A L'AIDE TROJAN ET POP UP

jphil069 Messages postés 4 Statut Membre -  
papyber Messages postés 6430 Statut Contributeur sécurité -
Bonjour,
Ce qui m'arrive n'a rien d'extraordinaire au vu de ce que j'ai lu sur ce forum!
J'ai "chopé" Zlob Trojan ...et compagnie + scanner.vav-x-scanner.
Et tout en ayant téléchargé une version (donc vérolée) de Ad-Aware.
Donc... be aware!!!!!!!!!!!
J'ai "tout" essayé mais en vain pour éliminer ces saloperies (plusieurs spyware, redémarrage en mode sans échecs, scans avec anti-virus [Norton qui n'a rien détecté!], corrections avec RegCleaner et CCleaner, etc.....).
Rien n'y fait.
Au démarrage de Win XP, j'ai des messages d'erreur comme quoi il y a un problème dans l'adresse ......(plein de zéros) - à mon avis pb de chargement de windows - car par exemple quand je veux utiliser outlook express, je ne suis plus reconnu, idem pour me brancher sur ma messagerie à partir de mon FAI et quand j'utilise Internet Explorer, je ne peux plus être identifié car en plus on me dit que je suis mal configuré (ne peux recevoir des cookies) et plein de fenêtres de pub s'affichent malgré un anti-pop up (norton internet securities) et régulièrement NIS me dit qu'il bloque une attentive d'intrusion et une nouvelle page internet s'ouvre mais avec connexion refusée avec une adresse en chiffres seulement!...............

Voici les rapports de malwarebytes et Hijackthis.
Si qqu'un peut m'aider .................
Merci bcp à l'avance!
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1017
Windows 5.1.2600 Service Pack 3

10:54:15 03/08/2008
mbam-log-8-3-2008 (10-54-15).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 245308
Temps écoulé: 10 hour(s), 10 minute(s), 54 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 20
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 13

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\efcCUnLe.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\vrualdar.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\wvUoNGYr.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\clnqsz.dll (Trojan.Vundo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0f1bf5ab-5424-47a1-8479-0ca3272d118d} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f1bf5ab-5424-47a1-8479-0ca3272d118d} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62ffbf73-2200-40dc-82ee-a6a8815682ad} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{62ffbf73-2200-40dc-82ee-a6a8815682ad} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{39dc821c-fe03-415f-8f47-b50ada5d7d1a} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39dc821c-fe03-415f-8f47-b50ada5d7d1a} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvuongyr (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{4d25f920-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4d25f923-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d25f924-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\28cf998a (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{39dc821c-fe03-415f-8f47-b50ada5d7d1a} (Trojan.Vundo) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\efccunle -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\efccunle -> Delete on reboot.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\clnqsz.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\efcCUnLe.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\eLnUCcfe.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eLnUCcfe.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vrualdar.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\radlaurv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUoNGYr.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\0pop.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (Adware.MyWay) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hvfkaixs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkLFXrS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\XXXXX\Favoris\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.

Logfile of HijackThis v1.99.1
Scan saved at 23:11:19, on 02/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\M6 Video\M6video.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\rmctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\zeropop.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\sysdoc32.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Afficher Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [m6] C:\Program Files\M6 Video\M6video.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -lock
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [28cf998a] rundll32.exe "C:\WINDOWS\system32\vrualdar.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Startup: 0pop.lnk = C:\Program Files\zeropop.exe
O4 - Startup: Norton System Doctor.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://www.1-click.com/common/files/installer2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://www.msn.com/fr-fr/
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://www.gamespy.com
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} - https://secure.photobox.com/assets/aurigma/ImageUploader4.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: clnqsz.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
Configuration: Windows XP
Internet Explorer 6.0

11 réponses

  1. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    tu es infecté
    fais ceci

    Télécharge VundoFix.exe (par Atribune) sur ton Bureau
    http://www.atribune.org/ccount/click.php?id=4

    Le PC va être redémarré lors du passage de VundoFix, je te conseille donc de fermer et enregistrer tout ce que tu as en cours!

    Fais un double clic sur VundoFix.exe afin de le lancer
    Clique sur le bouton Scan for Vundo
    Lorsque l'analyse de ton PC est terminée, clique sur le bouton Fix Vundo
    Une invite te demandera si tu veux supprimer les fichiers, clique sur YES
    Après avoir cliqué sur Yes, le Bureau disparaîtra un moment lors de la suppression des fichiers
    Tu verras une invite qui t'annonce que ton PC va redémarrer
    Clique sur OK

    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage.
    Coche les fichiers à supprimer qui te sont proposés
    Clique sur Fix Vundo et laisse Vundofix redémarrer le PC
    Renouvelle l'opération si demandé.

    Copie/colle le contenu du rapport situé dans C:\VundoFix.txt (si XP est installé sur C:\ dans le cas contraire, il sera à la racine de ta partition système) ainsi qu'un nouveau rapport Hijack This dans ta prochaine réponse

    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    ***Si le lien ne fonctionne pas, essaie celui-ci :
    http://download.bleepingcomputer.com/andymanchesta/SDFix.exe ***

    Double clique sur SDFix.exe et choisis Install. L'outil sera extrait à la racine du lecteur système (généralement le C:\).
    Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
    · Redémarre ton ordinateur
    · Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (F5 sur certains PC), une pression par seconde.
    · A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    · Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    · Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
    · Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le script.
    · Appuie sur Y pour commencer le processus de nettoyage.
    · Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    · Appuie sur une touche pour redémarrer le PC.
    · Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    · Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    · Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    · Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    · Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum

    Télécharge ComboFix.exe (par sUBs) sur ton Bureau
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Tutoriel officiel de ComboFix, afin de l’utiliser correctement
    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    Désactive ton antivirus, antispyware, et Spybot-S&D (résident) durant l'utilisation de ComboFix. Merci. Tu le réactiveras ensuite, en fin de désinfection.
    Voir ici comment désactiver tes protections
    https://forum.pcastuces.com/default.asp
    Double clique sur ComboFix.exe (ComboFix)
    Tape 1 puis tape sur Entrée
    A noter: une fois que ComboFix est lancé, il ne faut pas cliquer dans la fenêtre de ComboFix car cela pourrait entraîner un plantage du programme.
    Il est recommandé de laisser l'outil analyser et nettoyer le PC sans utiliser quoi que ce soit d'autre...
    A la fin de l’analyse, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse
    Si le rapport n'apparaît pas, tu le trouves ici, à la racine de ton Système, en principe : C:\ComboFix.txt (C:\ComboFix)

