll",b
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
0
Réponse 7 / 33
ludsfa Messages postés 1284 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 15 janvier 2018 15
24 mai 2008 à 18:23
on continue



Désactive toute protection résidente ( antivirus…) !

Copie le texte se situanten gras ci-dessous:


file::
C:\Windows\WB.ini
C:\Windows\avisplitter.INI
C:\Windows\system32\ddcDtRLd.dll

registry::

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{BDD714BC-D36C-487B-8142-8BA020FB6535}"=



Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous : clic sur le lien pour voir comment on fait:

http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript.gif

Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un nouveau rapport Hijackthis.
S'il n'y a pas de redémarrage, poste quand même les rapports.
0
Réponse 8 / 33
Serial - Killer Messages postés 331 Date d'inscription vendredi 24 novembre 2006 Statut Membre Dernière intervention 24 janvier 2009 24
24 mai 2008 à 18:37
Re voici les 2 rapport

ComboFix 08-05-21.3 - JockeR 2008-05-24 12:29:15.2 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.2.1036.18.1212 [GMT -4:00]
Endroit: C:\Users\JockeR\Desktop\ComboFix.exe
Command switches used :: C:\Users\JockeR\Desktop\CFScript..txt
* Création d'un nouveau point de restauration

FILE ::
C:\Windows\avisplitter.INI
C:\Windows\system32\ddcDtRLd.dll
C:\Windows\WB.ini
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\avisplitter.INI
C:\Windows\WB.ini

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-24 to 2008-05-24 ))))))))))))))))))))))))))))))))))))
.

