Sujet Précédent Sujet Suivant

Analyse HiJackThis

chpotch Messages postés 8 Statut Membre -  
g!rly Messages postés 18462 Statut Contributeur -
Bonjour à tous,

J'ai récemment désinfecté ma machine de plusieurs trojans et autres gentillesses du genre, notamment Virtumonde avec qui je suis très proche depuis quelques jours... ;-) Je pense avoir réussi à assainir mon PC (Ccleaner, Antivir, Spybot, Vundo, etc...). Pour en avoir le coeur net, une âme charitable pourrait-elle jeter un oeil sur mon log et me dire si mon calvaire est "enfin" terminé ?

D'avance merci pour votre aide.
A voir également:

10 réponses

Réponse 1 / 10
g!rly Messages postés 18462 Statut Contributeur 406
 
Salut,

Post ton rapport hijack this ;)
1
Réponse 2 / 10
milau29
 
bonjour moi je veux bien =D
0
Réponse 3 / 10
chpotch Messages postés 8 Statut Membre
 
Désolé de ne pas avoir répondu plus tôt, je viens juste de rentrer du boulot. J'ai lancé un scan en ligne bitdefender et il m'a encore supprimer 3 Trojans...

Voici le rapport HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:38, on 27/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\Soft4Ever\looknstop\_looknstop.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSI\DualCoreCenter\DualCoreCenter.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C060FE2-B3CA-47DD-B68E-BD1A6E297226} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {76ce2c40-4eb6-4fba-a594-cf86dc13c3b1} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {B6317088-5AD1-4B6A-AB02-505D2FE3EB15} - (no file)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [TransBar] C:\Windows\System32\TransBar.exe /s
O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [848677b3] rundll32.exe "C:\WINDOWS\system32\xvwmtpma.dll",b
O4 - HKLM\..\Run: [BM87b5442f] Rundll32.exe "C:\WINDOWS\system32\fkmjccwe.dll",s
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: DualCoreCenter.lnk = C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.zebulon.fr/outils/antivirus/kavwebscan_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?AuthParam=1219702678_2ba87caea531067e9bedd8444cf80a63&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab&File=jinstall-6u7-windows-i586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
0
Réponse 4 / 10
g!rly Messages postés 18462 Statut Contributeur 406
 
salut

y a encore des saloperies :

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Post egalement un nouveau rapport hijack this stp

@+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 10
chpotch Messages postés 8 Statut Membre
 
Ca y est. En tout cas merci g!rly de me consacrer un peu de temps ! J'ai bien éteint spybot de ma barre des taches, mais a la fin du scan de combofix il me signale quand même une demande de windows defender... j'ai reessayé plusieurs fois, rien n'y fait, impossible d'arreter completement spybot. Bref, voici mes logs :

---------------------------------------------------------------------
combofix
---------------------------------------------------------------------

ComboFix 08-08-26.03 - Administrateur 2008-08-27 20:03:49.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2818 [GMT 2:00]
Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-07-27 to 2008-08-27 ))))))))))))))))))))))))))))))))))))
.