    2
    1. jphil069 Messages postés 4 Statut Membre
       
      Merci, merci bcp.
      Je vais essayé de faire tout cela ce soir!
      Bonne journée.
      0
  2. XogoX Messages postés 278 Statut Membre 5
     
    Salut

    déjà,mets à jour ta version hijackthis de 1.99.1 ->>2.0.2

    Et après refait un scan hijackthis et colle le ici

    et on voit que tu es infecté par le trojan vundo et je te passe un site (très bien)pour l'enlever

    http://www.malekal.com/Trojan.vundo.php

    En espérant t'avoir aidé

    PS:c'est possible qu'il y ait d'autre infections,mais on attends ton scan hijackthis version 2.0.2
    0
  3. jphil069 Messages postés 4 Statut Membre
     
    Bonjour et merci pour cette réponse ultra rapide !
    Malheureusement, je n'ai pas pu charger la dernière version de Hijackthis (!!!!) - refus total du serveur!!! -
    Et de plus comme mon ordi refuse les cookies, je suis obligé de passer par un autre pour poster mes messages sur le forum (pratique!!). De sorte que je ne pourrai poursuivre cette "conversation" que......demain!
    Désolé, mais si qq'un peut me donner des tuyaux entre-temps, je suis preneur!
    A+ et merci encore
    0
  4. jphil069 Messages postés 4 Statut Membre
     
    Bonjour!!!!!!

    Voilà!
    J'ai fais les manip indiquées et voici les rapports.
    Apparemment tout semble s'être bien passé sauf que après VundoFix, Windows XP ne tenait plus le mode sans échec (plantage au bout de très peu de temps). Alors impossible de passer SDFix. J'ai donc utilisé ensuite ComboFix sans problème et après j'ai reessayé le mode SE et là plus de problème.
    Après une courte navig sur le net, je n'ai pas non plus été embêté par des pops up.
    Tout se serait-il arrangé?
    Merci à l'avance pour vos réponses.
    Cordialement.

    Voici les rapports :

    Logfile of HijackThis v1.99.1
    Scan saved at 19:27:50, on 05/08/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\M6 Video\M6video.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\WINDOWS\system32\rmctrl.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\PeerGuardian2\pg2.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\zeropop.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\XXXXX\Bureau\Logiciels Système\hijackthis\HijackThis.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\agent.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Afficher Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [m6] C:\Program Files\M6 Video\M6video.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -lock
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: 0pop.lnk = C:\Program Files\zeropop.exe
    O4 - Startup: Norton System Doctor.lnk = ?
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://www.1-click.com/common/files/installer2.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://www.msn.com/fr-fr/
    O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://www.gamespy.com
    O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fr/ImageUploader4.cab
    O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} - https://secure.photobox.com/assets/aurigma/ImageUploader4.cab
    O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - http://www.mypix.com/importer/ImageUploader4.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-05 22:27:19
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
    "khjeh"=hex:20,02,00,00,53,a0,9b,9f,1a,a9,40,28,7f,2a,00,02,e8,fa,03,86,fb,..
    "hj34z0"=hex:6c,97,ce,6c,d0,77,16,76,de,b7,14,f2,6f,3f,09,11,2d,ef,8e,61,d4,..
    "hj34z1"=hex:c1,97,ce,6c,a8,77,16,76,df,b7,15,f2,6e,3f,09,11,2d,ef,8e,61,a4,..
    "hj34z2"=hex:c1,97,ce,6c,a8,77,16,76,df,b7,15,f2,6e,3f,09,11,2d,ef,8e,61,a4,..
    "hj34z3"=hex:c1,97,ce,6c,a8,77,16,76,df,b7,15,f2,6e,3f,09,11,2d,ef,8e,61,a4,..
    "hj34z4"=hex:c1,97,ce,6c,a8,77,16,76,df,b7,15,f2,6e,3f,09,11,2d,ef,8e,61,a4,..
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41]
    "khjeh"=hex:20,02,00,00,fd,fa,71,90,f5,28,ac,5d,b4,d5,bd,d8,c7,0c,18,69,6e,..
    "hj34z0"=hex:a3,59,b5,02,11,c5,6f,b6,31,62,d0,0a,c6,d8,8c,c3,36,da,bc,e0,45,..
    "hj34z1"=hex:1a,59,b5,02,69,c5,6f,b6,30,62,d1,0a,c7,d8,8c,c3,36,da,bc,e0,55,..
    "hj34z2"=hex:1a,59,b5,02,69,c5,6f,b6,30,62,d1,0a,c7,d8,8c,c3,36,da,bc,e0,55,..
    "hj34z3"=hex:1a,59,b5,02,69,c5,6f,b6,30,62,d1,0a,c7,d8,8c,c3,36,da,bc,e0,55,..
    "hj34z4"=hex:1a,59,b5,02,69,c5,6f,b6,30,62,d1,0a,c7,d8,8c,c3,36,da,bc,e0,55,..
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40]

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
    "DisplayName"="Alcohol 120%"

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    [b]SDFix: Version 1.213 /b
    Run by XXXXXXX on 05/08/2008 at 22:15

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\SDFix

    [b]Checking Services /b:

    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting

    [b]Checking Files /b:

    Trojan Files Found:

    C:\Documents and Settings\XXXXX\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.xxxxxxxxx.com\settings.sol - Deleted

    Folder C:\Documents and Settings\ANDRIOT\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.xxxxxxxxxxxxx.com - Removed

    Removing Temp Files

    [b]ADS Check /b:

    [b]Final Check /b:

