Win32:Vundo@dll [Trj]
Résolu
yann86
Messages postés
29
Date d'inscription
Statut
Membre
Dernière intervention
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
Mon logiciel anti-virus vient de trouvre un cheval de troie : Win32:Vundo@dll [Trj]
Es-ce que quelqu'un pourrait m'aider à le détruire car je fais supprimer mais rien ni fait, Avast me remet le message de tan à autre.
Merci d'avance
Mon logiciel anti-virus vient de trouvre un cheval de troie : Win32:Vundo@dll [Trj]
Es-ce que quelqu'un pourrait m'aider à le détruire car je fais supprimer mais rien ni fait, Avast me remet le message de tan à autre.
Merci d'avance
A voir également:
- Win32:Vundo@dll [Trj]
- Puabundler win32 candyopen - Forum Virus
- Win32:miscx-gen ✓ - Forum Linux / Unix
- Puabundler win32 rostpay ✓ - Forum Antivirus
- Puadimanager win32/offercore ✓ - Forum Virus
- Trojan win32 - Forum Virus
93 réponses
Tien le rapport de combofix
ComboFix 08-06-01.6 - Arnaud 2008-06-02 17:50:13.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.359 [GMT 2:00]
Endroit: C:\Documents and Settings\Arnaud\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-02 to 2008-06-02 ))))))))))))))))))))))))))))))))))))
.
2008-06-02 17:42 . 2008-06-02 17:43 <REP> d-------- C:\nono
2008-06-02 06:04 . 2008-06-02 06:04 <REP> d-------- C:\Documents and Settings\Titi\Application Data\Grisoft
2008-06-02 01:24 . 2008-06-02 01:24 <REP> d-------- C:\Program Files\Sun
2008-06-02 01:04 . 2008-06-02 01:04 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\Grisoft
2008-06-02 01:04 . 2008-06-02 01:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-06-02 01:04 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-06-02 00:58 . 2008-06-02 01:00 <REP> d-------- C:\Program Files\RegCleaner
2008-06-02 00:24 . 2008-06-02 00:24 <REP> d-------- C:\_OTMoveIt
2008-06-01 23:45 . 2008-06-01 23:45 20,494,878 --a------ C:\upload_moi_SAIDI.tar.gz
2008-05-30 19:50 . 2008-05-30 19:55 354 ---hs---- C:\WINDOWS\system32\fruwvslv.ini
2008-05-30 18:14 . 2008-06-01 19:32 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-30 18:14 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-30 18:14 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-30 17:51 . 2008-05-30 19:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-29 19:49 . 2008-05-29 19:49 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\Malwarebytes
2008-05-29 19:49 . 2008-05-29 19:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-27 20:24 . 2008-05-27 20:29 <REP> d-------- C:\Program Files\Iomega
2008-05-27 20:24 . 2008-05-27 20:24 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\Leadertech
2008-05-17 22:39 . 2008-05-17 22:39 <REP> d-------- C:\Documents and Settings\Marion\Application Data\EPSON
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 15:20 --------- d-----w C:\Program Files\Trend Micro
2008-06-02 15:11 --------- d-----w C:\Documents and Settings\Arnaud\Application Data\Skype
2008-06-02 14:01 --------- d-----w C:\Documents and Settings\Arnaud\Application Data\skypePM
2008-06-01 23:23 --------- d-----w C:\Program Files\Java
2008-06-01 22:49 --------- d-----w C:\Program Files\QuickTime
2008-06-01 22:10 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-06-01 22:10 0 ----a-w C:\WINDOWS\system32\drivers\logiflt.iad
2008-05-30 14:29 --------- d-----w C:\Program Files\VideoLAN
2008-05-29 14:51 --------- d-----w C:\Program Files\eMule
2008-05-22 07:55 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-22 07:53 --------- d-----w C:\Documents and Settings\Arnaud\Application Data\AdobeUM
2008-05-17 16:39 --------- d-----w C:\Program Files\FinePixViewer
2008-05-15 07:22 800 -c--a-w C:\Documents and Settings\Marion\Application Data\wklnhst.dat
2008-05-01 11:40 --------- d-----w C:\Program Files\pspvideo9
2008-05-01 11:40 --------- d-----w C:\Program Files\AviSynth 2.5
2008-04-13 12:46 --------- d-----w C:\Program Files\Fichiers communs\ProtectionAssuree
2008-04-13 12:25 101,163 ----a-w C:\Documents and Settings\Arnaud\yqstdt.exe
2008-04-13 12:25 101,163 ----a-w C:\Documents and Settings\Arnaud\yblwmf.exe
2008-04-13 12:25 101,163 ----a-w C:\Documents and Settings\Arnaud\rbaxhg.exe
2008-04-12 07:49 --------- d-----w C:\Program Files\DivX
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 -c--a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 -c--a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 -c--a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-01-17 04:53 26,992 -c--a-w C:\Documents and Settings\Titi\Application Data\GDIPFONTCACHEV1.DAT
