Sujet Précédent Sujet Suivant

Infection?

ganeshbis Messages postés 48 Statut Membre -  
afideg Messages postés 10970 Statut Contributeur sécurité -
Bonjour,
voila je vient de voir que ma connexion était lente et je voudrais savoir si par hasard un petit virus ne se serait pas cacher!! =p je vous met mon rapport hijackthis en espérant qu il n y ais pas trop de travaille dessus =p merci d avance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:59, on 2008-10-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Razer\Habu\razerhid.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\program files\steam\steam.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\Msmsgs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Razer\Habu\razertra.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\a-squared Free\a2free.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Entraînement Cerebral Spécial Kids - Planificateur] "C:\Program Files\Micro Application\Entraînement Cérébral Spécial Kids\data\Launcher.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [rdaqwovb] C:\WINDOWS\system32\roforsxu.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\msagent" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE RÉSEAU')
O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_05) -
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.5.0_07) -
O20 - Winlogon Notify: nnnnLfcC - C:\WINDOWS\
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

25 réponses

  • 1
  • 2
Réponse 1 / 25
afideg Messages postés 10970 Statut Contributeur sécurité 602
 
Re,

A)- D'accord, bien vu ==> avec la version 7 de ScanOnlineKaspersky: https://www.kaspersky.fr/downloads ; il faut le lancer en cliquant plutôt là (où la flèche l’indique): https://imageshack.com/ .
Ne pas oublier de Brancher ton Disque Externe (clé USB) éventuellement

B)- Relance HJT « Do a system Scan only », sur la page/rapport qui s'affiche ( laisse lui le temps de tout scanner ) coche la case devant ces lignes (si elles existent encore):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <http://www.club-internet.fr>
O4 - HKCU\..\Run: [rdaqwovb] C:\WINDOWS\system32\roforsxu.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\msagent" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE RÉSEAU')
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_05) -
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.5.0_07)
O20 - Winlogon Notify: nnnnLfcC - C:\WINDOWS\

•-Important à faire en priorité --> Désactive le Tea Timer de Spybot en passant par les options de Spybot: il faut une fois dans le logiciel il faut aller dans le menu "Mode" => coche "Mode avancé" => "Outils"(en bas de page)=> "Résident" => et tu décoches cette case: "Résident Tea Timer" .
- Tu ne dois plus voir l'icône du Tea Timer dans la barre de tâches (Systray près de l’horloge)!

NOTE: J'espère que tu l'avais déjà désactivé lors de l'analyse avec ComboFix (comme demandé = puisque Spybot S&D est un antispyware). ==> je vois que tu avais déjà lancé ComboFix --> tu aurais dû me l'annoncer. ;)

•-Arrête tous les programmes en cours et ferme toutes les fenêtres.
( seul HijackThis doit être ouvert ) ,
•- et ensuite Clic [Fix checked]

C)- Termine par une analyse complète avec ton ANTIVIR.

D)- Quel est ton pare-feu ?

Bonne nuit
Al.
1
Réponse 2 / 25
afideg Messages postés 10970 Statut Contributeur sécurité 602
 
Bonjour,
Merci

Pour information à propos de ANTIVIR:
Boot mode: Normally booted ==> il est préférable de lancer ANTIVIR en "mode sans échec".
Search for rootkits.....: off ===> il est recommandé d'activer la fonction "Search for rootkits".

Tu as toujours l'icône de ComboFix sur le bureau
1°- PREALABLES :
A)- Tout d'abord > Désactive le Tea-Timer de Spybot en passant par les options de Spybot: une fois dans le logiciel, il faut aller dans le menu "Mode" => coche "Mode avancé" => "Outils"(en bas de page)=> "Résident" => et tu décoches cette case: "Résident Teatimer" . Tu ne dois plus voir l'icône du Tea- Timer dans la barre de tâches!
•- Ne fais pas l'impasse sur cette étape, car ça peut faire échouer la procédure de désinfection !
B)- Supprime également la protection en temps-réel (bouclier/guard) de ANTIVIR.
Tu réactiveras cette dernière à l'issue de l'application CFScript pour ComboFix.