2008-08-27 13:30 . 2008-08-27 13:30 <REP> d-------- C:\Program Files\Panda Security
2008-08-27 13:30 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-27 13:28 . 2008-08-27 13:28 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-08-26 22:04 . 2008-08-26 22:04 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\UnH Solutions
2008-08-26 19:31 . 2008-08-26 19:31 <REP> d-------- C:\Program Files\Avira
2008-08-26 19:31 . 2008-08-26 19:31 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
2008-08-26 19:28 . 2008-08-26 19:28 <REP> d-------- C:\Program Files\Trend Micro
2008-08-26 19:10 . 2008-08-27 19:34 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-08-26 08:24 . 2008-08-26 19:58 <REP> d-------- C:\VundoFix Backups
2008-08-26 01:40 . 2008-08-26 08:06 <REP> d-------- C:\Program Files\NoAdware5.0
2008-08-26 01:32 . 2008-08-26 01:59 <REP> d-------- C:\Program Files\Spyware Doctor
2008-08-26 01:32 . 2008-08-26 01:32 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\PC Tools
2008-08-26 01:32 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-08-26 01:32 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-08-26 01:32 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-08-26 01:32 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-08-26 00:34 . 2008-08-26 08:06 462 --a------ C:\WINDOWS\wininit.ini
2008-08-26 00:27 . 2008-08-22 20:03 3,262 --a------ C:\WINDOWS\system32\2.ico
2008-08-26 00:21 . 2008-08-26 19:53 <REP> d-------- C:\Program Files\MSA
2008-08-26 00:21 . 2008-08-22 20:03 3,262 --a------ C:\WINDOWS\system32\1.ico
2008-08-26 00:18 . 2008-08-26 00:18 <REP> d-------- C:\WINDOWS\Sun
2008-08-26 00:18 . 2008-08-26 00:20 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\LimeWire
2008-08-26 00:17 . 2008-08-26 00:17 <REP> d-------- C:\Program Files\Java
2008-08-26 00:17 . 2008-08-26 00:17 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-08-26 00:17 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-25 23:25 . 2008-08-25 23:25 65,536 --a------ C:\WINDOWS\system32\comrepl.exe
2008-08-16 11:40 . 2008-08-16 11:40 <REP> d--h----- C:\WINDOWS\PIF
2008-08-15 03:30 . 2008-07-07 22:31 253,952 -----c--- C:\WINDOWS\system32\dllcache\es.dll
2008-08-15 03:30 . 2008-06-24 18:23 74,240 -----c--- C:\WINDOWS\system32\dllcache\mscms.dll
2008-08-15 03:29 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-15 03:28 . 2008-04-11 20:51 683,520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-14 20:13 . 2008-08-14 20:13 0 --a------ C:\WINDOWS\msicpl.ini
2008-08-14 19:58 . 2008-08-14 20:09 <REP> d-------- C:\WINDOWS\NV1864940.TMP
2008-08-14 19:58 . 2008-08-14 19:58 <REP> d-------- C:\NVIDIA
2008-08-14 19:47 . 2008-08-14 19:47 <REP> d-------- C:\Program Files\Fichiers communs\snp2std
2008-08-14 19:47 . 2006-12-27 20:10 12,007,168 --a------ C:\WINDOWS\system32\drivers\snp2sxp.sys
2008-08-14 19:47 . 2006-09-15 13:21 675,840 --a------ C:\WINDOWS\vsnp2std.exe
2008-08-14 19:47 . 2006-11-29 16:11 258,048 --a------ C:\WINDOWS\tsnp2std.exe
2008-08-14 19:47 . 2006-10-03 14:35 249,856 --a------ C:\WINDOWS\system32\vsnp2std.dll
2008-08-14 19:47 . 2006-10-12 17:21 151,552 --a------ C:\WINDOWS\system32\rsnp2std.dll
2008-08-14 19:47 . 2006-07-03 10:31 94,208 --a------ C:\WINDOWS\amcap.exe
2008-08-14 19:47 . 2006-11-16 15:57 77,824 --a------ C:\WINDOWS\system32\csnp2std.dll
2008-08-14 19:47 . 2006-12-27 20:03 25,472 --a------ C:\WINDOWS\system32\drivers\sncamd.sys
2008-08-14 19:47 . 2004-12-09 17:23 15,497 --a------ C:\WINDOWS\snp2std.ini
2008-08-14 19:47 . 2004-12-09 17:23 13,022 --a------ C:\WINDOWS\snp2std.src
2008-08-14 19:46 . 2008-08-26 21:51 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ma-config.com
2008-08-10 21:50 . 2008-08-10 21:50 <REP> d-------- C:\Program Files\VideoLAN
2008-08-10 21:50 . 2008-08-10 21:50 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\vlc
2008-08-09 22:08 . 2008-08-09 22:08 <REP> d-------- C:\Program Files\Fichiers communs\Adobe AIR
2008-08-09 22:06 . 2008-08-09 22:06 <REP> d-------- C:\Program Files\Google
2008-08-09 00:01 . 2005-09-23 16:33 1,060,864 --a------ C:\WINDOWS\MFC71.dll
2008-08-09 00:01 . 2005-09-23 16:33 499,712 --a------ C:\WINDOWS\msvcp71.dll
2008-08-09 00:01 . 2006-10-13 08:16 421,888 --a------ C:\WINDOWS\nvsulib.dll
2008-08-09 00:01 . 2005-09-23 16:33 348,160 --a------ C:\WINDOWS\msvcr71.dll
2008-08-09 00:01 . 2006-06-01 17:22 53,248 --a------ C:\WINDOWS\Nvgpio.dll
2008-08-09 00:01 . 2006-08-21 09:20 45,056 --a------ C:\WINDOWS\NTuneGpu.dll
2008-08-09 00:01 . 2006-10-13 08:18 18,216 --a------ C:\WINDOWS\nvoclk64.sys
2008-08-08 23:57 . 2008-08-08 23:57 <REP> d-------- C:\Program Files\NVIDIA Corporation
2008-08-08 23:56 . 2008-08-08 23:56 <REP> d-------- C:\Program Files\NVIDIA nTune Performance Application
2008-08-08 21:10 . 2008-05-16 14:01 446,464 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-08-08 21:10 . 2008-05-19 18:16 186,407 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-08-08 21:10 . 2008-05-16 14:01 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-08-08 21:09 . 2008-05-16 11:48 446,464 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-08-08 20:05 . 2008-08-08 20:05 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Sierra Entertainment
2008-08-08 20:02 . 2008-08-08 20:02 <REP> d-------- C:\WINDOWS\system32\AGEIA
2008-08-08 20:02 . 2008-08-08 20:02 <REP> d-------- C:\Program Files\AGEIA Technologies
2008-08-08 19:54 . 2008-08-08 19:54 <REP> d-------- C:\Program Files\Elaborate Bytes
2008-08-08 19:28 . 2008-08-08 19:28 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Ahead
2008-08-07 18:44 . 2008-08-07 18:44 <REP> d-------- C:\Program Files\Windows Defender
2008-08-06 21:42 . 2008-08-06 21:42 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Apple Computer
2008-08-06 21:41 . 2008-08-07 18:44 <REP> d-------- C:\Program Files\Apple Software Update
2008-08-06 21:40 . 2008-08-06 21:40 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-08-06 01:17 . 2008-08-06 01:17 96,559 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-08-06 01:17 . 2008-08-06 01:17 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-08-05 18:50 . 2008-08-05 18:52 <REP> d-------- C:\Program Files\Trojan Remover
2008-08-05 18:50 . 2008-08-27 00:44 <REP> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-08-05 18:50 . 2008-08-05 18:50 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Simply Super Software
2008-08-05 18:50 . 2008-08-05 18:50 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Simply Super Software
2008-08-05 18:50 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-08-05 18:50 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-08-05 18:50 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-08-05 18:50 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-08-05 18:50 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-08-05 00:48 . 2008-08-05 00:48 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Lavasoft
2008-08-03 16:27 . 2008-08-03 16:27 <REP> d-------- C:\Program Files\Lavasoft
2008-08-03 15:54 . 2008-08-03 15:55 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-08-03 15:41 . 2008-08-26 00:25 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-03 15:41 . 2008-08-26 22:17 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-08-03 03:48 . 2008-08-06 01:30 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2008-08-03 01:46 . 2008-08-03 01:46 <REP> d-------- C:\Sierra
2008-08-03 01:20 . 2008-08-06 01:20 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-08-03 01:20 . 2008-08-06 01:19 157,728 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-03 01:20 . 2008-08-06 01:19 155,680 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-03 01:20 . 2008-08-06 01:19 3,360 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-03 01:20 . 2008-08-06 01:19 1,612 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-02 20:47 . 2008-08-02 20:47 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-30 23:45 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-30 23:45 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-30 23:45 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-30 20:28 . 2008-08-26 19:25 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\skypePM
2008-07-30 20:28 . 2008-07-30 20:28 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-07-30 20:27 . 2008-07-30 20:27 <REP> d-------- C:\Program Files\Skype
2008-07-30 20:27 . 2008-07-30 20:27 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-07-30 20:27 . 2008-07-30 20:27 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
2008-07-30 20:27 . 2008-08-27 00:30 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Skype
2008-07-30 19:18 . 2008-08-24 19:30 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-07-30 19:18 . 2008-08-24 19:30 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-07-30 19:18 . 2008-08-24 19:30 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2008-07-30 19:13 . 2008-08-03 01:46 218 --a------ C:\WINDOWS\SIERRA.INI
2008-07-30 08:33 . 2008-07-30 08:34 <REP> d-------- C:\Program Files\Windows Live
2008-07-30 08:33 . 2008-07-30 08:33 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-07-30 08:33 . 2008-07-30 08:33 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-07-29 23:12 . 2008-07-29 23:12 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Media Player Classic
2008-07-29 20:20 . 2008-07-29 20:20 24,774 --a------ C:\WINDOWS\system32\drivers\klopp.dat
2008-07-29 07:44 . 2008-07-29 07:44 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Windows Search
2008-07-29 07:43 . 2008-07-29 07:43 <REP> d-------- C:\WINDOWS\system32\GroupPolicy
2008-07-29 07:43 . 2008-08-27 00:29 <REP> d-------- C:\Program Files\Windows Desktop Search
2008-07-29 07:42 . 2008-03-07 18:56 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-07-29 07:42 . 2008-03-07 18:56 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-07-29 07:42 . 2008-03-07 18:56 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-07-28 21:31 . 2008-07-28 21:31 <REP> d-------- C:\Program Files\MSXML 6.0
2008-07-28 18:33 . 2008-08-09 00:53 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-28 13:50 . 2008-07-28 13:50 <REP> d-------- C:\Program Files\Microsoft Works
2008-07-28 13:49 . 2008-07-28 13:49 <REP> d-------- C:\Program Files\MSBuild
2008-07-28 13:49 . 2008-07-28 13:49 <REP> d-------- C:\Program Files\Microsoft.NET

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-26 20:04 --------- d-----w C:\Program Files\Easy-Pro
2008-08-26 19:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-26 19:06 --------- d-----w C:\Program Files\RockXP
2008-08-08 21:56 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-08-08 18:02 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-08-07 16:44 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-08-05 05:31 --------- d-----w C:\Program Files\Ad-Aware
2008-07-29 17:50 --------- d-----w C:\Program Files\Realtek
2008-07-27 22:59 --------- d-----r C:\Program Files\Windows Sidebar
2008-07-26 08:57 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Xentient
2008-07-26 08:34 --------- d-----w C:\Program Files\Styler
2008-07-26 08:34 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Styler
2008-07-25 23:46 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-07-25 23:42 76,160 ----a-w C:\WINDOWS\system32\drivers\lnsfw1.sys
2008-07-25 23:42 46,208 ----a-w C:\WINDOWS\system32\drivers\lnsfw.sys
2008-07-25 23:42 36,924 ----a-w C:\WINDOWS\system32\fwapi.dll
2008-07-25 23:41 --------- d-----w C:\Program Files\Nero
2008-07-25 23:41 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-07-25 23:40 --------- d-----w C:\Program Files\MSXML 4.0
2008-07-25 22:17 --------- d-----w C:\Documents and Settings\THE INDIANS\Application Data\uTorrent
2008-07-25 17:09 --------- d-----w C:\Program Files\MSI
2008-07-25 17:05 --------- d-----w C:\Program Files\Setup Files
2008-07-25 17:03 --------- d-----w C:\Program Files\AMD
2008-07-25 10:59 --------- d-----w C:\Program Files\K-Lite Codec Pack(2)
2008-07-25 06:27 --------- d-----w C:\Documents and Settings\THE INDIANS\Application Data\InstallShield
2008-07-25 06:24 --------- d-----w C:\Documents and Settings\THE INDIANS\Application Data\Media Player Classic
2008-07-24 23:25 --------- d-----w C:\Program Files\CCleaner
2008-07-24 22:59 --------- d-----w C:\Program Files\uTorrent
2008-07-24 17:56 --------- d-----w C:\Documents and Settings\THE INDIANS\Application Data\Logitech
2008-07-24 17:50 --------- d-----w C:\Program Files\Logitech
2008-07-24 17:50 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-07-24 06:37 --------- d-----w C:\Documents and Settings\THE INDIANS\Application Data\AVGTOOLBAR
2008-07-23 21:59 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2008-07-23 21:34 --------- d-----w C:\Program Files\WindowsSidebar
2008-07-23 21:34 --------- d-----w C:\Program Files\PqMagic
2008-07-23 21:32 --------- d-----w C:\Program Files\Microsoft Games
2008-07-23 21:32 --------- d-----w C:\Program Files\Indians Tooltip
2008-07-23 21:32 --------- d-----w C:\Program Files\Indians-Transparence
2008-07-23 21:31 --------- d-----w C:\Program Files\Indians Swintch
2008-07-23 21:31 --------- d-----w C:\Program Files\Indians Clock
2008-07-23 21:31 --------- d-----w C:\Program Files\Dir
2008-07-23 21:30 --------- d-----w C:\Program Files\DIFX
2008-07-23 21:27 --------- d-----w C:\Program Files\ATI Technologies
2008-07-23 21:25 --------- d-----w C:\Program Files\UltraISO
2008-07-23 21:25 --------- d-----w C:\Program Files\Fichiers communs\EZB Systems
2008-07-23 21:25 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-07-23 21:25 --------- d-----w C:\Program Files\Ahead
2008-07-23 21:24 --------- d-----w C:\Program Files\Fichiers communs\LightScribe
2008-07-23 19:55 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\TuneUp Software
2008-07-23 19:55 --------- d-----w C:\Documents and Settings\THE INDIANS\Application Data\TuneUp Software
2008-07-23 19:52 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-23 19:51 --------- d-----w C:\Program Files\Services en ligne
2008-07-21 12:11 24,392 ----a-w C:\WINDOWS\system32\drivers\ElbyCDIO.sys
2008-07-17 00:12 28,672 ----a-w C:\WINDOWS\system32\drivers\VClone.sys
2008-07-14 16:52 80,840 ----a-w C:\WINDOWS\system32\ElbyVCD.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-26 11:06 93,128 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-03-09 05:25 236 ----a-w C:\Program Files\Fichiers communs\dx.reg
.