2008-01-02 09:37 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-08 15:43 26,992 -c--a-w C:\Documents and Settings\Arnaud\Application Data\GDIPFONTCACHEV1.DAT
2007-11-07 10:50 101,163 ----a-w C:\Documents and Settings\Arnaud\krewhz.exe
2007-11-07 10:50 101,163 ----a-w C:\Documents and Settings\Arnaud\kqyhur.exe
2007-11-07 10:50 101,163 ----a-w C:\Documents and Settings\Arnaud\kpznhm.exe
2007-11-07 10:50 101,163 ----a-w C:\Documents and Settings\Arnaud\hbsiai.exe
2007-11-07 10:50 101,163 ----a-w C:\Documents and Settings\Arnaud\fwexzh.exe
2007-11-07 10:50 101,163 ----a-w C:\Documents and Settings\Arnaud\fsjfdj.exe
2007-11-07 10:50 101,163 ----a-w C:\Documents and Settings\Arnaud\fdlzea.exe
2007-11-07 10:50 101,163 ----a-w C:\Documents and Settings\Arnaud\ensogb.exe
2007-11-07 10:47 101,163 ----a-w C:\Documents and Settings\Arnaud\ahisrl.exe
2007-04-30 09:44 942 -c--a-w C:\Documents and Settings\Arnaud\Application Data\wklnhst.dat
2007-03-30 11:41 26,992 -c--a-w C:\Documents and Settings\Marion\Application Data\GDIPFONTCACHEV1.DAT
2006-06-18 14:54 332 -c--a-w C:\Documents and Settings\Titi\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 06:02 68856]
"WengoPhoneNG"="J:\Apps\PortableWengoPhone\qtwengophone.exe" [ ]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 21:21 1204224]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 21:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]
"EPSON Stylus DX7400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.exe" [2007-04-12 08:00 182272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 16:04 135168]
"SoundMan"="SOUNDMAN.EXE" [2005-09-26 16:07 90112 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-18 09:32 7204864]
"nwiz"="nwiz.exe" [2005-09-18 09:32 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-09-18 09:32 86016]
"CHotkey"="zHotkey.exe" [2004-12-08 18:57 550912 C:\WINDOWS\zHotkey.exe]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" [ ]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
"vmtalk"="C:\Program Files\Fichiers communs\Talkway\vmtalk.exe" [2003-07-24 17:21 61440]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16 1121792]
"Motive SmartBridge"="C:\PROGRA~1\LECOMP~1\SMARTB~1\MotiveSB.exe" [2005-08-24 08:51 438359]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 17:52 3770024]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 17:37 2178832]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 23:18 443968]
C:\Documents and Settings\Marion\Menu D‚marrer\Programmes\D‚marrage\
Club Internet.lnk - C:\Program Files\Club-Internet\Lanceur\lanceur.exe [2005-10-19 10:05:42 5201920]
C:\Documents and Settings\Arnaud\Menu D‚marrer\Programmes\D‚marrage\
Club Internet.lnk - C:\Program Files\Club-Internet\Lanceur\lanceur.exe [2005-10-19 10:05:42 5201920]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2006-05-08 14:17:09 282624]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
LE COMPAGNON CLUB.lnk - C:\Program Files\LE COMPAGNON CLUB\bin\matcli.exe [2006-11-07 16:52:06 217088]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-01-01 04:05:43 67128]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoRun"= 0 (0x0)
"NoDesktop"= 0 (0x0)
"NoClose"= 0 (0x0)
"StartMenuLogOff"= 0 (0x0)
"HideClock"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"vidc.i263"= C:\WINDOWS\system32\i263_32.drv
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Fichiers communs\\Talkway\\vmtalk.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7571:UDP"= 7571:UDP:emule
"7561:TCP"= 7561:TCP:emule
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S2 Ca536av;4.0M MPEG4 DV Video Capture;C:\WINDOWS\system32\Drivers\Ca536av.sys [2003-07-09 11:49]
S3 USBCamera;4.0M MPEG4 DV Digital Camera;C:\WINDOWS\system32\Drivers\Bulk536.sys [2003-05-14 17:28]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da9ff7a6-e23c-11dc-89f7-0015581bdde6}]
\Shell\AutoRun\command - ie.exe
\Shell\explore\Command - ie.exe
\Shell\open\Command - ie.exe
*Newly Created Service* - AVG_ANTI-SPYWARE_DRIVER
*Newly Created Service* - AVG_ANTI-SPYWARE_GUARD
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-02 17:52:02
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-06-02 17:54:02
ComboFix-quarantined-files.txt 2008-06-02 15:53:48
ComboFix2.txt 2008-06-01 20:19:16
Pre-Run: 135,128,653,824 octets libres
Post-Run: 135,204,646,912 octets libres
197 --- E O F --- 2008-05-29 01:01:44
ComboFix 08-06-01.6 - Arnaud 2008-06-02 17:50:13.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.359 [GMT 2:00]
Endroit: C:\Documents and Settings\Arnaud\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-02 to 2008-06-02 ))))))))))))))))))))))))))))))))))))
.