2008-05-24 12:02 . 2008-05-24 12:07 354 ---hs---- C:\Windows\System32\smpbawwc.ini
2008-05-24 11:00 . 2008-05-24 11:00 115,200 --a------ C:\Windows\System32\cwwabpms.dll
2008-05-24 10:57 . 2008-05-24 11:13 <REP> d-------- C:\MSNFix
2008-05-24 08:47 . 2008-05-24 08:47 54,156 --ah----- C:\Windows\QTFont.qfn
2008-05-24 08:47 . 2008-05-24 08:47 1,409 --a------ C:\Windows\QTFont.for
2008-05-23 22:54 . 2008-05-23 22:54 <REP> d-------- C:\Program Files\MagicDVDRipper
2008-05-23 20:23 . 2008-05-23 21:10 <REP> d-------- C:\Temp\E--
2008-05-23 19:33 . 2008-05-23 19:35 <REP> d-------- C:\Users\All Users\DVD Shrink
2008-05-23 19:33 . 2008-05-23 19:35 <REP> d-------- C:\ProgramData\DVD Shrink
2008-05-23 19:11 . 2008-05-23 19:11 <REP> d-------- C:\Program Files\AVSMedia
2008-05-23 19:10 . 2008-05-23 19:26 <REP> d-------- C:\Program Files\Common Files\AVSMedia
2008-05-23 14:58 . 2008-05-23 15:36 <REP> d-------- C:\Program Files\DVDFab Platinum 4
2008-05-22 16:47 . 2008-05-22 16:47 <REP> d-------- C:\Program Files\Stardock
2008-05-22 16:32 . 2008-05-22 16:33 <REP> d-------- C:\Program Files\Unlocker
2008-05-22 16:12 . 2008-04-26 16:14 58,792 --------- C:\Windows\System32\wbload.dll
2008-05-22 16:12 . 2008-04-26 16:14 42,672 --------- C:\Windows\System32\wbsys.dll
2008-05-22 10:34 . 2008-05-22 10:53 <REP> d-------- C:\Program Files\Astonsoft
2008-05-22 07:04 . 2008-05-22 07:04 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-21 10:45 . 2008-05-23 20:23 <REP> d-------- C:\Temp
2008-05-21 10:42 . 2008-05-21 10:42 <REP> d-------- C:\Program Files\Xilisoft
2008-05-21 08:35 . 2008-05-21 08:35 <REP> d-------- C:\Program Files\eRightSoft
2008-05-21 08:35 . 2008-05-21 08:35 <REP> d-------- C:\Program Files\AviSynth 2.5
2008-05-20 23:02 . 2008-05-20 23:02 <REP> d-------- C:\Users\All Users\Ubisoft
2008-05-20 23:02 . 2008-05-20 23:02 <REP> d-------- C:\ProgramData\Ubisoft
2008-05-20 23:01 . 2007-10-12 15:14 3,734,536 --a------ C:\Windows\System32\d3dx9_36.dll
2008-05-20 23:01 . 2007-07-19 18:14 3,727,720 --a------ C:\Windows\System32\d3dx9_35.dll
2008-05-20 23:01 . 2008-05-20 23:01 2,337,865 --a------ C:\Windows\System32\pbsvc.exe
2008-05-20 23:01 . 2007-10-12 15:14 1,374,232 --a------ C:\Windows\System32\D3DCompiler_36.dll
2008-05-20 23:01 . 2007-07-19 18:14 1,358,192 --a------ C:\Windows\System32\D3DCompiler_35.dll
2008-05-20 23:01 . 2007-10-02 09:56 444,776 --a------ C:\Windows\System32\d3dx10_36.dll
2008-05-20 23:01 . 2007-07-19 18:14 444,776 --a------ C:\Windows\System32\d3dx10_35.dll
2008-05-20 23:01 . 2007-10-22 03:39 267,272 --a------ C:\Windows\System32\xactengine2_10.dll
2008-05-20 23:01 . 2007-07-20 00:57 267,112 --a------ C:\Windows\System32\xactengine2_9.dll
2008-05-20 23:01 . 2007-06-20 20:46 266,088 --a------ C:\Windows\System32\xactengine2_8.dll
2008-05-20 23:01 . 2007-10-22 03:37 17,928 --a------ C:\Windows\System32\X3DAudio1_2.dll
2008-05-20 22:51 . 2008-05-20 22:51 <REP> d-------- C:\Program Files\Ubisoft
2008-05-20 19:41 . 2008-05-20 19:41 <REP> d-------- C:\Windows\nvidia icons
2008-05-20 19:27 . 2008-05-20 19:27 <REP> d-------- C:\Program Files\Marvell
2008-05-20 17:35 . 2008-05-20 17:35 <REP> d-------- C:\Windows\PCHEALTH
2008-05-20 17:10 . 2008-05-20 17:11 <REP> d-------- C:\Program Files\vLite
2008-05-20 17:10 . 2008-01-19 00:43 131,000 --a------ C:\Windows\System32\drivers\WimFltr.sys
2008-05-20 12:37 . 2008-05-20 12:37 <REP> d-------- C:\Program Files\Common Files\Steam
2008-05-20 12:32 . 2008-05-20 21:10 <REP> d-------- C:\Program Files\Steam
2008-05-20 12:16 . 2008-05-20 12:26 <REP> d-------- C:\Users\All Users\Xfire
2008-05-20 12:16 . 2008-05-20 12:26 <REP> d-------- C:\ProgramData\Xfire
2008-05-20 12:16 . 2008-05-20 12:16 <REP> d-------- C:\Program Files\Xfire
2008-05-20 11:40 . 2008-05-20 11:41 <REP> d-------- C:\Program Files\Project64 1.6
2008-05-20 11:29 . 2008-05-20 11:29 <REP> d-------- C:\Users\All Users\FLEXnet
2008-05-20 11:29 . 2008-05-20 11:29 <REP> d-------- C:\ProgramData\FLEXnet
2008-05-20 10:49 . 2008-05-20 10:49 <REP> d-------- C:\Program Files\Common Files\Control Panels
2008-05-20 10:48 . 2008-05-20 10:48 <REP> d-------- C:\Users\All Users\ALM
2008-05-20 10:48 . 2008-05-20 10:48 <REP> d-------- C:\ProgramData\ALM
2008-05-20 10:40 . 2008-05-20 10:40 <REP> d-------- C:\Program Files\QuickTime
2008-05-20 10:38 . 2007-03-23 04:05 29,272 -ra------ C:\Windows\System32\AdobePDF.dll
2008-05-20 10:36 . 2007-02-20 16:04 2,463,976 --a------ C:\Windows\System32\NPSWF32.dll
2008-05-20 10:36 . 2007-02-20 16:04 190,696 --a------ C:\Windows\System32\NPSWF32_FlashUtil.exe
2008-05-20 10:34 . 2008-05-20 11:29 <REP> d-------- C:\Users\All Users\Adobe
2008-05-20 10:31 . 2008-05-20 10:31 <REP> d-------- C:\Program Files\Bonjour
2008-05-20 10:28 . 2008-05-20 10:28 <REP> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-20 10:26 . 2008-05-20 10:50 <REP> d-------- C:\Program Files\Common Files\Adobe
2008-05-20 09:53 . 2008-05-20 09:53 <REP> d-------- C:\Program Files\FileZilla FTP Client
2008-05-19 03:59 . 2008-05-19 04:01 <REP> d-------- C:\Program Files\rFactor
2008-05-19 01:57 . 2008-05-19 01:57 <REP> d-------- C:\Program Files\Ventrilo
2008-05-18 09:22 . 2008-05-18 09:22 <REP> d-------- C:\Program Files\Cool Beans NFO Creator
2008-05-18 09:21 . 2008-05-18 09:21 <REP> d-------- C:\Program Files\MediaInfo
2008-05-18 09:00 . 2008-05-18 09:00 <REP> d-------- C:\Program Files\DAMN NFO Viewer
2008-05-17 15:20 . 2008-05-17 15:20 <REP> d-------- C:\Program Files\UltraISO
2008-05-17 15:20 . 2008-05-17 15:20 <REP> d-------- C:\Program Files\Common Files\EZB Systems
2008-05-17 13:38 . 2008-05-23 15:30 <REP> d-------- C:\Users\All Users\vsosdk
2008-05-17 13:38 . 2008-05-23 15:30 <REP> d-------- C:\ProgramData\vsosdk
2008-05-17 13:06 . 2008-05-17 13:06 <REP> d-------- C:\Program Files\VSO
2008-05-17 13:06 . 2004-05-04 12:53 1,645,320 --a------ C:\Windows\gdiplus.dll
2008-05-17 13:06 . 2006-05-20 17:16 1,184,984 --a------ C:\Windows\System32\wvc1dmod.dll
2008-05-17 13:06 . 2006-05-11 20:21 626,688 --a------ C:\Windows\System32\vp7vfw.dll
2008-05-17 13:06 . 2006-09-29 13:24 217,127 --a------ C:\Windows\System32\drv43260.dll
2008-05-17 13:06 . 2006-09-29 13:25 208,935 --a------ C:\Windows\System32\drv33260.dll
2008-05-17 13:06 . 2006-09-29 13:26 176,165 --a------ C:\Windows\System32\drv23260.dll
2008-05-17 13:06 . 2007-03-18 21:37 65,602 --a------ C:\Windows\System32\cook3260.dll
2008-05-17 13:06 . 2008-05-17 13:06 47,360 --a------ C:\Windows\System32\drivers\pcouffin.sys
2008-05-17 12:10 . 2008-05-17 12:10 <REP> d-------- C:\Users\All Users\Messenger Plus!
2008-05-17 12:10 . 2008-05-17 12:10 <REP> d-------- C:\ProgramData\Messenger Plus!
2008-05-17 11:10 . 2008-05-17 11:10 <REP> d-------- C:\Users\All Users\TechSmith
2008-05-17 11:10 . 2008-05-17 11:10 <REP> d-------- C:\ProgramData\TechSmith
2008-05-17 11:10 . 2008-05-17 11:10 <REP> d-------- C:\Program Files\TechSmith
2008-05-17 11:09 . 2008-05-19 01:57 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-17 10:46 . 2008-05-17 10:46 <REP> d-------- C:\Users\All Users\Apple Computer
2008-05-17 10:46 . 2008-05-17 10:46 <REP> d-------- C:\ProgramData\Apple Computer
2008-05-17 10:46 . 2008-05-22 17:01 <REP> d-------- C:\Program Files\QuickTime Alternative
2008-05-17 10:46 . 2008-03-28 21:07 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx
2008-05-17 10:46 . 2008-03-28 21:07 57,344 --a------ C:\Windows\System32\QuickTime.qts
2008-05-17 10:09 . 2008-05-17 10:09 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-05-17 09:38 . 2008-05-17 09:38 <REP> d-------- C:\Users\All Users\Google
2008-05-17 09:33 . 2008-05-17 09:33 <REP> d-------- C:\Program Files\KC Softwares
2008-05-17 09:27 . 2008-05-17 09:27 <REP> d-------- C:\Users\All Users\GRETECH
2008-05-17 09:27 . 2008-05-17 09:27 <REP> d-------- C:\ProgramData\GRETECH
2008-05-17 09:24 . 2008-05-17 09:24 <REP> d-------- C:\Program Files\GRETECH
2008-05-17 09:18 . 2008-05-17 09:18 <REP> d-------- C:\Program Files\GlobalSCAPE
2008-05-17 08:32 . 2008-05-17 08:54 <REP> d-------- C:\Program Files\uTorrent
2008-05-16 22:39 . 2008-05-16 22:39 <REP> d-------- C:\Program Files\CCleaner
2008-05-16 21:00 . 2008-05-16 21:01 <REP> d-------- C:\Program Files\RivaTuner v2.07
2008-05-16 20:29 . 2008-05-16 20:29 <REP> d-------- C:\Users\All Users\SonicFocus
2008-05-16 20:29 . 2008-05-16 20:29 <REP> d-------- C:\ProgramData\SonicFocus
2008-05-16 20:29 . 2008-05-16 20:29 <REP> d-------- C:\Program Files\Creative
2008-05-16 20:29 . 2007-02-26 13:57 1,495,040 --------- C:\Windows\System32\adi_oal.dll
2008-05-16 20:29 . 2008-05-16 20:29 409,600 --a------ C:\Windows\System32\wrap_oal.dll
2008-05-16 20:29 . 2008-05-16 20:29 114,688 --a------ C:\Windows\System32\OpenAL32.dll
2008-05-16 20:28 . 2008-05-16 20:29 <REP> d-------- C:\Program Files\Analog Devices
2008-05-16 20:25 . 2008-05-16 20:25 <REP> d-------- C:\Program Files\TeamSpeak3
2008-05-16 17:48 . 2008-05-16 17:49 <REP> d-------- C:\Program Files\OpenOffice.org 2.4
2008-05-16 16:38 . 2008-05-16 16:38 268 --ah----- C:\sqmdata00.sqm
2008-05-16 16:38 . 2008-05-16 16:38 244 --ah----- C:\sqmnoopt00.sqm
2008-05-16 16:33 . 2008-05-16 16:34 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-16 16:32 . 2008-05-16 16:32 <REP> d-------- C:\Windows\System32\Macromed