------- Sigcheck -------

2004-08-28 16:00 578048 4a048552ca537ef146a8c21a0881b1ba C:\WINDOWS\system32\user32.dll

2004-08-28 16:00 507904 fb66744d525ea5df9a719f1db9b2dff4 C:\WINDOWS\system32\winlogon.exe

2004-08-28 16:00 2175488 ef82e2aba188743cb88c220e22953966 C:\WINDOWS\system32\ntkrnlpa.exe

2004-08-28 16:00 2295808 2f8ac58c3a7f73bc5ae132f2b452f6ce C:\WINDOWS\system32\ntoskrnl.exe

2004-08-28 16:00 1934848 1630d57b8370b7a20a41bb4c1e459edf C:\WINDOWS\explorer.exe

2004-08-28 16:00 25088 43836cffabac8d6779e8ee55e308df2c C:\WINDOWS\system32\ctfmon.exe

2004-08-28 16:00 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\system32\spoolsv.exe
.
((((((((((((((((((((((((((((( snapshot@2008-08-26_19.26.43.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-30 08:39:58 128,256 ----a-w C:\WINDOWS\Downloaded Program Files\as2stubie.dll
+ 2008-01-21 16:12:56 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-03-04 11:28:53 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
+ 2005-05-16 17:34:48 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\kavss.dll
+ 2005-10-13 10:00:58 65,536 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\kavuninstall.exe
+ 2005-10-13 10:00:56 790,528 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\kavwebscan.dll
- 2008-08-26 06:48:56 61,918 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-08-27 11:36:03 61,918 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-08-26 06:48:56 83,330 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-08-27 11:36:04 74,448 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-08-26 06:48:56 401,458 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-08-27 11:36:04 401,458 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-08-26 06:48:56 490,466 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-08-27 11:36:04 467,962 ----a-w C:\WINDOWS\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-28 16:00 25088]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 19:25 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2005-08-12 20:52 180224]
"VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [2004-08-28 16:00 36864]
"Vistadrv"="C:\WINDOWS\system32\Vistadrive\vsdrv.exe" [2006-07-30 03:37 121089]
"TransBar"="C:\Windows\System32\TransBar.exe" [2004-08-28 16:00 65536]
"Styler"="C:\Program Files\styler\Styler.exe" [2006-05-03 11:48 307200]
"Look 'n' Stop"="C:\Program Files\Soft4Ever\looknstop\looknstop.exe" [2006-03-28 01:53 25474]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2007-01-10 21:59 1235456]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088]
"WinSys2"="C:\WINDOWS\system32\winsys2.exe" [2008-03-04 08:41 208896]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-30 00:01 52168]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 14:01 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"848677b3"="C:\WINDOWS\system32\xvwmtpma.dll" [BU]
"BM87b5442f"="C:\WINDOWS\system32\fkmjccwe.dll" [BU]
"nwiz"="nwiz.exe" [2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 09:21 16384000 C:\WINDOWS\RTHDCPL.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2004-08-28 16:00 678912]

C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
DualCoreCenter.lnk - C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2008-08-09 00:01:58 192512]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Sierra\\Empire Earth\\Empire Earth.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Spybot - Search & Destroy\\SDUpdate.exe"=
"C:\\Sierra\\Empire Earth\\Launcher.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 lnsfw1;lnsfw1;C:\WINDOWS\system32\drivers\lnsfw1.sys [2008-07-26 01:42]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-12-27 20:10]
S3 SetupNTGLM7X;SetupNTGLM7X;I:\NTGLM7X.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 00:58]

*Newly Created Service* - CATCHME
*Newly Created Service* - PAVBOOT
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

2008-08-26 C:\WINDOWS\Tasks\User_Feed_Synchronization-{FF32860D-DA21-43DA-B500-4FA94B3418B4}.job
- C:\WINDOWS\system32\msfeedssync.exe [2004-08-28 16:00]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SaveLinksOrder - (no file)
Toolbar-Locked - (no file)
Toolbar-ITBarLayout - (no file)
Toolbar-ITBarLayout - (no file)
Toolbar-ITBar7Position - (no file)

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\s7fcize3.default\
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-27 20:04:23
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-08-27 20:05:04
ComboFix-quarantined-files.txt 2008-08-27 18:04:47
ComboFix2.txt 2008-08-27 18:01:38
ComboFix3.txt 2008-08-27 17:57:08
ComboFix4.txt 2008-08-26 20:19:25
ComboFix5.txt 2008-08-27 18:03:44

Pre-Run: 39,210,123,264 octets libres
Post-Run: 39,198,842,880 octets libres

318 --- E O F --- 2008-08-18 19:42:29

---------------------------------------------------------------------
HiJackThis
---------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:05, on 27/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [TransBar] C:\Windows\System32\TransBar.exe /s
O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [848677b3] rundll32.exe "C:\WINDOWS\system32\xvwmtpma.dll",b
O4 - HKLM\..\Run: [BM87b5442f] Rundll32.exe "C:\WINDOWS\system32\fkmjccwe.dll",s
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: DualCoreCenter.lnk = C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.zebulon.fr/outils/antivirus/kavwebscan_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?AuthParam=1219702678_2ba87caea531067e9bedd8444cf80a63&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab&File=jinstall-6u7-windows-i586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
0
Réponse 6 / 10
g!rly Messages postés 18462 Statut Contributeur 406
 
salut,

Copie le texte ci-dessous :

File::
C:\WINDOWS\system32\xvwmtpma.dll
C:\WINDOWS\system32\fkmjccwe.dll

Registry::
"848677b3"=-
"BM87b5442f"=-

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+
0
Réponse 7 / 10
chpotch Messages postés 8 Statut Membre
 
Non pas de redemarrage... Et toujours spybot qui s'active à la fin du scan combofix.

---------------------------------------
log Combofix :
---------------------------------------

ComboFix 08-08-26.03 - Administrateur 2008-08-27 20:47:14.6 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2807 [GMT 2:00]
Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrateur\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\WINDOWS\system32\fkmjccwe.dll
C:\WINDOWS\system32\xvwmtpma.dll
.

((((((((((((((((((((((((((((( Fichiers créés 2008-07-27 to 2008-08-27 ))))))))))))))))))))))))))))))))))))
.

