' VK_scan.exe '

je viens de refaire une analyse et ca donne :
Malwarebytes' Anti-Malware 1.14
Version de la base de données: 813

08:40:33 02/06/2008
mbam-log-6-2-2008 (08-40-33).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 124324
Temps écoulé: 19 minute(s), 32 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{7D21A8E9-E3FC-4DAF-AC5F-F99A642D0E9E}\RP290\A0079186.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D21A8E9-E3FC-4DAF-AC5F-F99A642D0E9E}\RP290\A0079187.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccdcYrR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnllKBt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ykjkkysh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Logfile of HijackThis v1.99.1
Scan saved at 09:12:45, on 05/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F0BC812-F1DD-439F-A2FB-6DB9A8378A6B}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - AxBx - C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe


VundoFix V7.0.5

Scan started at 10:50:14 28/05/2008

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V7.0.5

Scan started at 10:56:11 28/05/2008

Listing files found while scanning....


VundoFix V7.0.5

Scan started at 09:38:23 03/06/2008

Listing files found while scanning....

No infected files were found.


VundoFix V7.0.5

Scan started at 09:41:29 03/06/2008

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V7.0.5

Scan started at 21:25:09 04/06/2008

Listing files found while scanning....

No infected files were found.


Beginning removal...

Beginning removal...

VundoFix V7.0.5

Scan started at 21:41:18 04/06/2008

Listing files found while scanning....

No infected files were found.

ComboFix 08-06-03.4 - Patrizio 2008-06-04 21:43:47.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1706 [GMT 2:00]
Endroit: C:\Documents and Settings\Patrizio\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Patrizio\Application Data\inst.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-04 to 2008-06-04 ))))))))))))))))))))))))))))))))))))
.