2°- Sélectionne (mettre en surbrillance) tout le texte en caractères gras suivant :

File::
C:\WINDOWS\[u]0</u>
C:\WINDOWS\NV30883092.TMP
C:\WINDOWS\NV35643568.TMP
C:\Documents and Settings\antoine\Mes documents\Antoine\logiciels mise a jours\VirtualDub_1.6.9_b23604_Fr.exe

Folder::
C:\QooBox
C:\WINDOWS\[u]0</u>

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]

3°- Copie le texte sélectionné (CTRL+C) ==> en appuyant simultanément sur les touches CTRL et C.
Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
Colle (bien dans le coin supérieur gauche) ce texte dans ce bloc-notes (CTRL+V) ==> en appuyant simultanément sur les touches CTRL et V .
Sauvegarde (enregistre-le sur le bureau) sous le nom CFScript1.txt
• Regarde ici (ce n’est qu’un exemple !) < http://img509.imageshack.us/img509/5984/screenshot332wc3.png >

4°- Ensuite, dépose ce fichier texte sur l'application de ComboFix (icône rouge “ComboFix.exe” sur le bureau) en faisant un “glisser/déposer” de ce fichier “ gras>CFScript1.txt</gras> ” sur le fichier “ComboFix.exe” comme sur la capture: < http://apu.mabul.org/up/apu/2008/08/12/img-210914jjufm.gif >
L'icône ComboFix.exe change alors de "brillance" dans sa couleur.
Un module s'affiche ==> clic sur "Exécuter"

Patiente le temps du scan.
Le bureau va disparaître à plusieurs reprises: c'est normal!
(CAUTION: Do not mouse-click ComboFix's window while it is running. = Ne touche à rien tant que le scan n'est pas terminé. That may cause it to stall.)

5°- Une fois le scan achevé, un rapport va s'afficher: poste son contenu sur le forum.
Si le fichier n'apparaît pas, il se trouve ici > C:\ComboFix.txt

6°- Arrêter puis redémarrer le PC

Donne un nouveau rapport d'analyse par HijackThis, SVP.

Merci
Al.
1
Réponse 3 / 25
afideg Messages postés 10970 Statut Contributeur sécurité 602
 
Re,

Bien, on a un souci ici : [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
1°- Vas dans "Poste de travail" > "Disque local C:\" et navigue dans les répertoires C:\Documents and Settings\antoine\Local Settings\Temp\mc27.tmp pour aller supprimer ce fichier mc27.tmp

2°- Fais le même chose pour C:\Program Files\Club-Internet\Dr Club Internet <-- à supprimer

3°- Télécharger OAD (Outil d'Aide au Diagnostic)< http://sosvirus.changelog.fr/OAD.exe > enregistre-le sur ton bureau
•- Lancer « OAD.exe » en faisant un double-clic sur le fichier < http://sosvirus.changelog.fr/OAD/1.bmp > , puis « Exécuter »
è une page bleue s’affiche.
•- Saisir la valeur recherchée ( = nom de fichier à rechercher ) --> faire un copier/coller de mchInjDrv puis [Enter]
è une nouvelle page bleue s’affiche.
- Type de recherche : taper 6 (sélectionner l'option 6) puis valide [entrée]< http://sosvirus.changelog.fr/OAD/4.bmp >
•- OAD va maintenant rechercher le fichier.
Laisse-le travailler jusqu'à ce qu'il en ait terminé.
Suivant la taille des disques durs, cette recherche peut prendre plusieurs minutes.
Patienter.
•- Le rapport de recherche s'affichera automatiquement dès qu'il en aura terminé.
•- Faire un copier/coller de ce rapport dans ton prochain post.
•-Note: Certains Antivirus (comme Panda) peuvent émettre une alerte lors de "téléchargement / utilisation".
Manuel d’aide ici https://forum.pcastuces.com/default.asp

4°- Pour cette ligne O4 - HKLM\..\Run: [Entraînement Cerebral Spécial Kids - Planificateur] "C:\Program Files\Micro Application\Entraînement Cérébral Spécial Kids\data\Launcher.exe" ; cette application Entraînement Cérébral Spécial Kids est-elle indispensable ?

5°- Télécharge Silent Runners sur le bureau: https://www.silentrunners.org/Silent%20Runners.vbs
Double-clique sur le fichier "silentrunners.vbs" : il va travailler, patiente jusqu'à l'affichage d'un message ; une fenêtre va s'ouvrir ,clique sur "oui" .
(Total run time: 162 seconds) par exemple --> c’est rapide.
Poste le rapport qui a été généré (normalement sur le bureau).
Si tu as une alerte de ton antivirus au cours du téléchargement, ou au cours de son utilisation au sujet de ce script, n'en tiens pas compte.