2008-06-02 17:42 . 2008-06-02 17:43 <REP> d-------- C:\nono
2008-06-02 06:04 . 2008-06-02 06:04 <REP> d-------- C:\Documents and Settings\Titi\Application Data\Grisoft
2008-06-02 01:24 . 2008-06-02 01:24 <REP> d-------- C:\Program Files\Sun
2008-06-02 01:04 . 2008-06-02 01:04 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\Grisoft
2008-06-02 01:04 . 2008-06-02 01:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-06-02 01:04 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-06-02 00:58 . 2008-06-02 01:00 <REP> d-------- C:\Program Files\RegCleaner
2008-06-02 00:24 . 2008-06-02 00:24 <REP> d-------- C:\_OTMoveIt
2008-06-01 23:45 . 2008-06-01 23:45 20,494,878 --a------ C:\upload_moi_SAIDI.tar.gz
2008-05-30 19:50 . 2008-05-30 19:55 354 ---hs---- C:\WINDOWS\system32\fruwvslv.ini
2008-05-30 18:14 . 2008-06-01 19:32 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-30 18:14 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-30 18:14 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-30 17:51 . 2008-05-30 19:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-29 19:49 . 2008-05-29 19:49 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\Malwarebytes
2008-05-29 19:49 . 2008-05-29 19:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-27 20:24 . 2008-05-27 20:29 <REP> d-------- C:\Program Files\Iomega
2008-05-27 20:24 . 2008-05-27 20:24 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\Leadertech
2008-05-17 22:39 . 2008-05-17 22:39 <REP> d-------- C:\Documents and Settings\Marion\Application Data\EPSON
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 15:20 --------- d-----w C:\Program Files\Trend Micro
2008-06-02 15:11 --------- d-----w C:\Documents and Settings\Arnaud\Application Data\Skype
2008-06-02 14:01 --------- d-----w C:\Documents and Settings\Arnaud\Application Data\skypePM
2008-06-01 23:23 --------- d-----w C:\Program Files\Java
2008-06-01 22:49 --------- d-----w C:\Program Files\QuickTime
2008-06-01 22:10 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-06-01 22:10 0 ----a-w C:\WINDOWS\system32\drivers\logiflt.iad
2008-05-30 14:29 --------- d-----w C:\Program Files\VideoLAN
2008-05-29 14:51 --------- d-----w C:\Program Files\eMule
2008-05-22 07:55 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-22 07:53 --------- d-----w C:\Documents and Settings\Arnaud\Application Data\AdobeUM
2008-05-17 16:39 --------- d-----w C:\Program Files\FinePixViewer
2008-05-15 07:22 800 -c--a-w C:\Documents and Settings\Marion\Application Data\wklnhst.dat
2008-05-01 11:40 --------- d-----w C:\Program Files\pspvideo9
2008-05-01 11:40 --------- d-----w C:\Program Files\AviSynth 2.5
2008-04-13 12:46 --------- d-----w C:\Program Files\Fichiers communs\ProtectionAssuree
2008-04-13 12:25 101,163 ----a-w C:\Documents and Settings\Arnaud\yqstdt.exe
2008-04-13 12:25 101,163 ----a-w C:\Documents and Settings\Arnaud\yblwmf.exe
2008-04-13 12:25 101,163 ----a-w C:\Documents and Settings\Arnaud\rbaxhg.exe
2008-04-12 07:49 --------- d-----w C:\Program Files\DivX
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 -c--a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 -c--a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 -c--a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-01-17 04:53 26,992 -c--a-w C:\Documents and Settings\Titi\Application Data\GDIPFONTCACHEV1.DAT
2008-01-02 09:37 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-08 15:43 26,992 -c--a-w C:\Documents and Settings\Arnaud\Application Data\GDIPFONTCACHEV1.DAT
2007-11-07 10:50 101,163 ----a-w C:\Documents and Settings\Arnaud\krewhz.exe
2007-11-07 10:50 101,163 ----a-w C:\Documents and Settings\Arnaud\kqyhur.exe
2007-11-07 10:50 101,163 ----a-w C:\Documents and Settings\Arnaud\kpznhm.exe
2007-11-07 10:50 101,163 ----a-w C:\Documents and Settings\Arnaud\hbsiai.exe
2007-11-07 10:50 101,163 ----a-w C:\Documents and Settings\Arnaud\fwexzh.exe
2007-11-07 10:50 101,163 ----a-w C:\Documents and Settings\Arnaud\fsjfdj.exe
2007-11-07 10:50 101,163 ----a-w C:\Documents and Settings\Arnaud\fdlzea.exe
2007-11-07 10:50 101,163 ----a-w C:\Documents and Settings\Arnaud\ensogb.exe
2007-11-07 10:47 101,163 ----a-w C:\Documents and Settings\Arnaud\ahisrl.exe
2007-04-30 09:44 942 -c--a-w C:\Documents and Settings\Arnaud\Application Data\wklnhst.dat
2007-03-30 11:41 26,992 -c--a-w C:\Documents and Settings\Marion\Application Data\GDIPFONTCACHEV1.DAT
2006-06-18 14:54 332 -c--a-w C:\Documents and Settings\Titi\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 06:02 68856]
"WengoPhoneNG"="J:\Apps\PortableWengoPhone\qtwengophone.exe" [ ]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 21:21 1204224]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 21:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]
"EPSON Stylus DX7400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.exe" [2007-04-12 08:00 182272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 16:04 135168]
"SoundMan"="SOUNDMAN.EXE" [2005-09-26 16:07 90112 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-18 09:32 7204864]
"nwiz"="nwiz.exe" [2005-09-18 09:32 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-09-18 09:32 86016]
"CHotkey"="zHotkey.exe" [2004-12-08 18:57 550912 C:\WINDOWS\zHotkey.exe]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" [ ]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
"vmtalk"="C:\Program Files\Fichiers communs\Talkway\vmtalk.exe" [2003-07-24 17:21 61440]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16 1121792]
"Motive SmartBridge"="C:\PROGRA~1\LECOMP~1\SMARTB~1\MotiveSB.exe" [2005-08-24 08:51 438359]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 17:52 3770024]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 17:37 2178832]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 23:18 443968]
C:\Documents and Settings\Marion\Menu D‚marrer\Programmes\D‚marrage\
Club Internet.lnk - C:\Program Files\Club-Internet\Lanceur\lanceur.exe [2005-10-19 10:05:42 5201920]
