Sujet Précédent Sujet Suivant

Probleme de pub et de virus??

Résolu/Fermé
simonete88 Messages postés 21 Date d'inscription mercredi 30 juillet 2008 Statut Membre Dernière intervention 15 décembre 2009 - 30 juil. 2008 à 23:49
simonete88 Messages postés 21 Date d'inscription mercredi 30 juillet 2008 Statut Membre Dernière intervention 15 décembre 2009 - 31 juil. 2008 à 19:33
Bonjour,
et bien voila j'ai un gros probleme avec mon ordi portable des pub et une fenetre spyareexpert je croit alor comment faire pour les enlevez? merci
A voir également:

17 réponses

Réponse 1 / 17
Utilisateur anonyme
30 juil. 2008 à 23:50
Bonsoir,
Commence par poster un rapport HijackThis stp,
> Télécharge HiJackThis : https://www.commentcamarche.net/telecharger/securite/11747-hijackthis/
- Lance le programme, puis sélectionne < do a system scan and save a logfile >
- Enregistre le rapport sur ton bureau.
Et envoie, par copier/coller, ton log Hijackthis sur le forum,


A+

Tuto : si problème : http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
0
Réponse 2 / 17
simonete88 Messages postés 21 Date d'inscription mercredi 30 juillet 2008 Statut Membre Dernière intervention 15 décembre 2009
30 juil. 2008 à 23:54
tien et merci de la rapidité
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:53:38, on 30/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\RivaTuner v2.06\RivaTuner.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\DOCUME~1\Simonete\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Poker\Poker 770\casino.exe
C:\Program Files\TuneUp Utilities 2008\OneClick.exe
C:\Program Files\TuneUp Utilities 2008\RegistryCleaner.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&gws_rd=ssl
R3 - URLSearchHook: Secured_eMule - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - (no file)
O2 - BHO: QXK Olive - {14CF3567-2DC2-4BDC-991A-CBDDDC1D4374} - C:\WINDOWS\kgxmotapnmf.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Secured_eMule - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Secured_eMule - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - (no file)
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /T
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /S
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [eMuleAutoStart] D:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: iifFXolJ - C:\WINDOWS\
O21 - SSODL: evgratsm - {4B7DB9AC-2481-4B94-BBC6-F430D8302FB4} - C:\WINDOWS\evgratsm.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
0
Réponse 3 / 17
simonete88 Messages postés 21 Date d'inscription mercredi 30 juillet 2008 Statut Membre Dernière intervention 15 décembre 2009
31 juil. 2008 à 00:07
ya plus personne??
0
Réponse 4 / 17
Utilisateur anonyme
31 juil. 2008 à 01:45
Re,
Si si !
Je suis là (de nouveau).

Alors :
> Télécharge ComboFix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe (par sUBs) sur ton Bureau.
Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement.
- Double clique combofix.exe
- Tape sur la touche 1 (Yes) pour démarrer le scan.
- Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Attention : n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer la machine.



A+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 17
simonete88 Messages postés 21 Date d'inscription mercredi 30 juillet 2008 Statut Membre Dernière intervention 15 décembre 2009
31 juil. 2008 à 11:10
tien jespere que se sera bon et dsl pour le retar

ComboFix 08-07-30.01 - Simonete 2008-07-31 10:58:15.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.499 [GMT 2:00]
Endroit: C:\Documents and Settings\Simonete\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
[i] ADS - system32: deleted 0 bytes in 1 streams. [/i]
[i] ADS - WINDOWS: deleted 0 bytes in 1 streams. [/i]

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\PCHealthCenter
C:\Program Files\PCHealthCenter\[u]0[/u].exe
C:\Program Files\PCHealthCenter\1.exe
C:\Program Files\PCHealthCenter\2.exe
C:\WINDOWS\eesl.exe
C:\WINDOWS\evgratsm.dll
C:\WINDOWS\kgxmotapnmf.dll
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\CLSBIkkj.ini
C:\WINDOWS\system32\CLSBIkkj.ini2
C:\WINDOWS\system32\ddvmbvbh.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\tmp98.tmp
C:\WINDOWS\system32\tmp99.tmp
C:\WINDOWS\system32\WaJlnUtv.ini
C:\WINDOWS\system32\WaJlnUtv.ini2

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-28 to 2008-07-31 ))))))))))))))))))))))))))))))))))))
.