2008-08-27 13:30 . 2008-08-27 13:30 <REP> d-------- C:\Program Files\Panda Security
2008-08-27 13:30 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-27 13:28 . 2008-08-27 13:28 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-08-26 22:04 . 2008-08-26 22:04 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\UnH Solutions
2008-08-26 19:31 . 2008-08-26 19:31 <REP> d-------- C:\Program Files\Avira
2008-08-26 19:31 . 2008-08-26 19:31 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
2008-08-26 19:28 . 2008-08-26 19:28 <REP> d-------- C:\Program Files\Trend Micro
2008-08-26 19:10 . 2008-08-27 19:34 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-08-26 08:24 . 2008-08-26 19:58 <REP> d-------- C:\VundoFix Backups
2008-08-26 01:40 . 2008-08-26 08:06 <REP> d-------- C:\Program Files\NoAdware5.0
2008-08-26 01:32 . 2008-08-26 01:59 <REP> d-------- C:\Program Files\Spyware Doctor
2008-08-26 01:32 . 2008-08-26 01:32 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\PC Tools
2008-08-26 01:32 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-08-26 01:32 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-08-26 01:32 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-08-26 01:32 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-08-26 00:34 . 2008-08-26 08:06 462 --a------ C:\WINDOWS\wininit.ini
2008-08-26 00:27 . 2008-08-22 20:03 3,262 --a------ C:\WINDOWS\system32\2.ico
2008-08-26 00:21 . 2008-08-26 19:53 <REP> d-------- C:\Program Files\MSA
2008-08-26 00:21 . 2008-08-22 20:03 3,262 --a------ C:\WINDOWS\system32\1.ico
2008-08-26 00:18 . 2008-08-26 00:18 <REP> d-------- C:\WINDOWS\Sun
2008-08-26 00:18 . 2008-08-26 00:20 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\LimeWire
2008-08-26 00:17 . 2008-08-26 00:17 <REP> d-------- C:\Program Files\Java
2008-08-26 00:17 . 2008-08-26 00:17 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-08-26 00:17 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-25 23:25 . 2008-08-25 23:25 65,536 --a------ C:\WINDOWS\system32\comrepl.exe
2008-08-16 11:40 . 2008-08-16 11:40 <REP> d--h----- C:\WINDOWS\PIF
2008-08-15 03:30 . 2008-07-07 22:31 253,952 -----c--- C:\WINDOWS\system32\dllcache\es.dll
2008-08-15 03:30 . 2008-06-24 18:23 74,240 -----c--- C:\WINDOWS\system32\dllcache\mscms.dll
2008-08-15 03:29 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-15 03:28 . 2008-04-11 20:51 683,520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-14 20:13 . 2008-08-14 20:13 0 --a------ C:\WINDOWS\msicpl.ini
2008-08-14 19:58 . 2008-08-14 20:09 <REP> d-------- C:\WINDOWS\NV1864940.TMP
2008-08-14 19:58 . 2008-08-14 19:58 <REP> d-------- C:\NVIDIA
2008-08-14 19:47 . 2008-08-14 19:47 <REP> d-------- C:\Program Files\Fichiers communs\snp2std
2008-08-14 19:47 . 2006-12-27 20:10 12,007,168 --a------ C:\WINDOWS\system32\drivers\snp2sxp.sys
2008-08-14 19:47 . 2006-09-15 13:21 675,840 --a------ C:\WINDOWS\vsnp2std.exe
2008-08-14 19:47 . 2006-11-29 16:11 258,048 --a------ C:\WINDOWS\tsnp2std.exe
2008-08-14 19:47 . 2006-10-03 14:35 249,856 --a------ C:\WINDOWS\system32\vsnp2std.dll
2008-08-14 19:47 . 2006-10-12 17:21 151,552 --a------ C:\WINDOWS\system32\rsnp2std.dll
2008-08-14 19:47 . 2006-07-03 10:31 94,208 --a------ C:\WINDOWS\amcap.exe
2008-08-14 19:47 . 2006-11-16 15:57 77,824 --a------ C:\WINDOWS\system32\csnp2std.dll
2008-08-14 19:47 . 2006-12-27 20:03 25,472 --a------ C:\WINDOWS\system32\drivers\sncamd.sys
2008-08-14 19:47 . 2004-12-09 17:23 15,497 --a------ C:\WINDOWS\snp2std.ini
2008-08-14 19:47 . 2004-12-09 17:23 13,022 --a------ C:\WINDOWS\snp2std.src
2008-08-14 19:46 . 2008-08-26 21:51 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ma-config.com
2008-08-10 21:50 . 2008-08-10 21:50 <REP> d-------- C:\Program Files\VideoLAN
2008-08-10 21:50 . 2008-08-10 21:50 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\vlc
2008-08-09 22:08 . 2008-08-09 22:08 <REP> d-------- C:\Program Files\Fichiers communs\Adobe AIR
2008-08-09 22:06 . 2008-08-09 22:06 <REP> d-------- C:\Program Files\Google
2008-08-09 00:01 . 2005-09-23 16:33 1,060,864 --a------ C:\WINDOWS\MFC71.dll
2008-08-09 00:01 . 2005-09-23 16:33 499,712 --a------ C:\WINDOWS\msvcp71.dll
2008-08-09 00:01 . 2006-10-13 08:16 421,888 --a------ C:\WINDOWS\nvsulib.dll
2008-08-09 00:01 . 2005-09-23 16:33 348,160 --a------ C:\WINDOWS\msvcr71.dll
2008-08-09 00:01 . 2006-06-01 17:22 53,248 --a------ C:\WINDOWS\Nvgpio.dll
2008-08-09 00:01 . 2006-08-21 09:20 45,056 --a------ C:\WINDOWS\NTuneGpu.dll
2008-08-09 00:01 . 2006-10-13 08:18 18,216 --a------ C:\WINDOWS\nvoclk64.sys
2008-08-08 23:57 . 2008-08-08 23:57 <REP> d-------- C:\Program Files\NVIDIA Corporation
2008-08-08 23:56 . 2008-08-08 23:56 <REP> d-------- C:\Program Files\NVIDIA nTune Performance Application
2008-08-08 21:10 . 2008-05-16 14:01 446,464 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-08-08 21:10 . 2008-05-19 18:16 186,407 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-08-08 21:10 . 2008-05-16 14:01 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-08-08 21:09 . 2008-05-16 11:48 446,464 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-08-08 20:05 . 2008-08-08 20:05 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Sierra Entertainment
2008-08-08 20:02 . 2008-08-08 20:02 <REP> d-------- C:\WINDOWS\system32\AGEIA
2008-08-08 20:02 . 2008-08-08 20:02 <REP> d-------- C:\Program Files\AGEIA Technologies
2008-08-08 19:54 . 2008-08-08 19:54 <REP> d-------- C:\Program Files\Elaborate Bytes
2008-08-08 19:28 . 2008-08-08 19:28 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Ahead
2008-08-07 18:44 . 2008-08-07 18:44 <REP> d-------- C:\Program Files\Windows Defender
2008-08-06 21:42 . 2008-08-06 21:42 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Apple Computer
2008-08-06 21:41 . 2008-08-07 18:44 <REP> d-------- C:\Program Files\Apple Software Update
2008-08-06 21:40 . 2008-08-06 21:40 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-08-06 01:17 . 2008-08-06 01:17 96,559 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-08-06 01:17 . 2008-08-06 01:17 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-08-05 18:50 . 2008-08-05 18:52 <REP> d-------- C:\Program Files\Trojan Remover
2008-08-05 18:50 . 2008-08-27 00:44 <REP> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-08-05 18:50 . 2008-08-05 18:50 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Simply Super Software
2008-08-05 18:50 . 2008-08-05 18:50 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Simply Super Software
2008-08-05 18:50 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-08-05 18:50 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-08-05 18:50 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-08-05 18:50 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-08-05 18:50 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-08-05 00:48 . 2008-08-05 00:48 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Lavasoft
2008-08-03 16:27 . 2008-08-03 16:27 <REP> d-------- C:\Program Files\Lavasoft
2008-08-03 15:54 . 2008-08-03 15:55 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-08-03 15:41 . 2008-08-26 00:25 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-03 15:41 . 2008-08-26 22:17 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-08-03 03:48 . 2008-08-06 01:30 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2008-08-03 01:46 . 2008-08-03 01:46 <REP> d-------- C:\Sierra
2008-08-03 01:20 . 2008-08-06 01:20 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-08-03 01:20 . 2008-08-06 01:19 157,728 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-03 01:20 . 2008-08-06 01:19 155,680 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-03 01:20 . 2008-08-06 01:19 3,360 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-03 01:20 . 2008-08-06 01:19 1,612 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-02 20:47 . 2008-08-02 20:47 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-30 23:45 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-30 23:45 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-30 23:45 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-30 20:28 . 2008-08-26 19:25 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\skypePM
2008-07-30 20:28 . 2008-07-30 20:28 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-07-30 20:27 . 2008-07-30 20:27 <REP> d-------- C:\Program Files\Skype
2008-07-30 20:27 . 2008-07-30 20:27 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-07-30 20:27 . 2008-07-30 20:27 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
2008-07-30 20:27 . 2008-08-27 00:30 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Skype
2008-07-30 19:18 . 2008-08-24 19:30 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-07-30 19:18 . 2008-08-24 19:30 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-07-30 19:18 . 2008-08-24 19:30 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2008-07-30 19:13 . 2008-08-03 01:46 218 --a------ C:\WINDOWS\SIERRA.INI
2008-07-30 08:33 . 2008-07-30 08:34 <REP> d-------- C:\Program Files\Windows Live
2008-07-30 08:33 . 2008-07-30 08:33 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-07-30 08:33 . 2008-07-30 08:33 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-07-29 23:12 . 2008-07-29 23:12 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Media Player Classic
2008-07-29 20:20 . 2008-07-29 20:20 24,774 --a------ C:\WINDOWS\system32\drivers\klopp.dat
2008-07-29 07:44 . 2008-07-29 07:44 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Windows Search
2008-07-29 07:43 . 2008-07-29 07:43 <REP> d-------- C:\WINDOWS\system32\GroupPolicy
2008-07-29 07:43 . 2008-08-27 00:29 <REP> d-------- C:\Program Files\Windows Desktop Search
2008-07-29 07:42 . 2008-03-07 18:56 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-07-29 07:42 . 2008-03-07 18:56 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-07-29 07:42 . 2008-03-07 18:56 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-07-28 21:31 . 2008-07-28 21:31 <REP> d-------- C:\Program Files\MSXML 6.0
2008-07-28 18:33 . 2008-08-09 00:53 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-28 13:50 . 2008-07-28 13:50 <REP> d-------- C:\Program Files\Microsoft Works
2008-07-28 13:49 . 2008-07-28 13:49 <REP> d-------- C:\Program Files\MSBuild
2008-07-28 13:49 . 2008-07-28 13:49 <REP> d-------- C:\Program Files\Microsoft.NET