C:\Documents and Settings\Arnaud\Menu D‚marrer\Programmes\D‚marrage\
Club Internet.lnk - C:\Program Files\Club-Internet\Lanceur\lanceur.exe [2005-10-19 10:05:42 5201920]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2006-05-08 14:17:09 282624]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
LE COMPAGNON CLUB.lnk - C:\Program Files\LE COMPAGNON CLUB\bin\matcli.exe [2006-11-07 16:52:06 217088]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-01-01 04:05:43 67128]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoRun"= 0 (0x0)
"NoDesktop"= 0 (0x0)
"NoClose"= 0 (0x0)
"StartMenuLogOff"= 0 (0x0)
"HideClock"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"vidc.i263"= C:\WINDOWS\system32\i263_32.drv
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Fichiers communs\\Talkway\\vmtalk.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7571:UDP"= 7571:UDP:emule
"7561:TCP"= 7561:TCP:emule
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S2 Ca536av;4.0M MPEG4 DV Video Capture;C:\WINDOWS\system32\Drivers\Ca536av.sys [2003-07-09 11:49]
S3 USBCamera;4.0M MPEG4 DV Digital Camera;C:\WINDOWS\system32\Drivers\Bulk536.sys [2003-05-14 17:28]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da9ff7a6-e23c-11dc-89f7-0015581bdde6}]
\Shell\AutoRun\command - ie.exe
\Shell\explore\Command - ie.exe
\Shell\open\Command - ie.exe
*Newly Created Service* - AVG_ANTI-SPYWARE_DRIVER
*Newly Created Service* - AVG_ANTI-SPYWARE_GUARD
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-02 17:52:02
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-06-02 17:54:02
ComboFix-quarantined-files.txt 2008-06-02 15:53:48
ComboFix2.txt 2008-06-01 20:19:16
Pre-Run: 135,128,653,824 octets libres
Post-Run: 135,204,646,912 octets libres
197 --- E O F --- 2008-05-29 01:01:44
Copie le texte ci-dessous :
File::
C:\Program Files\Search Settings\SearchSettings.exe
C:\upload_moi_SAIDI.tar.gz
C:\Documents and Settings\Arnaud\yqstdt.exe
C:\Documents and Settings\Arnaud\yblwmf.exe
C:\Documents and Settings\Arnaud\rbaxhg.exe
C:\Documents and Settings\Arnaud\krewhz.exe
C:\Documents and Settings\Arnaud\kqyhur.exe
C:\Documents and Settings\Arnaud\kpznhm.exe
C:\Documents and Settings\Arnaud\hbsiai.exe
C:\Documents and Settings\Arnaud\fwexzh.exe
C:\Documents and Settings\Arnaud\fsjfdj.exe
C:\Documents and Settings\Arnaud\fdlzea.exe
C:\Documents and Settings\Arnaud\ensogb.exe
C:\Documents and Settings\Arnaud\ahisrl.exe
Folder::
C:\Program Files\Search Settings
C:\_OTMoveIt
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
File::
C:\Program Files\Search Settings\SearchSettings.exe
C:\upload_moi_SAIDI.tar.gz
C:\Documents and Settings\Arnaud\yqstdt.exe
C:\Documents and Settings\Arnaud\yblwmf.exe
C:\Documents and Settings\Arnaud\rbaxhg.exe
C:\Documents and Settings\Arnaud\krewhz.exe
C:\Documents and Settings\Arnaud\kqyhur.exe
C:\Documents and Settings\Arnaud\kpznhm.exe
C:\Documents and Settings\Arnaud\hbsiai.exe
C:\Documents and Settings\Arnaud\fwexzh.exe
C:\Documents and Settings\Arnaud\fsjfdj.exe
C:\Documents and Settings\Arnaud\fdlzea.exe
C:\Documents and Settings\Arnaud\ensogb.exe
C:\Documents and Settings\Arnaud\ahisrl.exe
Folder::
C:\Program Files\Search Settings
C:\_OTMoveIt
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
Voila en premier le scan de combofix:
ComboFix 08-06-01.6 - Arnaud 2008-06-02 18:25:05.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.334 [GMT 2:00]
Endroit: C:\Documents and Settings\Arnaud\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Arnaud\Bureau\CFScript.txt..txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
C:\Documents and Settings\Arnaud\ahisrl.exe
C:\Documents and Settings\Arnaud\ensogb.exe
C:\Documents and Settings\Arnaud\fdlzea.exe
C:\Documents and Settings\Arnaud\fsjfdj.exe
C:\Documents and Settings\Arnaud\fwexzh.exe
C:\Documents and Settings\Arnaud\hbsiai.exe
C:\Documents and Settings\Arnaud\kpznhm.exe
C:\Documents and Settings\Arnaud\kqyhur.exe
C:\Documents and Settings\Arnaud\krewhz.exe
C:\Documents and Settings\Arnaud\rbaxhg.exe
C:\Documents and Settings\Arnaud\yblwmf.exe
C:\Documents and Settings\Arnaud\yqstdt.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\upload_moi_SAIDI.tar.gz
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\_OTMoveIt
C:\_OTMoveIt\MovedFiles\[u]0[/u]6022008_002430\Program Files\Search Settings\kb125\res\ErrorPageTemplate.css
C:\_OTMoveIt\MovedFiles\[u]0[/u]6022008_002430\Program Files\Search Settings\kb125\res\help.gif
C:\_OTMoveIt\MovedFiles\[u]0[/u]6022008_002430\Program Files\Search Settings\kb125\res\tab_icon.png
C:\_OTMoveIt\MovedFiles\[u]0[/u]6022008_002430\Program Files\Search Settings\kb125\res\tabdata.js
C:\_OTMoveIt\MovedFiles\[u]0[/u]6022008_002430\Program Files\Search Settings\kb125\res\tablib.js
C:\_OTMoveIt\MovedFiles\[u]0[/u]6022008_002430\Program Files\Search Settings\kb125\res\tabwelcome_en.html
C:\_OTMoveIt\MovedFiles\[u]0[/u]6022008_002430\Program Files\Search Settings\kb125\res\toolbar_background.gif
C:\_OTMoveIt\MovedFiles\[u]0[/u]6022008_002430\Program Files\Search Settings\kb125\res\yahoo_search.gif
C:\_OTMoveIt\MovedFiles\[u]0[/u]6022008_002430\Program Files\Search Settings\kb125\SearchSettings.dll
C:\_OTMoveIt\MovedFiles\[u]0[/u]6022008_002430\Program Files\Search Settings\SearchSettings.exe
C:\Documents and Settings\Arnaud\ahisrl.exe
C:\Documents and Settings\Arnaud\ensogb.exe
C:\Documents and Settings\Arnaud\fdlzea.exe
C:\Documents and Settings\Arnaud\fsjfdj.exe
C:\Documents and Settings\Arnaud\fwexzh.exe
C:\Documents and Settings\Arnaud\hbsiai.exe
C:\Documents and Settings\Arnaud\kpznhm.exe
C:\Documents and Settings\Arnaud\kqyhur.exe
C:\Documents and Settings\Arnaud\krewhz.exe
C:\Documents and Settings\Arnaud\rbaxhg.exe
C:\Documents and Settings\Arnaud\yblwmf.exe
C:\Documents and Settings\Arnaud\yqstdt.exe
C:\upload_moi_SAIDI.tar.gz
.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-02 to 2008-06-02 ))))))))))))))))))))))))))))))))))))
.