2008-06-04 21:25 . 2008-06-04 21:25 <REP> d-------- C:\VundoFix Backups
2008-06-04 21:01 . 2008-06-04 21:01 <REP> d-------- C:\Lop SD
2008-06-04 13:33 . 2008-06-04 13:33 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-06-04 13:20 . 2007-08-31 17:32 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-06-04 13:20 . 2007-08-31 17:32 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-06-04 13:20 . 2007-08-31 16:37 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-06-04 13:20 . 2007-08-31 17:32 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-06-04 13:20 . 2007-08-31 17:32 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-06-04 13:20 . 2007-08-31 17:32 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-06-04 13:20 . 2007-08-31 17:32 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-06-04 13:20 . 2008-06-04 13:20 <REP> d-------- C:\Documents and Settings\Administrateur
2008-06-04 11:24 . 2008-06-04 17:15 <REP> d-------- C:\Program Files\Trend Micro
2008-06-04 11:13 . 2008-06-04 18:41 <REP> d-------- C:\Program Files\Spyware Doctor
2008-06-04 11:13 . 2008-06-04 11:13 <REP> d-------- C:\Documents and Settings\Patrizio\Application Data\PC Tools
2008-06-04 11:13 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-04 11:13 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-04 11:13 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-04 11:13 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-03 18:16 . 2008-06-04 21:44 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-02 17:24 . 2008-06-04 18:04 <REP> d-------- C:\Program Files\Hijackthis Version Française
2008-06-01 23:49 . 2008-06-04 11:36 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-01 23:49 . 2008-06-01 23:49 <REP> d-------- C:\Documents and Settings\Patrizio\Application Data\Malwarebytes
2008-06-01 23:49 . 2008-06-01 23:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-01 23:49 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-01 23:49 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-31 19:32 . 2008-05-31 19:32 <REP> d-------- C:\Program Files\Shareaza
2008-05-31 19:32 . 2008-05-31 19:32 <REP> d-------- C:\Documents and Settings\Patrizio\Application Data\Shareaza
2008-05-29 19:35 . 2008-06-04 17:05 <REP> d-------- C:\Documents and Settings\Patrizio\Application Data\skypePM
2008-05-29 19:35 . 2008-05-29 19:35 48 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-29 19:33 . 2008-06-04 21:10 <REP> d-------- C:\Documents and Settings\Patrizio\Application Data\Skype
2008-05-29 19:32 . 2008-05-29 19:32 <REP> d-------- C:\Program Files\Skype
2008-05-29 19:32 . 2008-05-29 19:32 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-05-29 19:32 . 2008-05-29 19:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-05-29 18:53 . 2008-06-02 12:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-29 18:53 . 2008-05-29 18:53 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-29 09:50 . 2008-05-29 09:50 <REP> d-------- C:\Program Files\AxBx
2008-05-29 09:45 . 2008-05-29 16:59 <REP> d-------- C:\Program Files\Panda Security
2008-05-28 16:59 . 2008-05-28 16:59 <REP> d-------- C:\Program Files\Lavasoft
2008-05-28 16:59 . 2008-05-28 17:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-28 16:58 . 2008-05-28 16:58 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-28 12:20 . 2008-05-28 12:20 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-05-28 12:17 . 2005-06-15 02:17 427,520 --a------ C:\WINDOWS\WRServices.dll
2008-05-28 11:52 . 2008-05-28 11:52 <REP> d--hs---- C:\ProtectionConue
2008-05-28 11:52 . 2008-05-28 11:52 <REP> d-------- C:\Documents and Settings\Patrizio\Application Data\ProtectionConue
2008-05-28 11:52 . 2008-05-28 11:52 <REP> dr-h----- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-05-26 13:38 . 2008-05-26 15:47 <REP> d-------- C:\Documents and Settings\Patrizio\.housecall6.6
2008-05-25 22:34 . 2008-05-25 22:43 <REP> d-------- C:\WINDOWS\system32\vntiho18
2008-05-25 21:18 . 2008-05-25 22:21 <REP> d-------- C:\WINDOWS\system32\xnA
2008-05-25 21:18 . 2008-05-29 09:34 <REP> d-------- C:\WINDOWS\system32\vntiho05
2008-05-25 21:18 . 2008-05-26 08:27 <REP> d-------- C:\WINDOWS\system32\brW
2008-05-25 21:18 . 2008-05-25 22:14 <REP> d-------- C:\WINDOWS\system32\3056v
2008-05-25 21:18 . 2008-06-04 21:04 <REP> d-------- C:\Temp
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-11 19:36 . 2008-05-12 09:37 <REP> d-------- C:\Program Files\Azureus
2008-05-11 19:36 . 2008-05-12 01:30 <REP> d-------- C:\Documents and Settings\Patrizio\Application Data\Azureus
2008-05-11 19:36 . 2008-05-11 19:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-05-09 17:45 . 2008-05-09 17:45 <REP> d-------- C:\Documents and Settings\Patrizio\Application Data\Nokia Multimedia Player
2008-05-09 17:39 . 2008-05-09 17:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-05-09 17:36 . 2008-05-09 17:36 <REP> d-------- C:\Program Files\PC Connectivity Solution
2008-05-09 17:36 . 2008-05-09 17:36 <REP> d-------- C:\Program Files\Nokia
2008-05-09 17:36 . 2008-05-09 17:36 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
2008-05-09 17:36 . 2008-05-09 17:36 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
2008-05-09 17:36 . 2008-05-09 17:36 <REP> d-------- C:\Program Files\DIFX
2008-05-09 17:36 . 2008-05-09 17:40 <REP> d-------- C:\Documents and Settings\Patrizio\Application Data\PC Suite
2008-05-09 17:36 . 2007-02-22 11:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-05-09 17:36 . 2007-02-22 11:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-05-09 17:36 . 2007-02-22 11:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-05-09 17:36 . 2007-02-22 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-05-09 17:36 . 2007-02-22 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-05-09 17:36 . 2007-02-22 11:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-05-09 17:33 . 2008-05-09 17:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Installations