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-05 22:27:19
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
    "khjeh"=hex:20,02,00,00,53,a0,9b,9f,1a,a9,40,28,7f,2a,00,02,e8,fa,03,86,fb,..
    "hj34z0"=hex:6c,97,ce,6c,d0,77,16,76,de,b7,14,f2,6f,3f,09,11,2d,ef,8e,61,d4,..
    "hj34z1"=hex:c1,97,ce,6c,a8,77,16,76,df,b7,15,f2,6e,3f,09,11,2d,ef,8e,61,a4,..
    "hj34z2"=hex:c1,97,ce,6c,a8,77,16,76,df,b7,15,f2,6e,3f,09,11,2d,ef,8e,61,a4,..
    "hj34z3"=hex:c1,97,ce,6c,a8,77,16,76,df,b7,15,f2,6e,3f,09,11,2d,ef,8e,61,a4,..
    "hj34z4"=hex:c1,97,ce,6c,a8,77,16,76,df,b7,15,f2,6e,3f,09,11,2d,ef,8e,61,a4,..
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41]
    "khjeh"=hex:20,02,00,00,fd,fa,71,90,f5,28,ac,5d,b4,d5,bd,d8,c7,0c,18,69,6e,..
    "hj34z0"=hex:a3,59,b5,02,11,c5,6f,b6,31,62,d0,0a,c6,d8,8c,c3,36,da,bc,e0,45,..
    "hj34z1"=hex:1a,59,b5,02,69,c5,6f,b6,30,62,d1,0a,c7,d8,8c,c3,36,da,bc,e0,55,..
    "hj34z2"=hex:1a,59,b5,02,69,c5,6f,b6,30,62,d1,0a,c7,d8,8c,c3,36,da,bc,e0,55,..
    "hj34z3"=hex:1a,59,b5,02,69,c5,6f,b6,30,62,d1,0a,c7,d8,8c,c3,36,da,bc,e0,55,..
    "hj34z4"=hex:1a,59,b5,02,69,c5,6f,b6,30,62,d1,0a,c7,d8,8c,c3,36,da,bc,e0,55,..
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40]

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
    "DisplayName"="Alcohol 120%"

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    [b]Remaining Services /b:

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
    "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:*:Enabled:ActiveSync Application"
    "C:\\Program Files\\M6 Video\\M6video.exe"="C:\\Program Files\\M6 Video\\M6video.exe:*:Enabled:OneClick"
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Documents and Settings\\XXXXXXXXX\\Bureau\\Logiciels Internet\\utorrent.exe"="C:\\Documents and Settings\\XXXXXXXXXX\\Bureau\\Logiciels Internet\\utorrent.exe:*:Enabled:æTorrent"
    "C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"="C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.0"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"="C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe:*:Enabled:tvprunner"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    [b]Remaining Files /b:

    File Backups: - C:\SDFix\backups\backups.zip

    [b]Files with Hidden Attributes /b:

    Sun 27 Jul 2008 65,536 ..SH. --- "C:\Documents and Settings\XXXXXXXXXXX "
    Fri 11 Nov 2005 4,126,240 ...H. --- "C:\Program Files\Picasa2\setup.exe"
    Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
    Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
    Mon 7 Jul 2008 2,156,368 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    Sun 4 Mar 2007 210,432 A..H. --- "C:\SauvUSBDISKPRO\XXX\~WRL2606.tmp"
    Tue 27 Dec 2005 56 A.SHR --- "C:\WINDOWS\system32\7F29E3841A.sys"
    Mon 3 Oct 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Mon 16 Apr 2007 893 A..H. --- "C:\Program Files\Outlook Express\v6cxtVTEGdDgA2u\XiRTH9JG.tmp"
    Fri 27 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Wed 8 Aug 2007 400 A..H. --- "C:\Program Files\Fichiers communs\Symantec Shared\COH\COH32LU.reg"
    Wed 8 Aug 2007 403 A..H. --- "C:\Program Files\Fichiers communs\Symantec Shared\COH\COHDLU.reg"
    Thu 13 Jul 2006 839 A..H. --- "C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy\v6cxtVTEGdDgA2u\XiRTH9JG.tmp"
    Wed 4 Oct 2006 3,072,000 A..H. --- "C:\Documents and Settings\XXXXXXX\Application Data\U3\temp\Launchpad Removal.exe"
    Wed 24 Sep 2003 60,928 A..H. --- "C:\SauvUSBDISKPRO\XXX\XXXXXXX\1. XXXXXXX 230\KASTNER - CAILLE\~WRL2731.tmp"
    Wed 19 Nov 2003 60,416 A..H. --- "C:\SauvUSBDISKPRO\XXXXX\XXXXXX\4. XXXXX XXXXXX\XXXXXXX\~WRL0527.tmp"
    Tue 18 Nov 2003 58,880 A..H. --- "C:\SauvUSBDISKPRO\XXX\XXXXX\4. XXXX XXXXXXX\XXXXXX\~WRL3135.tmp"
    Wed 24 Sep 2003 60,928 A..H. --- "C:\Mes documents\XXXXX\XXXXXX\XXXXX\1. XXXXXXXXX230\XXXXXX\~WRL2731.tmp"
    Wed 19 Nov 2003 60,416 A..H. --- "C:\Mes documents\XXXXXX\XXXXXXX\XXXXXX\4. XXXXXXXXXXXXXX\~WRL0527.tmp"
    Tue 18 Nov 2003 58,880 A..H. --- "C:\Mes documents\XXXXXXX\XXXXXXXX\XXXXXXXX\4. XXXXXX XXXXXX\~WRL3135.tmp"
    Wed 24 Sep 2003 60,928 A..H. --- "C:\SauvUSBDISKPRO\XXXXX\XXXXX\XXXXXX\1.XXXX XXXXXXX\XXXXX XXXXXXXX\~WRL2731.tmp"
    Wed 19 Nov 2003 60,416 A..H. --- "C:\SauvUSBDISKPRO\XXXXXX\XXXXXXX\XXXXX\4. XXXX XXXXXXXX\XXXXXX XXXX\~WRL0527.tmp"
    Tue 18 Nov 2003 58,880 A..H. --- "C:\SauvUSBDISKPRO\XXXXX\XXXXXXXX\XXX\4. XXXXXXX\XXXXXX XXXXXXX\~WRL3135.tmp"

    [b]Finished!/b
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    il me faudrait le rapport combofix pour vérification...
    0
  7. jphil069
     
    bonsoir,
    Voici le rapport :

    ComboFix 08-08-04.07 - XXXXXXX 2008-08-06 20:01:42.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.470 [GMT 2:00]
    Endroit: C:\Documents and Settings\XXXXXX\Bureau\Logiciels Système\ComboFix.exe