2008-06-02 17:42 . 2008-06-02 17:43 <REP> d-------- C:\nono
2008-06-02 06:04 . 2008-06-02 06:04 <REP> d-------- C:\Documents and Settings\Titi\Application Data\Grisoft
2008-06-02 01:24 . 2008-06-02 01:24 <REP> d-------- C:\Program Files\Sun
2008-06-02 01:04 . 2008-06-02 01:04 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\Grisoft
2008-06-02 01:04 . 2008-06-02 01:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-06-02 01:04 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-06-02 00:58 . 2008-06-02 01:00 <REP> d-------- C:\Program Files\RegCleaner
2008-05-30 19:50 . 2008-05-30 19:55 354 ---hs---- C:\WINDOWS\system32\fruwvslv.ini
2008-05-30 18:14 . 2008-06-01 19:32 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-30 18:14 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-30 18:14 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-30 17:51 . 2008-05-30 19:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-29 19:49 . 2008-05-29 19:49 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\Malwarebytes
2008-05-29 19:49 . 2008-05-29 19:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-27 20:24 . 2008-05-27 20:29 <REP> d-------- C:\Program Files\Iomega
2008-05-27 20:24 . 2008-05-27 20:24 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\Leadertech
2008-05-17 22:39 . 2008-05-17 22:39 <REP> d-------- C:\Documents and Settings\Marion\Application Data\EPSON
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 16:14 --------- d-----w C:\Documents and Settings\Arnaud\Application Data\Skype
2008-06-02 15:20 --------- d-----w C:\Program Files\Trend Micro
2008-06-02 14:01 --------- d-----w C:\Documents and Settings\Arnaud\Application Data\skypePM
2008-06-01 23:23 --------- d-----w C:\Program Files\Java
2008-06-01 22:49 --------- d-----w C:\Program Files\QuickTime
2008-06-01 22:10 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-06-01 22:10 0 ----a-w C:\WINDOWS\system32\drivers\logiflt.iad
2008-05-30 14:29 --------- d-----w C:\Program Files\VideoLAN
2008-05-29 14:51 --------- d-----w C:\Program Files\eMule
2008-05-22 07:55 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-22 07:53 --------- d-----w C:\Documents and Settings\Arnaud\Application Data\AdobeUM
2008-05-17 16:39 --------- d-----w C:\Program Files\FinePixViewer
2008-05-15 07:22 800 -c--a-w C:\Documents and Settings\Marion\Application Data\wklnhst.dat
2008-05-01 11:40 --------- d-----w C:\Program Files\pspvideo9
2008-05-01 11:40 --------- d-----w C:\Program Files\AviSynth 2.5
2008-04-13 12:46 --------- d-----w C:\Program Files\Fichiers communs\ProtectionAssuree
2008-04-12 07:49 --------- d-----w C:\Program Files\DivX
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 -c--a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 -c--a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 -c--a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-01-17 04:53 26,992 -c--a-w C:\Documents and Settings\Titi\Application Data\GDIPFONTCACHEV1.DAT
2008-01-02 09:37 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-08 15:43 26,992 -c--a-w C:\Documents and Settings\Arnaud\Application Data\GDIPFONTCACHEV1.DAT
2007-04-30 09:44 942 -c--a-w C:\Documents and Settings\Arnaud\Application Data\wklnhst.dat
2007-03-30 11:41 26,992 -c--a-w C:\Documents and Settings\Marion\Application Data\GDIPFONTCACHEV1.DAT
2006-06-18 14:54 332 -c--a-w C:\Documents and Settings\Titi\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 06:02 68856]
"WengoPhoneNG"="J:\Apps\PortableWengoPhone\qtwengophone.exe" [ ]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 21:21 1204224]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 21:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]
"EPSON Stylus DX7400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.exe" [2007-04-12 08:00 182272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 16:04 135168]
"SoundMan"="SOUNDMAN.EXE" [2005-09-26 16:07 90112 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-18 09:32 7204864]
"nwiz"="nwiz.exe" [2005-09-18 09:32 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-09-18 09:32 86016]
"CHotkey"="zHotkey.exe" [2004-12-08 18:57 550912 C:\WINDOWS\zHotkey.exe]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" [ ]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
"vmtalk"="C:\Program Files\Fichiers communs\Talkway\vmtalk.exe" [2003-07-24 17:21 61440]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16 1121792]
"Motive SmartBridge"="C:\PROGRA~1\LECOMP~1\SMARTB~1\MotiveSB.exe" [2005-08-24 08:51 438359]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 17:52 3770024]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 17:37 2178832]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 23:18 443968]