2008-05-16 16:32 . 2008-05-20 17:32 <REP> d-------- C:\Users\All Users\WLInstaller
2008-05-16 16:32 . 2008-05-20 17:32 <REP> d-------- C:\ProgramData\WLInstaller
2008-05-16 16:32 . 2008-05-20 17:36 <REP> d-------- C:\Program Files\Windows Live
2008-05-16 16:30 . 2008-05-16 16:30 <REP> d-------- C:\Windows\Sun
2008-05-16 16:29 . 2008-05-16 16:30 <REP> d-------- C:\Program Files\Java
2008-05-16 16:29 . 2008-05-16 16:29 <REP> d-------- C:\Program Files\Common Files\Java
2008-05-16 14:41 . 2008-05-16 14:41 <REP> d-------- C:\PerfLogs
2008-05-16 14:32 . 2008-05-16 14:16 152,576 --a------ C:\Windows\System32\SPWizUI.dll
2008-05-16 14:32 . 2008-05-16 14:16 47,560 --a------ C:\Windows\System32\SPReview.exe
2008-05-16 14:19 . 2008-01-18 23:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-05-16 14:19 . 2008-01-18 23:33 193,024 --a------ C:\Windows\System32\recdisc.exe
2008-05-16 14:19 . 2008-01-18 23:36 6,656 --a------ C:\Windows\System32\sdspres.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 18:50 174 --sha-w C:\Program Files\desktop.ini
2008-05-16 18:44 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-16 18:44 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-16 18:44 --------- d-----w C:\Program Files\Windows Mail
2008-05-16 18:44 --------- d-----w C:\Program Files\Windows Journal
2008-05-16 18:44 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-16 18:44 --------- d-----w C:\Program Files\Windows Calendar
2008-05-16 18:43 --------- d-----w C:\Program Files\Windows Defender
2008-05-16 18:37 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-16 18:36 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-16 16:40 --------- d-----w C:\Program Files\Microsoft Games
2008-05-16 14:10 --------- d-sh--w C:\ProgramData\Modèles
2008-05-16 14:10 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-05-16 14:10 --------- d-sh--w C:\ProgramData\Favoris
2008-05-16 14:10 --------- d-sh--w C:\ProgramData\Bureau
2008-05-16 14:10 --------- d-sh--w C:\Program Files\Fichiers communs
2008-04-11 21:23 38,400 ----a-w C:\Windows\System32\SoundSchemes.exe
2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\divx.dll
2008-03-28 17:41 7,680 ----a-w C:\Windows\System32\ff_vfw.dll
2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
2006-05-03 09:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w C:\Windows\System32\Smab0.dll
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot@2008-05-24_12.06.17.69 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-24 16:01:51 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-24 16:01:51 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-24 16:02:20 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-24 16:03:00 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-05-24 16:02:25 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-24 16:28:53 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-24 16:02:25 131,072 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-24 16:28:53 131,072 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-24 16:02:25 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-24 16:28:53 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-24 16:00:32 101,052 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-24 16:09:32 101,052 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-24 16:00:32 123,350 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-05-24 16:09:32 123,350 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-05-24 16:00:32 586,980 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-24 16:09:32 586,980 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-24 16:00:32 669,340 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-05-24 16:09:32 669,340 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-05-24 15:13:58 5,336 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2997138340-1022646316-1929679594-1000_UserData.bin
+ 2008-05-24 16:04:00 5,868 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2997138340-1022646316-1929679594-1000_UserData.bin
- 2008-05-24 15:13:58 61,124 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-24 16:03:59 61,296 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\Windows\KHALMNPR.Exe]
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 17:43 2051096]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-06-06 14:35 1261568]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-03 05:46 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-03 05:46 92704]
"d21d4a0a"="C:\Windows\system32\cwwabpms.dll" [2008-05-24 11:00 115200]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [16/05/2008 12:23:16 789008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{BDD714BC-D36C-487B-8142-8BA020FB6535}"= C:\Windows\system32\ddcDtRLd.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"msacm.divxa32"= msaud32_divx.acm
"VIDC.XFR1"= xfcodec.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2997138340-1022646316-1929679594-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C8CD5254-DEFD-4D1A-970F-6B6FE9D91F54}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{576AAA20-FE94-4823-A8A9-E2324C5813B6}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{E0F018B3-FFB0-43F6-9117-5ADC38EF8524}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{65FC2579-C8C9-48C4-BDEE-1367955D5D83}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{F64DB2C3-342B-4590-BB39-092CD71AF1FF}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{0619A9E4-D784-4745-8264-D1AED4DEC2AD}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{7384CA2C-75D3-471B-9977-B49C856FE84D}C:\\program files\\hlsw\\hlsw.exe"= UDP:C:\program files\hlsw\hlsw.exe:HLSW Application
"UDP Query User{ED773FE5-48A5-4208-9E33-FFD636230A84}C:\\program files\\hlsw\\hlsw.exe"= TCP:C:\program files\hlsw\hlsw.exe:HLSW Application
"{30DBA507-68D8-4E19-B483-D297240E962C}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{D6CDC10E-C931-4D89-B8E6-A8F278852FDD}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{6BC89D51-1E47-49EB-99F5-9DD2BBEAD9F9}C:\\program files\\globalscape\\cuteftp 8 professional\\ftpte.exe"= UDP:C:\program files\globalscape\cuteftp 8 professional\ftpte.exe:FTP Transfer Engine
"UDP Query User{7E776437-2262-43FB-8184-3713DD0A2FE0}C:\\program files\\globalscape\\cuteftp 8 professional\\ftpte.exe"= TCP:C:\program files\globalscape\cuteftp 8 professional\ftpte.exe:FTP Transfer Engine
"{42FBC8DF-826A-481B-8F9E-63BF06E4ECF8}"= UDP:D:\ENREGISTREMENT DE DOSSIER DU NET !!!!!\Serials FounderTM\Serials FounderTM.exe:Serials FounderTM.exe
"{94D51C92-BB8F-49BF-861B-F65BF7976987}"= TCP:D:\ENREGISTREMENT DE DOSSIER DU NET !!!!!\Serials FounderTM\Serials FounderTM.exe:Serials FounderTM.exe
"TCP Query User{8E5581EF-3E1C-4F79-9920-314FC480D9FB}C:\\program files\\rfactor\\rfactor.exe"= UDP:C:\program files\rfactor\rfactor.exe:rFactor
"UDP Query User{D2540E1F-EC10-4E93-92AF-8E8D1F1222A1}C:\\program files\\rfactor\\rfactor.exe"= TCP:C:\program files\rfactor\rfactor.exe:rFactor
"{59CB7524-6317-4B3C-B7FA-F3229F776EC2}"= UDP:3703:Adobe Version Cue CS3 Server
"{A68218A4-8097-4826-8FBC-9D9A3F59ECA5}"= UDP:3704:Adobe Version Cue CS3 Server
"{EFC767DE-0A8E-45CF-B30C-D1A6E32D4E36}"= UDP:50900:Adobe Version Cue CS3 Server
"{BB37AD3F-152F-4D29-9141-DCF103A2829A}"= UDP:50901:Adobe Version Cue CS3 Server
"{0EC44F04-BAD6-4FA8-B8C9-618D7178B509}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{299E6CA6-2C60-49FD-B1E7-CBA114C92F3D}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"TCP Query User{38731B1B-7875-47ED-AFF4-9EE84DA16DC6}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{9E2F476B-0144-4552-A774-8C75F1B5BE99}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"TCP Query User{58233186-4C51-4141-B305-3E4D1EAFF84A}C:\\program files\\steam\\steamapps\\blingbling7684\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\blingbling7684\counter-strike source\hl2.exe:hl2
"UDP Query User{0782E032-9BB1-4C91-A910-18DAB8306499}C:\\program files\\steam\\steamapps\\blingbling7684\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\blingbling7684\counter-strike source\hl2.exe:hl2
"{FE031A15-AEA0-4D34-AFEA-C05BE0FC89DC}"= C:\Program Files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone)
"{C4A642A0-D16F-4946-A236-40762F9424CD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8857FBB6-8E02-496C-82D4-A86F7F96B869}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{09EBD0D5-7CB7-4E00-91E0-0EE1DC4CD32E}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{A7ACFF30-6AA4-4505-ACDA-735144BCCA2B}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"{806DF4FF-2E8C-49AD-AED7-FB4988FA00F3}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"TCP Query User{18BD902E-F7F5-4A67-B0D4-EA65F9D1E821}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{DFD2BBD2-F3B8-42DF-8F8F-8149A9B8DEFF}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{943AB690-82C9-40EA-8D3C-B940E0EBAFC3}F:\\liberkey\\apps\\hfs\\hfs.exe"= UDP:F:\liberkey\apps\hfs\hfs.exe:hfs
"UDP Query User{42EBFF02-E7C2-42D4-9D95-B970C7718828}F:\\liberkey\\apps\\hfs\\hfs.exe"= TCP:F:\liberkey\apps\hfs\hfs.exe:hfs