2008-07-30 19:02 . 2008-07-30 19:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-07-30 18:34 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmpB.tmp
2008-07-30 18:23 . 2008-07-30 18:24 <REP> d-------- C:\Virtual
2008-07-30 18:21 . 2008-07-30 18:21 <REP> d-------- C:\WINDOWS\793CFFC9A72F431D9C742E9361E67D04.TMP
2008-07-23 14:10 . 2008-07-23 15:03 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-07-23 13:27 . 2008-07-23 13:27 <REP> d-------- C:\Trend Micro
2008-07-23 13:12 . 2008-07-23 13:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-07-17 11:04 . 2008-07-17 11:39 <REP> d--h----- C:\WINDOWS\system32\Settings
2008-07-05 11:34 . 2008-07-06 15:50 <REP> d-------- C:\Program Files\NOS
2008-07-05 11:34 . 2008-07-06 15:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-07-04 13:20 . 2008-07-04 13:20 <REP> d-------- C:\Documents and Settings\Simonete\Application Data\Icone
2008-07-04 13:18 . 2008-07-04 13:18 <REP> d-------- C:\Program Files\LETMIN
2008-07-04 13:18 . 2008-07-04 13:18 <REP> d-------- C:\Program Files\Icone
2008-06-30 16:32 . 2008-06-30 16:32 355,584 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-06-30 16:32 . 2008-05-29 09:28 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-06-30 13:29 . 2008-06-30 13:29 83 --a------ C:\WINDOWS\LManager.UNI
2008-06-30 13:28 . 2006-05-15 15:39 147,456 --a------ C:\WINDOWS\UNINST32.EXE
2008-06-26 14:40 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmp7C.tmp
2008-06-26 14:40 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmp7B.tmp
2008-06-26 10:57 . 2008-07-27 01:14 4,127,432 --a------ C:\WINDOWS\pfirewall.log.old
2008-06-25 17:40 . 2008-06-25 17:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-06-20 19:47 . 2008-06-20 19:47 247,808 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 19:47 . 2008-06-20 19:47 147,968 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 13:51 . 2008-06-20 13:51 361,600 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 13:40 . 2008-06-20 13:40 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 13:08 . 2008-06-20 13:08 225,856 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-17 21:49 . 2008-07-16 13:33 249 --a------ C:\WINDOWS\wininit.ini
2008-06-17 09:19 . 2004-03-09 01:00 1,081,616 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-06-16 23:35 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmp1E.tmp
2008-06-16 23:14 . 2008-06-16 23:14 <REP> d-------- C:\Documents and Settings\Simonete\OngameNetwork
2008-06-16 23:09 . 2008-06-17 00:12 <REP> d-------- C:\SiSoftware Sandra Lite XII.SP2c
2008-06-16 23:09 . 2008-06-16 23:09 <REP> d-------- C:\Program Files\vghd
2008-06-16 23:09 . 2008-06-16 23:09 <REP> d-------- C:\Program Files\3wPlayer
2008-06-16 18:15 . 2008-06-17 09:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-16 15:11 . 2008-06-16 23:13 <REP> d-------- C:\Documents and Settings\Simonete\Application Data\AVGTOOLBAR
2008-06-16 14:39 . 2008-06-16 23:14 <REP> d-------- C:\Documents and Settings\Simonete\.housecall6.6
2008-06-12 00:37 . 2008-06-26 14:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Codemasters
2008-06-12 00:35 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-06-12 00:35 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll
2008-06-12 00:35 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
2008-06-12 00:35 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll
2008-06-12 00:35 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
2008-06-12 00:35 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll
2008-06-12 00:02 . 2008-06-12 00:02 <REP> d-------- C:\Program Files\Codemasters
2008-06-11 05:10 . 2008-06-14 19:33 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 05:10 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-10 18:56 . 2008-06-10 18:56 34,312 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-06-10 18:48 . 2008-06-10 18:48 53,256 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2008-06-10 18:47 . 2008-06-10 18:47 39,944 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2008-06-09 20:59 . 2008-06-09 23:16 <REP> d-------- C:\Documents and Settings\Simonete\Application Data\Command & Conquer(tm)ÿ3ÿ La Fureur de Kane
2008-06-09 20:56 . 2008-06-09 20:56 <REP> d-------- C:\Documents and Settings\Simonete\Application Data\Command & Conquer 3 Les guerres du Tiberium
2008-06-09 19:45 . 2008-06-09 20:28 <REP> d-------- C:\Program Files\Electronic Arts
2008-06-09 14:34 . 2008-06-10 10:58 <REP> d-------- C:\Program Files\uTorrent
2008-06-09 14:34 . 2008-07-30 18:10 <REP> d-------- C:\Documents and Settings\Simonete\Application Data\uTorrent
2008-06-09 13:38 . 2008-06-09 13:38 <REP> dr-h----- C:\Documents and Settings\Simonete\Application Data\SecuROM
2008-06-08 11:35 . 2008-06-12 00:35 <REP> d-------- C:\Program Files\OpenAL
2008-06-08 11:32 . 2008-06-08 11:32 <REP> d-------- C:\WINDOWS\system32\xlive
2008-06-07 19:31 . 2008-05-01 16:35 53,248 --a------ C:\WINDOWS\system32\CSVer.dll
2008-06-07 19:12 . 2008-07-30 15:49 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-07 19:12 . 2008-06-16 19:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PassMark
2008-06-02 13:02 . 2008-06-02 13:02 57,344 --a------ C:\WINDOWS\system32\lyc_language.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-31 09:05 86,268,704 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-31 09:02 167,948 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-31 09:02 1,759,008 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-31 09:02 1,160,540 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-31 08:53 --------- d-----w C:\Documents and Settings\Simonete\Application Data\Skype
2008-07-31 08:49 --------- d-----w C:\Program Files\Launch Manager
2008-07-31 08:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-30 21:28 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-07-24 10:38 96,559 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-07-24 10:38 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-07-22 08:28 --------- d-----w C:\Documents and Settings\Simonete\Application Data\skypePM
2008-07-18 22:00 --------- d-----w C:\Program Files\Poker Heaven
2008-07-17 11:31 --------- d-----w C:\Documents and Settings\Simonete\Application Data\OpenOffice.org2
2008-07-08 18:01 --------- d-----w C:\Program Files\Fichiers communs\Nero
2008-07-08 17:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-16 21:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-09 21:16 --------- d-----w C:\Documents and Settings\Simonete\Application Data\Command & Conquer(tm) 3  La Fureur de Kane
2008-05-31 13:48 --------- d-----w C:\Documents and Settings\Simonete\Application Data\HP
2008-05-28 22:14 --------- d-----w C:\Documents and Settings\Simonete\Application Data\HPAppData
2008-05-28 16:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\WEBREG
2008-05-28 16:32 --------- d-----w C:\Program Files\HP
2008-05-28 16:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-05-28 16:31 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\HPAppData
2008-05-28 16:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-05-28 16:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-05-28 16:28 --------- d-----w C:\Program Files\Hewlett-Packard
2008-05-28 16:28 --------- d-----w C:\Program Files\Fichiers communs\HP
2008-05-28 16:28 --------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard
2008-05-28 16:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-05-28 13:34 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-05-19 11:23 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-05-17 20:09 475,648 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\bis192.exe
2008-05-15 15:05 769,024 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
2008-05-09 10:55 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:55 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:55 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:55 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 13:39 16,862,208 ----a-w C:\WINDOWS\RTHDCPL.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 02:50 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 02:37 332,800 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 02:33 98,816 ----a-w C:\WINDOWS\system32\psbase.dll
2008-04-14 02:32 764,416 ----a-w C:\WINDOWS\system32\winntbbu.dll
2008-04-14 02:32 76,288 ----a-w C:\WINDOWS\system32\uniime.dll
2008-04-14 02:32 61,471 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 02:32 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
2008-04-14 02:32 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 02:07 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 02:07 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 02:06 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 02:04 93,184 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 02:03 81,920 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 02:02 50,688 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 02:00 572,416 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 01:59 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 01:58 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 01:58 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-14 01:57 70,144 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:43 9,728 ------w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 18:40 445,440 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 18:36 2,986,496 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 18:35 197,632 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:34 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-13 17:33 424,960 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-13 17:33 1,005,056 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2008-04-02 07:27 1,196,032 ----a-w C:\WINDOWS\RtlUpd.exe
2008-02-17 15:14 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-02 02:15 22,328 ----a-w C:\Documents and Settings\Simonete\Application Data\PnkBstrK.sys
2007-12-28 02:06 25,839,688 ----a-w C:\Program Files\wmp11-windowsxp-x86-FR-FR.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-07-03 20:56 5724184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 15:54 21718312]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-17 13:18 68856]
"eMuleAutoStart"="D:\Program Files\eMule\emule.exe" [2008-05-11 13:19 5423104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 15:02 53248]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-15 12:03 8527872]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-15 12:03 81920]
"RivaTuner"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 20:05 2650112]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 12:51 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 12:52 602182]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 12:56 569413]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 07:03 221184]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 20:05 2650112]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 22:15 593920]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 17:29 2221352]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-05-28 09:34 570664]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 13:51 218376]
"nwiz"="nwiz.exe" [2007-11-15 12:03 1626112 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-07 15:39 16862208 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:33 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 04:33 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2002-09-24 13:43 73728 C:\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 D:\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-01-17 13:18 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
--a------ 2006-04-29 15:21 94208 C:\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SandraAgentSrv"=2 (0x2)
"ekrn"=2 (0x2)
"EhttpSrv"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Program Files\\eMule\\emule.exe"=
"C:\\SiSoftware Sandra Lite XII.SP2c\\RpcAgentSrv.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\THQ\\MX vs ATV Unleashed\\MXvsATV.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 St323dk;St323dk;C:\WINDOWS\system32\drivers\St323dk.sys [2002-10-13 21:24]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 18:56]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2008-04-14 04:34]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 15:58]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 03:13]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 15:58]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 15:58]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 15:58]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 15:58]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 15:58]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 15:58]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 15:58]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-06-30 16:32]
S4 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2008-04-22 18:23]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aade2d43-dbda-11dc-b706-0018de8eb661}]
\Shell\Auto\command - sxs.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-07-31 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]
.
- - - - ORPHANS REMOVED - - - -