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 19:16 4,224 ----a-w C:\WINDOWS\system32\tmp.reg
2008-06-04 12:01 --------- d-----w C:\Program Files\a-squared Anti-Malware
2008-06-04 08:49 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2008-06-02 19:33 --------- d-----w C:\Program Files\CFWebAdvancedU_BOBTV.FR
2008-06-02 19:33 --------- d-----w C:\Documents and Settings\Patrizio\Application Data\CamfrogWEB
2008-06-02 17:01 10,022 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-29 21:18 --------- d-----w C:\Program Files\Google
2008-05-29 18:14 --------- d-----w C:\Documents and Settings\Patrizio\Application Data\MSN6
2008-05-29 15:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-28 15:17 --------- d-----w C:\Documents and Settings\Patrizio\Application Data\LimeWire
2008-05-28 08:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2008-05-27 20:12 --------- d-----w C:\Documents and Settings\Patrizio\Application Data\Vso
2008-05-26 15:51 --------- d-----w C:\Program Files\Toox
2008-05-25 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-25 20:49 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-25 19:15 --------- d-----w C:\Program Files\LimeWire
2008-05-22 14:25 --------- d-----w C:\Program Files\adslTV
2008-05-11 14:15 --------- d-----w C:\Documents and Settings\Patrizio\Application Data\Nokia
2008-04-30 10:47 --------- d-----w C:\Documents and Settings\Patrizio\Application Data\ACD Systems
2008-04-30 10:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-04-30 10:40 9,856 ----a-w C:\WINDOWS\system32\drivers\pfc.sys
2008-04-30 10:40 --------- d-----w C:\Program Files\Fichiers communs\ACD Systems
2008-04-30 10:40 --------- d-----w C:\Program Files\ACD Systems
2008-04-30 10:18 --------- d-----w C:\Program Files\eMule
2008-04-30 08:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2008-04-30 06:46 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-26 17:04 --------- d-----w C:\Documents and Settings\Patrizio\Application Data\globallist
2008-04-21 17:48 --------- d-----w C:\Program Files\CFWebAdvancedU
2008-04-21 09:57 --------- d-----w C:\Program Files\YesMessenger
2008-04-19 17:24 --------- d-----w C:\Program Files\EsetOnlineScanner
2008-04-15 16:45 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2008-04-15 16:45 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-04-15 12:01 --------- d-----w C:\Program Files\Neuf
2008-04-07 16:54 --------- d-----w C:\Program Files\Alwil Software
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-04 09:04 14,869,504 ----a-w C:\WINDOWS\aolback.exe
2008-02-25 09:23 47,360 ----a-w C:\Documents and Settings\Patrizio\Application Data\pcouffin.sys
2007-12-29 15:05 56 --sh--r C:\WINDOWS\system32\5597841D0A.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-04_21.12.16.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-04 19:08:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-04 19:23:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="~C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"WebCamRT.exe"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-30 17:17 22058792]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-29 23:18 171448]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [ ]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2008-01-01 17:49 4739072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 09:34 16143872 C:\WINDOWS\RTHDCPL.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-03-22 04:50 8425472]
"GamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-02-14 09:42 380928]
"F-Secure Manager"="C:\Program Files\Pack Securite\Common\FSM32.exe" [2007-04-26 19:12 183208]
"F-Secure TNB"="C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" [2007-04-26 19:10 740208]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54 127022]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 18:32 155648]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 18:31 61440]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 16:10 110592 C:\WINDOWS\system32\bthprops.cpl]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-15 18:44 185896]
"Device Detector"="C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe" [2004-09-08 12:22 225280]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
"VirusKeeper"="C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe" [2008-05-21 12:55 2999680]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-04-10 15:14 1107848]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-19 16:10 160768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-18 01:27 9117696]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-08-31 17:17:08 113664]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-09-22 09:30:55 169472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.mxmc"= MimicICM.DLL
"VIDC.ACDV"= ACDV.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"C:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"C:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\adslTV\\adsltv.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