R0 mv61xx;mv61xx;C:\Windows\system32\DRIVERS\mv61xx.sys [2007-06-15 03:52]
R2 AEADIFilters;Andrea ADI Filters Service;C:\Windows\system32\AEADISRV.EXE [2007-06-07 07:41]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-20 12:37]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-24 12:30:40
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-24 12:31:20
ComboFix-quarantined-files.txt 2008-05-24 16:31:17
ComboFix2.txt 2008-05-24 16:07:22

Pre-Run: 193,286,012,928 octets libres
Post-Run: 193,253,298,176 octets libres

290 --- E O F --- 2008-05-23 12:24:40

------------------------------------------------------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:28 PM, on 5/24/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\JockeR\Desktop\Sanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [d21d4a0a] rundll32.exe "C:\Windows\system32\cwwabpms.dll",b
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
0
Réponse 9 / 33
ludsfa Messages postés 1284 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 15 janvier 2018 15
24 mai 2008 à 18:46
pas mal
on continue


Télécharge MalwareByte's Anti-Malware sur ton Bureau:

https://www.majorgeeks.com/files/details/malwarebytes_anti_malware.html

Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.


Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec :

http://www.infos-du-net.com/forum/272325-11-tuto-demarrer-mode-echec

* Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
* Afin de lancer la recherche, clic sur"Rechercher".
* Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.

AIDE : Tuto en images sur MBAM:

http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam
0
Réponse 10 / 33
Serial - Killer Messages postés 331 Date d'inscription vendredi 24 novembre 2006 Statut Membre Dernière intervention 24 janvier 2009 24
24 mai 2008 à 21:05
DSL du retard j'avais des course a faire lolll

Voici le log

Malwarebytes' Anti-Malware 1.12
Version de la base de données: 783

Type de recherche: Examen complet (C:\|D:\|F:\|)
Eléments examinés: 264109
Temps écoulé: 34 minute(s), 9 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d21d4a0a (Trojan.Vundo) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Windows\System32\cwwabpms.dll (Trojan.Vundo) -> No action taken.
C:\Windows\System32\smpbawwc.ini (Trojan.Vundo) -> No action taken.

------------------------------------------------------------------------------------------------------------------------------------------------------------------

0
Réponse 11 / 33
ludsfa Messages postés 1284 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 15 janvier 2018 15
24 mai 2008 à 21:17
salut il me faut le deuxième rapport


si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
0
Réponse 12 / 33
Serial - Killer Messages postés 331 Date d'inscription vendredi 24 novembre 2006 Statut Membre Dernière intervention 24 janvier 2009 24
24 mai 2008 à 21:25
DSL lolll

le voici

Malwarebytes' Anti-Malware 1.12
Version de la base de données: 783

Type de recherche: Examen complet (C:\|D:\|F:\|)
Eléments examinés: 264109
Temps écoulé: 34 minute(s), 9 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d21d4a0a (Trojan.Vundo) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Windows\System32\cwwabpms.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\smpbawwc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
0
Réponse 13 / 33
Serial - Killer Messages postés 331 Date d'inscription vendredi 24 novembre 2006 Statut Membre Dernière intervention 24 janvier 2009 24
24 mai 2008 à 21:29
dsl jpense que je me suis tromper lol je recommence lolll
0
Réponse 14 / 33
Serial - Killer Messages postés 331 Date d'inscription vendredi 24 novembre 2006 Statut Membre Dernière intervention 24 janvier 2009 24
24 mai 2008 à 22:21
je ces pas ci ces bon mes je pense que je les mi en quarantaine mes la je vien de les duprimer au complet lolll

et sur lexam du lecteur D: ya rien donc je les pas mi pour aller plus vite lollllll