SSODL-evgratsm-{4B7DB9AC-2481-4B94-BBC6-F430D8302FB4} - C:\WINDOWS\evgratsm.dll
Notify-iifFXolJ - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8

O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
C:\WINDOWS\Downloaded Program Files\oscan8.inf
C:\WINDOWS\Downloaded Program Files\oscan81.ocx_x
C:\WINDOWS\bdoscandellang.ini
C:\WINDOWS\bdoscandel.exe
C:\WINDOWS\Downloaded Program Files\live.ini
C:\WINDOWS\Downloaded Program Files\scanoptions.tsi
C:\WINDOWS\Downloaded Program Files\lang.ini
C:\WINDOWS\Downloaded Program Files\ipsupd.dll
C:\WINDOWS\Downloaded Program Files\bdupd.dll
C:\WINDOWS\Downloaded Program Files\libfn.dll
C:\WINDOWS\Downloaded Program Files\bdcore.dll
C:\WINDOWS\Downloaded Program Files\oscan8.ocx


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 11:04:15
Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\DOCUME~1\Simonete\LOCALS~1\temp\RtkBtMnt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-31 11:07:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-31 09:07:20

Pre-Run: 8,342,806,528 octets libres
Post-Run: 8,770,547,712 octets libres

325 --- E O F --- 2008-07-09 19:03:16
0
Réponse 6 / 17
simonete88 Messages postés 21 Date d'inscription mercredi 30 juillet 2008 Statut Membre Dernière intervention 15 décembre 2009
31 juil. 2008 à 11:27
dlld té encore la??
0
Utilisateur anonyme
31 juil. 2008 à 11:29
OUI !

Je regarde et je reviens d'ici une dizaine de minutes.

A+
0
Réponse 7 / 17
simonete88 Messages postés 21 Date d'inscription mercredi 30 juillet 2008 Statut Membre Dernière intervention 15 décembre 2009
31 juil. 2008 à 11:31
merci
0
Réponse 8 / 17
simonete88 Messages postés 21 Date d'inscription mercredi 30 juillet 2008 Statut Membre Dernière intervention 15 décembre 2009
31 juil. 2008 à 11:31
merci
0
Réponse 9 / 17
Utilisateur anonyme
31 juil. 2008 à 12:13
Ok,
désolé pour le retard.

Alors,
> Avec Combofix :
- Ferme tout tes navigateurs (donc copie ou imprime les instructions suivantes avant) et désactive ton antivirus pour que Combofix puisse s'exécuter normalement.
- Crée un nouveau document texte : clic droit de souris sur le bureau => Nouveau => Document Texte, et copie/colle dedans les lignes suivantes : 

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aade2d43-dbda-11dc-b706-0018de8eb661}]

File::
C:\WINDOWS\system32\tmpB.tmp
C:\WINDOWS\793CFFC9A72F431D9C742E9361E67D04.TMP 
C:\WINDOWS\UNINST32.EXE
C:\WINDOWS\system32\tmp7C.tmp
C:\WINDOWS\system32\tmp7B.tmp 
C:\WINDOWS\system32\tmp1E.tmp 
C:\WINDOWS\evgratsm.dll

- Enregistre ce fichier sous le nom CFScript (Type du fichier : tous les fichiers)
- Fait un glisser/déposer de ce fichier CFScript sur le programme ComboFix.exe comme sur cette image.
(Explications du glisser/coller : Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relâche alors le bouton de la souris).
- Combofix va démarrer puis une fenêtre bleue va apparaître. Au message qui s'affiche (Type 1 to continue, or 2 to abort) : tape 1 puis valide.
- Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal !
- Ne touche à rien tant que le scan n'est pas terminé sinon le PC peut planter !
- Une fois le scan achevé, un rapport va s'afficher: poste le stp.
PS : Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt



Maintenant j'ai un doute sur certains fichiers, donc :
> Rends toi sur le site virustotal et fais analyser le/les fichiers suivant(s) : (copie-colle la/les ligne(s) ci-dessous dans le cadre "envoyé un fichier")
Si problème : http://pageperso.aol.fr/loraline60/virus_total.htm 

C:\WINDOWS\system32\D3DX9_37.dll 
C:\WINDOWS\system32\D3DCompiler_37.dll 
C:\WINDOWS\system32\lyc_language.dll

et poste le résultat par copier/coller stp (ou le lien http, c'est plus rapide et plus simple).


Pour finir poste un nouveau rapport HiJackT stp.
Comment va le PC ?


A+
0
Réponse 10 / 17
simonete88 Messages postés 21 Date d'inscription mercredi 30 juillet 2008 Statut Membre Dernière intervention 15 décembre 2009
31 juil. 2008 à 13:01
jespere que c bon sa?
ComboFix 08-07-30.01 - Simonete 2008-07-31 12:33:59.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.401 [GMT 2:00]
Endroit: C:\Documents and Settings\Simonete\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Simonete\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
* Resident AV is active


[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-28 to 2008-07-31 ))))))))))))))))))))))))))))))))))))
.