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-07-06 to 2008-08-06 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-05 22:13 . 2008-08-05 22:13 <REP> d-------- C:\WINDOWS\ERUNT
    2008-08-05 22:13 . 2008-08-05 22:13 579,584 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
    2008-08-05 20:56 . 2008-08-05 20:56 99,712 --a------ C:\WINDOWS\system32\nsfmdvyj.dll
    2008-08-05 20:56 . 2008-08-05 22:30 474 ---hs---- C:\WINDOWS\system32\jyvdmfsn.ini
    2008-08-05 19:55 . 2008-08-05 19:55 294 ---hs---- C:\WINDOWS\system32\jgmerrkn.ini
    2008-08-05 19:54 . 2008-08-05 19:54 99,712 --a------ C:\WINDOWS\system32\nkrremgj.dll
    2008-08-05 19:10 . 2008-08-05 19:10 <REP> d-------- C:\VundoFix Backups
    2008-08-04 19:41 . 2008-08-04 19:41 294 ---hs---- C:\WINDOWS\system32\muvsljdy.ini
    2008-08-03 18:37 . 2008-08-03 18:37 294 ---hs---- C:\WINDOWS\system32\apcorryc.ini
    2008-08-03 11:54 . 2008-08-03 11:54 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-08-03 11:54 . 2008-08-03 12:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-08-02 23:20 . 2008-08-02 23:20 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-08-02 23:20 . 2008-08-02 23:20 <REP> d-------- C:\Documents and Settings\XXXXXXXXXXApplication Data\Malwarebytes
    2008-08-02 23:20 . 2008-08-02 23:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-02 23:20 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-08-02 23:20 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-08-02 16:36 . 2000-12-08 21:59 122,880 --a------ C:\WINDOWS\UnGins.exe
    2008-08-01 18:34 . 2008-08-02 17:01 886 ---hs---- C:\WINDOWS\system32\anajaqhw.ini
    2008-07-31 23:03 . 2008-08-01 18:32 474 ---hs---- C:\WINDOWS\system32\pbbfbkda.ini
    2008-07-31 21:21 . 2008-07-31 21:58 354 ---hs---- C:\WINDOWS\system32\scvlpexk.ini
    2008-07-27 10:14 . 2008-07-27 14:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-07-27 10:12 . 2008-07-27 10:12 65,536 ---hs---- C:\Documents and Settings\XXXXXXXXXX\XXXXXXXXX

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-06 18:00 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-08-06 17:55 --------- d-----w C:\Program Files\Wanadoo
    2008-08-05 20:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2008-08-03 11:58 --------- d-----w C:\Program Files\eMule
    2008-08-02 19:40 --------- d-----w C:\Program Files\Google
    2008-08-02 14:36 1,599 ----a-w C:\Program Files\INSTALL.LOG
    2008-08-01 23:37 --------- d-----w C:\Program Files\Free FLV Converter
    2008-08-01 22:14 --------- d-----w C:\Program Files\PeerGuardian2
    2008-07-30 15:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
    2008-07-30 15:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
    2008-07-30 15:28 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
    2008-07-28 10:12 --------- d-----w C:\Program Files\Norton SystemWorks
    2008-07-27 17:23 --------- d-----w C:\Documents and Settings\ANDRIOT\Application Data\Skype
    2008-07-27 10:30 --------- d-----w C:\Documents and Settings\ANDRIOT\Application Data\uTorrent
    2008-07-27 10:23 --------- d-----w C:\Documents and Settings\ANDRIOT\Application Data\Lavasoft
    2008-07-27 09:38 --------- d-----w C:\Program Files\24-FR
    2008-07-23 11:08 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
    2008-07-23 11:08 --------- d-----w C:\Program Files\1&1 Internet AG
    2008-07-16 16:59 --------- d-----w C:\Program Files\Avanquest update
    2008-07-15 08:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2008-07-13 18:10 --------- d-----w C:\Program Files\Fichiers communs\Nikon
    2008-07-13 18:07 0 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
    2008-07-12 02:52 233,472 ----a-w C:\WINDOWS\system32\TubeFinder.exe
    2008-07-09 19:02 --------- d-----w C:\Documents and Settings\XXXXXXXXXX\Application Data\U3
    2008-07-02 21:41 --------- d-----w C:\Program Files\Canon PhotoStitch
    2008-06-28 16:17 381,724 ----a-w C:\Documents and Settings\XXXXXX\Application Data\mdbu.bin
    2008-06-24 22:33 --------- d-----w C:\Documents and Settings\XXXXXXX\Application Data\XXXXXXX
    2008-06-21 16:56 --------- d-----w C:\Program Files\Fnac
    2008-06-20 18:39 --------- d-----w C:\Program Files\LETMIN
    2008-06-20 18:39 --------- d-----w C:\Program Files\Icone
    2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-13 15:52 --------- d-----w C:\Program Files\Microsoft ActiveSync
    2008-06-13 12:45 579,464 ----a-w C:\WINDOWS\system32\SymNeti.dll
    2008-06-13 12:45 207,240 ----a-w C:\WINDOWS\system32\SymRedir.dll
    2008-06-13 12:14 31,280 ----a-w C:\WINDOWS\system32\drivers\SymIM.sys
    2008-06-13 12:14 13,093 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
    2008-06-13 12:14 1,611 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
    2008-06-13 12:13 96,432 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
    2008-06-13 12:13 41,008 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
    2008-06-13 12:13 38,576 ----a-w C:\WINDOWS\system32\drivers\symids.sys
    2008-06-13 12:13 37,424 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
    2008-06-13 12:13 22,320 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
    2008-06-13 12:13 184,240 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
    2008-06-13 12:13 13,616 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
    2008-06-07 10:35 --------- d-----w C:\Program Files\iTunes
    2008-06-07 10:35 --------- d-----w C:\Program Files\iPod
    2008-06-07 10:35 --------- d-----w C:\Program Files\Bonjour
    2008-06-03 09:48 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
    2008-05-09 10:55 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
    2008-05-09 10:55 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
    2008-05-09 10:55 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
    2008-05-09 10:55 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
    2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
    2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
    2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-04-16 22:42 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLeh.DAT
    2006-11-17 18:27 2,532,922 ----a-w C:\WINDOWS\inf\SET101D.tmp
    2006-01-01 17:08 5,984 ----a-w C:\Documents and Settings\ANDRIOT\Application Data\wklnhst.dat
    2004-08-05 11:00 1,568,358 ----a-w C:\WINDOWS\inf\SET1090.tmp
    2003-08-19 00:04 1,024,512 ----a-w C:\Program Files\zeropop.exe
    2005-12-27 21:30 56 --sha-r C:\WINDOWS\system32\7F29E3841A.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-08-05_22.10.41.00 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-08-03 02:05:39 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
    + 2008-08-05 20:13:04 14,696,448 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
    + 2008-08-05 20:13:04 241,664 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
    + 2008-08-03 02:05:39 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
    + 2008-08-05 20:13:03 14,696,448 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
    + 2008-08-05 20:13:03 241,664 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-28 16:54 68856]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 18:20 20058152]
    "PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 19:40 1421824]
    "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-07 12:55 1871872]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 15:44 196608]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 16:18 405583]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 17:19 360448]
    "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 10:42 202088]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UVS10 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-07 01:52 36864]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-11-12 00:10 4583424]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "m6"="C:\Program Files\M6 Video\M6video.exe" [2007-07-24 11:13 1444352]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32 221184]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 16:14 217088]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 16:24 458752]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 09:50 139264]
    "EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 15:09 102400]
    "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 03:10 409600]
    "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 02:01 86016]
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
    "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
    "CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 11:43 57344]
    "CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 02:00 45056]
    "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-01-31 14:15 51048]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-08-28 23:27 185632]
    "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 22:53 714608]
    "Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 18:49 50688]
    "RemoteControl"="C:\WINDOWS\system32\rmctrl.exe" [2000-10-16 10:37 32768]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
    "nwiz"="nwiz.exe" [2005-10-10 21:49 1519616 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="NvMCTray.dll" [2004-11-12 00:10 86016 C:\WINDOWS\system32\nvmctray.dll]
    "CTHelper"="CTHELPER.EXE" [2004-03-11 16:50 28672 C:\WINDOWS\system32\CTHELPER.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:33 15360]