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-26 20:04 --------- d-----w C:\Program Files\Easy-Pro
2008-08-26 19:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-26 19:06 --------- d-----w C:\Program Files\RockXP
2008-08-08 21:56 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-08-08 18:02 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-08-07 16:44 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-08-05 05:31 --------- d-----w C:\Program Files\Ad-Aware
2008-07-29 17:50 --------- d-----w C:\Program Files\Realtek
2008-07-27 22:59 --------- d-----r C:\Program Files\Windows Sidebar
2008-07-26 08:57 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Xentient
2008-07-26 08:34 --------- d-----w C:\Program Files\Styler
2008-07-26 08:34 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Styler
2008-07-25 23:46 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-07-25 23:42 76,160 ----a-w C:\WINDOWS\system32\drivers\lnsfw1.sys
2008-07-25 23:42 46,208 ----a-w C:\WINDOWS\system32\drivers\lnsfw.sys
2008-07-25 23:42 36,924 ----a-w C:\WINDOWS\system32\fwapi.dll
2008-07-25 23:41 --------- d-----w C:\Program Files\Nero
2008-07-25 23:41 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-07-25 23:40 --------- d-----w C:\Program Files\MSXML 4.0
2008-07-25 22:17 --------- d-----w C:\Documents and Settings\THE INDIANS\Application Data\uTorrent
2008-07-25 17:09 --------- d-----w C:\Program Files\MSI
2008-07-25 17:05 --------- d-----w C:\Program Files\Setup Files
2008-07-25 17:03 --------- d-----w C:\Program Files\AMD
2008-07-25 10:59 --------- d-----w C:\Program Files\K-Lite Codec Pack(2)
2008-07-25 06:27 --------- d-----w C:\Documents and Settings\THE INDIANS\Application Data\InstallShield
2008-07-25 06:24 --------- d-----w C:\Documents and Settings\THE INDIANS\Application Data\Media Player Classic
2008-07-24 23:25 --------- d-----w C:\Program Files\CCleaner
2008-07-24 22:59 --------- d-----w C:\Program Files\uTorrent
2008-07-24 17:56 --------- d-----w C:\Documents and Settings\THE INDIANS\Application Data\Logitech
2008-07-24 17:50 --------- d-----w C:\Program Files\Logitech
2008-07-24 17:50 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-07-24 06:37 --------- d-----w C:\Documents and Settings\THE INDIANS\Application Data\AVGTOOLBAR
2008-07-23 21:59 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2008-07-23 21:34 --------- d-----w C:\Program Files\WindowsSidebar
2008-07-23 21:34 --------- d-----w C:\Program Files\PqMagic
2008-07-23 21:32 --------- d-----w C:\Program Files\Microsoft Games
2008-07-23 21:32 --------- d-----w C:\Program Files\Indians Tooltip
2008-07-23 21:32 --------- d-----w C:\Program Files\Indians-Transparence
2008-07-23 21:31 --------- d-----w C:\Program Files\Indians Swintch
2008-07-23 21:31 --------- d-----w C:\Program Files\Indians Clock
2008-07-23 21:31 --------- d-----w C:\Program Files\Dir
2008-07-23 21:30 --------- d-----w C:\Program Files\DIFX
2008-07-23 21:27 --------- d-----w C:\Program Files\ATI Technologies
2008-07-23 21:25 --------- d-----w C:\Program Files\UltraISO
2008-07-23 21:25 --------- d-----w C:\Program Files\Fichiers communs\EZB Systems
2008-07-23 21:25 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-07-23 21:25 --------- d-----w C:\Program Files\Ahead
2008-07-23 21:24 --------- d-----w C:\Program Files\Fichiers communs\LightScribe
2008-07-23 19:55 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\TuneUp Software
2008-07-23 19:55 --------- d-----w C:\Documents and Settings\THE INDIANS\Application Data\TuneUp Software
2008-07-23 19:52 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-23 19:51 --------- d-----w C:\Program Files\Services en ligne
2008-07-21 12:11 24,392 ----a-w C:\WINDOWS\system32\drivers\ElbyCDIO.sys
2008-07-17 00:12 28,672 ----a-w C:\WINDOWS\system32\drivers\VClone.sys
2008-07-14 16:52 80,840 ----a-w C:\WINDOWS\system32\ElbyVCD.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-26 11:06 93,128 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-03-09 05:25 236 ----a-w C:\Program Files\Fichiers communs\dx.reg
.

------- Sigcheck -------

2004-08-28 16:00 578048 4a048552ca537ef146a8c21a0881b1ba C:\WINDOWS\system32\user32.dll

2004-08-28 16:00 507904 fb66744d525ea5df9a719f1db9b2dff4 C:\WINDOWS\system32\winlogon.exe

2004-08-28 16:00 2175488 ef82e2aba188743cb88c220e22953966 C:\WINDOWS\system32\ntkrnlpa.exe

2004-08-28 16:00 2295808 2f8ac58c3a7f73bc5ae132f2b452f6ce C:\WINDOWS\system32\ntoskrnl.exe

2004-08-28 16:00 1934848 1630d57b8370b7a20a41bb4c1e459edf C:\WINDOWS\explorer.exe

2004-08-28 16:00 25088 43836cffabac8d6779e8ee55e308df2c C:\WINDOWS\system32\ctfmon.exe

2004-08-28 16:00 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\system32\spoolsv.exe
.
((((((((((((((((((((((((((((( snapshot@2008-08-26_19.26.43.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-30 08:39:58 128,256 ----a-w C:\WINDOWS\Downloaded Program Files\as2stubie.dll
+ 2008-01-21 16:12:56 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-03-04 11:28:53 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
+ 2005-05-16 17:34:48 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\kavss.dll
+ 2005-10-13 10:00:58 65,536 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\kavuninstall.exe
+ 2005-10-13 10:00:56 790,528 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\kavwebscan.dll
- 2008-08-26 06:48:56 61,918 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-08-27 11:36:03 61,918 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-08-26 06:48:56 83,330 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-08-27 11:36:04 74,448 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-08-26 06:48:56 401,458 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-08-27 11:36:04 401,458 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-08-26 06:48:56 490,466 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-08-27 11:36:04 467,962 ----a-w C:\WINDOWS\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-28 16:00 25088]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 19:25 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2005-08-12 20:52 180224]
"VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [2004-08-28 16:00 36864]
"Vistadrv"="C:\WINDOWS\system32\Vistadrive\vsdrv.exe" [2006-07-30 03:37 121089]
"TransBar"="C:\Windows\System32\TransBar.exe" [2004-08-28 16:00 65536]
"Styler"="C:\Program Files\styler\Styler.exe" [2006-05-03 11:48 307200]
"Look 'n' Stop"="C:\Program Files\Soft4Ever\looknstop\looknstop.exe" [2006-03-28 01:53 25474]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2007-01-10 21:59 1235456]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088]
"WinSys2"="C:\WINDOWS\system32\winsys2.exe" [2008-03-04 08:41 208896]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-30 00:01 52168]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 14:01 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"848677b3"="C:\WINDOWS\system32\xvwmtpma.dll" [BU]
"BM87b5442f"="C:\WINDOWS\system32\fkmjccwe.dll" [BU]
"nwiz"="nwiz.exe" [2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 09:21 16384000 C:\WINDOWS\RTHDCPL.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2004-08-28 16:00 678912]