S1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb32.sys [2005-10-20 16:25]
S2 vkservice;VirusKeeper antivirus/antispyware;C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe [2008-05-22 15:27]
S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2002-06-06 11:14]
S3 ATWPKT;ATWPKT;C:\WINDOWS\system32\Drivers\ATWPKT.SYS [2002-05-10 12:50]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-30 01:06]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-06-16 09:30]
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2006-09-29 10:06]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-29 19:33:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-04 19:00:00 C:\WINDOWS\Tasks\BF32F4BA96156786.job"
- c:\docume~1\patrizio\applic~1\global~1\hideeggstrans.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 21:45:27
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-06-04 21:46:15
ComboFix-quarantined-files.txt 2008-06-04 19:46:10
ComboFix2.txt 2008-06-04 19:13:47

Pre-Run: 21,086,629,888 octets libres
Post-Run: 21,079,740,416 octets libres

227 --- E O F --- 2008-06-04 16:03:16
MSNFix 1.720

C:\Documents and Settings\Patrizio\Bureau\MSNFix
Fix exécuté le 05/06/2008 - 9:02:31,14 By Patrizio
mode normal

************************ Recherche les fichiers présents

... C:\WINDOWS\system32\tmp.txt

************************ Recherche les dossiers présents

Aucun dossier trouvé




************************ Suppression des fichiers

.. OK ... C:\WINDOWS\system32\tmp.txt



************************ Nettoyage du registre



Les fichiers encore présents seront supprimés au prochain redémarrage


Aucun Fichier trouvé



************************ Fichiers suspects

Aucun Fichier trouvé


Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 05062008_ 9065846.zip

************************ HKLM\...\Winlogon\Userinit

Userinit = C:\WINDOWS\system32\userinit.exe,

Important : http://msnfix.changelog.fr/index.php/2008/05/18/32-alerte


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

SmitFraudFix v2.323

Rapport fait à 8:59:54,40, 05/06/2008
Executé à partir de C:\Documents and Settings\Patrizio\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller #2 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{7F0BC812-F1DD-439F-A2FB-6DB9A8378A6B}: NameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7F0BC812-F1DD-439F-A2FB-6DB9A8378A6B}: NameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{7F0BC812-F1DD-439F-A2FB-6DB9A8378A6B}: NameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin


-----------------------[ Lop S&D 4.2.1-2 XP/Vista ]---------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Patrizio ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 04/06/2008 | 22:57:13,12 ] [ PC : DOMICILE-P2E90G ]
[ MAJ : 01-06-2008 | 15:51 ]

-------------[ Listing des dossiers dans Application Data ]------------

[31/08/2007|17:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
[04/06/2008|13:33] C:\DOCUME~1\ADMINI~1\APPLIC~1\Malwarebytes
[31/08/2007|16:39] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[30/04/2008|12:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ACD Systems
[30/04/2008|15:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[26/01/2008|12:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[26/01/2008|12:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
[26/01/2008|12:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
[05/01/2008|23:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[07/01/2008|20:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[11/05/2008|19:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[17/02/2008|08:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\beep axis mode free
[31/08/2007|17:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[31/08/2007|17:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[31/08/2007|17:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[17/09/2007|18:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\F-Secure
[18/09/2007|15:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\fssg
[29/02/2008|15:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[26/11/2007|20:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[09/05/2008|17:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
[28/05/2008|17:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[31/08/2007|17:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[01/06/2008|23:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[05/12/2007|00:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[29/11/2007|18:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[30/04/2008|10:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[19/01/2008|16:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\part dead amok eggs
[09/05/2008|17:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
[28/05/2008|11:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMon
[27/12/2007|18:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skyline
[29/05/2008|19:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[25/05/2008|23:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[04/06/2008|22:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[26/01/2008|12:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
[09/12/2007|23:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[28/05/2008|10:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