C:\Documents and Settings\Marion\Menu D‚marrer\Programmes\D‚marrage\
Club Internet.lnk - C:\Program Files\Club-Internet\Lanceur\lanceur.exe [2005-10-19 10:05:42 5201920]
C:\Documents and Settings\Arnaud\Menu D‚marrer\Programmes\D‚marrage\
Club Internet.lnk - C:\Program Files\Club-Internet\Lanceur\lanceur.exe [2005-10-19 10:05:42 5201920]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2006-05-08 14:17:09 282624]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
LE COMPAGNON CLUB.lnk - C:\Program Files\LE COMPAGNON CLUB\bin\matcli.exe [2006-11-07 16:52:06 217088]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-01-01 04:05:43 67128]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoRun"= 0 (0x0)
"NoDesktop"= 0 (0x0)
"NoClose"= 0 (0x0)
"StartMenuLogOff"= 0 (0x0)
"HideClock"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"vidc.i263"= C:\WINDOWS\system32\i263_32.drv
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Fichiers communs\\Talkway\\vmtalk.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7571:UDP"= 7571:UDP:emule
"7561:TCP"= 7561:TCP:emule
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S2 Ca536av;4.0M MPEG4 DV Video Capture;C:\WINDOWS\system32\Drivers\Ca536av.sys [2003-07-09 11:49]
S3 USBCamera;4.0M MPEG4 DV Digital Camera;C:\WINDOWS\system32\Drivers\Bulk536.sys [2003-05-14 17:28]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da9ff7a6-e23c-11dc-89f7-0015581bdde6}]
\Shell\AutoRun\command - ie.exe
\Shell\explore\Command - ie.exe
\Shell\open\Command - ie.exe
*Newly Created Service* - AVG_ANTI-SPYWARE_DRIVER
*Newly Created Service* - AVG_ANTI-SPYWARE_GUARD
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-02 18:26:55
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-06-02 18:28:53
ComboFix-quarantined-files.txt 2008-06-02 16:28:36
ComboFix2.txt 2008-06-02 15:54:03
ComboFix3.txt 2008-06-01 20:19:16
Pre-Run: 135,179,583,488 octets libres
Post-Run: 135,173,918,720 octets libres
226 --- E O F --- 2008-05-29 01:01:44
ComboFix 08-06-01.6 - Arnaud 2008-06-02 18:25:05.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.334 [GMT 2:00]
Endroit: C:\Documents and Settings\Arnaud\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Arnaud\Bureau\CFScript.txt..txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
C:\Documents and Settings\Arnaud\ahisrl.exe
C:\Documents and Settings\Arnaud\ensogb.exe
C:\Documents and Settings\Arnaud\fdlzea.exe
C:\Documents and Settings\Arnaud\fsjfdj.exe
C:\Documents and Settings\Arnaud\fwexzh.exe
C:\Documents and Settings\Arnaud\hbsiai.exe
C:\Documents and Settings\Arnaud\kpznhm.exe
C:\Documents and Settings\Arnaud\kqyhur.exe
C:\Documents and Settings\Arnaud\krewhz.exe
C:\Documents and Settings\Arnaud\rbaxhg.exe
C:\Documents and Settings\Arnaud\yblwmf.exe
C:\Documents and Settings\Arnaud\yqstdt.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\upload_moi_SAIDI.tar.gz
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\_OTMoveIt
C:\_OTMoveIt\MovedFiles\[u]0[/u]6022008_002430\Program Files\Search Settings\kb125\res\ErrorPageTemplate.css
C:\_OTMoveIt\MovedFiles\[u]0[/u]6022008_002430\Program Files\Search Settings\kb125\res\help.gif
C:\_OTMoveIt\MovedFiles\[u]0[/u]6022008_002430\Program Files\Search Settings\kb125\res\tab_icon.png
C:\_OTMoveIt\MovedFiles\[u]0[/u]6022008_002430\Program Files\Search Settings\kb125\res\tabdata.js
C:\_OTMoveIt\MovedFiles\[u]0[/u]6022008_002430\Program Files\Search Settings\kb125\res\tablib.js
C:\_OTMoveIt\MovedFiles\[u]0[/u]6022008_002430\Program Files\Search Settings\kb125\res\tabwelcome_en.html
C:\_OTMoveIt\MovedFiles\[u]0[/u]6022008_002430\Program Files\Search Settings\kb125\res\toolbar_background.gif
C:\_OTMoveIt\MovedFiles\[u]0[/u]6022008_002430\Program Files\Search Settings\kb125\res\yahoo_search.gif
C:\_OTMoveIt\MovedFiles\[u]0[/u]6022008_002430\Program Files\Search Settings\kb125\SearchSettings.dll
C:\_OTMoveIt\MovedFiles\[u]0[/u]6022008_002430\Program Files\Search Settings\SearchSettings.exe
C:\Documents and Settings\Arnaud\ahisrl.exe
C:\Documents and Settings\Arnaud\ensogb.exe
C:\Documents and Settings\Arnaud\fdlzea.exe
C:\Documents and Settings\Arnaud\fsjfdj.exe
C:\Documents and Settings\Arnaud\fwexzh.exe
C:\Documents and Settings\Arnaud\hbsiai.exe
C:\Documents and Settings\Arnaud\kpznhm.exe
C:\Documents and Settings\Arnaud\kqyhur.exe
C:\Documents and Settings\Arnaud\krewhz.exe
C:\Documents and Settings\Arnaud\rbaxhg.exe
C:\Documents and Settings\Arnaud\yblwmf.exe
C:\Documents and Settings\Arnaud\yqstdt.exe
C:\upload_moi_SAIDI.tar.gz
.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-02 to 2008-06-02 ))))))))))))))))))))))))))))))))))))
.