    C:\Documents and Settings\XXXXXXX\Menu D‚marrer\Programmes\D‚marrage\
    0pop.lnk - C:\Program Files\zeropop.exe [2003-08-19 02:04:14 1024512]
    Norton System Doctor.lnk - C:\Program Files\Norton SystemWorks\Norton Utilities\sysdoc32.exe [2005-11-30 17:23:44 83680]

    C:\Documents and Settings\XXXXXXXXX\Menu D‚marrer\Programmes\D‚marrage\
    0pop.lnk - C:\Program Files\zeropop.exe [2003-08-19 02:04:14 1024512]
    Norton System Doctor.lnk - C:\Program Files\Norton SystemWorks\Norton Utilities\sysdoc32.exe [2005-11-30 17:23:44 83680]

    C:\Documents and Settings\XXXXXXX\Menu D‚marrer\Programmes\D‚marrage\
    0pop.lnk - C:\Program Files\zeropop.exe [2003-08-19 02:04:14 1024512]
    Norton System Doctor.lnk - C:\Program Files\Norton SystemWorks\Norton Utilities\sysdoc32.exe [2005-11-30 17:23:44 83680]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoViewOnDrive"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.DIV3"= DivXc32.dll
    "vidc.DIV4"= DivXc32f.dll
    "MSACM.CEGSM"= mobilev.acm
    "VIDC.X264"= x264vfw.dll
    "VIDC.3iv2"= 3ivxVfWCodec.dll
    "VIDC.HFYU"= huffyuv.dll
    "vidc.i263"= i263_32.drv
    "VIDC.VP31"= vp31vfw.dll
    "VIDC.MPG4"= msmpeg4.dll
    "VIDC.MP42"= msmpeg4.dll
    "VIDC.MP43"= msmpeg4.dll
    "msacm.l3fhg"= mp3fhg.acm
    "msacm.divxa32"= divxa32.acm
    "msacm.imc"= imc32.acm
    "msacm.MPEGacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm
    "msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
    "msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winap78.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winbw08.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winem74.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winor65.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winti72.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwg34.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
    "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
    "C:\\Program Files\\M6 Video\\M6video.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Documents and Settings\\XXXXXXXX\\Bureau\\Logiciels Internet\\utorrent.exe"=
    "C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-18 13:43]
    R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [2008-01-31 14:15]
    R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-18 13:44]
    S0 Winbw08;Winbw08;C:\WINDOWS\system32\Drivers\Winbw08.sys []
    S0 Winor65;Winor65;C:\WINDOWS\system32\Drivers\Winor65.sys []
    S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 17:42]
    S3 papycpu;papycpu;C:\WINDOWS\system32\drivers\papycpu.sys [1998-09-11 11:27]
    S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2005-01-31 12:13]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4331d970-db01-11db-829b-00123f6c5d86}]
    \Shell\AutoRun\command - I:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3db9665-e917-11db-82a1-00123f6c5d86}]
    \Shell\AutoRun\command - H:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{baa125a4-a0d4-11dc-8301-00123f6c5d86}]
    \Shell\AutoRun\command - T:\InstallTomTomHOME.exe

    *Newly Created Service* - COMHOST
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

    2008-07-24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

    2008-08-04 C:\WINDOWS\Tasks\Norton Internet Security - Effectuer une analyse complète du système - XXXXXXXX.job
    - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 19:19]

    2008-07-28 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job
    - C:\Program Files\Norton SystemWorks\OBC.exe [2005-12-01 14:27]

    2008-08-05 C:\WINDOWS\Tasks\Symantec Drmc.job
    - C:\Program Files\Fichiers communs\Symantec Shared\SymDrmc.exe [2005-10-26 19:48]
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{39DC821C-FE03-415F-8F47-B50ADA5D7D1A} - (no file)
    BHO-{5C95CA56-F0B6-42CF-A4FB-7E90C25552F3} - (no file)
    BHO-{9DB52845-8972-463D-AAFA-21DDF38BE89C} - (no file)
    BHO-{BD6E8F2F-2C8A-4C1E-98CA-D82B7494AED6} - (no file)
    Notify-wvUoNGYr - (no file)

    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    R0 -: HKCU-Main,Start Page = hxxp://www.orange.fr/
    R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
    O9 -: { - C:\Program Files\Messenger\msmsgs.exe
    O18 -: Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    O18 -: Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    O18 -: Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll
    O18 -: WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\cenetflt.dll
    O18 -: WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\cenetflt.dll
    O18 -: WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\cenetflt.dll
    O18 -: WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\cenetflt.dll
    O18 -: WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - C:\Program Files\Microsoft ActiveSync\cenetflt.dll
    O18 -: WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - C:\Program Files\Microsoft ActiveSync\cenetflt.dll

    O16 -: {09CC593B-E8A9-4491-927D-A3E33534DDD4} - hxxp://www.1-click.com/common/files/installer2.cab
    C:\WINDOWS\Downloaded Program Files\installer2.dll