[31/08/2007|17:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[31/08/2007|16:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[28/05/2008|12:22] C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
[02/06/2008|08:50] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[31/08/2007|16:42] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[26/01/2008|12:43] C:\DOCUME~1\Patrizio\APPLIC~1\acccore
[30/04/2008|12:47] C:\DOCUME~1\Patrizio\APPLIC~1\ACD Systems
[30/04/2008|15:01] C:\DOCUME~1\Patrizio\APPLIC~1\Adobe
[25/01/2008|09:11] C:\DOCUME~1\Patrizio\APPLIC~1\Apple Computer
[12/05/2008|01:30] C:\DOCUME~1\Patrizio\APPLIC~1\Azureus
[02/06/2008|21:33] C:\DOCUME~1\Patrizio\APPLIC~1\CamfrogWEB
[31/08/2007|17:08] C:\DOCUME~1\Patrizio\APPLIC~1\CyberLink
[01/09/2007|23:02] C:\DOCUME~1\Patrizio\APPLIC~1\Datalayer
[17/11/2007|19:33] C:\DOCUME~1\Patrizio\APPLIC~1\Dcads Advanced Toolbar
[31/08/2007|17:32] C:\DOCUME~1\Patrizio\APPLIC~1\desktop.ini
[22/09/2007|09:31] C:\DOCUME~1\Patrizio\APPLIC~1\FotoWire
[18/09/2007|16:13] C:\DOCUME~1\Patrizio\APPLIC~1\F-Secure
[26/04/2008|19:04] C:\DOCUME~1\Patrizio\APPLIC~1\globallist
[29/09/2007|08:38] C:\DOCUME~1\Patrizio\APPLIC~1\Google
[31/08/2007|18:57] C:\DOCUME~1\Patrizio\APPLIC~1\Help
[31/08/2007|16:42] C:\DOCUME~1\Patrizio\APPLIC~1\Identities
[08/02/2008|11:33] C:\DOCUME~1\Patrizio\APPLIC~1\Leadertech
[28/05/2008|17:17] C:\DOCUME~1\Patrizio\APPLIC~1\LimeWire
[17/09/2007|19:04] C:\DOCUME~1\Patrizio\APPLIC~1\Macromedia
[01/06/2008|23:49] C:\DOCUME~1\Patrizio\APPLIC~1\Malwarebytes
[29/05/2008|10:21] C:\DOCUME~1\Patrizio\APPLIC~1\Microsoft
[26/01/2008|12:42] C:\DOCUME~1\Patrizio\APPLIC~1\Mozilla
[29/05/2008|20:14] C:\DOCUME~1\Patrizio\APPLIC~1\MSN6
[17/03/2008|11:00] C:\DOCUME~1\Patrizio\APPLIC~1\MySpace
[02/06/2008|12:42] C:\DOCUME~1\Patrizio\APPLIC~1\NMM-MetaData.db
[11/05/2008|16:15] C:\DOCUME~1\Patrizio\APPLIC~1\Nokia
[09/05/2008|17:45] C:\DOCUME~1\Patrizio\APPLIC~1\Nokia Multimedia Player
[09/05/2008|17:40] C:\DOCUME~1\Patrizio\APPLIC~1\PC Suite
[04/06/2008|11:13] C:\DOCUME~1\Patrizio\APPLIC~1\PC Tools
[25/02/2008|11:23] C:\DOCUME~1\Patrizio\APPLIC~1\pcouffin.cat
[25/02/2008|11:23] C:\DOCUME~1\Patrizio\APPLIC~1\pcouffin.inf
[25/02/2008|11:23] C:\DOCUME~1\Patrizio\APPLIC~1\pcouffin.log
[25/02/2008|11:23] C:\DOCUME~1\Patrizio\APPLIC~1\pcouffin.sys
[28/05/2008|11:52] C:\DOCUME~1\Patrizio\APPLIC~1\ProtectionConue
[25/09/2007|08:13] C:\DOCUME~1\Patrizio\APPLIC~1\Real
[18/09/2007|17:23] C:\DOCUME~1\Patrizio\APPLIC~1\SecondLife
[31/05/2008|19:32] C:\DOCUME~1\Patrizio\APPLIC~1\Shareaza
[06/01/2008|15:22] C:\DOCUME~1\Patrizio\APPLIC~1\Skyline
[04/06/2008|22:53] C:\DOCUME~1\Patrizio\APPLIC~1\Skype
[04/06/2008|17:05] C:\DOCUME~1\Patrizio\APPLIC~1\skypePM
[22/12/2007|13:06] C:\DOCUME~1\Patrizio\APPLIC~1\Sun
[17/12/2007|22:35] C:\DOCUME~1\Patrizio\APPLIC~1\Viewpoint
[25/02/2008|11:38] C:\DOCUME~1\Patrizio\APPLIC~1\vlc
[27/05/2008|22:12] C:\DOCUME~1\Patrizio\APPLIC~1\Vso