Comment se comporte le PC ?
Al.
1
Réponse 4 / 25
ganeshbis Messages postés 48 Statut Membre 1
 
re

voila tous les rapports de virus total ça fait beaucoup de chose ^^ bon courage et merci

fichier VIS_1221143139_1.exe
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.3.2 2008.10.08 -
AntiVir 7.8.1.34 2008.10.08 -
Authentium 5.1.0.4 2008.10.08 -
Avast 4.8.1248.0 2008.10.08 -
AVG 8.0.0.161 2008.10.08 -
BitDefender 7.2 2008.10.08 -
CAT-QuickHeal 9.50 2008.10.08 -
ClamAV 0.93.1 2008.10.08 -
DrWeb 4.44.0.09170 2008.10.08 -
eSafe 7.0.17.0 2008.10.08 -
eTrust-Vet 31.6.6134 2008.10.07 -
Ewido 4.0 2008.10.08 -
F-Prot 4.4.4.56 2008.10.08 -
F-Secure 8.0.14332.0 2008.10.08 -
Fortinet 3.113.0.0 2008.10.08 -
GData 19 2008.10.08 -
Ikarus T3.1.1.34.0 2008.10.08 -
K7AntiVirus 7.10.488 2008.10.08 -
Kaspersky 7.0.0.125 2008.10.08 -
McAfee 5400 2008.10.07 -
Microsoft 1.4005 2008.10.08 -
NOD32 3504 2008.10.08 -
Norman 5.80.02 2008.10.07 -
Panda 9.0.0.4 2008.10.07 Suspicious file
PCTools 4.4.2.0 2008.10.08 -
Prevx1 V2 2008.10.08 -
Rising 20.65.22.00 2008.10.08 -
SecureWeb-Gateway 6.7.6 2008.10.08 -
Sophos 4.34.0 2008.10.08 -
Sunbelt 3.1.1708.1 2008.10.08 -
Symantec 10 2008.10.08 -
TheHacker 6.3.1.0.103 2008.10.07 -
TrendMicro 8.700.0.1004 2008.10.08 -
VBA32 3.12.8.6 2008.10.07 -
ViRobot 2008.10.8.1412 2008.10.08 -
VirusBuster 4.5.11.0 2008.10.08 -
Information additionnelle
File size: 20480 bytes
MD5...: d96ebce992f936e78bcfea9133f09ca2
SHA1..: 6984265bd1b8265d87631ba315695211fef002b0
SHA256: 292a66d55006ae3bbdb61bc410df215e7f7ac2d1d27a3e71d7d59d35719dd079
SHA512: 5d587a7b11baf6b54a17ee517f65fcbba6b9681df5ccbdafedf2b69a35f8a58c<br>2cb727f26b990e9ebad29ed2e031b56dc01509e327105e05e3c4f45bb97a8d92
PEiD..: Armadillo v1.71
TrID..: File type identification<br>Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x40280e<br>timedatestamp.....: 0x48c641bd (Tue Sep 09 09:28:29 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x1aa3 0x2000 5.45 ef67bb7a0069dd4b209a9caddf5fd727<br>.rdata 0x3000 0xc38 0x1000 4.41 1e6e514aa8c6b5119b1b079d2c904222<br>.data 0x4000 0x4bc 0x1000 2.08 b84d76b989f6f9b0cdd9e9f19df0e1bf<br><br>( 7 imports ) <br>> KERNEL32.dll: Sleep, GetTickCount, CreateThread, LoadLibraryA, GetModuleHandleA, GetStartupInfoA<br>> USER32.dll: GetMessageA, TranslateMessage, UpdateWindow, ShowWindow, SetFocus, CreateWindowExA, GetSystemMetrics, RegisterClassExA, LoadCursorA, LoadIconA, DispatchMessageA, DefWindowProcA, GetWindowTextA, SetWindowTextA, SendMessageA, MessageBoxA, SetWindowPos<br>> GDI32.dll: CreateFontA, CreateSolidBrush<br>> WS2_32.dll: -, -, -, -, -, -, -, -, -, -<br>> MSVCP60.dll: __1_Winit@std@@QAE@XZ, __0_Winit@std@@QAE@XZ, __1Init@ios_base@std@@QAE@XZ, __0Init@ios_base@std@@QAE@XZ, __Xlen@std@@YAXXZ, __C@_1___Nullstr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@CAPBDXZ@4DB, __Tidy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEX_N@Z, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z, _npos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@2IB, __Split@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXXZ, __Grow@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAE_NI_N@Z, __Eos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXI@Z, _find@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIPBDII@Z, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z, _substr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBE_AV12@II@Z<br>> MSVCRT.dll: __CxxFrameHandler, _exit, _onexit, __dllonexit, _controlfp, free, _except_handler3, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, time, srand, exit, atoi, toupper, _XcptFilter, strstr, sprintf, memmove<br>> COMCTL32.dll: -<br><br>( 0 exports ) <br>