2008-07-30 19:02 . 2008-07-30 19:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-07-30 18:34 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmpB.tmp
2008-07-30 18:23 . 2008-07-30 18:24 <REP> d-------- C:\Virtual
2008-07-30 18:21 . 2008-07-30 18:21 <REP> d-------- C:\WINDOWS\793CFFC9A72F431D9C742E9361E67D04.TMP
2008-07-23 14:10 . 2008-07-23 15:03 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-07-23 13:27 . 2008-07-23 13:27 <REP> d-------- C:\Trend Micro
2008-07-23 13:12 . 2008-07-23 13:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-07-17 11:04 . 2008-07-17 11:39 <REP> d--h----- C:\WINDOWS\system32\Settings
2008-07-05 11:34 . 2008-07-06 15:50 <REP> d-------- C:\Program Files\NOS
2008-07-05 11:34 . 2008-07-06 15:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-07-04 13:20 . 2008-07-04 13:20 <REP> d-------- C:\Documents and Settings\Simonete\Application Data\Icone
2008-07-04 13:18 . 2008-07-04 13:18 <REP> d-------- C:\Program Files\LETMIN
2008-07-04 13:18 . 2008-07-04 13:18 <REP> d-------- C:\Program Files\Icone
2008-06-30 16:32 . 2008-06-30 16:32 355,584 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-06-30 16:32 . 2008-05-29 09:28 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-06-30 13:29 . 2008-06-30 13:29 83 --a------ C:\WINDOWS\LManager.UNI
2008-06-30 13:28 . 2006-05-15 15:39 147,456 --a------ C:\WINDOWS\UNINST32.EXE
2008-06-26 14:40 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmp7C.tmp
2008-06-26 14:40 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmp7B.tmp
2008-06-26 10:57 . 2008-07-27 01:14 4,127,432 --a------ C:\WINDOWS\pfirewall.log.old
2008-06-25 17:40 . 2008-06-25 17:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-06-20 19:47 . 2008-06-20 19:47 247,808 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 19:47 . 2008-06-20 19:47 147,968 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 13:51 . 2008-06-20 13:51 361,600 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 13:40 . 2008-06-20 13:40 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 13:08 . 2008-06-20 13:08 225,856 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-17 21:49 . 2008-07-16 13:33 249 --a------ C:\WINDOWS\wininit.ini
2008-06-17 09:19 . 2004-03-09 01:00 1,081,616 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-06-16 23:35 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmp1E.tmp
2008-06-16 23:14 . 2008-06-16 23:14 <REP> d-------- C:\Documents and Settings\Simonete\OngameNetwork
2008-06-16 23:09 . 2008-06-17 00:12 <REP> d-------- C:\SiSoftware Sandra Lite XII.SP2c
2008-06-16 23:09 . 2008-06-16 23:09 <REP> d-------- C:\Program Files\vghd
2008-06-16 23:09 . 2008-06-16 23:09 <REP> d-------- C:\Program Files\3wPlayer
2008-06-16 18:15 . 2008-06-17 09:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-16 15:11 . 2008-06-16 23:13 <REP> d-------- C:\Documents and Settings\Simonete\Application Data\AVGTOOLBAR
2008-06-16 14:39 . 2008-06-16 23:14 <REP> d-------- C:\Documents and Settings\Simonete\.housecall6.6
2008-06-12 00:37 . 2008-06-26 14:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Codemasters
2008-06-12 00:35 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-06-12 00:35 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll
2008-06-12 00:35 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
2008-06-12 00:35 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll
2008-06-12 00:35 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
2008-06-12 00:35 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll
2008-06-12 00:02 . 2008-06-12 00:02 <REP> d-------- C:\Program Files\Codemasters
2008-06-11 05:10 . 2008-06-14 19:33 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 05:10 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-10 18:56 . 2008-06-10 18:56 34,312 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-06-10 18:48 . 2008-06-10 18:48 53,256 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2008-06-10 18:47 . 2008-06-10 18:47 39,944 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2008-06-09 20:59 . 2008-06-09 23:16 <REP> d-------- C:\Documents and Settings\Simonete\Application Data\Command & Conquer(tm)ÿ3ÿ La Fureur de Kane
2008-06-09 20:56 . 2008-06-09 20:56 <REP> d-------- C:\Documents and Settings\Simonete\Application Data\Command & Conquer 3 Les guerres du Tiberium
2008-06-09 19:45 . 2008-06-09 20:28 <REP> d-------- C:\Program Files\Electronic Arts
2008-06-09 14:34 . 2008-06-10 10:58 <REP> d-------- C:\Program Files\uTorrent
2008-06-09 14:34 . 2008-07-30 18:10 <REP> d-------- C:\Documents and Settings\Simonete\Application Data\uTorrent
2008-06-09 13:38 . 2008-06-09 13:38 <REP> dr-h----- C:\Documents and Settings\Simonete\Application Data\SecuROM
2008-06-08 11:35 . 2008-06-12 00:35 <REP> d-------- C:\Program Files\OpenAL
2008-06-08 11:32 . 2008-06-08 11:32 <REP> d-------- C:\WINDOWS\system32\xlive
2008-06-07 19:31 . 2008-05-01 16:35 53,248 --a------ C:\WINDOWS\system32\CSVer.dll
2008-06-07 19:12 . 2008-07-30 15:49 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-07 19:12 . 2008-06-16 19:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PassMark
2008-06-02 13:02 . 2008-06-02 13:02 57,344 --a------ C:\WINDOWS\system32\lyc_language.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-31 10:55 --------- d-----w C:\Documents and Settings\Simonete\Application Data\Skype
2008-07-31 10:53 1,766,176 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-31 10:52 86,571,552 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-31 10:52 168,692 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-31 10:52 1,163,204 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-31 09:09 --------- d-----w C:\Program Files\Launch Manager
2008-07-31 09:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-30 21:28 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-07-24 10:38 96,559 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-07-24 10:38 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-07-22 08:28 --------- d-----w C:\Documents and Settings\Simonete\Application Data\skypePM
2008-07-18 22:00 --------- d-----w C:\Program Files\Poker Heaven
2008-07-17 11:31 --------- d-----w C:\Documents and Settings\Simonete\Application Data\OpenOffice.org2
2008-07-08 18:01 --------- d-----w C:\Program Files\Fichiers communs\Nero
2008-07-08 17:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-16 21:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-09 21:16 --------- d-----w C:\Documents and Settings\Simonete\Application Data\Command & Conquer(tm) 3  La Fureur de Kane
2008-05-31 13:48 --------- d-----w C:\Documents and Settings\Simonete\Application Data\HP
2008-05-28 22:14 --------- d-----w C:\Documents and Settings\Simonete\Application Data\HPAppData
2008-05-28 16:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\WEBREG
2008-05-28 16:32 --------- d-----w C:\Program Files\HP
2008-05-28 16:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-05-28 16:31 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\HPAppData
2008-05-28 16:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-05-28 16:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-05-28 16:28 --------- d-----w C:\Program Files\Hewlett-Packard
2008-05-28 16:28 --------- d-----w C:\Program Files\Fichiers communs\HP
2008-05-28 16:28 --------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard
2008-05-28 16:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-05-28 13:34 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-05-19 11:23 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-05-17 20:09 475,648 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\bis192.exe
2008-05-15 15:05 769,024 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
2008-05-09 10:55 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:55 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:55 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:55 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 13:39 16,862,208 ----a-w C:\WINDOWS\RTHDCPL.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 02:50 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 02:37 332,800 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 02:33 98,816 ----a-w C:\WINDOWS\system32\psbase.dll
2008-04-14 02:32 764,416 ----a-w C:\WINDOWS\system32\winntbbu.dll
2008-04-14 02:32 76,288 ----a-w C:\WINDOWS\system32\uniime.dll
2008-04-14 02:32 61,471 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 02:32 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
2008-04-14 02:32 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 02:07 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 02:07 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 02:06 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 02:04 93,184 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 02:03 81,920 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 02:02 50,688 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 02:00 572,416 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 01:59 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 01:58 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 01:58 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-14 01:57 70,144 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:43 9,728 ------w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 18:40 445,440 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 18:36 2,986,496 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 18:35 197,632 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:34 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-13 17:33 424,960 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-13 17:33 1,005,056 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2008-04-02 07:27 1,196,032 ----a-w C:\WINDOWS\RtlUpd.exe
2008-02-17 15:14 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-02 02:15 22,328 ----a-w C:\Documents and Settings\Simonete\Application Data\PnkBstrK.sys
2007-12-28 02:06 25,839,688 ----a-w C:\Program Files\wmp11-windowsxp-x86-FR-FR.exe
.