    O16 -: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe

    O16 -: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} - hxxp://www.extrafilm.fr/ImageUploader4.cab
    C:\WINDOWS\Downloaded Program Files\ImageUploader4.inf
    C:\WINDOWS\system32\unicows.dll
    C:\WINDOWS\Downloaded Program Files\ImageUploader4.ocx

    O16 -: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} - hxxp://www.photoways.com/assets/aurigma/ImageUploader4.cab
    C:\WINDOWS\Downloaded Program Files\ImageUploader4.inf
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ImageUploader4.ocx
    C:\WINDOWS\system32\unicows.dll

    O16 -: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - hxxp://www.XXXXX.fr/download/cfweb_www.XXXXXXXX.fr-download_instmodule.exe

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-06 20:04:20
    Windows 5.1.2600 Service Pack 3 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs a chargé sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\WINDOWS\system32\nview.dll
    .
    Temps d'accomplissement: 2008-08-06 20:05:42
    ComboFix-quarantined-files.txt 2008-08-06 18:05:27
    ComboFix2.txt 2008-08-05 20:11:30

    Pre-Run: 295,385,628,672 octets libres
    Post-Run: 295,361,847,296 octets libres

    309 --- E O F --- 2008-07-27 10:33:41
    0
  8. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    va sur virus total
    https://www.virustotal.com/gui/
    et fais examiner ces fichiers
    C:\WINDOWS\system32\7F29E3841A.sys
    C:\WINDOWS\system32\Drivers\Winbw08.sys
    C:\WINDOWS\system32\Drivers\Winor65.sys
    poste les rapports obtenus
    0
  9. jphil069
     
    MERCI ENCORE!

    Voici le rapport pour le premier fichier.
    Par contre, rien pour les autres. Impossibles à trouver malgré recherche aprofondie!!!!!!

    C:\WINDOWS\system32\7F29E3841A.sys

    Fichier 7F29E3841A.sys reçu le 2008.08.06 23:10:33 (CET)
    Situation actuelle: terminé
    Résultat: 0/36 (0%)
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.8.7.0 2008.08.06 -
    AntiVir 7.8.1.19 2008.08.06 -
    Authentium 5.1.0.4 2008.08.05 -
    Avast 4.8.1195.0 2008.08.06 -
    AVG 8.0.0.156 2008.08.06 -
    BitDefender 7.2 2008.08.06 -
    CAT-QuickHeal 9.50 2008.08.06 -
    ClamAV 0.93.1 2008.08.06 -
    DrWeb 4.44.0.09170 2008.08.06 -
    eSafe 7.0.17.0 2008.08.06 -
    eTrust-Vet 31.6.6015 2008.08.06 -
    Ewido 4.0 2008.08.06 -
    F-Prot 4.4.4.56 2008.08.06 -
    F-Secure 7.60.13501.0 2008.08.06 -
    Fortinet 3.14.0.0 2008.08.06 -
    GData 2.0.7306.1023 2008.08.06 -
    Ikarus T3.1.1.34.0 2008.08.06 -
    K7AntiVirus 7.10.405 2008.08.06 -
    Kaspersky 7.0.0.125 2008.08.06 -
    McAfee 5355 2008.08.06 -
    Microsoft 1.3807 2008.08.06 -
    NOD32v2 3333 2008.08.06 -
    Norman 5.80.02 2008.08.06 -
    Panda 9.0.0.4 2008.08.06 -
    PCTools 4.4.2.0 2008.08.06 -
    Prevx1 V2 2008.08.06 -
    Rising 20.56.22.00 2008.08.06 -
    Sophos 4.31.0 2008.08.06 -
    Sunbelt 3.1.1537.1 2008.08.06 -
    Symantec 10 2008.08.06 -
    TheHacker 6.2.96.393 2008.08.04 -
    TrendMicro 8.700.0.1004 2008.08.06 -
    VBA32 3.12.8.2 2008.08.06 -
    ViRobot 2008.8.6.1326 2008.08.06 -
    VirusBuster 4.5.11.0 2008.08.06 -
    Webwasher-Gateway 6.6.2 2008.08.06 -
    Information additionnelle
    File size: 56 bytes
    MD5...: 046f5256e4053f4dd064712ca3778c43
    SHA1..: ea074dd8fb56e21cc79898170feb3d0e01778852
    SHA256: 44ef1d440fb6122f655dbd278fa8f722357b66dba5abb906c86bda34f2d1995a
    SHA512: 246f92f9db6dc1a2dc375ad75a023e14cc13779c87f4a09863a12823da6351ec
    d88d055792550b0a5c336498625639d6ca2ef92779c1ff8e78147855de7eeb81
    PEiD..: -
    PEInfo: -

    C:\WINDOWS\system32\Drivers\Winbw08.sys

    C:\WINDOWS\system32\Drivers\Winor65.sys
    0
  10. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    Rappel : une fois que ComboFix est lancé, il ne faut pas cliquer dans la fenêtre de ComboFix car cela pourrait entraîner un plantage du programme.
    Il est recommandé de laisser l'outil analyser et nettoyer le PC sans utiliser quoi que ce soit d'autre...
    Sélectionne le texte suivant (Ctrl+A):
    Driver::
    Winbw08
    Winor65
    File::
    C:\WINDOWS\Downloaded Program Files\installer2.dll
    C:\WINDOWS\system32\nsfmdvyj.dll
    C:\WINDOWS\system32\jyvdmfsn.ini
    C:\WINDOWS\system32\jgmerrkn.ini
    C:\WINDOWS\system32\nkrremgj.dll
    C:\WINDOWS\system32\muvsljdy.ini
    C:\WINDOWS\system32\apcorryc.ini
    C:\WINDOWS\system32\anajaqhw.ini
    C:\WINDOWS\system32\pbbfbkda.ini
    C:\WINDOWS\system32\scvlpexk.ini
    C:\WINDOWS\inf\SET101D.tmp
    C:\WINDOWS\inf\SET1090.tmp
    C:\WINDOWS\system32\Drivers\Winbw08.sys
    C:\WINDOWS\system32\Drivers\Winor65.sys