Fichier VIS_1221144115_1.exe reçu le 2008.10.08 23:12:18 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.3.2 2008.10.08 -
AntiVir 7.8.1.34 2008.10.08 -
Authentium 5.1.0.4 2008.10.08 -
Avast 4.8.1248.0 2008.10.08 -
AVG 8.0.0.161 2008.10.08 -
BitDefender 7.2 2008.10.08 -
CAT-QuickHeal 9.50 2008.10.08 -
ClamAV 0.93.1 2008.10.08 -
DrWeb 4.44.0.09170 2008.10.08 -
eSafe 7.0.17.0 2008.10.08 -
eTrust-Vet 31.6.6135 2008.10.08 -
Ewido 4.0 2008.10.08 -
F-Prot 4.4.4.56 2008.10.08 -
F-Secure 8.0.14332.0 2008.10.08 -
Fortinet 3.113.0.0 2008.10.08 -
GData 19 2008.10.08 -
Ikarus T3.1.1.34.0 2008.10.08 -
K7AntiVirus 7.10.488 2008.10.08 -
Kaspersky 7.0.0.125 2008.10.08 -
McAfee 5400 2008.10.07 -
Microsoft 1.4005 2008.10.08 -
NOD32 3504 2008.10.08 -
Norman 5.80.02 2008.10.07 -
Panda 9.0.0.4 2008.10.07 Suspicious file
PCTools 4.4.2.0 2008.10.08 -
Prevx1 V2 2008.10.08 -
Rising 20.65.22.00 2008.10.08 -
SecureWeb-Gateway 6.7.6 2008.10.08 -
Sophos 4.34.0 2008.10.08 -
Sunbelt 3.1.1708.1 2008.10.08 -
Symantec 10 2008.10.08 -
TheHacker 6.3.1.0.103 2008.10.07 -
TrendMicro 8.700.0.1004 2008.10.08 -
VBA32 3.12.8.6 2008.10.07 -
ViRobot 2008.10.8.1412 2008.10.08 -
VirusBuster 4.5.11.0 2008.10.08 -
Information additionnelle
File size: 20480 bytes
MD5...: d96ebce992f936e78bcfea9133f09ca2
SHA1..: 6984265bd1b8265d87631ba315695211fef002b0
SHA256: 292a66d55006ae3bbdb61bc410df215e7f7ac2d1d27a3e71d7d59d35719dd079
SHA512: 5d587a7b11baf6b54a17ee517f65fcbba6b9681df5ccbdafedf2b69a35f8a58c<br>2cb727f26b990e9ebad29ed2e031b56dc01509e327105e05e3c4f45bb97a8d92
PEiD..: Armadillo v1.71
TrID..: File type identification<br>Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x40280e<br>timedatestamp.....: 0x48c641bd (Tue Sep 09 09:28:29 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x1aa3 0x2000 5.45 ef67bb7a0069dd4b209a9caddf5fd727<br>.rdata 0x3000 0xc38 0x1000 4.41 1e6e514aa8c6b5119b1b079d2c904222<br>.data 0x4000 0x4bc 0x1000 2.08 b84d76b989f6f9b0cdd9e9f19df0e1bf<br><br>( 7 imports ) <br>> KERNEL32.dll: Sleep, GetTickCount, CreateThread, LoadLibraryA, GetModuleHandleA, GetStartupInfoA<br>> USER32.dll: GetMessageA, TranslateMessage, UpdateWindow, ShowWindow, SetFocus, CreateWindowExA, GetSystemMetrics, RegisterClassExA, LoadCursorA, LoadIconA, DispatchMessageA, DefWindowProcA, GetWindowTextA, SetWindowTextA, SendMessageA, MessageBoxA, SetWindowPos<br>> GDI32.dll: CreateFontA, CreateSolidBrush<br>> WS2_32.dll: -, -, -, -, -, -, -, -, -, -<br>> MSVCP60.dll: __1_Winit@std@@QAE@XZ, __0_Winit@std@@QAE@XZ, __1Init@ios_base@std@@QAE@XZ, __0Init@ios_base@std@@QAE@XZ, __Xlen@std@@YAXXZ, __C@_1___Nullstr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@CAPBDXZ@4DB, __Tidy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEX_N@Z, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z, _npos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@2IB, __Split@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXXZ, __Grow@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAE_NI_N@Z, __Eos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXI@Z, _find@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIPBDII@Z, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z, _substr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBE_AV12@II@Z<br>> MSVCRT.dll: __CxxFrameHandler, _exit, _onexit, __dllonexit, _controlfp, free, _except_handler3, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, time, srand, exit, atoi, toupper, _XcptFilter, strstr, sprintf, memmove<br>> COMCTL32.dll: -<br><br>( 0 exports ) <br>