C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
DualCoreCenter.lnk - C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2008-08-09 00:01:58 192512]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Sierra\\Empire Earth\\Empire Earth.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Spybot - Search & Destroy\\SDUpdate.exe"=
"C:\\Sierra\\Empire Earth\\Launcher.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 lnsfw1;lnsfw1;C:\WINDOWS\system32\drivers\lnsfw1.sys [2008-07-26 01:42]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-12-27 20:10]
S3 SetupNTGLM7X;SetupNTGLM7X;I:\NTGLM7X.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 00:58]

*Newly Created Service* - CATCHME
*Newly Created Service* - PAVBOOT
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

2008-08-26 C:\WINDOWS\Tasks\User_Feed_Synchronization-{FF32860D-DA21-43DA-B500-4FA94B3418B4}.job
- C:\WINDOWS\system32\msfeedssync.exe [2004-08-28 16:00]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SaveLinksOrder - (no file)
Toolbar-Locked - (no file)
Toolbar-ITBarLayout - (no file)
Toolbar-ITBarLayout - (no file)
Toolbar-ITBar7Position - (no file)

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-27 20:47:51
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-08-27 20:48:34
ComboFix-quarantined-files.txt 2008-08-27 18:48:15
ComboFix2.txt 2008-08-27 18:05:05
ComboFix3.txt 2008-08-27 18:01:38
ComboFix4.txt 2008-08-27 17:57:08
ComboFix5.txt 2008-08-27 18:46:58

Pre-Run: 39,183,953,920 octets libres
Post-Run: 39,172,378,624 octets libres

316 --- E O F --- 2008-08-18 19:42:29

---------------------------------------
log HJT
---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51, on 27/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [TransBar] C:\Windows\System32\TransBar.exe /s
O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [848677b3] rundll32.exe "C:\WINDOWS\system32\xvwmtpma.dll",b
O4 - HKLM\..\Run: [BM87b5442f] Rundll32.exe "C:\WINDOWS\system32\fkmjccwe.dll",s
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: DualCoreCenter.lnk = C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.zebulon.fr/outils/antivirus/kavwebscan_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?AuthParam=1219702678_2ba87caea531067e9bedd8444cf80a63&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab&File=jinstall-6u7-windows-i586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
0
Réponse 8 / 10
g!rly Messages postés 18462 Statut Contributeur 406
 
ca a pas marché surement a cause de spybot.

Désactive le Tea-Timer de Spybot en passant par les options de Spybot: une fois dans le logiciel, il faut aller dans le menu "Mode" => coche "Mode avancé" => "Outils"(en bas de page)=> "Résident" => et tu décoches cette case: "Résident Teatimer" . Tu ne dois plus voir l'icône du Tea- Timer dans la barre de tâches!

puis repasse combofix avec le meme script et post le rapport stp

@+
0
chpotch Messages postés 8 Statut Membre
 
Ne m'abandonnes pas please !!
0
Réponse 9 / 10
chpotch Messages postés 8 Statut Membre
 
C'est bon, j'ai du m'y reprendre a plusieurs fois... mais tjrs pas de redemarrage

---------------------------------------
log Combofix :
---------------------------------------
ComboFix 08-08-26.03 - Administrateur 2008-08-27 21:10:20.9 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2801 [GMT 2:00]
Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrateur\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\WINDOWS\system32\fkmjccwe.dll
C:\WINDOWS\system32\xvwmtpma.dll
.

((((((((((((((((((((((((((((( Fichiers créés 2008-07-27 to 2008-08-27 ))))))))))))))))))))))))))))))))))))
.