Malwarebytes' Anti-Malware 1.12
Version de la base de données: 783

Type de recherche: Examen complet (C:\|F:\|)
Eléments examinés: 266449
Temps écoulé: 47 minute(s), 10 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 15 / 33
Serial - Killer Messages postés 331 Date d'inscription vendredi 24 novembre 2006 Statut Membre Dernière intervention 24 janvier 2009 24
24 mai 2008 à 22:31
et voici un autre log apres avoir fais tout ca !!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:30:26 PM, on 5/24/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\JockeR\Desktop\Sanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
0
Réponse 16 / 33
ludsfa Messages postés 1284 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 15 janvier 2018 15
25 mai 2008 à 16:23
salut,


désactive ton antivirus et repasse le script ci-dessous:



file::
C:\Windows\WB.ini
C:\Windows\avisplitter.INI
C:\Windows\system32\ddcDtRLd.dll


registry::

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{BDD714BC-D36C-487B-8142-8BA020FB6535}"=-



ensuite envois moi le rapport.
0
Réponse 17 / 33
Serial - Killer Messages postés 331 Date d'inscription vendredi 24 novembre 2006 Statut Membre Dernière intervention 24 janvier 2009 24
25 mai 2008 à 16:41
Re salut voici le rapport

ComboFix 08-05-21.3 - JockeR 2008-05-25 10:30:14.3 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.2.1036.18.1090 [GMT -4:00]
Endroit: C:\Users\JockeR\Desktop\ComboFix.exe
Command switches used :: C:\Users\JockeR\Desktop\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\Windows\avisplitter.INI
C:\Windows\system32\ddcDtRLd.dll
C:\Windows\WB.ini
.

((((((((((((((((((((((((((((( Fichiers créés 2008-04-25 to 2008-05-25 ))))))))))))))))))))))))))))))))))))
.

2008-05-25 09:47 . 2008-05-25 09:47 <REP> d-------- C:\Users\All Users\PC Drivers HeadQuarters
2008-05-25 09:47 . 2008-05-25 09:47 <REP> d-------- C:\ProgramData\PC Drivers HeadQuarters
2008-05-25 09:47 . 2008-05-25 09:47 <REP> d-------- C:\Program Files\PC Drivers HeadQuarters
2008-05-24 17:17 . 2008-05-24 17:17 29 --a------ C:\Windows\.wb4
2008-05-24 17:02 . 2008-05-24 17:02 2,560 --a------ C:\Windows\_MSRSTRT.EXE
2008-05-24 12:48 . 2008-05-24 12:48 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-05-24 12:48 . 2008-05-24 12:48 <REP> d-------- C:\ProgramData\Malwarebytes
2008-05-24 12:48 . 2008-05-24 12:48 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-24 12:48 . 2008-05-05 20:46 27,048 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-05-24 12:48 . 2008-05-05 20:46 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-05-24 10:57 . 2008-05-24 11:13 <REP> d-------- C:\MSNFix
2008-05-24 08:47 . 2008-05-24 08:47 54,156 --ah----- C:\Windows\QTFont.qfn
2008-05-24 08:47 . 2008-05-24 08:47 1,409 --a------ C:\Windows\QTFont.for
2008-05-23 22:54 . 2008-05-23 22:54 <REP> d-------- C:\Program Files\MagicDVDRipper
2008-05-23 20:23 . 2008-05-23 21:10 <REP> d-------- C:\Temp\E--
2008-05-23 19:33 . 2008-05-23 19:35 <REP> d-------- C:\Users\All Users\DVD Shrink
2008-05-23 19:33 . 2008-05-23 19:35 <REP> d-------- C:\ProgramData\DVD Shrink
2008-05-23 19:11 . 2008-05-23 19:11 <REP> d-------- C:\Program Files\AVSMedia
2008-05-23 19:10 . 2008-05-23 19:26 <REP> d-------- C:\Program Files\Common Files\AVSMedia
2008-05-23 14:58 . 2008-05-23 15:36 <REP> d-------- C:\Program Files\DVDFab Platinum 4
2008-05-22 16:47 . 2008-05-22 16:47 <REP> d-------- C:\Program Files\Stardock
2008-05-22 16:32 . 2008-05-22 16:33 <REP> d-------- C:\Program Files\Unlocker
2008-05-22 16:12 . 2008-04-26 16:14 58,792 --------- C:\Windows\System32\wbload.dll
2008-05-22 16:12 . 2008-04-26 16:14 42,672 --------- C:\Windows\System32\wbsys.dll
2008-05-22 10:34 . 2008-05-22 10:53 <REP> d-------- C:\Program Files\Astonsoft
2008-05-22 07:04 . 2008-05-22 07:04 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-21 10:45 . 2008-05-23 20:23 <REP> d-------- C:\Temp
2008-05-21 10:42 . 2008-05-21 10:42 <REP> d-------- C:\Program Files\Xilisoft
2008-05-21 08:35 . 2008-05-21 08:35 <REP> d-------- C:\Program Files\eRightSoft
2008-05-21 08:35 . 2008-05-21 08:35 <REP> d-------- C:\Program Files\AviSynth 2.5
2008-05-20 23:02 . 2008-05-20 23:02 <REP> d-------- C:\Users\All Users\Ubisoft
2008-05-20 23:02 . 2008-05-20 23:02 <REP> d-------- C:\ProgramData\Ubisoft
2008-05-20 23:01 . 2007-10-12 15:14 3,734,536 --a------ C:\Windows\System32\d3dx9_36.dll
2008-05-20 23:01 . 2007-07-19 18:14 3,727,720 --a------ C:\Windows\System32\d3dx9_35.dll
2008-05-20 23:01 . 2008-05-20 23:01 2,337,865 --a------ C:\Windows\System32\pbsvc.exe
2008-05-20 23:01 . 2007-10-12 15:14 1,374,232 --a------ C:\Windows\System32\D3DCompiler_36.dll
2008-05-20 23:01 . 2007-07-19 18:14 1,358,192 --a------ C:\Windows\System32\D3DCompiler_35.dll
2008-05-20 23:01 . 2007-10-02 09:56 444,776 --a------ C:\Windows\System32\d3dx10_36.dll
2008-05-20 23:01 . 2007-07-19 18:14 444,776 --a------ C:\Windows\System32\d3dx10_35.dll
2008-05-20 23:01 . 2007-10-22 03:39 267,272 --a------ C:\Windows\System32\xactengine2_10.dll
2008-05-20 23:01 . 2007-07-20 00:57 267,112 --a------ C:\Windows\System32\xactengine2_9.dll
2008-05-20 23:01 . 2007-06-20 20:46 266,088 --a------ C:\Windows\System32\xactengine2_8.dll
2008-05-20 23:01 . 2007-10-22 03:37 17,928 --a------ C:\Windows\System32\X3DAudio1_2.dll
2008-05-20 22:51 . 2008-05-20 22:51 <REP> d-------- C:\Program Files\Ubisoft
2008-05-20 19:41 . 2008-05-20 19:41 <REP> d-------- C:\Windows\nvidia icons
2008-05-20 19:27 . 2008-05-20 19:27 <REP> d-------- C:\Program Files\Marvell
2008-05-20 17:35 . 2008-05-20 17:35 <REP> d-------- C:\Windows\PCHEALTH
2008-05-20 17:10 . 2008-05-24 20:51 <REP> d-------- C:\Program Files\vLite
2008-05-20 17:10 . 2008-01-19 00:43 131,000 --a------ C:\Windows\System32\drivers\WimFltr.sys
2008-05-20 12:37 . 2008-05-20 12:37 <REP> d-------- C:\Program Files\Common Files\Steam
2008-05-20 12:32 . 2008-05-20 21:10 <REP> d-------- C:\Program Files\Steam
2008-05-20 12:16 . 2008-05-20 12:26 <REP> d-------- C:\Users\All Users\Xfire
2008-05-20 12:16 . 2008-05-20 12:26 <REP> d-------- C:\ProgramData\Xfire
2008-05-20 12:16 . 2008-05-20 12:16 <REP> d-------- C:\Program Files\Xfire
2008-05-20 11:40 . 2008-05-20 11:41 <REP> d-------- C:\Program Files\Project64 1.6
2008-05-20 11:29 . 2008-05-20 11:29 <REP> d-------- C:\Users\All Users\FLEXnet
2008-05-20 11:29 . 2008-05-20 11:29 <REP> d-------- C:\ProgramData\FLEXnet
2008-05-20 10:49 . 2008-05-20 10:49 <REP> d-------- C:\Program Files\Common Files\Control Panels
2008-05-20 10:48 . 2008-05-20 10:48 <REP> d-------- C:\Users\All Users\ALM
2008-05-20 10:48 . 2008-05-20 10:48 <REP> d-------- C:\ProgramData\ALM
2008-05-20 10:40 . 2008-05-20 10:40 <REP> d-------- C:\Program Files\QuickTime
2008-05-20 10:38 . 2007-03-23 04:05 29,272 -ra------ C:\Windows\System32\AdobePDF.dll
2008-05-20 10:36 . 2007-02-20 16:04 2,463,976 --a------ C:\Windows\System32\NPSWF32.dll
2008-05-20 10:36 . 2007-02-20 16:04 190,696 --a------ C:\Windows\System32\NPSWF32_FlashUtil.exe
2008-05-20 10:34 . 2008-05-20 11:29 <REP> d-------- C:\Users\All Users\Adobe
2008-05-20 10:31 . 2008-05-20 10:31 <REP> d-------- C:\Program Files\Bonjour
2008-05-20 10:28 . 2008-05-20 10:28 <REP> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-20 10:26 . 2008-05-20 10:50 <REP> d-------- C:\Program Files\Common Files\Adobe
2008-05-20 09:53 . 2008-05-20 09:53 <REP> d-------- C:\Program Files\FileZilla FTP Client
2008-05-19 03:59 . 2008-05-19 04:01 <REP> d-------- C:\Program Files\rFactor
2008-05-19 01:57 . 2008-05-19 01:57 <REP> d-------- C:\Program Files\Ventrilo
2008-05-18 09:22 . 2008-05-18 09:22 <REP> d-------- C:\Program Files\Cool Beans NFO Creator
2008-05-18 09:21 . 2008-05-18 09:21 <REP> d-------- C:\Program Files\MediaInfo
2008-05-18 09:00 . 2008-05-18 09:00 <REP> d-------- C:\Program Files\DAMN NFO Viewer
2008-05-17 15:20 . 2008-05-17 15:20 <REP> d-------- C:\Program Files\UltraISO
2008-05-17 15:20 . 2008-05-17 15:20 <REP> d-------- C:\Program Files\Common Files\EZB Systems
2008-05-17 13:38 . 2008-05-23 15:30 <REP> d-------- C:\Users\All Users\vsosdk
2008-05-17 13:38 . 2008-05-23 15:30 <REP> d-------- C:\ProgramData\vsosdk
2008-05-17 13:06 . 2008-05-17 13:06 <REP> d-------- C:\Program Files\VSO
2008-05-17 13:06 . 2004-05-04 12:53 1,645,320 --a------ C:\Windows\gdiplus.dll
2008-05-17 13:06 . 2006-05-20 17:16 1,184,984 --a------ C:\Windows\System32\wvc1dmod.dll
2008-05-17 13:06 . 2006-05-11 20:21 626,688 --a------ C:\Windows\System32\vp7vfw.dll
2008-05-17 13:06 . 2006-09-29 13:24 217,127 --a------ C:\Windows\System32\drv43260.dll
2008-05-17 13:06 . 2006-09-29 13:25 208,935 --a------ C:\Windows\System32\drv33260.dll
2008-05-17 13:06 . 2006-09-29 13:26 176,165 --a------ C:\Windows\System32\drv23260.dll
2008-05-17 13:06 . 2007-03-18 21:37 65,602 --a------ C:\Windows\System32\cook3260.dll
2008-05-17 13:06 . 2008-05-17 13:06 47,360 --a------ C:\Windows\System32\drivers\pcouffin.sys
2008-05-17 12:10 . 2008-05-17 12:10 <REP> d-------- C:\Users\All Users\Messenger Plus!
2008-05-17 12:10 . 2008-05-17 12:10 <REP> d-------- C:\ProgramData\Messenger Plus!
2008-05-17 11:10 . 2008-05-17 11:10 <REP> d-------- C:\Users\All Users\TechSmith
2008-05-17 11:10 . 2008-05-17 11:10 <REP> d-------- C:\ProgramData\TechSmith
2008-05-17 11:10 . 2008-05-17 11:10 <REP> d-------- C:\Program Files\TechSmith
2008-05-17 11:09 . 2008-05-19 01:57 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-17 10:46 . 2008-05-17 10:46 <REP> d-------- C:\Users\All Users\Apple Computer
2008-05-17 10:46 . 2008-05-17 10:46 <REP> d-------- C:\ProgramData\Apple Computer
2008-05-17 10:46 . 2008-05-22 17:01 <REP> d-------- C:\Program Files\QuickTime Alternative
2008-05-17 10:46 . 2008-03-28 21:07 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx
2008-05-17 10:46 . 2008-03-28 21:07 57,344 --a------ C:\Windows\System32\QuickTime.qts
2008-05-17 10:09 . 2008-05-17 10:09 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-05-17 09:38 . 2008-05-17 09:38 <REP> d-------- C:\Users\All Users\Google
2008-05-17 09:33 . 2008-05-17 09:33 <REP> d-------- C:\Program Files\KC Softwares
2008-05-17 09:27 . 2008-05-17 09:27 <REP> d-------- C:\Users\All Users\GRETECH
2008-05-17 09:27 . 2008-05-17 09:27 <REP> d-------- C:\ProgramData\GRETECH
2008-05-17 09:24 . 2008-05-17 09:24 <REP> d-------- C:\Program Files\GRETECH
2008-05-17 09:18 . 2008-05-17 09:18 <REP> d-------- C:\Program Files\GlobalSCAPE
2008-05-17 08:32 . 2008-05-17 08:54 <REP> d-------- C:\Program Files\uTorrent
2008-05-16 22:39 . 2008-05-16 22:39 <REP> d-------- C:\Program Files\CCleaner
2008-05-16 21:00 . 2008-05-16 21:01 <REP> d-------- C:\Program Files\RivaTuner v2.07
2008-05-16 20:29 . 2008-05-16 20:29 <REP> d-------- C:\Users\All Users\SonicFocus
2008-05-16 20:29 . 2008-05-16 20:29 <REP> d-------- C:\ProgramData\SonicFocus
2008-05-16 20:29 . 2008-05-16 20:29 <REP> d-------- C:\Program Files\Creative
2008-05-16 20:29 . 2007-02-26 13:57 1,495,040 --------- C:\Windows\System32\adi_oal.dll
2008-05-16 20:29 . 2008-05-16 20:29 409,600 --a------ C:\Windows\System32\wrap_oal.dll
2008-05-16 20:29 . 2008-05-16 20:29 114,688 --a------ C:\Windows\System32\OpenAL32.dll
2008-05-16 20:28 . 2008-05-16 20:29 <REP> d-------- C:\Program Files\Analog Devices
2008-05-16 20:25 . 2008-05-16 20:25 <REP> d-------- C:\Program Files\TeamSpeak3
2008-05-16 17:48 . 2008-05-16 17:49 <REP> d-------- C:\Program Files\OpenOffice.org 2.4
2008-05-16 16:38 . 2008-05-16 16:38 268 --ah----- C:\sqmdata00.sqm
2008-05-16 16:38 . 2008-05-16 16:38 244 --ah----- C:\sqmnoopt00.sqm
2008-05-16 16:33 . 2008-05-16 16:34 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-16 16:32 . 2008-05-16 16:32 <REP> d-------- C:\Windows\System32\Macromed
2008-05-16 16:32 . 2008-05-20 17:32 <REP> d-------- C:\Users\All Users\WLInstaller
2008-05-16 16:32 . 2008-05-20 17:32 <REP> d-------- C:\ProgramData\WLInstaller
2008-05-16 16:32 . 2008-05-20 17:36 <REP> d-------- C:\Program Files\Windows Live
2008-05-16 16:30 . 2008-05-16 16:30 <REP> d-------- C:\Windows\Sun