((((((((((((((((((((((((((((( snapshot@2008-07-31_11.06.37.67 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-31 08:52:35 53,432 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-07-31 09:08:07 53,432 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-07-31 08:52:35 64,490 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-07-31 09:08:07 64,490 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-07-31 08:52:35 381,018 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-07-31 09:08:07 381,018 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-07-31 08:52:35 446,328 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-07-31 09:08:07 446,328 ----a-w C:\WINDOWS\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-07-03 20:56 5724184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 15:54 21718312]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-17 13:18 68856]
"eMuleAutoStart"="D:\Program Files\eMule\emule.exe" [2008-05-11 13:19 5423104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 15:02 53248]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-15 12:03 8527872]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-15 12:03 81920]
"RivaTuner"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 20:05 2650112]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 12:51 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 12:52 602182]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 12:56 569413]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 07:03 221184]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 20:05 2650112]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 22:15 593920]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 17:29 2221352]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-05-28 09:34 570664]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 13:51 218376]
"nwiz"="nwiz.exe" [2007-11-15 12:03 1626112 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-07 15:39 16862208 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:33 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 04:33 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2002-09-24 13:43 73728 C:\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 D:\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-01-17 13:18 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
--a------ 2006-04-29 15:21 94208 C:\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SandraAgentSrv"=2 (0x2)
"ekrn"=2 (0x2)
"EhttpSrv"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Program Files\\eMule\\emule.exe"=
"C:\\SiSoftware Sandra Lite XII.SP2c\\RpcAgentSrv.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\THQ\\MX vs ATV Unleashed\\MXvsATV.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 St323dk;St323dk;C:\WINDOWS\system32\drivers\St323dk.sys [2002-10-13 21:24]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 18:56]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2008-04-14 04:34]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 15:58]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 03:13]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 15:58]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 15:58]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 15:58]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 15:58]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 15:58]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 15:58]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 15:58]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-06-30 16:32]
S4 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2008-04-22 18:23]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aade2d43-dbda-11dc-b706-0018de8eb661}]
\Shell\Auto\command - sxs.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-07-31 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 12:54:03
Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\DOCUME~1\Simonete\LOCALS~1\temp\RtkBtMnt.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-31 12:59:32 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-31 10:59:23
ComboFix2.txt 2008-07-31 09:07:26

Pre-Run: 8,654,266,368 octets libres
Post-Run: 8,686,555,136 octets libres

298 --- E O F --- 2008-07-09 19:03:16
0
Réponse 11 / 17
Utilisateur anonyme
31 juil. 2008 à 13:09
Re,
heu non !

Tu n'as pas exécuté le script. Il faut le refaire.

PS :

Enregistre ce fichier sous le nom CFScript (Type du fichier : tous les fichiers)
- Fait un glisser/déposer de ce fichier CFScript sur le programme ComboFix.exe comme sur cette image.
https://forum.adaware.com/index.php?act=attach&type=post&id=3701

A+
0
Réponse 12 / 17
simonete88 Messages postés 21 Date d'inscription mercredi 30 juillet 2008 Statut Membre Dernière intervention 15 décembre 2009
31 juil. 2008 à 13:12
http://www.virustotal.com/fr/reanalisis.html?d8310d9b5e7e448340f78940aab1b36a
http://www.virustotal.com/fr/analisis/92754c2a8af4865a0e9fdb2d0085bfaa
http://www.virustotal.com/fr/analisis/5e31874420ff5f5130084b64f34e4844
voila pour les rapport
0
Réponse 13 / 17
simonete88 Messages postés 21 Date d'inscription mercredi 30 juillet 2008 Statut Membre Dernière intervention 15 décembre 2009
31 juil. 2008 à 13:15
et bien ecoute sa a lair d'aller mieux merci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:12:57, on 31/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\RivaTuner v2.06\RivaTuner.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\Simonete\LOCALS~1\Temp\RtkBtMnt.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /T
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /S
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [eMuleAutoStart] D:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
0
Réponse 14 / 17
Utilisateur anonyme
31 juil. 2008 à 13:23
As tu vu mon message ici :

http://www.commentcamarche.net/forum/affich 7668092 probleme de pub et de virus#12

?
0
Réponse 15 / 17
simonete88 Messages postés 21 Date d'inscription mercredi 30 juillet 2008 Statut Membre Dernière intervention 15 décembre 2009
31 juil. 2008 à 19:12
je ten refait un et je te le donne de suite ok
0
Réponse 16 / 17
simonete88 Messages postés 21 Date d'inscription mercredi 30 juillet 2008 Statut Membre Dernière intervention 15 décembre 2009
31 juil. 2008 à 19:32
ComboFix 08-07-30.01 - Simonete 2008-07-31 19:15:17.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.506 [GMT 2:00]
Endroit: C:\Documents and Settings\Simonete\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Simonete\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
* Resident AV is active


[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-28 to 2008-07-31 ))))))))))))))))))))))))))))))))))))
.