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[04/06/2008 22:00][--ah-----] C:\WINDOWS\tasks\BF32F4BA96156786.job
[29/05/2008 21:33][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[04/06/2008 21:50][--ah-----] C:\WINDOWS\tasks\SA.DAT
[02/10/2001 18:16][-r-h-----] C:\WINDOWS\tasks\desktop.ini

BF32F4BA96156786.job <--> c:\docume~1\patrizio\applic~1\global~1\hideeggstrans.exe

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[30/04/2008|12:40] C:\Program Files\ACD Systems
[30/04/2008|13:36] C:\Program Files\Adobe
[22/05/2008|16:25] C:\Program Files\adslTV
[30/12/2007|12:52] C:\Program Files\Adverts
[31/08/2007|17:11] C:\Program Files\Ahead
[26/01/2008|12:43] C:\Program Files\AIM6
[07/04/2008|18:54] C:\Program Files\Alwil Software
[05/01/2008|23:53] C:\Program Files\Apple Software Update
[04/06/2008|14:01] C:\Program Files\a-squared Anti-Malware
[31/08/2007|19:43] C:\Program Files\ASUS
[29/05/2008|09:50] C:\Program Files\AxBx
[12/05/2008|09:37] C:\Program Files\Azureus
[23/11/2007|21:41] C:\Program Files\CCleaner
[21/04/2008|19:48] C:\Program Files\CFWebAdvancedU
[02/06/2008|21:33] C:\Program Files\CFWebAdvancedU_BOBTV.FR
[04/01/2008|21:49] C:\Program Files\Circle Developement
[31/08/2007|17:30] C:\Program Files\Codec Audio & Video
[31/08/2007|16:37] C:\Program Files\ComPlus Applications
[31/08/2007|17:07] C:\Program Files\CyberLink
[16/11/2007|00:58] C:\Program Files\Dcads Games Collection
[09/05/2008|17:36] C:\Program Files\DIFX
[22/09/2007|09:39] C:\Program Files\directx
[31/08/2007|17:09] C:\Program Files\DVD Shrink
[30/04/2008|12:18] C:\Program Files\eMule
[19/04/2008|19:24] C:\Program Files\EsetOnlineScanner
[29/05/2008|19:32] C:\Program Files\Fichiers communs
[01/04/2008|17:23] C:\Program Files\Future Pinball
[17/02/2008|08:30] C:\Program Files\globallist
[29/05/2008|23:18] C:\Program Files\Google
[04/03/2008|10:59] C:\Program Files\Hewlett-Packard
[04/06/2008|18:04] C:\Program Files\Hijackthis Version Fran‡aise
[04/03/2008|11:01] C:\Program Files\hp deskjet 656c series
[15/10/2007|08:55] C:\Program Files\IncrediMail
[29/05/2008|17:00] C:\Program Files\InstallShield Installation Information
[31/08/2007|16:55] C:\Program Files\Intel
[26/05/2008|13:40] C:\Program Files\Internet Explorer
[07/01/2008|20:05] C:\Program Files\iPod
[07/01/2008|20:05] C:\Program Files\iTunes
[03/04/2008|22:32] C:\Program Files\Java
[31/08/2007|18:45] C:\Program Files\Kaspersky Lab
[28/05/2008|16:59] C:\Program Files\Lavasoft
[25/05/2008|21:15] C:\Program Files\LimeWire