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 18:50 174 --sha-w C:\Program Files\desktop.ini
2008-05-16 18:44 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-16 18:44 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-16 18:44 --------- d-----w C:\Program Files\Windows Mail
2008-05-16 18:44 --------- d-----w C:\Program Files\Windows Journal
2008-05-16 18:44 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-16 18:44 --------- d-----w C:\Program Files\Windows Calendar
2008-05-16 18:43 --------- d-----w C:\Program Files\Windows Defender
2008-05-16 18:37 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-16 18:36 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-16 16:40 --------- d-----w C:\Program Files\Microsoft Games
2008-05-16 14:10 --------- d-sh--w C:\ProgramData\Modèles
2008-05-16 14:10 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-05-16 14:10 --------- d-sh--w C:\ProgramData\Favoris
2008-05-16 14:10 --------- d-sh--w C:\ProgramData\Bureau
2008-05-16 14:10 --------- d-sh--w C:\Program Files\Fichiers communs
2008-04-11 21:23 38,400 ----a-w C:\Windows\System32\SoundSchemes.exe
2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\divx.dll
2008-03-28 17:41 7,680 ----a-w C:\Windows\System32\ff_vfw.dll
2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
2006-05-03 09:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w C:\Windows\System32\Smab0.dll
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot@2008-05-24_12.06.17.69 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-24 21:02:25 2,560 ----a-w C:\Windows\_MSRSTRT.EXE
+ 2008-05-25 13:48:36 225,280 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\5a545089c69330bf87b2c2502d637aa1\DriversHQ.DriverDetective.Client.Communication.ni.dll
+ 2008-05-25 13:48:40 57,856 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\93878911394786488281c5ba999499fd\DriversHQ.DriverDetective.ExceptionLogging.ni.dll
+ 2008-05-25 13:48:35 2,236,416 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\ac70b2a9cdfcf8bbb2ad98c797bab325\DriversHQ.DriverDetective.Client.ni.exe
+ 2008-05-25 13:48:38 184,320 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\ebb9fbcf5a053033cab508a83b2d27c0\DriversHQ.DriverDetective.Common.ni.dll
+ 2008-05-25 13:48:41 249,856 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\9429624cf02a941f7137d7ece314f8c4\Microsoft.ApplicationBlocks.Updater.ni.dll
+ 2008-05-25 13:48:42 368,640 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\[u]0/ud45e0c9a16d441ae499bad5f4e40029\Microsoft.Practices.EnterpriseLibrary.Common.ni.dll
+ 2008-05-25 13:48:44 167,936 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\3ffc8085c9c723c4382990540b3fbce5\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.ni.dll
+ 2008-05-25 13:48:42 356,352 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\9a1366f21e0c7b2a03ee60421e923686\Microsoft.Practices.ObjectBuilder.ni.dll
+ 2008-05-25 13:48:45 139,264 ----a-w C:\Windows\assembly\NativeImages_v2.0.50727_32\XPBurnComponent\3393663113829afc15a43db90e749c5b\XPBurnComponent.ni.dll
- 2008-05-24 16:01:50 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-25 13:18:39 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-25 13:47:55 26,694 ----a-r C:\Windows\Installer\{621C02EA-AAFF-4026-A903-165D59529A16}\ARPPRODUCTICON.exe
+ 2008-05-25 13:47:55 69,632 ----a-r C:\Windows\Installer\{621C02EA-AAFF-4026-A903-165D59529A16}\DriversHQ.DriverDe_212B77217E284373BD0AA155B0932A89.exe
+ 2008-05-25 13:47:55 69,632 ----a-r C:\Windows\Installer\{621C02EA-AAFF-4026-A903-165D59529A16}\DriversHQ.DriverDe_212B77217E284373BD0AA155B0932A89_1.exe
+ 2008-05-25 13:18:39 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-25 13:18:39 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-24 16:02:20 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-25 13:20:07 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-25 13:20:07 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-05-24 16:02:20 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-25 13:20:02 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-25 13:20:02 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-05-24 16:02:25 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-25 02:25:04 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-24 16:02:25 131,072 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-25 02:25:04 131,072 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-24 16:02:25 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-25 02:25:04 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-24 03:15:22 22,328 ----a-w C:\Windows\System32\drivers\PnkBstrK.sys
+ 2008-05-25 01:08:50 22,328 ----a-w C:\Windows\System32\drivers\PnkBstrK.sys
- 2008-05-24 16:00:32 101,052 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-25 13:26:05 101,052 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-24 16:00:32 123,350 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-05-25 13:26:05 123,350 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-05-24 16:00:32 586,980 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-25 13:26:05 586,980 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-24 16:00:32 669,340 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-05-25 13:26:05 669,340 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-05-24 03:15:15 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
+ 2008-05-25 01:08:43 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
- 2008-05-24 15:13:58 5,336 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2997138340-1022646316-1929679594-1000_UserData.bin
+ 2008-05-25 13:20:43 5,964 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2997138340-1022646316-1929679594-1000_UserData.bin
- 2008-05-24 15:13:58 61,124 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-25 13:20:43 61,368 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-24 15:13:57 29,626 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-25 13:20:43 30,704 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-24 21:18:33 66,774 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\Windows\KHALMNPR.Exe]
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 17:43 2051096]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-06-06 14:35 1261568]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-03 05:46 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-03 05:46 92704]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [16/05/2008 12:23:16 789008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2008-05-24 17:06 197912 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"msacm.divxa32"= msaud32_divx.acm
"VIDC.XFR1"= xfcodec.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2997138340-1022646316-1929679594-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C8CD5254-DEFD-4D1A-970F-6B6FE9D91F54}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{576AAA20-FE94-4823-A8A9-E2324C5813B6}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{E0F018B3-FFB0-43F6-9117-5ADC38EF8524}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{65FC2579-C8C9-48C4-BDEE-1367955D5D83}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{F64DB2C3-342B-4590-BB39-092CD71AF1FF}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{0619A9E4-D784-4745-8264-D1AED4DEC2AD}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{7384CA2C-75D3-471B-9977-B49C856FE84D}C:\\program files\\hlsw\\hlsw.exe"= UDP:C:\program files\hlsw\hlsw.exe:HLSW Application
"UDP Query User{ED773FE5-48A5-4208-9E33-FFD636230A84}C:\\program files\\hlsw\\hlsw.exe"= TCP:C:\program files\hlsw\hlsw.exe:HLSW Application
"{30DBA507-68D8-4E19-B483-D297240E962C}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{D6CDC10E-C931-4D89-B8E6-A8F278852FDD}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{6BC89D51-1E47-49EB-99F5-9DD2BBEAD9F9}C:\\program files\\globalscape\\cuteftp 8 professional\\ftpte.exe"= UDP:C:\program files\globalscape\cuteftp 8 professional\ftpte.exe:FTP Transfer Engine
"UDP Query User{7E776437-2262-43FB-8184-3713DD0A2FE0}C:\\program files\\globalscape\\cuteftp 8 professional\\ftpte.exe"= TCP:C:\program files\globalscape\cuteftp 8 professional\ftpte.exe:FTP Transfer Engine
"{42FBC8DF-826A-481B-8F9E-63BF06E4ECF8}"= UDP:D:\ENREGISTREMENT DE DOSSIER DU NET !!!!!\Serials FounderTM\Serials FounderTM.exe:Serials FounderTM.exe
"{94D51C92-BB8F-49BF-861B-F65BF7976987}"= TCP:D:\ENREGISTREMENT DE DOSSIER DU NET !!!!!\Serials FounderTM\Serials FounderTM.exe:Serials FounderTM.exe
"TCP Query User{8E5581EF-3E1C-4F79-9920-314FC480D9FB}C:\\program files\\rfactor\\rfactor.exe"= UDP:C:\program files\rfactor\rfactor.exe:rFactor
"UDP Query User{D2540E1F-EC10-4E93-92AF-8E8D1F1222A1}C:\\program files\\rfactor\\rfactor.exe"= TCP:C:\program files\rfactor\rfactor.exe:rFactor
"{59CB7524-6317-4B3C-B7FA-F3229F776EC2}"= UDP:3703:Adobe Version Cue CS3 Server
"{A68218A4-8097-4826-8FBC-9D9A3F59ECA5}"= UDP:3704:Adobe Version Cue CS3 Server
"{EFC767DE-0A8E-45CF-B30C-D1A6E32D4E36}"= UDP:50900:Adobe Version Cue CS3 Server
"{BB37AD3F-152F-4D29-9141-DCF103A2829A}"= UDP:50901:Adobe Version Cue CS3 Server
"{0EC44F04-BAD6-4FA8-B8C9-618D7178B509}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{299E6CA6-2C60-49FD-B1E7-CBA114C92F3D}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"TCP Query User{38731B1B-7875-47ED-AFF4-9EE84DA16DC6}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{9E2F476B-0144-4552-A774-8C75F1B5BE99}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"TCP Query User{58233186-4C51-4141-B305-3E4D1EAFF84A}C:\\program files\\steam\\steamapps\\blingbling7684\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\blingbling7684\counter-strike source\hl2.exe:hl2
"UDP Query User{0782E032-9BB1-4C91-A910-18DAB8306499}C:\\program files\\steam\\steamapps\\blingbling7684\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\blingbling7684\counter-strike source\hl2.exe:hl2
"{FE031A15-AEA0-4D34-AFEA-C05BE0FC89DC}"= C:\Program Files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone)
"{C4A642A0-D16F-4946-A236-40762F9424CD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8857FBB6-8E02-496C-82D4-A86F7F96B869}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{09EBD0D5-7CB7-4E00-91E0-0EE1DC4CD32E}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{A7ACFF30-6AA4-4505-ACDA-735144BCCA2B}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"{806DF4FF-2E8C-49AD-AED7-FB4988FA00F3}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"TCP Query User{18BD902E-F7F5-4A67-B0D4-EA65F9D1E821}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{DFD2BBD2-F3B8-42DF-8F8F-8149A9B8DEFF}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{943AB690-82C9-40EA-8D3C-B940E0EBAFC3}F:\\liberkey\\apps\\hfs\\hfs.exe"= UDP:F:\liberkey\apps\hfs\hfs.exe:hfs
"UDP Query User{42EBFF02-E7C2-42D4-9D95-B970C7718828}F:\\liberkey\\apps\\hfs\\hfs.exe"= TCP:F:\liberkey\apps\hfs\hfs.exe:hfs