2008-08-27 13:30 . 2008-08-27 13:30 <REP> d-------- C:\Program Files\Panda Security
2008-08-27 13:30 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-27 13:28 . 2008-08-27 13:28 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-08-26 22:04 . 2008-08-26 22:04 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\UnH Solutions
2008-08-26 19:31 . 2008-08-26 19:31 <REP> d-------- C:\Program Files\Avira
2008-08-26 19:31 . 2008-08-26 19:31 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
2008-08-26 19:28 . 2008-08-26 19:28 <REP> d-------- C:\Program Files\Trend Micro
2008-08-26 19:10 . 2008-08-27 19:34 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-08-26 08:24 . 2008-08-26 19:58 <REP> d-------- C:\VundoFix Backups
2008-08-26 01:40 . 2008-08-26 08:06 <REP> d-------- C:\Program Files\NoAdware5.0
2008-08-26 01:32 . 2008-08-26 01:59 <REP> d-------- C:\Program Files\Spyware Doctor
2008-08-26 01:32 . 2008-08-26 01:32 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\PC Tools
2008-08-26 01:32 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-08-26 01:32 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-08-26 01:32 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-08-26 01:32 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-08-26 00:34 . 2008-08-26 08:06 462 --a------ C:\WINDOWS\wininit.ini
2008-08-26 00:27 . 2008-08-22 20:03 3,262 --a------ C:\WINDOWS\system32\2.ico
2008-08-26 00:21 . 2008-08-26 19:53 <REP> d-------- C:\Program Files\MSA
2008-08-26 00:21 . 2008-08-22 20:03 3,262 --a------ C:\WINDOWS\system32\1.ico
2008-08-26 00:18 . 2008-08-26 00:18 <REP> d-------- C:\WINDOWS\Sun
2008-08-26 00:18 . 2008-08-26 00:20 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\LimeWire
2008-08-26 00:17 . 2008-08-26 00:17 <REP> d-------- C:\Program Files\Java
2008-08-26 00:17 . 2008-08-26 00:17 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-08-26 00:17 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-25 23:25 . 2008-08-25 23:25 65,536 --a------ C:\WINDOWS\system32\comrepl.exe
2008-08-16 11:40 . 2008-08-16 11:40 <REP> d--h----- C:\WINDOWS\PIF
2008-08-15 03:30 . 2008-07-07 22:31 253,952 -----c--- C:\WINDOWS\system32\dllcache\es.dll
2008-08-15 03:30 . 2008-06-24 18:23 74,240 -----c--- C:\WINDOWS\system32\dllcache\mscms.dll
2008-08-15 03:29 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-15 03:28 . 2008-04-11 20:51 683,520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-14 20:13 . 2008-08-14 20:13 0 --a------ C:\WINDOWS\msicpl.ini
2008-08-14 19:58 . 2008-08-14 20:09 <REP> d-------- C:\WINDOWS\NV1864940.TMP
2008-08-14 19:58 . 2008-08-14 19:58 <REP> d-------- C:\NVIDIA
2008-08-14 19:47 . 2008-08-14 19:47 <REP> d-------- C:\Program Files\Fichiers communs\snp2std
2008-08-14 19:47 . 2006-12-27 20:10 12,007,168 --a------ C:\WINDOWS\system32\drivers\snp2sxp.sys
2008-08-14 19:47 . 2006-09-15 13:21 675,840 --a------ C:\WINDOWS\vsnp2std.exe
2008-08-14 19:47 . 2006-11-29 16:11 258,048 --a------ C:\WINDOWS\tsnp2std.exe
2008-08-14 19:47 . 2006-10-03 14:35 249,856 --a------ C:\WINDOWS\system32\vsnp2std.dll
2008-08-14 19:47 . 2006-10-12 17:21 151,552 --a------ C:\WINDOWS\system32\rsnp2std.dll
2008-08-14 19:47 . 2006-07-03 10:31 94,208 --a------ C:\WINDOWS\amcap.exe
2008-08-14 19:47 . 2006-11-16 15:57 77,824 --a------ C:\WINDOWS\system32\csnp2std.dll
2008-08-14 19:47 . 2006-12-27 20:03 25,472 --a------ C:\WINDOWS\system32\drivers\sncamd.sys
2008-08-14 19:47 . 2004-12-09 17:23 15,497 --a------ C:\WINDOWS\snp2std.ini
2008-08-14 19:47 . 2004-12-09 17:23 13,022 --a------ C:\WINDOWS\snp2std.src
2008-08-14 19:46 . 2008-08-26 21:51 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ma-config.com
2008-08-10 21:50 . 2008-08-10 21:50 <REP> d-------- C:\Program Files\VideoLAN
2008-08-10 21:50 . 2008-08-10 21:50 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\vlc
2008-08-09 22:08 . 2008-08-09 22:08 <REP> d-------- C:\Program Files\Fichiers communs\Adobe AIR
2008-08-09 22:06 . 2008-08-09 22:06 <REP> d-------- C:\Program Files\Google
2008-08-09 00:01 . 2005-09-23 16:33 1,060,864 --a------ C:\WINDOWS\MFC71.dll
2008-08-09 00:01 . 2005-09-23 16:33 499,712 --a------ C:\WINDOWS\msvcp71.dll
2008-08-09 00:01 . 2006-10-13 08:16 421,888 --a------ C:\WINDOWS\nvsulib.dll
2008-08-09 00:01 . 2005-09-23 16:33 348,160 --a------ C:\WINDOWS\msvcr71.dll
2008-08-09 00:01 . 2006-06-01 17:22 53,248 --a------ C:\WINDOWS\Nvgpio.dll
2008-08-09 00:01 . 2006-08-21 09:20 45,056 --a------ C:\WINDOWS\NTuneGpu.dll
2008-08-09 00:01 . 2006-10-13 08:18 18,216 --a------ C:\WINDOWS\nvoclk64.sys
2008-08-08 23:57 . 2008-08-08 23:57 <REP> d-------- C:\Program Files\NVIDIA Corporation
2008-08-08 23:56 . 2008-08-08 23:56 <REP> d-------- C:\Program Files\NVIDIA nTune Performance Application
2008-08-08 21:10 . 2008-05-16 14:01 446,464 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-08-08 21:10 . 2008-05-19 18:16 186,407 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-08-08 21:10 . 2008-05-16 14:01 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-08-08 21:09 . 2008-05-16 11:48 446,464 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-08-08 20:05 . 2008-08-08 20:05 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Sierra Entertainment
2008-08-08 20:02 . 2008-08-08 20:02 <REP> d-------- C:\WINDOWS\system32\AGEIA
2008-08-08 20:02 . 2008-08-08 20:02 <REP> d-------- C:\Program Files\AGEIA Technologies
2008-08-08 19:54 . 2008-08-08 19:54 <REP> d-------- C:\Program Files\Elaborate Bytes
2008-08-08 19:28 . 2008-08-08 19:28 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Ahead
2008-08-07 18:44 . 2008-08-07 18:44 <REP> d-------- C:\Program Files\Windows Defender
2008-08-06 21:42 . 2008-08-06 21:42 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Apple Computer
2008-08-06 21:41 . 2008-08-07 18:44 <REP> d-------- C:\Program Files\Apple Software Update
2008-08-06 21:40 . 2008-08-06 21:40 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-08-06 01:17 . 2008-08-06 01:17 96,559 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-08-06 01:17 . 2008-08-06 01:17 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-08-05 18:50 . 2008-08-05 18:52 <REP> d-------- C:\Program Files\Trojan Remover
2008-08-05 18:50 . 2008-08-27 00:44 <REP> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-08-05 18:50 . 2008-08-05 18:50 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Simply Super Software
2008-08-05 18:50 . 2008-08-05 18:50 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Simply Super Software
2008-08-05 18:50 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-08-05 18:50 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-08-05 18:50 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-08-05 18:50 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-08-05 18:50 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-08-05 00:48 . 2008-08-05 00:48 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Lavasoft
2008-08-03 16:27 . 2008-08-03 16:27 <REP> d-------- C:\Program Files\Lavasoft
2008-08-03 15:54 . 2008-08-03 15:55 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-08-03 15:41 . 2008-08-26 00:25 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-03 15:41 . 2008-08-26 22:17 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-08-03 03:48 . 2008-08-06 01:30 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2008-08-03 01:46 . 2008-08-03 01:46 <REP> d-------- C:\Sierra
2008-08-03 01:20 . 2008-08-06 01:20 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-08-03 01:20 . 2008-08-06 01:19 157,728 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-03 01:20 . 2008-08-06 01:19 155,680 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-03 01:20 . 2008-08-06 01:19 3,360 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-03 01:20 . 2008-08-06 01:19 1,612 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-02 20:47 . 2008-08-02 20:47 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-30 23:45 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-30 23:45 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-30 23:45 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-30 20:28 . 2008-08-26 19:25 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\skypePM
2008-07-30 20:28 . 2008-07-30 20:28 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-07-30 20:27 . 2008-07-30 20:27 <REP> d-------- C:\Program Files\Skype
2008-07-30 20:27 . 2008-07-30 20:27 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-07-30 20:27 . 2008-07-30 20:27 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
2008-07-30 20:27 . 2008-08-27 00:30 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Skype
2008-07-30 19:18 . 2008-08-24 19:30 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-07-30 19:18 . 2008-08-24 19:30 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-07-30 19:18 . 2008-08-24 19:30 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2008-07-30 19:13 . 2008-08-03 01:46 218 --a------ C:\WINDOWS\SIERRA.INI
2008-07-30 08:33 . 2008-07-30 08:34 <REP> d-------- C:\Program Files\Windows Live
2008-07-30 08:33 . 2008-07-30 08:33 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-07-30 08:33 . 2008-07-30 08:33 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-07-29 23:12 . 2008-07-29 23:12 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Media Player Classic
2008-07-29 20:20 . 2008-07-29 20:20 24,774 --a------ C:\WINDOWS\system32\drivers\klopp.dat
2008-07-29 07:44 . 2008-07-29 07:44 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Windows Search
2008-07-29 07:43 . 2008-07-29 07:43 <REP> d-------- C:\WINDOWS\system32\GroupPolicy
2008-07-29 07:43 . 2008-08-27 00:29 <REP> d-------- C:\Program Files\Windows Desktop Search
2008-07-29 07:42 . 2008-03-07 18:56 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-07-29 07:42 . 2008-03-07 18:56 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-07-29 07:42 . 2008-03-07 18:56 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-07-28 21:31 . 2008-07-28 21:31 <REP> d-------- C:\Program Files\MSXML 6.0
2008-07-28 18:33 . 2008-08-09 00:53 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-28 13:50 . 2008-07-28 13:50 <REP> d-------- C:\Program Files\Microsoft Works
2008-07-28 13:49 . 2008-07-28 13:49 <REP> d-------- C:\Program Files\MSBuild
2008-07-28 13:49 . 2008-07-28 13:49 <REP> d-------- C:\Program Files\Microsoft.NET