    Copie le texte sélectionné (CTRL+C).
    Ouvre le Bloc-notes (Démarrer/Tous les programmes/Accessoires/Bloc-notes).
    Colle le texte copié dans ce Bloc-notes (CTRL+V).
    Sauvegarde ce fichier sur ton Bureau sous le nom de CFScript.txt (CFScript)
    http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
    Comme l'image le montre, fait glisser CFScript.txt sur ComboFix.exe(ComboFix)
    Une fenêtre à fond bleu va s'ouvrir: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
    Laisse ComboFix travailler
    Patiente le temps de l'analyse. Le Bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le nettoyage n'est pas terminé.
    Un rapport va s'afficher: poste son contenu.
    Si le fichier ne s'ouvre pas, tu le trouves ici, à la racine de ton Système, en principe : C:\ComboFix.txt (C:\ComboFix)
    0
  11. jphil069
     
    ComboFix 08-08-04.07 - xxxxxxx 2008-08-07 16:17:33.4 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.494 [GMT 2:00]
    Endroit: C:\Documents and Settings\xxxxxxx\Bureau\Logiciels Système\ComboFix.exe
    Command switches used :: C:\Documents and Settings\ANDRIOT\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

    FILE ::
    C:\WINDOWS\Downloaded Program Files\installer2.dll
    C:\WINDOWS\inf\SET101D.tmp
    C:\WINDOWS\inf\SET1090.tmp
    C:\WINDOWS\system32\anajaqhw.ini
    C:\WINDOWS\system32\apcorryc.ini
    C:\WINDOWS\system32\Drivers\Winbw08.sys
    C:\WINDOWS\system32\Drivers\Winor65.sys
    C:\WINDOWS\system32\jgmerrkn.ini
    C:\WINDOWS\system32\jyvdmfsn.ini
    C:\WINDOWS\system32\muvsljdy.ini
    C:\WINDOWS\system32\nkrremgj.dll
    C:\WINDOWS\system32\nsfmdvyj.dll
    C:\WINDOWS\system32\pbbfbkda.ini
    C:\WINDOWS\system32\scvlpexk.ini
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\Downloaded Program Files\installer2.dll
    C:\WINDOWS\inf\SET101D.tmp
    C:\WINDOWS\inf\SET1090.tmp
    C:\WINDOWS\system32\anajaqhw.ini
    C:\WINDOWS\system32\apcorryc.ini
    C:\WINDOWS\system32\jgmerrkn.ini
    C:\WINDOWS\system32\jyvdmfsn.ini
    C:\WINDOWS\system32\muvsljdy.ini
    C:\WINDOWS\system32\nkrremgj.dll
    C:\WINDOWS\system32\nsfmdvyj.dll
    C:\WINDOWS\system32\pbbfbkda.ini
    C:\WINDOWS\system32\scvlpexk.ini

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_Winbw08
    -------\Service_Winor65