R0 mv61xx;mv61xx;C:\Windows\system32\DRIVERS\mv61xx.sys [2007-06-15 03:52]
R2 AEADIFilters;Andrea ADI Filters Service;C:\Windows\system32\AEADISRV.EXE [2007-06-07 07:41]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-20 12:37]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{688b46e3-2350-11dd-882c-806e6f6e6963}]
\shell\AutoRun\command - E:\setup.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-25 10:33:44
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-25 10:35:03
ComboFix-quarantined-files.txt 2008-05-25 14:34:50
ComboFix2.txt 2008-05-24 16:31:20
ComboFix3.txt 2008-05-24 16:07:22

Pre-Run: 185,565,016,064 octets libres
Post-Run: 185,534,464,000 octets libres

315 --- E O F --- 2008-05-23 12:24:40
0
Réponse 18 / 33
Serial - Killer Messages postés 331 Date d'inscription vendredi 24 novembre 2006 Statut Membre Dernière intervention 24 janvier 2009 24
25 mai 2008 à 16:44
En pasant j'ai besoin de conseille pour un firewall qui est bon sous vista "compatible "

svp lolll
0
Réponse 19 / 33
ludsfa Messages postés 1284 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 15 janvier 2018 15
25 mai 2008 à 17:13
on continue,


désactive ton anti virus


Télécharge Lop S&D.exe sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)


(Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)
0
Réponse 20 / 33
Serial - Killer Messages postés 331 Date d'inscription vendredi 24 novembre 2006 Statut Membre Dernière intervention 24 janvier 2009 24
25 mai 2008 à 17:31
Re , rapport

-----------------------[ Lop S&D 4.2.0-9 XP/Vista ]---------------------

[ Windows 'Longhorn' (NT 6.0) Workstation Build 6001, Service Pack 1 ]
[ USER : JockeR ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ Sun 05/25/2008 | 11:29:18.51 ] [ PC : PC-DE-JOCKER ]
[ MAJ : 16-05-2008 | 23:35 ]
[ UAC => 0 ]

-------------[ Listing des dossiers dans Application Data ]------------

[05/24/2008|05:19] C:\Users\JockeR\AppData\Roaming\Adobe\<REP> Workflow
[05/23/2008|11:04] C:\Users\JockeR\AppData\Roaming\Adobe\<REP> Fireworks CS3
[05/22/2008|01:38] C:\Users\JockeR\AppData\Roaming\Adobe\<REP> Common
[05/22/2008|01:38] C:\Users\JockeR\AppData\Roaming\Adobe\<REP> Dreamweaver 9
[05/22/2008|01:23] C:\Users\JockeR\AppData\Roaming\Adobe\<REP> Adobe Photoshop CS3
[05/20/2008|04:02] C:\Users\JockeR\AppData\Roaming\Adobe\<REP> PatcherLogs
[05/20/2008|12:01] C:\Users\JockeR\AppData\Roaming\Adobe\<REP> Acrobat
[05/20/2008|12:01] C:\Users\JockeR\AppData\Roaming\Adobe\<REP> Adobe PDF
[05/20/2008|11:29] C:\Users\JockeR\AppData\Roaming\Adobe\<REP> Color
[05/20/2008|10:48] C:\Users\JockeR\AppData\Roaming\Adobe\<REP> Adobe Illustrator CS3 Settings
[05/20/2008|10:48] C:\Users\JockeR\AppData\Roaming\Adobe\<REP> After Effects
[05/20/2008|10:47] C:\Users\JockeR\AppData\Roaming\Adobe\<REP> PremierePro
[05/20/2008|10:47] C:\Users\JockeR\AppData\Roaming\Adobe\<REP> Premiere Pro
[05/20/2008|10:45] C:\Users\JockeR\AppData\Roaming\Adobe\<REP> Adobe DVD
[05/20/2008|10:45] C:\Users\JockeR\AppData\Roaming\Adobe\<REP> Adobe Encore
[05/20/2008|10:44] C:\Users\JockeR\AppData\Roaming\Adobe\<REP> Soundbooth
[05/20/2008|10:28] C:\Users\JockeR\AppData\Roaming\Adobe\<REP> Updater5
[05/16/2008|06:42] C:\Users\JockeR\AppData\Roaming\Adobe\<REP> Flash Player



[05/23/2008|08:22] C:\Users\JockeR\AppData\Roaming\dvdcss\<REP> 20080523_201421#2008052320144500
[05/23/2008|07:02] C:\Users\JockeR\AppData\Roaming\dvdcss\<REP> DIRTY_DANCING_ULTIMATE_DISC1#2007032811371075
[05/22/2008|09:53] C:\Users\JockeR\AppData\Roaming\dvdcss\<REP> IMMORTEL#2006102307190000
[05/21/2008|10:43] C:\Users\JockeR\AppData\Roaming\dvdcss\<REP> NDG_DISQUE1#2003040623370800


[05/17/2008|09:19] C:\Users\JockeR\AppData\Roaming\GlobalSCAPE\<REP> CuteFTP Pro

[05/24/2008|10:34] C:\Users\JockeR\AppData\Roaming\GRETECH\<REP> GomPlayer


[05/16/2008|10:14] C:\Users\JockeR\AppData\Roaming\Identities\<REP> {10812328-81D7-48C5-B1E7-238C4831CF3F}


[05/16/2008|10:25] C:\Users\JockeR\AppData\Roaming\InstallShield\<REP> ISEngine12.0

[05/16/2008|12:56] C:\Users\JockeR\AppData\Roaming\Logitech\<REP> SetPoint

[05/16/2008|10:40] C:\Users\JockeR\AppData\Roaming\Macromedia\<REP> Flash Player

[05/24/2008|12:49] C:\Users\JockeR\AppData\Roaming\Malwarebytes\<REP> Malwarebytes' Anti-Malware


[05/25/2008|09:59] C:\Users\JockeR\AppData\Roaming\Microsoft\<REP> CLR Security Config
[05/23/2008|11:01] C:\Users\JockeR\AppData\Roaming\Microsoft\<REP> Installer
[05/20/2008|07:26] C:\Users\JockeR\AppData\Roaming\Microsoft\<REP> MMC
[05/20/2008|12:28] C:\Users\JockeR\AppData\Roaming\Microsoft\<REP> MSN Messenger
[05/16/2008|09:01] C:\Users\JockeR\AppData\Roaming\Microsoft\<REP> HTML Help
[05/16/2008|04:35] C:\Users\JockeR\AppData\Roaming\Microsoft\<REP> IdentityCRL
[05/16/2008|12:49] C:\Users\JockeR\AppData\Roaming\Microsoft\<REP> Internet Explorer
[05/16/2008|11:48] C:\Users\JockeR\AppData\Roaming\Microsoft\<REP> Protect
[05/16/2008|10:41] C:\Users\JockeR\AppData\Roaming\Microsoft\<REP> Windows
[05/16/2008|10:25] C:\Users\JockeR\AppData\Roaming\Microsoft\<REP> Crypto
[05/16/2008|10:14] C:\Users\JockeR\AppData\Roaming\Microsoft\<REP> SystemCertificates
[05/16/2008|10:14] C:\Users\JockeR\AppData\Roaming\Microsoft\<REP> Credentials

[05/16/2008|11:48] C:\Users\JockeR\AppData\Roaming\Mozilla\<REP> Firefox

[05/23/2008|09:34] C:\Users\JockeR\AppData\Roaming\OpenOffice.org2\<REP> user





[05/23/2008|07:31] C:\Users\JockeR\AppData\Roaming\Pegasys Inc\<REP> TMPGEnc4XP


[05/16/2008|10:43] C:\Users\JockeR\AppData\Roaming\Talkback\<REP> MozillaOrg



[05/20/2008|02:11] C:\Users\JockeR\AppData\Roaming\Ventrilo\<REP> recordings
[05/20/2008|02:11] C:\Users\JockeR\AppData\Roaming\Ventrilo\<REP> wav
[05/20/2008|02:11] C:\Users\JockeR\AppData\Roaming\Ventrilo\<REP> icons
[05/19/2008|01:58] C:\Users\JockeR\AppData\Roaming\Ventrilo\<REP> usereditorprofiles




[05/20/2008|12:22] C:\Users\JockeR\AppData\Roaming\Xfire\<REP> chatlog

----------------[ Tâches planifiées dans C:\Windows\tasks ]---------------

[05/25/2008 10:38 AM][--ah-----] C:\Windows\tasks\SA.DAT
[05/25/2008 10:36 AM][--a------] C:\Windows\tasks\SCHEDLGU.TXT

------[ Listing des dossiers dans C:\ProgramData ]------

[05/20/2008|11:29] C:\ProgramData\<REP> Adobe
[05/20/2008|10:48] C:\ProgramData\<REP> ALM
[05/17/2008|10:46] C:\ProgramData\<REP> Apple Computer
[11/02/2006|09:00] C:\ProgramData\<JONCTION> Application Data
[05/16/2008|10:46] C:\ProgramData\<REP> Avira
[05/16/2008|10:10] C:\ProgramData\<JONCTION> Bureau
[11/02/2006|09:00] C:\ProgramData\<JONCTION> Desktop
[11/02/2006|09:00] C:\ProgramData\<JONCTION> Documents
[05/23/2008|07:35] C:\ProgramData\<REP> DVD Shrink
[05/16/2008|10:10] C:\ProgramData\<JONCTION> Favoris
[11/02/2006|09:00] C:\ProgramData\<JONCTION> Favorites
[05/20/2008|11:29] C:\ProgramData\<REP> FLEXnet
[05/17/2008|09:38] C:\ProgramData\<REP> Google
[05/17/2008|09:27] C:\ProgramData\<REP> GRETECH
[05/16/2008|12:25] C:\ProgramData\<REP> LogiShrd
[05/16/2008|12:25] C:\ProgramData\<REP> Logitech
[05/24/2008|12:48] C:\ProgramData\<REP> Malwarebytes
[05/16/2008|10:10] C:\ProgramData\<JONCTION> Menu D‚marrer
[05/17/2008|12:10] C:\ProgramData\<REP> Messenger Plus!
[05/16/2008|09:01] C:\ProgramData\<REP> Microsoft
[05/16/2008|10:10] C:\ProgramData\<JONCTION> ModŠles
[05/20/2008|07:43] C:\ProgramData\<REP> NVIDIA
[05/25/2008|09:47] C:\ProgramData\<REP> PC Drivers HeadQuarters
[05/16/2008|08:29] C:\ProgramData\<REP> SonicFocus
[11/02/2006|09:00] C:\ProgramData\<JONCTION> Start Menu
[05/17/2008|11:10] C:\ProgramData\<REP> TechSmith
[11/02/2006|09:00] C:\ProgramData\<JONCTION> Templates
[05/20/2008|11:02] C:\ProgramData\<REP> Ubisoft
[05/23/2008|03:30] C:\ProgramData\<REP> vsosdk
[05/20/2008|05:32] C:\ProgramData\<REP> WLInstaller
[05/20/2008|12:26] C:\ProgramData\<REP> Xfire