Fichier 1221143139_0.exe reçu le 2008.10.08 23:14:18 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.3.2 2008.10.08 -
AntiVir 7.8.1.34 2008.10.08 -
Authentium 5.1.0.4 2008.10.08 -
Avast 4.8.1248.0 2008.10.08 -
AVG 8.0.0.161 2008.10.08 -
BitDefender 7.2 2008.10.08 -
CAT-QuickHeal 9.50 2008.10.08 -
ClamAV 0.93.1 2008.10.08 -
DrWeb 4.44.0.09170 2008.10.08 -
eSafe 7.0.17.0 2008.10.08 -
eTrust-Vet 31.6.6134 2008.10.07 -
Ewido 4.0 2008.10.08 -
F-Prot 4.4.4.56 2008.10.08 -
F-Secure 8.0.14332.0 2008.10.08 -
Fortinet 3.113.0.0 2008.10.08 -
GData 19 2008.10.08 -
Ikarus T3.1.1.34.0 2008.10.08 -
K7AntiVirus 7.10.488 2008.10.08 -
Kaspersky 7.0.0.125 2008.10.08 -
McAfee 5400 2008.10.07 -
Microsoft 1.4005 2008.10.08 -
NOD32 3504 2008.10.08 -
Norman 5.80.02 2008.10.07 -
Panda 9.0.0.4 2008.10.07 Suspicious file
PCTools 4.4.2.0 2008.10.08 -
Prevx1 V2 2008.10.08 -
Rising 20.65.22.00 2008.10.08 -
SecureWeb-Gateway 6.7.6 2008.10.08 -
Sophos 4.34.0 2008.10.08 -
Sunbelt 3.1.1708.1 2008.10.08 -
Symantec 10 2008.10.08 -
TheHacker 6.3.1.0.103 2008.10.07 -
TrendMicro 8.700.0.1004 2008.10.08 -
VBA32 3.12.8.6 2008.10.07 -
ViRobot 2008.10.8.1412 2008.10.08 -
VirusBuster 4.5.11.0 2008.10.08 -
Information additionnelle
File size: 16384 bytes
MD5...: 90d2ec1d5e340089e7338aeac4a4be00
SHA1..: ef3be8b8e102635450037e44ab9563fade550cb8
SHA256: fe680e05fa4f52fcffd20f991ffd14ec370271dec489546342ebebf02a53f275
SHA512: 0f80dd129d7c926a1289e2b945f206edc097be9875a1e3f4d8686675ee08f065<br>d34954f01c4ec9519d3436e634b50255cd74947b6bec3c01e24934df779aed07
PEiD..: Armadillo v1.71
TrID..: File type identification<br>Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x40169f<br>timedatestamp.....: 0x48c68210 (Tue Sep 09 14:02:56 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x82c 0x1000 3.80 22c817f78754aafb1f5ff54d68614aff<br>.rdata 0x2000 0x322 0x1000 1.27 8521c6a1df2182812ce42f035e5fc1d6<br>.data 0x3000 0x9c 0x1000 0.20 bf0b545bb46eb32ac2a05c332ee5558e<br><br>( 3 imports ) <br>> KERNEL32.dll: Sleep, CreateProcessA, SetFileAttributesA, CreateDirectoryA, GetWindowsDirectoryA, GetModuleHandleA, GetStartupInfoA<br>> WS2_32.dll: -, -, -, -, -, -, -, -<br>> MSVCRT.dll: _XcptFilter, _controlfp, _except_handler3, __set_app_type, fclose, fwrite, fopen, atoi, __p__fmode, exit, sprintf, _exit, malloc, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode<br><br>( 0 exports ) <br>