2008-07-30 19:02 . 2008-07-30 19:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-07-30 18:34 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmpB.tmp
2008-07-30 18:23 . 2008-07-30 18:24 <REP> d-------- C:\Virtual
2008-07-30 18:21 . 2008-07-30 18:21 <REP> d-------- C:\WINDOWS\793CFFC9A72F431D9C742E9361E67D04.TMP
2008-07-23 14:10 . 2008-07-23 15:03 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-07-23 13:27 . 2008-07-23 13:27 <REP> d-------- C:\Trend Micro
2008-07-23 13:12 . 2008-07-23 13:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-07-17 11:04 . 2008-07-17 11:39 <REP> d--h----- C:\WINDOWS\system32\Settings
2008-07-05 11:34 . 2008-07-06 15:50 <REP> d-------- C:\Program Files\NOS
2008-07-05 11:34 . 2008-07-06 15:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-07-04 13:20 . 2008-07-04 13:20 <REP> d-------- C:\Documents and Settings\Simonete\Application Data\Icone
2008-07-04 13:18 . 2008-07-04 13:18 <REP> d-------- C:\Program Files\LETMIN
2008-07-04 13:18 . 2008-07-04 13:18 <REP> d-------- C:\Program Files\Icone
2008-06-30 16:32 . 2008-06-30 16:32 355,584 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-06-30 16:32 . 2008-05-29 09:28 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-06-30 13:29 . 2008-06-30 13:29 83 --a------ C:\WINDOWS\LManager.UNI
2008-06-30 13:28 . 2006-05-15 15:39 147,456 --a------ C:\WINDOWS\UNINST32.EXE
2008-06-26 14:40 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmp7C.tmp
2008-06-26 14:40 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmp7B.tmp
2008-06-26 10:57 . 2008-07-27 01:14 4,127,432 --a------ C:\WINDOWS\pfirewall.log.old
2008-06-25 17:40 . 2008-06-25 17:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-06-20 19:47 . 2008-06-20 19:47 247,808 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 19:47 . 2008-06-20 19:47 147,968 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 13:51 . 2008-06-20 13:51 361,600 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 13:40 . 2008-06-20 13:40 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 13:08 . 2008-06-20 13:08 225,856 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-17 21:49 . 2008-07-16 13:33 249 --a------ C:\WINDOWS\wininit.ini
2008-06-17 09:19 . 2004-03-09 01:00 1,081,616 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-06-16 23:35 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmp1E.tmp
2008-06-16 23:14 . 2008-06-16 23:14 <REP> d-------- C:\Documents and Settings\Simonete\OngameNetwork
2008-06-16 23:09 . 2008-06-17 00:12 <REP> d-------- C:\SiSoftware Sandra Lite XII.SP2c
2008-06-16 23:09 . 2008-06-16 23:09 <REP> d-------- C:\Program Files\vghd
2008-06-16 23:09 . 2008-06-16 23:09 <REP> d-------- C:\Program Files\3wPlayer
2008-06-16 18:15 . 2008-06-17 09:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-16 15:11 . 2008-06-16 23:13 <REP> d-------- C:\Documents and Settings\Simonete\Application Data\AVGTOOLBAR
2008-06-16 14:39 . 2008-06-16 23:14 <REP> d-------- C:\Documents and Settings\Simonete\.housecall6.6
2008-06-12 00:37 . 2008-06-26 14:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Codemasters
2008-06-12 00:35 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-06-12 00:35 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll
2008-06-12 00:35 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
2008-06-12 00:35 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll
2008-06-12 00:35 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
2008-06-12 00:35 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll
2008-06-12 00:02 . 2008-06-12 00:02 <REP> d-------- C:\Program Files\Codemasters
2008-06-11 05:10 . 2008-06-14 19:33 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 05:10 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-10 18:56 . 2008-06-10 18:56 34,312 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-06-10 18:48 . 2008-06-10 18:48 53,256 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2008-06-10 18:47 . 2008-06-10 18:47 39,944 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2008-06-09 20:59 . 2008-06-09 23:16 <REP> d-------- C:\Documents and Settings\Simonete\Application Data\Command & Conquer(tm)ÿ3ÿ La Fureur de Kane
2008-06-09 20:56 . 2008-06-09 20:56 <REP> d-------- C:\Documents and Settings\Simonete\Application Data\Command & Conquer 3 Les guerres du Tiberium
2008-06-09 19:45 . 2008-06-09 20:28 <REP> d-------- C:\Program Files\Electronic Arts
2008-06-09 14:34 . 2008-06-10 10:58 <REP> d-------- C:\Program Files\uTorrent
2008-06-09 14:34 . 2008-07-30 18:10 <REP> d-------- C:\Documents and Settings\Simonete\Application Data\uTorrent
2008-06-09 13:38 . 2008-06-09 13:38 <REP> dr-h----- C:\Documents and Settings\Simonete\Application Data\SecuROM
2008-06-08 11:35 . 2008-06-12 00:35 <REP> d-------- C:\Program Files\OpenAL
2008-06-08 11:32 . 2008-06-08 11:32 <REP> d-------- C:\WINDOWS\system32\xlive
2008-06-07 19:31 . 2008-05-01 16:35 53,248 --a------ C:\WINDOWS\system32\CSVer.dll
2008-06-07 19:12 . 2008-07-30 15:49 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-07 19:12 . 2008-06-16 19:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PassMark
2008-06-02 13:02 . 2008-06-02 13:02 57,344 --a------ C:\WINDOWS\system32\lyc_language.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-31 17:26 86,791,968 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-31 17:24 1,775,392 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-31 17:22 169,532 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-31 17:22 1,167,164 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-31 17:02 --------- d-----w C:\Program Files\Launch Manager
2008-07-31 17:00 --------- d-----w C:\Documents and Settings\Simonete\Application Data\Skype
2008-07-31 11:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-30 21:28 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-07-24 10:38 96,559 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-07-24 10:38 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-07-22 08:28 --------- d-----w C:\Documents and Settings\Simonete\Application Data\skypePM
2008-07-18 22:00 --------- d-----w C:\Program Files\Poker Heaven
2008-07-17 11:31 --------- d-----w C:\Documents and Settings\Simonete\Application Data\OpenOffice.org2
2008-07-08 18:01 --------- d-----w C:\Program Files\Fichiers communs\Nero
2008-07-08 17:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-16 21:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-09 21:16 --------- d-----w C:\Documents and Settings\Simonete\Application Data\Command & Conquer(tm) 3  La Fureur de Kane
2008-05-31 13:48 --------- d-----w C:\Documents and Settings\Simonete\Application Data\HP
2008-05-28 22:14 --------- d-----w C:\Documents and Settings\Simonete\Application Data\HPAppData
2008-05-28 16:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\WEBREG
2008-05-28 16:32 --------- d-----w C:\Program Files\HP
2008-05-28 16:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-05-28 16:31 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\HPAppData
2008-05-28 16:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-05-28 16:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-05-28 16:28 --------- d-----w C:\Program Files\Hewlett-Packard
2008-05-28 16:28 --------- d-----w C:\Program Files\Fichiers communs\HP
2008-05-28 16:28 --------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard
2008-05-28 16:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-05-28 13:34 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-05-19 11:23 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-05-17 20:09 475,648 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\bis192.exe
2008-05-15 15:05 769,024 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
2008-05-09 10:55 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:55 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:55 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:55 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 13:39 16,862,208 ----a-w C:\WINDOWS\RTHDCPL.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 02:50 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 02:37 332,800 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 02:33 98,816 ----a-w C:\WINDOWS\system32\psbase.dll
2008-04-14 02:32 764,416 ----a-w C:\WINDOWS\system32\winntbbu.dll
2008-04-14 02:32 76,288 ----a-w C:\WINDOWS\system32\uniime.dll
2008-04-14 02:32 61,471 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 02:32 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
2008-04-14 02:32 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 02:07 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 02:07 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 02:06 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 02:04 93,184 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 02:03 81,920 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 02:02 50,688 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 02:00 572,416 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 01:59 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 01:58 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 01:58 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-14 01:57 70,144 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:43 9,728 ------w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 18:40 445,440 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 18:36 2,986,496 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 18:35 197,632 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:34 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-13 17:33 424,960 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-13 17:33 1,005,056 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2008-04-02 07:27 1,196,032 ----a-w C:\WINDOWS\RtlUpd.exe
2008-02-17 15:14 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-02 02:15 22,328 ----a-w C:\Documents and Settings\Simonete\Application Data\PnkBstrK.sys
2007-12-28 02:06 25,839,688 ----a-w C:\Program Files\wmp11-windowsxp-x86-FR-FR.exe
.