[22/09/2007|09:31] C:\Program Files\Logitech
[06/01/2008|13:52] C:\Program Files\Magentic
[04/06/2008|11:36] C:\Program Files\Malwarebytes' Anti-Malware
[31/08/2007|16:58] C:\Program Files\Marvell
[07/01/2008|18:37] C:\Program Files\Messenger
[30/04/2008|08:46] C:\Program Files\Messenger Plus! Live
[05/01/2008|23:04] C:\Program Files\Micro Application
[31/08/2007|16:39] C:\Program Files\microsoft frontpage
[31/08/2007|17:22] C:\Program Files\Microsoft Office
[31/08/2007|17:23] C:\Program Files\Microsoft.NET
[07/01/2008|18:37] C:\Program Files\Movie Maker
[30/04/2008|10:41] C:\Program Files\MSN
[31/08/2007|16:37] C:\Program Files\MSN Gaming Zone
[02/01/2008|15:42] C:\Program Files\MSN Messenger
[17/09/2007|20:25] C:\Program Files\MSXML 4.0
[31/08/2007|19:44] C:\Program Files\My Company Name
[17/03/2008|11:00] C:\Program Files\MySpace
[31/08/2007|16:48] C:\Program Files\NetMeeting
[15/04/2008|14:01] C:\Program Files\Neuf
[09/05/2008|17:36] C:\Program Files\Nokia
[31/08/2007|18:02] C:\Program Files\Nullsoft
[17/09/2007|20:28] C:\Program Files\Outlook Express
[31/03/2008|14:14] C:\Program Files\Pack Securite
[29/05/2008|16:59] C:\Program Files\Panda Security
[09/05/2008|17:36] C:\Program Files\PC Connectivity Solution
[29/02/2008|17:04] C:\Program Files\Pinball
[05/01/2008|23:54] C:\Program Files\QuickTime
[31/08/2007|17:43] C:\Program Files\Real
[31/08/2007|16:56] C:\Program Files\Realtek
[26/11/2007|20:01] C:\Program Files\RegCleaner
[21/12/2007|11:36] C:\Program Files\SecondLife
[31/08/2007|16:37] C:\Program Files\Services en ligne
[31/05/2008|19:32] C:\Program Files\Shareaza
[27/12/2007|18:35] C:\Program Files\Skyline
[29/05/2008|19:32] C:\Program Files\Skype
[09/02/2008|19:16] C:\Program Files\SLD Codec Pack
[25/05/2008|22:49] C:\Program Files\Spybot - Search & Destroy
[04/06/2008|18:41] C:\Program Files\Spyware Doctor
[26/05/2008|17:51] C:\Program Files\Toox
[04/06/2008|17:15] C:\Program Files\Trend Micro
[31/08/2007|16:42] C:\Program Files\Uninstall Information
[31/08/2007|17:58] C:\Program Files\Viewpoint
[25/02/2008|11:23] C:\Program Files\VSO
[05/12/2007|00:54] C:\Program Files\Windows Live
[22/09/2007|09:42] C:\Program Files\Windows Media Components
[07/01/2008|18:37] C:\Program Files\Windows Media Player
[31/08/2007|16:48] C:\Program Files\Windows NT
[31/08/2007|16:37] C:\Program Files\WindowsUpdate
[31/08/2007|17:10] C:\Program Files\WinRAR
[31/08/2007|16:39] C:\Program Files\xerox
[21/04/2008|11:57] C:\Program Files\YesMessenger