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-26 20:04 --------- d-----w C:\Program Files\Easy-Pro
2008-08-26 19:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-26 19:06 --------- d-----w C:\Program Files\RockXP
2008-08-08 21:56 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-08-08 18:02 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-08-07 16:44 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-08-05 05:31 --------- d-----w C:\Program Files\Ad-Aware
2008-07-29 17:50 --------- d-----w C:\Program Files\Realtek
2008-07-27 22:59 --------- d-----r C:\Program Files\Windows Sidebar
2008-07-26 08:57 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Xentient
2008-07-26 08:34 --------- d-----w C:\Program Files\Styler
2008-07-26 08:34 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Styler
2008-07-25 23:46 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-07-25 23:42 76,160 ----a-w C:\WINDOWS\system32\drivers\lnsfw1.sys
2008-07-25 23:42 46,208 ----a-w C:\WINDOWS\system32\drivers\lnsfw.sys
2008-07-25 23:42 36,924 ----a-w C:\WINDOWS\system32\fwapi.dll
2008-07-25 23:41 --------- d-----w C:\Program Files\Nero
2008-07-25 23:41 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-07-25 23:40 --------- d-----w C:\Program Files\MSXML 4.0
2008-07-25 22:17 --------- d-----w C:\Documents and Settings\THE INDIANS\Application Data\uTorrent
2008-07-25 17:09 --------- d-----w C:\Program Files\MSI
2008-07-25 17:05 --------- d-----w C:\Program Files\Setup Files
2008-07-25 17:03 --------- d-----w C:\Program Files\AMD
2008-07-25 10:59 --------- d-----w C:\Program Files\K-Lite Codec Pack(2)
2008-07-25 06:27 --------- d-----w C:\Documents and Settings\THE INDIANS\Application Data\InstallShield
2008-07-25 06:24 --------- d-----w C:\Documents and Settings\THE INDIANS\Application Data\Media Player Classic
2008-07-24 23:25 --------- d-----w C:\Program Files\CCleaner
2008-07-24 22:59 --------- d-----w C:\Program Files\uTorrent
2008-07-24 17:56 --------- d-----w C:\Documents and Settings\THE INDIANS\Application Data\Logitech
2008-07-24 17:50 --------- d-----w C:\Program Files\Logitech
2008-07-24 17:50 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-07-24 06:37 --------- d-----w C:\Documents and Settings\THE INDIANS\Application Data\AVGTOOLBAR
2008-07-23 21:59 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2008-07-23 21:34 --------- d-----w C:\Program Files\WindowsSidebar
2008-07-23 21:34 --------- d-----w C:\Program Files\PqMagic
2008-07-23 21:32 --------- d-----w C:\Program Files\Microsoft Games
2008-07-23 21:32 --------- d-----w C:\Program Files\Indians Tooltip
2008-07-23 21:32 --------- d-----w C:\Program Files\Indians-Transparence
2008-07-23 21:31 --------- d-----w C:\Program Files\Indians Swintch
2008-07-23 21:31 --------- d-----w C:\Program Files\Indians Clock
2008-07-23 21:31 --------- d-----w C:\Program Files\Dir
2008-07-23 21:30 --------- d-----w C:\Program Files\DIFX
2008-07-23 21:27 --------- d-----w C:\Program Files\ATI Technologies
2008-07-23 21:25 --------- d-----w C:\Program Files\UltraISO
2008-07-23 21:25 --------- d-----w C:\Program Files\Fichiers communs\EZB Systems
2008-07-23 21:25 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-07-23 21:25 --------- d-----w C:\Program Files\Ahead
2008-07-23 21:24 --------- d-----w C:\Program Files\Fichiers communs\LightScribe
2008-07-23 19:55 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\TuneUp Software
2008-07-23 19:55 --------- d-----w C:\Documents and Settings\THE INDIANS\Application Data\TuneUp Software
2008-07-23 19:52 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-23 19:51 --------- d-----w C:\Program Files\Services en ligne
2008-07-21 12:11 24,392 ----a-w C:\WINDOWS\system32\drivers\ElbyCDIO.sys
2008-07-17 00:12 28,672 ----a-w C:\WINDOWS\system32\drivers\VClone.sys
2008-07-14 16:52 80,840 ----a-w C:\WINDOWS\system32\ElbyVCD.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-26 11:06 93,128 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-03-09 05:25 236 ----a-w C:\Program Files\Fichiers communs\dx.reg
.

------- Sigcheck -------

2004-08-28 16:00 578048 4a048552ca537ef146a8c21a0881b1ba C:\WINDOWS\system32\user32.dll

2004-08-28 16:00 507904 fb66744d525ea5df9a719f1db9b2dff4 C:\WINDOWS\system32\winlogon.exe

2004-08-28 16:00 2175488 ef82e2aba188743cb88c220e22953966 C:\WINDOWS\system32\ntkrnlpa.exe

2004-08-28 16:00 2295808 2f8ac58c3a7f73bc5ae132f2b452f6ce C:\WINDOWS\system32\ntoskrnl.exe

2004-08-28 16:00 1934848 1630d57b8370b7a20a41bb4c1e459edf C:\WINDOWS\explorer.exe

2004-08-28 16:00 25088 43836cffabac8d6779e8ee55e308df2c C:\WINDOWS\system32\ctfmon.exe

2004-08-28 16:00 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\system32\spoolsv.exe
.
((((((((((((((((((((((((((((( snapshot@2008-08-26_19.26.43.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-30 08:39:58 128,256 ----a-w C:\WINDOWS\Downloaded Program Files\as2stubie.dll
+ 2008-01-21 16:12:56 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-03-04 11:28:53 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
+ 2005-05-16 17:34:48 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\kavss.dll
+ 2005-10-13 10:00:58 65,536 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\kavuninstall.exe
+ 2005-10-13 10:00:56 790,528 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\kavwebscan.dll
- 2008-08-26 06:48:56 61,918 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-08-27 11:36:03 61,918 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-08-26 06:48:56 83,330 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-08-27 11:36:04 74,448 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-08-26 06:48:56 401,458 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-08-27 11:36:04 401,458 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-08-26 06:48:56 490,466 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-08-27 11:36:04 467,962 ----a-w C:\WINDOWS\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-28 16:00 25088]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 19:25 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2005-08-12 20:52 180224]
"VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [2004-08-28 16:00 36864]
"Vistadrv"="C:\WINDOWS\system32\Vistadrive\vsdrv.exe" [2006-07-30 03:37 121089]
"TransBar"="C:\Windows\System32\TransBar.exe" [2004-08-28 16:00 65536]
"Styler"="C:\Program Files\styler\Styler.exe" [2006-05-03 11:48 307200]
"Look 'n' Stop"="C:\Program Files\Soft4Ever\looknstop\looknstop.exe" [2006-03-28 01:53 25474]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2007-01-10 21:59 1235456]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088]
"WinSys2"="C:\WINDOWS\system32\winsys2.exe" [2008-03-04 08:41 208896]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-30 00:01 52168]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 14:01 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"848677b3"="C:\WINDOWS\system32\xvwmtpma.dll" [BU]
"BM87b5442f"="C:\WINDOWS\system32\fkmjccwe.dll" [BU]
"nwiz"="nwiz.exe" [2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 09:21 16384000 C:\WINDOWS\RTHDCPL.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2004-08-28 16:00 678912]

C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
DualCoreCenter.lnk - C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2008-08-09 00:01:58 192512]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Sierra\\Empire Earth\\Empire Earth.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Spybot - Search & Destroy\\SDUpdate.exe"=
"C:\\Sierra\\Empire Earth\\Launcher.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 lnsfw1;lnsfw1;C:\WINDOWS\system32\drivers\lnsfw1.sys [2008-07-26 01:42]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-12-27 20:10]
S3 SetupNTGLM7X;SetupNTGLM7X;I:\NTGLM7X.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 00:58]

*Newly Created Service* - CATCHME
*Newly Created Service* - PAVBOOT
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

2008-08-26 C:\WINDOWS\Tasks\User_Feed_Synchronization-{FF32860D-DA21-43DA-B500-4FA94B3418B4}.job
- C:\WINDOWS\system32\msfeedssync.exe [2004-08-28 16:00]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SaveLinksOrder - (no file)
Toolbar-Locked - (no file)
Toolbar-ITBarLayout - (no file)
Toolbar-ITBarLayout - (no file)
Toolbar-ITBar7Position - (no file)

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-27 21:10:56
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-08-27 21:11:37
ComboFix-quarantined-files.txt 2008-08-27 19:11:19
ComboFix2.txt 2008-08-27 19:07:36
ComboFix3.txt 2008-08-27 19:04:06
ComboFix4.txt 2008-08-27 18:48:34
ComboFix5.txt 2008-08-27 19:10:07

Pre-Run: 39,104,995,328 octets libres
Post-Run: 39,093,391,360 octets libres

315 --- E O F --- 2008-08-18 19:42:29

---------------------------------------
log HJT
---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:12, on 27/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [TransBar] C:\Windows\System32\TransBar.exe /s
O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [848677b3] rundll32.exe "C:\WINDOWS\system32\xvwmtpma.dll",b
O4 - HKLM\..\Run: [BM87b5442f] Rundll32.exe "C:\WINDOWS\system32\fkmjccwe.dll",s
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: DualCoreCenter.lnk = C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.zebulon.fr/outils/antivirus/kavwebscan_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?AuthParam=1219702678_2ba87caea531067e9bedd8444cf80a63&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab&File=jinstall-6u7-windows-i586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
0
Réponse 10 / 10
g!rly Messages postés 18462 Statut Contributeur 406
 
Salut,

Desolé pour le retard...

Je me rend compte que j´ai fait une erreur dans le script, désolé...

Copie le texte ci-dessous :

File::
C:\WINDOWS\system32\xvwmtpma.dll
C:\WINDOWS\system32\fkmjccwe.dll

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"848677b3"=-
"BM87b5442f"=-

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+
0

Discussions similaires

Google Chrome "  Échec de l'analyse antivirus "
jmpower -
RBmoon -

18 réponses
Huawei P8 Lite "nouveau tag ajouté"
ArianeKathleen -
Mn -

25 réponses
Nouveau tag ajouté - Utilité
Eerfers -
madmyke -

1 réponse
" Échec de l'analyse antivirus " la solution.
bazfile -
bazfile -

0 réponse
Page qui s’ouvre toute seule
Dolphie -
Manon -

5 réponses