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[05/16/2008|01:12] C:\Program Files\<REP> Activision
[05/20/2008|10:50] C:\Program Files\<REP> Adobe
[05/16/2008|08:29] C:\Program Files\<REP> Analog Devices
[05/16/2008|10:41] C:\Program Files\<REP> Anti-Leech
[05/22/2008|10:53] C:\Program Files\<REP> Astonsoft
[05/16/2008|10:46] C:\Program Files\<REP> Avira
[05/21/2008|08:35] C:\Program Files\<REP> AviSynth 2.5
[05/23/2008|07:11] C:\Program Files\<REP> AVSMedia
[05/16/2008|12:40] C:\Program Files\<REP> BitLocker
[05/20/2008|10:31] C:\Program Files\<REP> Bonjour
[05/16/2008|10:39] C:\Program Files\<REP> CCleaner
[05/23/2008|07:10] C:\Program Files\<REP> Common Files
[05/18/2008|09:22] C:\Program Files\<REP> Cool Beans NFO Creator
[05/16/2008|08:29] C:\Program Files\<REP> Creative
[05/18/2008|09:00] C:\Program Files\<REP> DAMN NFO Viewer
[05/16/2008|02:50] C:\Program Files\174 desktop.ini
[05/23/2008|03:36] C:\Program Files\<REP> DVDFab Platinum 4
[05/21/2008|08:35] C:\Program Files\<REP> eRightSoft
[05/16/2008|10:10] C:\Program Files\<JONCTION> Fichiers communs [C:\Program Files\Common Files]
[05/20/2008|09:53] C:\Program Files\<REP> FileZilla FTP Client
[05/17/2008|09:18] C:\Program Files\<REP> GlobalSCAPE
[05/17/2008|09:24] C:\Program Files\<REP> GRETECH
[05/16/2008|01:54] C:\Program Files\<REP> HLSW
[05/25/2008|09:49] C:\Program Files\<REP> InstallShield Installation Information
[05/16/2008|02:44] C:\Program Files\<REP> Internet Explorer
[05/16/2008|04:30] C:\Program Files\<REP> Java
[05/17/2008|09:33] C:\Program Files\<REP> KC Softwares
[05/22/2008|07:04] C:\Program Files\<REP> K-Lite Codec Pack
[05/16/2008|12:25] C:\Program Files\<REP> Logitech
[05/23/2008|10:54] C:\Program Files\<REP> MagicDVDRipper
[05/24/2008|12:48] C:\Program Files\<REP> Malwarebytes' Anti-Malware
[05/20/2008|07:27] C:\Program Files\<REP> Marvell
[05/18/2008|09:21] C:\Program Files\<REP> MediaInfo
[05/17/2008|10:09] C:\Program Files\<REP> Messenger Plus! Live
[05/16/2008|12:40] C:\Program Files\<REP> Microsoft Games
[05/20/2008|08:49] C:\Program Files\<REP> Microsoft Silverlight
[05/16/2008|02:44] C:\Program Files\<REP> Movie Maker
[05/16/2008|02:29] C:\Program Files\<REP> Mozilla Firefox
[11/02/2006|08:35] C:\Program Files\<REP> MSBuild
[05/25/2008|11:03] C:\Program Files\<REP> NeoTrace Express
[05/16/2008|10:27] C:\Program Files\<REP> NVIDIA Corporation
[05/16/2008|05:49] C:\Program Files\<REP> OpenOffice.org 2.4
[05/25/2008|09:47] C:\Program Files\<REP> PC Drivers HeadQuarters
[05/20/2008|11:41] C:\Program Files\<REP> Project64 1.6
[05/20/2008|10:40] C:\Program Files\<REP> QuickTime
[05/22/2008|05:01] C:\Program Files\<REP> QuickTime Alternative
[11/02/2006|08:35] C:\Program Files\<REP> Reference Assemblies
[05/19/2008|04:01] C:\Program Files\<REP> rFactor
[05/16/2008|09:01] C:\Program Files\<REP> RivaTuner v2.07
[05/22/2008|04:47] C:\Program Files\<REP> Stardock
[05/20/2008|09:10] C:\Program Files\<REP> Steam
[05/16/2008|08:25] C:\Program Files\<REP> TeamSpeak3
[05/17/2008|11:10] C:\Program Files\<REP> TechSmith
[05/20/2008|10:51] C:\Program Files\<REP> Ubisoft
[05/17/2008|03:20] C:\Program Files\<REP> UltraISO
[11/02/2006|09:00] C:\Program Files\<REP> Uninstall Information
[05/22/2008|04:33] C:\Program Files\<REP> Unlocker
[05/17/2008|08:54] C:\Program Files\<REP> uTorrent
[05/19/2008|01:57] C:\Program Files\<REP> Ventrilo
[05/25/2008|10:36] C:\Program Files\<REP> vLite
[05/17/2008|01:06] C:\Program Files\<REP> VSO
[05/16/2008|02:44] C:\Program Files\<REP> Windows Calendar
[05/16/2008|02:44] C:\Program Files\<REP> Windows Collaboration
[05/16/2008|02:43] C:\Program Files\<REP> Windows Defender
[05/16/2008|02:44] C:\Program Files\<REP> Windows Journal
[05/20/2008|05:36] C:\Program Files\<REP> Windows Live
[05/16/2008|02:44] C:\Program Files\<REP> Windows Mail
[05/16/2008|02:44] C:\Program Files\<REP> Windows Media Player
[05/16/2008|10:10] C:\Program Files\<REP> Windows NT
[05/16/2008|02:44] C:\Program Files\<REP> Windows Photo Gallery
[05/16/2008|02:44] C:\Program Files\<REP> Windows Sidebar
[05/16/2008|11:48] C:\Program Files\<REP> WinRAR
[05/20/2008|12:16] C:\Program Files\<REP> Xfire
[05/21/2008|10:42] C:\Program Files\<REP> Xilisoft

------[ Listing des dossiers dans C:\Program Files\Common Files ]------

[05/20/2008|10:50] C:\Program Files\Common Files\<REP> Adobe
[05/23/2008|07:26] C:\Program Files\Common Files\<REP> AVSMedia
[05/20/2008|10:49] C:\Program Files\Common Files\<REP> Control Panels
[05/17/2008|03:20] C:\Program Files\Common Files\<REP> EZB Systems
[05/17/2008|09:18] C:\Program Files\Common Files\<REP> InstallShield
[05/16/2008|04:29] C:\Program Files\Common Files\<REP> Java
[05/16/2008|12:23] C:\Program Files\Common Files\<REP> Logishrd
[05/20/2008|10:28] C:\Program Files\Common Files\<REP> Macrovision Shared
[05/20/2008|05:34] C:\Program Files\Common Files\<REP> microsoft shared
[11/02/2006|07:18] C:\Program Files\Common Files\<REP> Services
[11/02/2006|07:18] C:\Program Files\Common Files\<REP> SpeechEngines
[05/20/2008|12:37] C:\Program Files\Common Files\<REP> Steam
[05/16/2008|02:43] C:\Program Files\Common Files\<REP> System
[05/16/2008|04:34] C:\Program Files\Common Files\<REP> WindowsLiveInstaller
[05/19/2008|01:57] C:\Program Files\Common Files\<REP> Wise Installation Wizard

---------------------------[ Process ]--------------------------

... 66

... OK !

----------------------[ Recherche avec S_Lop ]---------------------

Aucun fichier / dossier Lop trouvé !

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

Aucun fichier / dossier Lop trouvé !

----------------------[ Verification du Registre ]----------------------

..... OK !

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE


----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-25 11:29:47
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

=> C:\Users\JockeR\AppData\Roaming\uTorrent\Magic DVD Copier 4.8.0.4 Incl. Keygen.torrent


[F:19814][D:3969]-> C:\Users\JockeR\AppData\Local\Temp
[F:92][D:1]-> C:\Users\JockeR\AppData\Roaming\MICROS~1\Windows\Cookies
[F:1598][D:4]-> C:\Users\JockeR\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:2][D:2]-> C:\$Recycle.Bin

[ UAC => 1 ]

--------------------[ Fin du rapport a 11:31:08.98 ]----------------------
0