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[30/04/2008|12:40] C:\Program Files\Fichiers communs\ACD Systems
[08/02/2008|12:04] C:\Program Files\Fichiers communs\Adobe
[31/08/2007|17:17] C:\Program Files\Fichiers communs\Adobe Systems Shared
[31/08/2007|17:11] C:\Program Files\Fichiers communs\Ahead
[26/01/2008|12:42] C:\Program Files\Fichiers communs\AOL
[31/08/2007|18:02] C:\Program Files\Fichiers communs\aolback
[07/01/2008|20:04] C:\Program Files\Fichiers communs\Apple
[31/08/2007|17:22] C:\Program Files\Fichiers communs\DESIGNER
[22/09/2007|09:31] C:\Program Files\Fichiers communs\FotoWire
[31/08/2007|17:07] C:\Program Files\Fichiers communs\InstallShield
[15/11/2007|23:50] C:\Program Files\Fichiers communs\Java
[22/09/2007|09:38] C:\Program Files\Fichiers communs\Logitech
[31/08/2007|17:23] C:\Program Files\Fichiers communs\Microsoft Shared
[31/08/2007|16:38] C:\Program Files\Fichiers communs\MSSoap
[09/05/2008|17:36] C:\Program Files\Fichiers communs\Nokia
[31/08/2007|17:33] C:\Program Files\Fichiers communs\ODBC
[09/05/2008|17:36] C:\Program Files\Fichiers communs\PCSuite
[15/04/2008|18:45] C:\Program Files\Fichiers communs\Real
[31/08/2007|16:38] C:\Program Files\Fichiers communs\Services
[29/05/2008|19:32] C:\Program Files\Fichiers communs\Skype
[31/08/2007|17:33] C:\Program Files\Fichiers communs\SpeechEngines
[17/09/2007|20:28] C:\Program Files\Fichiers communs\System
[28/05/2008|16:58] C:\Program Files\Fichiers communs\Wise Installation Wizard
[15/04/2008|18:45] C:\Program Files\Fichiers communs\xing shared

---------------------------[ Process ]--------------------------

... 56

... OK !

----------------------[ Recherche avec S_Lop ]---------------------

Aucun fichier / dossier Lop trouvé !

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

C:\DOCUME~1\ALLUSE~1\APPLIC~1\beep axis mode free
C:\DOCUME~1\ALLUSE~1\APPLIC~1\beep axis mode free\Warn Rdr.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\part dead amok eggs
C:\DOCUME~1\Patrizio\APPLIC~1\global~1
C:\DOCUME~1\Patrizio\APPLIC~1\global~1\cirzbpxz.exe
C:\DOCUME~1\Patrizio\APPLIC~1\global~1\dchdyodc.exe
C:\DOCUME~1\Patrizio\APPLIC~1\global~1\hideeggstrans.exe
C:\DOCUME~1\Patrizio\APPLIC~1\global~1\popskip3264.exe
C:\DOCUME~1\Patrizio\APPLIC~1\global~1\xtsitqze.exe
C:\DOCUME~1\Patrizio\APPLIC~1\global~1\ygptnvzw.exe
C:\Program Files\global~1
C:\Program Files\Adverts
C:\Program Files\Circle Developement
C:\WINDOWS\Prefetch\HIDEEGGSTRANS.EXE-2254E466.pf
C:\WINDOWS\Tasks\BF32F4BA96156786.job

----------------------[ Verification du Registre ]----------------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE


----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 22:58:13
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------


Aucune autre infection trouvée !

[F:26][D:0]-> C:\DOCUME~1\Patrizio\LOCALS~1\Temp
[F:2][D:0]-> C:\DOCUME~1\Patrizio\Cookies
[F:2][D:0]-> C:\DOCUME~1\Patrizio\LOCALS~1\TEMPOR~1\content.IE5

--------------------[ Fin du rapport a 22:58:48,09 ]----------------------
bon voila !! je n ai pas pu le faire en mode sans echec .....
mon antivirus me demandais de continuer a chaque fois...
je n est plus d image d ecran sur le bureau...
et je n ai toujours pas de colonne dans genre " panneau de config.."
Merci beaucoup