Fichier instime_122.dse reçu le 2008.10.08 23:18:18 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.3.2 2008.10.08 -
AntiVir 7.8.1.34 2008.10.08 -
Authentium 5.1.0.4 2008.10.08 -
Avast 4.8.1248.0 2008.10.08 -
AVG 8.0.0.161 2008.10.08 -
BitDefender 7.2 2008.10.08 -
CAT-QuickHeal 9.50 2008.10.08 -
ClamAV 0.93.1 2008.10.08 -
DrWeb 4.44.0.09170 2008.10.08 -
eSafe 7.0.17.0 2008.10.08 -
eTrust-Vet 31.6.6134 2008.10.07 -
Ewido 4.0 2008.10.08 -
F-Prot 4.4.4.56 2008.10.08 -
F-Secure 8.0.14332.0 2008.10.08 -
Fortinet 3.113.0.0 2008.10.08 -
GData 19 2008.10.08 -
Ikarus T3.1.1.34.0 2008.10.08 -
K7AntiVirus 7.10.488 2008.10.08 -
Kaspersky 7.0.0.125 2008.10.08 -
McAfee 5400 2008.10.07 -
Microsoft 1.4005 2008.10.08 -
NOD32 3504 2008.10.08 -
Norman 5.80.02 2008.10.07 -
Panda 9.0.0.4 2008.10.07 -
PCTools 4.4.2.0 2008.10.08 -
Prevx1 V2 2008.10.08 -
Rising 20.65.22.00 2008.10.08 -
SecureWeb-Gateway 6.7.6 2008.10.08 -
Sophos 4.34.0 2008.10.08 -
Sunbelt 3.1.1708.1 2008.10.08 -
Symantec 10 2008.10.08 -
TheHacker 6.3.1.0.103 2008.10.07 -
TrendMicro 8.700.0.1004 2008.10.08 -
VBA32 3.12.8.6 2008.10.07 -
ViRobot 2008.10.8.1412 2008.10.08 -
VirusBuster 4.5.11.0 2008.10.08 -
Information additionnelle
File size: 10 bytes
MD5...: 550b04d732ff57fa2b1d1bf54d9ccfe9
SHA1..: 0e7f9df293f4873df84fac7d65580d5b09618dd6
SHA256: 3bd97d4b661efefe9fd926b19c597f8e10d924ef5d50da2eeb658a8c51a7112c
SHA512: b9b17da24ac490b1520cba92244c3381e5d37c5be4d1c2f99a629d1da2c5d42c<br>7b68e6b8860f33270c1c06675370fa1f1f65c3e9e315ade5275fe4022f3fba99
PEiD..: -
TrID..: File type identification<br>Unknown!
PEInfo: -

Fichier cxtime_122.dse reçu le 2008.10.08 23:19:16 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.3.2 2008.10.08 -
AntiVir 7.8.1.34 2008.10.08 -
Authentium 5.1.0.4 2008.10.08 -
Avast 4.8.1248.0 2008.10.08 -
AVG 8.0.0.161 2008.10.08 -
BitDefender 7.2 2008.10.08 -
CAT-QuickHeal 9.50 2008.10.08 -
ClamAV 0.93.1 2008.10.08 -
DrWeb 4.44.0.09170 2008.10.08 -
eSafe 7.0.17.0 2008.10.08 -
eTrust-Vet 31.6.6134 2008.10.07 -
Ewido 4.0 2008.10.08 -
F-Prot 4.4.4.56 2008.10.08 -
F-Secure 8.0.14332.0 2008.10.08 -
Fortinet 3.113.0.0 2008.10.08 -
GData 19 2008.10.08 -
Ikarus T3.1.1.34.0 2008.10.08 -
K7AntiVirus 7.10.488 2008.10.08 -
Kaspersky 7.0.0.125 2008.10.08 -
McAfee 5400 2008.10.07 -
Microsoft 1.4005 2008.10.08 -
NOD32 3504 2008.10.08 -
Norman 5.80.02 2008.10.07 -
Panda 9.0.0.4 2008.10.07 -
PCTools 4.4.2.0 2008.10.08 -
Prevx1 V2 2008.10.08 -
Rising 20.65.22.00 2008.10.08 -
SecureWeb-Gateway 6.7.6 2008.10.08 -
Sophos 4.34.0 2008.10.08 -
Sunbelt 3.1.1708.1 2008.10.08 -
Symantec 10 2008.10.08 -
TheHacker 6.3.1.0.103 2008.10.07 -
TrendMicro 8.700.0.1004 2008.10.08 -
VBA32 3.12.8.6 2008.10.07 -
ViRobot 2008.10.8.1412 2008.10.08 -
VirusBuster 4.5.11.0 2008.10.08 -
Information additionnelle
File size: 10 bytes
MD5...: ad34a23e664f4599e48a7778a413d0fb
SHA1..: 7ca39d29e38162a960f9195ccfed42ceb92b8b59
SHA256: aa4fc0ad4ee081e560db2c94afdb31db0ae6923cf4d462999a99126b88ee288e
SHA512: ffb113ad5936486a7f0c6c8956ac86811c36203d6204499a613a662f038452aa<br>158722c92ce28b7ca6caec8263b83cfadac0b73e5e39045e1bffa5c7d2e8daaa
PEiD..: -
TrID..: File type identification<br>Unknown!
PEInfo: -
1