((((((((((((((((((((((((((((( snapshot@2008-07-31_11.06.37.67 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-31 08:52:35 53,432 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-07-31 10:58:39 53,432 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-07-31 08:52:35 64,490 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-07-31 10:58:39 64,490 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-07-31 08:52:35 381,018 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-07-31 10:58:39 381,018 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-07-31 08:52:35 446,328 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-07-31 10:58:39 446,328 ----a-w C:\WINDOWS\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-07-03 20:56 5724184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 15:54 21718312]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-17 13:18 68856]
"eMuleAutoStart"="D:\Program Files\eMule\emule.exe" [2008-05-11 13:19 5423104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 15:02 53248]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-15 12:03 8527872]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-15 12:03 81920]
"RivaTuner"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 20:05 2650112]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 12:51 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 12:52 602182]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 12:56 569413]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 07:03 221184]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 20:05 2650112]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 22:15 593920]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 17:29 2221352]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-05-28 09:34 570664]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 13:51 218376]
"nwiz"="nwiz.exe" [2007-11-15 12:03 1626112 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-07 15:39 16862208 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:33 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 04:33 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2002-09-24 13:43 73728 C:\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 D:\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-01-17 13:18 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
--a------ 2006-04-29 15:21 94208 C:\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SandraAgentSrv"=2 (0x2)
"ekrn"=2 (0x2)
"EhttpSrv"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Program Files\\eMule\\emule.exe"=
"C:\\SiSoftware Sandra Lite XII.SP2c\\RpcAgentSrv.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"C:\\Program Files\\THQ\\MX vs ATV Unleashed\\MXvsATV.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 St323dk;St323dk;C:\WINDOWS\system32\drivers\St323dk.sys [2002-10-13 21:24]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 18:56]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2008-04-14 04:34]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 15:58]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 03:13]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 15:58]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 15:58]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 15:58]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 15:58]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 15:58]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 15:58]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 15:58]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-06-30 16:32]
S4 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2008-04-22 18:23]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aade2d43-dbda-11dc-b706-0018de8eb661}]
\Shell\Auto\command - sxs.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-07-31 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 19:24:48
Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\DOCUME~1\Simonete\LOCALS~1\temp\RtkBtMnt.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-31 19:30:10 - machine was rebooted [Simonete]
ComboFix-quarantined-files.txt 2008-07-31 17:29:59
ComboFix2.txt 2008-07-31 09:07:26

Pre-Run: 8,655,712,256 octets libres
Post-Run: 8,689,422,336 octets libres

297 --- E O F --- 2008-07-09 19:03:16
0
Réponse 17 / 17
simonete88 Messages postés 21 Date d'inscription mercredi 30 juillet 2008 Statut Membre Dernière intervention 15 décembre 2009
31 juil. 2008 à 19:33
ComboFix 08-07-30.01 - Simonete 2008-07-31 19:15:17.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.506 [GMT 2:00]
Endroit: C:\Documents and Settings\Simonete\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Simonete\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
* Resident AV is active


[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-28 to 2008-07-31 ))))))))))))))))))))))))))))))))))))
.

2008-07-30 19:02 . 2008-07-30 19:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-07-30 18:34 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmpB.tmp
2008-07-30 18:23 . 2008-07-30 18:24 <REP> d-------- C:\Virtual
2008-07-30 18:21 . 2008-07-30 18:21 <REP> d-------- C:\WINDOWS\793CFFC9A72F431D9C742E9361E67D04.TMP
2008-07-23 14:10 . 2008-07-23 15:03 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-07-23 13:27 . 2008-07-23 13:27 <REP> d-------- C:\Trend Micro
2008-07-23 13:12 . 2008-07-23 13:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-07-17 11:04 . 2008-07-17 11:39 <REP> d--h----- C:\WINDOWS\system32\Settings
2008-07-05 11:34 . 2008-07-06 15:50 <REP> d-------- C:\Program Files\NOS
2008-07-05 11:34 . 2008-07-06 15:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-07-04 13:20 . 2008-07-04 13:20 <REP> d-------- C:\Documents and Settings\Simonete\Application Data\Icone
2008-07-04 13:18 . 2008-07-04 13:18 <REP> d-------- C:\Program Files\LETMIN
2008-07-04 13:18 . 2008-07-04 13:18 <REP> d-------- C:\Program Files\Icone
2008-06-30 16:32 . 2008-06-30 16:32 355,584 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-06-30 16:32 . 2008-05-29 09:28 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-06-30 13:29 . 2008-06-30 13:29 83 --a------ C:\WINDOWS\LManager.UNI
2008-06-30 13:28 . 2006-05-15 15:39 147,456 --a------ C:\WINDOWS\UNINST32.EXE
2008-06-26 14:40 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmp7C.tmp
2008-06-26 14:40 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmp7B.tmp
2008-06-26 10:57 . 2008-07-27 01:14 4,127,432 --a------ C:\WINDOWS\pfirewall.log.old
2008-06-25 17:40 . 2008-06-25 17:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-06-20 19:47 . 2008-06-20 19:47 247,808 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 19:47 . 2008-06-20 19:47 147,968 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 13:51 . 2008-06-20 13:51 361,600 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 13:40 . 2008-06-20 13:40 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 13:08 . 2008-06-20 13:08 225,856 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-17 21:49 . 2008-07-16 13:33 249 --a------ C:\WINDOWS\wininit.ini
2008-06-17 09:19 . 2004-03-09 01:00 1,081,616 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-06-16 23:35 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmp1E.tmp
2008-06-16 23:14 . 2008-06-16 23:14 <REP> d-------- C:\Documents and Settings\Simonete\OngameNetwork
2008-06-16 23:09 . 2008-06-17 00:12 <REP> d-------- C:\SiSoftware Sandra Lite XII.SP2c
2008-06-16 23:09 . 2008-06-16 23:09 <REP> d-------- C:\Program Files\vghd
2008-06-16 23:09 . 2008-06-16 23:09 <REP> d-------- C:\Program Files\3wPlayer
2008-06-16 18:15 . 2008-06-17 09:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-16 15:11 . 2008-06-16 23:13 <REP> d-------- C:\Documents and Settings\Simonete\Application Data\AVGTOOLBAR
2008-06-16 14:39 . 2008-06-16 23:14 <REP> d-------- C:\Documents and Settings\Simonete\.housecall6.6
2008-06-12 00:37 . 2008-06-26 14:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Codemasters
2008-06-12 00:35 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-06-12 00:35 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll
2008-06-12 00:35 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
2008-06-12 00:35 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll
2008-06-12 00:35 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
2008-06-12 00:35 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll
2008-06-12 00:02 . 2008-06-12 00:02 <REP> d-------- C:\Program Files\Codemasters
2008-06-11 05:10 . 2008-06-14 19:33 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 05:10 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-10 18:56 . 2008-06-10 18:56 34,312 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-06-10 18:48 . 2008-06-10 18:48 53,256 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2008-06-10 18:47 . 2008-06-10 18:47 39,944 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2008-06-09 20:59 . 2008-06-09 23:16 <REP> d-------- C:\Documents and Settings\Simonete\Application Data\Command & Conquer(tm)ÿ3ÿ La Fureur de Kane
2008-06-09 20:56 . 2008-06-09 20:56 <REP> d-------- C:\Documents and Settings\Simonete\Application Data\Command & Conquer 3 Les guerres du Tiberium
2008-06-09 19:45 . 2008-06-09 20:28 <REP> d-------- C:\Program Files\Electronic Arts
2008-06-09 14:34 . 2008-06-10 10:58 <REP> d-------- C:\Program Files\uTorrent
2008-06-09 14:34 . 2008-07-30 18:10 <REP> d-------- C:\Documents and Settings\Simonete\Application Data\uTorrent
2008-06-09 13:38 . 2008-06-09 13:38 <REP> dr-h----- C:\Documents and Settings\Simonete\Application Data\SecuROM
2008-06-08 11:35 . 2008-06-12 00:35 <REP> d-------- C:\Program Files\OpenAL
2008-06-08 11:32 . 2008-06-08 11:32 <REP> d-------- C:\WINDOWS\system32\xlive
2008-06-07 19:31 . 2008-05-01 16:35 53,248 --a------ C:\WINDOWS\system32\CSVer.dll
2008-06-07 19:12 . 2008-07-30 15:49 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-07 19:12 . 2008-06-16 19:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PassMark
2008-06-02 13:02 . 2008-06-02 13:02 57,344 --a------ C:\WINDOWS\system32\lyc_language.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-31 17:26 86,791,968 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-31 17:24 1,775,392 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-31 17:22 169,532 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-31 17:22 1,167,164 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-31 17:02 --------- d-----w C:\Program Files\Launch Manager
2008-07-31 17:00 --------- d-----w C:\Documents and Settings\Simonete\Application Data\Skype
2008-07-31 11:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-30 21:28 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-07-24 10:38 96,559 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-07-24 10:38 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-07-22 08:28 --------- d-----w C:\Documents and Settings\Simonete\Application Data\skypePM
2008-07-18 22:00 --------- d-----w C:\Program Files\Poker Heaven
2008-07-17 11:31 --------- d-----w C:\Documents and Settings\Simonete\Application Data\OpenOffice.org2
2008-07-08 18:01 --------- d-----w C:\Program Files\Fichiers communs\Nero
2008-07-08 17:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-16 21:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-09 21:16 --------- d-----w C:\Documents and Settings\Simonete\Application Data\Command & Conquer(tm) 3  La Fureur de Kane
2008-05-31 13:48 --------- d-----w C:\Documents and Settings\Simonete\Application Data\HP
2008-05-28 22:14 --------- d-----w C:\Documents and Settings\Simonete\Application Data\HPAppData
2008-05-28 16:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\WEBREG
2008-05-28 16:32 --------- d-----w C:\Program Files\HP
2008-05-28 16:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-05-28 16:31 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\HPAppData
2008-05-28 16:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-05-28 16:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-05-28 16:28 --------- d-----w C:\Program Files\Hewlett-Packard
2008-05-28 16:28 --------- d-----w C:\Program Files\Fichiers communs\HP
2008-05-28 16:28 --------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard
2008-05-28 16:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-05-28 13:34 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-05-19 11:23 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-05-17 20:09 475,648 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\bis192.exe
2008-05-15 15:05 769,024 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
2008-05-09 10:55 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:55 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:55 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:55 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 13:39 16,862,208 ----a-w C:\WINDOWS\RTHDCPL.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 02:50 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 02:37 332,800 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 02:33 98,816 ----a-w C:\WINDOWS\system32\psbase.dll
2008-04-14 02:32 764,416 ----a-w C:\WINDOWS\system32\winntbbu.dll
2008-04-14 02:32 76,288 ----a-w C:\WINDOWS\system32\uniime.dll
2008-04-14 02:32 61,471 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 02:32 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
2008-04-14 02:32 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 02:07 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 02:07 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 02:06 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 02:04 93,184 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 02:03 81,920 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 02:02 50,688 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 02:00 572,416 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 01:59 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 01:58 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 01:58 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-14 01:57 70,144 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:43 9,728 ------w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 18:40 445,440 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 18:36 2,986,496 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 18:35 197,632 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:34 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-13 17:33 424,960 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-13 17:33 1,005,056 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2008-04-02 07:27 1,196,032 ----a-w C:\WINDOWS\RtlUpd.exe
2008-02-17 15:14 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-02 02:15 22,328 ----a-w C:\Documents and Settings\Simonete\Application Data\PnkBstrK.sys
2007-12-28 02:06 25,839,688 ----a-w C:\Program Files\wmp11-windowsxp-x86-FR-FR.exe
.