2008-06-02 17:42 . 2008-06-02 17:43 <REP> d-------- C:\nono
2008-06-02 06:04 . 2008-06-02 06:04 <REP> d-------- C:\Documents and Settings\Titi\Application Data\Grisoft
2008-06-02 01:24 . 2008-06-02 01:24 <REP> d-------- C:\Program Files\Sun
2008-06-02 01:04 . 2008-06-02 01:04 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\Grisoft
2008-06-02 01:04 . 2008-06-02 01:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-06-02 01:04 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-06-02 00:58 . 2008-06-02 01:00 <REP> d-------- C:\Program Files\RegCleaner
2008-05-30 19:50 . 2008-05-30 19:55 354 ---hs---- C:\WINDOWS\system32\fruwvslv.ini
2008-05-30 18:14 . 2008-06-01 19:32 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-30 18:14 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-30 18:14 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-30 17:51 . 2008-05-30 19:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-29 19:49 . 2008-05-29 19:49 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\Malwarebytes
2008-05-29 19:49 . 2008-05-29 19:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-27 20:24 . 2008-05-27 20:29 <REP> d-------- C:\Program Files\Iomega
2008-05-27 20:24 . 2008-05-27 20:24 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\Leadertech
2008-05-17 22:39 . 2008-05-17 22:39 <REP> d-------- C:\Documents and Settings\Marion\Application Data\EPSON
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 16:14 --------- d-----w C:\Documents and Settings\Arnaud\Application Data\Skype
2008-06-02 15:20 --------- d-----w C:\Program Files\Trend Micro
2008-06-02 14:01 --------- d-----w C:\Documents and Settings\Arnaud\Application Data\skypePM
2008-06-01 23:23 --------- d-----w C:\Program Files\Java
2008-06-01 22:49 --------- d-----w C:\Program Files\QuickTime
2008-06-01 22:10 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-06-01 22:10 0 ----a-w C:\WINDOWS\system32\drivers\logiflt.iad
2008-05-30 14:29 --------- d-----w C:\Program Files\VideoLAN
2008-05-29 14:51 --------- d-----w C:\Program Files\eMule
2008-05-22 07:55 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-22 07:53 --------- d-----w C:\Documents and Settings\Arnaud\Application Data\AdobeUM
2008-05-17 16:39 --------- d-----w C:\Program Files\FinePixViewer
2008-05-15 07:22 800 -c--a-w C:\Documents and Settings\Marion\Application Data\wklnhst.dat
2008-05-01 11:40 --------- d-----w C:\Program Files\pspvideo9
2008-05-01 11:40 --------- d-----w C:\Program Files\AviSynth 2.5
2008-04-13 12:46 --------- d-----w C:\Program Files\Fichiers communs\ProtectionAssuree
2008-04-12 07:49 --------- d-----w C:\Program Files\DivX
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 -c--a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 -c--a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 -c--a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-01-17 04:53 26,992 -c--a-w C:\Documents and Settings\Titi\Application Data\GDIPFONTCACHEV1.DAT
2008-01-02 09:37 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-08 15:43 26,992 -c--a-w C:\Documents and Settings\Arnaud\Application Data\GDIPFONTCACHEV1.DAT
2007-04-30 09:44 942 -c--a-w C:\Documents and Settings\Arnaud\Application Data\wklnhst.dat
2007-03-30 11:41 26,992 -c--a-w C:\Documents and Settings\Marion\Application Data\GDIPFONTCACHEV1.DAT
2006-06-18 14:54 332 -c--a-w C:\Documents and Settings\Titi\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 06:02 68856]
"WengoPhoneNG"="J:\Apps\PortableWengoPhone\qtwengophone.exe" [ ]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 21:21 1204224]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 21:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]
"EPSON Stylus DX7400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.exe" [2007-04-12 08:00 182272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 16:04 135168]
"SoundMan"="SOUNDMAN.EXE" [2005-09-26 16:07 90112 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-18 09:32 7204864]
"nwiz"="nwiz.exe" [2005-09-18 09:32 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-09-18 09:32 86016]
"CHotkey"="zHotkey.exe" [2004-12-08 18:57 550912 C:\WINDOWS\zHotkey.exe]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" [ ]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
"vmtalk"="C:\Program Files\Fichiers communs\Talkway\vmtalk.exe" [2003-07-24 17:21 61440]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16 1121792]
"Motive SmartBridge"="C:\PROGRA~1\LECOMP~1\SMARTB~1\MotiveSB.exe" [2005-08-24 08:51 438359]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 17:52 3770024]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 17:37 2178832]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 23:18 443968]
C:\Documents and Settings\Marion\Menu D‚marrer\Programmes\D‚marrage\
Club Internet.lnk - C:\Program Files\Club-Internet\Lanceur\lanceur.exe [2005-10-19 10:05:42 5201920]
C:\Documents and Settings\Arnaud\Menu D‚marrer\Programmes\D‚marrage\
Club Internet.lnk - C:\Program Files\Club-Internet\Lanceur\lanceur.exe [2005-10-19 10:05:42 5201920]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2006-05-08 14:17:09 282624]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
LE COMPAGNON CLUB.lnk - C:\Program Files\LE COMPAGNON CLUB\bin\matcli.exe [2006-11-07 16:52:06 217088]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-01-01 04:05:43 67128]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoRun"= 0 (0x0)
"NoDesktop"= 0 (0x0)
"NoClose"= 0 (0x0)
"StartMenuLogOff"= 0 (0x0)
"HideClock"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"vidc.i263"= C:\WINDOWS\system32\i263_32.drv