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 25
afideg Messages postés 10970 Statut Contributeur sécurité 602
 
Bonsoir,

Merci
Cela semble correct

1°- Search for rootkits..............: off
Note : Pour activer l'antirootkit : aller dans CONFIGURATION puis EXPERT MODE puis SCAN et cocher la case SEARCH FOR ROOTKIT...

J'avais recommandé d'activer "SEARCH FOR ROOTKITs..." ==> l'as-tu fait ?

2°- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

J'avais recommandé de désactiver "TeaTimer" ==> l'as-tu fait ?

3°- Peux-tu relancer une dernière fois ComboFix comme indiqué dans la procédure, SVP ? Merci.

Comment se comporte le PC ?
Al.
1
Réponse 6 / 25
afideg Messages postés 10970 Statut Contributeur sécurité 602
 
Salut Antoine,

Je n'ai plus assez de temps que pour suivre le forum.

Mais je te rappelle deux choses:

1°- Ne JAMAIS désactiver ton pare-feu KERIO.
Et surtout pas pour donner la priorité au jeu ! La sécurité n'est pas un jeu.

2°- Je t'avais donner le site pratique pour KERIO; et j'ajoutais cette recommandation:
« Sur ce site, tu seras aidé spécifiquement à Kerio par mon Ami Boulepate »

Il faut configurer KERIO pour qu'il accepte ce jeu (si ce jeu est correct).
Peut-être faudra-t-il désinstaller ce jeu, et le réinstaller ?
Demande le reste à Boulepate.

Bon dimanche.
Désolé, je suis en plein boulot.
Pas de repos pour moi.
Al.
1
Réponse 7 / 25
afideg Messages postés 10970 Statut Contributeur sécurité 602
 
Bonsoir

A)- Télécharge combofix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

• Assure toi que tous les programmes sont fermés avant de commencer.
• ==> Déconnecte ton PC d'Internet et referme les fenêtres de tous les programmes en cours.
• ==> Désactive provisoirement (et seulement le temps de l'utilisation de ComboFix), la protection en temps réel de ton Antivirus et de ton Antispywares, (activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil).
• Double-clique combofix.exe afin de l'exécuter.
• Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
• Il est possible que ton pare-feu (firewall) te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
• Ou bien --> Réponds oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
• Ne ferme pas la fenêtre qui vient de s'ouvrir, tu te retrouverais avec un bureau vide.
• Laisse se dérouler le scan.
• /!\ Pendant la durée de cette étape, ne te sers pas du pc et n'ouvre aucun programme. Soit patient (même si tu penses que le PC est arrêté) ; les temps « d'arrêt apparent » sont parfois de plusieurs minutes (il y a ± 40 étapes d’analyse)./i\
• Lorsque l'analyse sera terminée, un rapport apparaîtra.
• Copie-colle ce rapport dans ta prochaine réponse.
• Le rapport se trouve dans : C:\Combofix.txt (si jamais).