((((((((((((((((((((((((((((( snapshot@2008-07-31_11.06.37.67 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-31 08:52:35 53,432 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-07-31 10:58:39 53,432 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-07-31 08:52:35 64,490 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-07-31 10:58:39 64,490 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-07-31 08:52:35 381,018 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-07-31 10:58:39 381,018 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-07-31 08:52:35 446,328 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-07-31 10:58:39 446,328 ----a-w C:\WINDOWS\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-07-03 20:56 5724184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 15:54 21718312]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-17 13:18 68856]
"eMuleAutoStart"="D:\Program Files\eMule\emule.exe" [2008-05-11 13:19 5423104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 15:02 53248]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-15 12:03 8527872]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-15 12:03 81920]
"RivaTuner"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 20:05 2650112]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 12:51 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 12:52 602182]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 12:56 569413]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 07:03 221184]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 20:05 2650112]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 22:15 593920]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 17:29 2221352]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-05-28 09:34 570664]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 13:51 218376]
"nwiz"="nwiz.exe" [2007-11-15 12:03 1626112 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-07 15:39 16862208 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:33 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 04:33 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2002-09-24 13:43 73728 C:\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 D:\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-01-17 13:18 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
--a------ 2006-04-29 15:21 94208 C:\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SandraAgentSrv"=2 (0x2)
"ekrn"=2 (0x2)
"EhttpSrv"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Program Files\\eMule\\emule.exe"=
"C:\\SiSoftware Sandra Lite XII.SP2c\\RpcAgentSrv.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"C:\\Program Files\\THQ\\MX vs ATV Unleashed\\MXvsATV.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 St323dk;St323dk;C:\WINDOWS\system32\drivers\St323dk.sys [2002-10-13 21:24]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 18:56]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2008-04-14 04:34]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 15:58]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 03:13]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 15:58]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 15:58]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 15:58]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 15:58]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 15:58]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 15:58]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 15:58]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-06-30 16:32]
S4 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2008-04-22 18:23]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aade2d43-dbda-11dc-b706-0018de8eb661}]
\Shell\Auto\command - sxs.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-07-31 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 19:24:48
Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\DOCUME~1\Simonete\LOCALS~1\temp\RtkBtMnt.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-31 19:30:10 - machine was rebooted [Simonete]
ComboFix-quarantined-files.txt 2008-07-31 17:29:59
ComboFix2.txt 2008-07-31 09:07:26

Pre-Run: 8,655,712,256 octets libres
Post-Run: 8,689,422,336 octets libres

297 --- E O F --- 2008-07-09 19:03:16
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Musique pub Skoda IV
SkodaIV -
Duck -

16 réponses
M6 Replay désactiver le bloqueur de publicité
katydel88 -
Mathieu -

14 réponses
Cherche chanteur et titre chanson pub kinder noel 2023
Herme80 -
trekipat -

16 réponses