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-07 to 2008-08-07 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-05 22:13 . 2008-08-05 22:13 <REP> d-------- C:\WINDOWS\ERUNT
    2008-08-05 22:13 . 2008-08-05 22:13 579,584 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
    2008-08-05 19:10 . 2008-08-05 19:10 <REP> d-------- C:\VundoFix Backups
    2008-08-03 11:54 . 2008-08-03 11:54 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-08-03 11:54 . 2008-08-03 12:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-08-02 23:20 . 2008-08-02 23:20 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-08-02 23:20 . 2008-08-02 23:20 <REP> d-------- C:\Documents and Settings\xxxxxxx\Application Data\Malwarebytes
    2008-08-02 23:20 . 2008-08-02 23:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-02 23:20 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-08-02 23:20 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-08-02 16:36 . 2000-12-08 21:59 122,880 --a------ C:\WINDOWS\UnGins.exe
    2008-07-27 10:14 . 2008-07-27 14:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-07-27 10:12 . 2008-07-27 10:12 65,536 ---hs---- C:\Documents and Settings\xxxxxxx\ThatShit.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-07 16:22 --------- d-----w C:\Program Files\Wanadoo
    2008-08-07 14:12 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-08-07 14:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2008-08-03 11:58 --------- d-----w C:\Program Files\eMule
    2008-08-02 19:40 --------- d-----w C:\Program Files\Google
    2008-08-02 14:36 1,599 ----a-w C:\Program Files\INSTALL.LOG
    2008-08-01 23:37 --------- d-----w C:\Program Files\Free FLV Converter
    2008-08-01 22:14 --------- d-----w C:\Program Files\PeerGuardian2
    2008-07-30 15:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
    2008-07-30 15:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
    2008-07-30 15:28 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
    2008-07-28 10:12 --------- d-----w C:\Program Files\Norton SystemWorks
    2008-07-27 17:23 --------- d-----w C:\Documents and Settings\xxxxxxx\Application Data\Skype
    2008-07-27 10:30 --------- d-----w C:\Documents and Settings\xxxxxxx\Application Data\uTorrent
    2008-07-27 10:23 --------- d-----w C:\Documents and Settings\xxxxxxx\Application Data\Lavasoft
    2008-07-27 09:38 --------- d-----w C:\Program Files\24-FR
    2008-07-23 11:08 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
    2008-07-23 11:08 --------- d-----w C:\Program Files\1&1 Internet AG
    2008-07-16 16:59 --------- d-----w C:\Program Files\Avanquest update
    2008-07-15 08:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2008-07-13 18:10 --------- d-----w C:\Program Files\Fichiers communs\Nikon
    2008-07-13 18:07 0 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
    2008-07-12 02:52 233,472 ----a-w C:\WINDOWS\system32\TubeFinder.exe
    2008-07-09 19:02 --------- d-----w C:\Documents and Settings\xxxxxxx\Application Data\U3
    2008-07-02 21:41 --------- d-----w C:\Program Files\Canon PhotoStitch
    2008-06-28 16:17 381,724 ----a-w C:\Documents and Settings\xxxxxxx\Application Data\mdbu.bin
    2008-06-24 22:33 --------- d-----w C:\Documents and Settings\xxxxxxx\Application Data\CamfrogWEB
    2008-06-21 16:56 --------- d-----w C:\Program Files\Fnac
    2008-06-20 18:39 --------- d-----w C:\Program Files\LETMIN
    2008-06-20 18:39 --------- d-----w C:\Program Files\Icone
    2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-13 15:52 --------- d-----w C:\Program Files\Microsoft ActiveSync
    2008-06-13 12:45 579,464 ----a-w C:\WINDOWS\system32\SymNeti.dll
    2008-06-13 12:45 207,240 ----a-w C:\WINDOWS\system32\SymRedir.dll
    2008-06-13 12:14 31,280 ----a-w C:\WINDOWS\system32\drivers\SymIM.sys
    2008-06-13 12:14 13,093 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
    2008-06-13 12:14 1,611 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
    2008-06-13 12:13 96,432 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
    2008-06-13 12:13 41,008 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
    2008-06-13 12:13 38,576 ----a-w C:\WINDOWS\system32\drivers\symids.sys
    2008-06-13 12:13 37,424 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
    2008-06-13 12:13 22,320 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
    2008-06-13 12:13 184,240 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
    2008-06-13 12:13 13,616 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
    2008-06-07 10:35 --------- d-----w C:\Program Files\iTunes
    2008-06-07 10:35 --------- d-----w C:\Program Files\iPod
    2008-06-07 10:35 --------- d-----w C:\Program Files\Bonjour
    2008-06-03 09:48 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
    2008-05-09 10:55 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
    2008-05-09 10:55 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
    2008-05-09 10:55 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
    2008-05-09 10:55 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
    2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
    2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
    2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-04-16 22:42 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLeh.DAT
    2006-01-01 17:08 5,984 ----a-w C:\Documents and Settings\xxxxxxx\Application Data\wklnhst.dat
    2003-08-19 00:04 1,024,512 ----a-w C:\Program Files\zeropop.exe
    2005-12-27 21:30 56 --sha-r C:\WINDOWS\system32\7F29E3841A.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-08-05_22.10.41.00 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-08-03 02:05:39 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
    + 2008-08-05 20:13:04 14,696,448 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
    + 2008-08-05 20:13:04 241,664 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
    + 2008-08-03 02:05:39 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
    + 2008-08-05 20:13:03 14,696,448 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
    + 2008-08-05 20:13:03 241,664 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-28 16:54 68856]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 18:20 20058152]
    "PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 19:40 1421824]
    "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-07 12:55 1871872]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 15:44 196608]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 16:18 405583]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 17:19 360448]
    "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 10:42 202088]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UVS10 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-07 01:52 36864]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-11-12 00:10 4583424]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "m6"="C:\Program Files\M6 Video\M6video.exe" [2007-07-24 11:13 1444352]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32 221184]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 16:14 217088]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 16:24 458752]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 09:50 139264]
    "EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 15:09 102400]
    "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 03:10 409600]
    "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 02:01 86016]
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
    "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
    "CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 11:43 57344]
    "CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 02:00 45056]
    "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-01-31 14:15 51048]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-08-28 23:27 185632]
    "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 22:53 714608]
    "Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 18:49 50688]
    "RemoteControl"="C:\WINDOWS\system32\rmctrl.exe" [2000-10-16 10:37 32768]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
    "nwiz"="nwiz.exe" [2005-10-10 21:49 1519616 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="NvMCTray.dll" [2004-11-12 00:10 86016 C:\WINDOWS\system32\nvmctray.dll]
    "CTHelper"="CTHELPER.EXE" [2004-03-11 16:50 28672 C:\WINDOWS\system32\CTHELPER.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:33 15360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoViewOnDrive"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUoNGYr]
    [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.DIV3"= DivXc32.dll
    "vidc.DIV4"= DivXc32f.dll
    "MSACM.CEGSM"= mobilev.acm
    "VIDC.X264"= x264vfw.dll
    "VIDC.3iv2"= 3ivxVfWCodec.dll
    "VIDC.HFYU"= huffyuv.dll
    "vidc.i263"= i263_32.drv
    "VIDC.VP31"= vp31vfw.dll
    "VIDC.MPG4"= msmpeg4.dll
    "VIDC.MP42"= msmpeg4.dll
    "VIDC.MP43"= msmpeg4.dll
    "msacm.l3fhg"= mp3fhg.acm
    "msacm.divxa32"= divxa32.acm
    "msacm.imc"= imc32.acm
    "msacm.MPEGacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm
    "msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
    "msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winap78.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winbw08.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winem74.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winor65.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winti72.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwg34.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
    "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
    "C:\\Program Files\\M6 Video\\M6video.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Documents and Settings\\xxxxxxx\\Bureau\\Logiciels Internet\\utorrent.exe"=
    "C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-18 13:43]
    R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [2008-01-31 14:15]
    R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-18 13:44]
    S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 17:42]
    S3 papycpu;papycpu;C:\WINDOWS\system32\drivers\papycpu.sys [1998-09-11 11:27]
    S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2005-01-31 12:13]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4331d970-db01-11db-829b-00123f6c5d86}]
    \Shell\AutoRun\command - I:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3db9665-e917-11db-82a1-00123f6c5d86}]
    \Shell\AutoRun\command - H:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{baa125a4-a0d4-11dc-8301-00123f6c5d86}]
    \Shell\AutoRun\command - T:\InstallTomTomHOME.exe

    *Newly Created Service* - COMHOST
    *Newly Created Service* - PGFILTER
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

    2008-08-07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

    2008-07-28 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job
    - C:\Program Files\Norton SystemWorks\OBC.exe [2005-12-01 14:27]

    2008-08-06 C:\WINDOWS\Tasks\Symantec Drmc.job
    - C:\Program Files\Fichiers communs\Symantec Shared\SymDrmc.exe [2005-10-26 19:48]
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{39DC821C-FE03-415F-8F47-B50ADA5D7D1A} - (no file)
    BHO-{5C95CA56-F0B6-42CF-A4FB-7E90C25552F3} - (no file)
    BHO-{9DB52845-8972-463D-AAFA-21DDF38BE89C} - (no file)
    BHO-{BD6E8F2F-2C8A-4C1E-98CA-D82B7494AED6} - (no file)

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-07 18:22:37
    Windows 5.1.2600 Service Pack 3 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s:

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\WINDOWS\system32\nview.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTSVCCDA.EXE
    C:\WINDOWS\system32\FTRTSVC.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\zeropop.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\system32\ALERTM~1\ALERTM~1.EXE
    C:\Program Files\Logitech\Video\FxSvr2.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-07 18:25:24 - machine was rebooted [ANDRIOT]
    ComboFix-quarantined-files.txt 2008-08-07 16:25:15
    ComboFix2.txt 2008-08-06 18:05:43
    ComboFix3.txt 2008-08-05 20:11:30

    Pre-Run: 294,496,526,336 octets libres
    Post-Run: 294,683,951,104 octets libres

    322 --- E O F --- 2008-07-27 10:33:41
    0
  12. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    des soucis encore?
    Faire un Scan antivirus en ligne avec Internet explorer et accepter l'ActiveX
    poster le rapport ici ensuite
    https://www.bitdefender.fr/
    0