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Fichiers communs\\Talkway\\vmtalk.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7571:UDP"= 7571:UDP:emule
"7561:TCP"= 7561:TCP:emule
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S2 Ca536av;4.0M MPEG4 DV Video Capture;C:\WINDOWS\system32\Drivers\Ca536av.sys [2003-07-09 11:49]
S3 USBCamera;4.0M MPEG4 DV Digital Camera;C:\WINDOWS\system32\Drivers\Bulk536.sys [2003-05-14 17:28]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da9ff7a6-e23c-11dc-89f7-0015581bdde6}]
\Shell\AutoRun\command - ie.exe
\Shell\explore\Command - ie.exe
\Shell\open\Command - ie.exe
*Newly Created Service* - AVG_ANTI-SPYWARE_DRIVER
*Newly Created Service* - AVG_ANTI-SPYWARE_GUARD
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-02 18:26:55
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-06-02 18:28:53
ComboFix-quarantined-files.txt 2008-06-02 16:28:36
ComboFix2.txt 2008-06-02 15:54:03
ComboFix3.txt 2008-06-01 20:19:16
Pre-Run: 135,179,583,488 octets libres
Post-Run: 135,173,918,720 octets libres
226 --- E O F --- 2008-05-29 01:01:44
Et le second que tu ma demande de hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:30:55, on 02/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
C:\PROGRA~1\LECOMP~1\SMARTB~1\MotiveSB.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\LE COMPAGNON CLUB\bin\mpbtn.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Arnaud\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.club-internet.fr:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [vmtalk] C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\LECOMP~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WengoPhoneNG] J:\Apps\PortableWengoPhone\qtwengophone.exe -b
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\WINDOWS\TEMP\E_S2AB.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\LE COMPAGNON CLUB\bin\matcli.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Arnaud\Application Data\Dealio\kb125\res\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:30:55, on 02/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
C:\PROGRA~1\LECOMP~1\SMARTB~1\MotiveSB.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\LE COMPAGNON CLUB\bin\mpbtn.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Arnaud\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.club-internet.fr:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [vmtalk] C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\LECOMP~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WengoPhoneNG] J:\Apps\PortableWengoPhone\qtwengophone.exe -b
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\WINDOWS\TEMP\E_S2AB.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\LE COMPAGNON CLUB\bin\matcli.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Arnaud\Application Data\Dealio\kb125\res\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en gras ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Search Settings\
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en gras ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Search Settings\
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
voila,
File/Folder C:\Program Files\Search Settings\SearchSettings.exe not found.
Folder C:\Program Files\Search Settings\ not found.
OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06022008_183613
File/Folder C:\Program Files\Search Settings\SearchSettings.exe not found.
Folder C:\Program Files\Search Settings\ not found.
OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06022008_183613
ok
fais ça :
Démarrer > executer > ' services.msc ' ,
- Clic droit sur le service cité - Search Settings
- propriétés
- et dans "type de démarrage" et mets le sur « désactivé ».
- Ensuite si le "Status du service" est sur "Démarré" faire : « arrêté »
Tutorial : https://www.zebulon.fr/dossiers/windows/31-services.html
fais ça :
Démarrer > executer > ' services.msc ' ,
- Clic droit sur le service cité - Search Settings
- propriétés
- et dans "type de démarrage" et mets le sur « désactivé ».
- Ensuite si le "Status du service" est sur "Démarré" faire : « arrêté »
Tutorial : https://www.zebulon.fr/dossiers/windows/31-services.html
ok c était pour savoir lol
Téléchargez ceci (de gchris) : http://gchrisftp.free.fr/divers/Ad-Fix/Ad-Fix.zip
Dézippez-le sur votre bureau (clic droit -> extraire tout).
Important : vérifiez que vous êtes bien connecté à internet.
Dans le dossier créé, double-cliquez sur le fichier "Ad-Fix.bat" ou "Ad-fix"
Choisissez l'option 1.
Si vous avez un message de votre pare-feu qui vous demande si vous voulez autoriser le fichier URL2FILE.EXE à
se connecter à Internet ---> autorisez, c'est nécessaire à ad-fix pour vérifier la version.
Quand c'est finit (cela peut prendre plusieurs minutes), un rapport s'ouvre avec le bloc-notes.
Merci de faire un copier/coller ici du contenu du rapport (Ad-Fix.txt) .
Téléchargez ceci (de gchris) : http://gchrisftp.free.fr/divers/Ad-Fix/Ad-Fix.zip
Dézippez-le sur votre bureau (clic droit -> extraire tout).
Important : vérifiez que vous êtes bien connecté à internet.
Dans le dossier créé, double-cliquez sur le fichier "Ad-Fix.bat" ou "Ad-fix"
Choisissez l'option 1.
Si vous avez un message de votre pare-feu qui vous demande si vous voulez autoriser le fichier URL2FILE.EXE à
se connecter à Internet ---> autorisez, c'est nécessaire à ad-fix pour vérifier la version.
Quand c'est finit (cela peut prendre plusieurs minutes), un rapport s'ouvre avec le bloc-notes.
Merci de faire un copier/coller ici du contenu du rapport (Ad-Fix.txt) .