B)- Télécharge Malwarebyte's Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Enregistre-le sur le bureau

1°- ==> Double clique sur le fichier “mbam-setup.exe” présent sur le bureau pour lancer le processus d'installation.
Puis [Exécuter] > Français > [Suivant] > Cocher “Accepter la licence” > [Suivant] > [Suivant] > [Suivant] … Cocher “Créer une icône sur le bureau” > [Suivant] > [Installer] ==> tu obtiens cette icône https://imageshack.com/
A la fin de l'installation, veille à ce que l'option "Mettre à jour Malwarebytes Anti-Malware" soit cochée --> ---> [Terminer]
Lors de la première installation, laisse s’opérer la mise à jour automatique.
NOTE : Autoriser les alertes “Pare-feu” et “Antispywares”.
NB : Si un message s’affiche signalant qu'il te manque COMCTL32.OCX alors télécharge-le ici : https://www.malekal.com/tutorial-aboutbuster/

2°- Lance Malwarebyte's Anti-Malware en double-cliquant sur l'icône sur le bureau.
Au premier lancement, une fenêtre t'annonce que la version est gratuite >>> clique sur ok
Laisse les Mises à Jour se télécharger
*** Referme le programme ***

3°- Redémarre en "Mode sans échec"
Regarde ici pour exécuter le mode sans échec, sans stresser :
< http://www.coupdepoucepc.com/modules/news/article.php?storyid=253 >
Il faut laisser aller le PC à son rythme, pour que s'installe le bureau; après quoi, tu réutilises ta souris.
Quand tu as le curseur qui clignote, tu peux avoir un temps d'ouverture du mode sans échec qui va jusqu'à 15 minutes. Il faut donc être patient.
Choisir sa session habituelle, (pas le compte "Administrateur" ou une autre).

4°- Relance Malwarebyte's Anti-Malware en double-cliquant sur l'icône sur le bureau.
Onglet "Recherche" >>> coche « Exécuter un examen complet » >>> « Rechercher »
Sélectionne ton disque dur >>> clic sur « Lancer l'examen »
• A la fin de l'analyse, un message s'affiche : « L'examen s'est terminé normalement. Clique sur “Afficher les résultats' pour afficher tous les objets trouvés” ».
Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
• Ferme tes navigateurs.
• Si des malwares ont été détectés, clique sur “Afficher les résultats”.
Sélectionne tout (ou laisse coché) et clique sur “Supprimer la sélection”, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
• MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse.
Copie-colle ce rapport et poste-le dans ta prochaine réponse.

NB : Si MBAM te demande à redémarrer, fais-le.

6°- Un rapport de scan s'ouvre, poste le rapport.
(MBAM va ouvrir le bloc-notes et y copier le rapport d'analyse qui peut être retrouvé sous l'onglet « Rapports/logs ». Fermer le bloc-notes.
Fermer MBAM en cliquant sur « Quitter »)

C)- Termine avec ce "Scan en ligne de Kaspersky sous "Internet Explorer".
Il faut utiliser la version 7 disponible sur ce lien : https://www.kaspersky.fr/downloads
Branche ton Disque Externe (clé USB) éventuellement
- Clique sur "Démarrer Online-Scanner" (en bas à droite de la page) .
- Clique maintenant sur "J'accepte".
- Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
- Patiente pendant l'installation des "Mises à jour".
Clic sur « Paramètres d'analyse »
Coche la case "Étendue" >> Ok
- Choisis par la suite l'analyse du "Poste de travail" pour faire un « Scan complet ».
- Sauvegarde puis colle le rapport généré en fin d'analyse.
http://i204.photobucket.com/albums/bb106/Juliet702/Kas-SaveReport-1.gif
http://i204.photobucket.com/albums/bb106/Juliet702/Kas-Savetxt.gif

AIDE : Configurer le contrôle des ActiveX < http://www.inoculer.com/activex.php3 >
Tuto ici si problème : http://www.vista-xp.fr/forum/topic109.html

D)- C:\Program Files\Java\jre1.6.0_05
Grosse faille de sécurité ==> Télécharge la dernière version Java Runtime Environment 1.6.0.7 disponible ici :
https://filehippo.com/download_jre_32/?ex=CORE-116.0
Ensuite, vas dans "Panneau de configuration" > "Ajout/suppr.de programmes", et supprime tes anciennes versions

E)- C:\Program Files\Adobe\Reader 8.0\Reader
Grosse faille de sécurité ==> Il faut faire la mise à jour version 9 https://get2.adobe.com/reader/otherversions/
L'installation d' une nouvelle version désinstallera l' ancienne si besoin est.
- Décocher "Téléchargez également :Adobe Photoshop® Album Édition"
- Dans "Ajout/Suppression des programmes" tu supprimes toutes les autres versions.

Merci
Bonne chance
Al.

-1
Réponse 8 / 25
ganeshbis Messages postés 48 Statut Membre 1
 
re
alors voila c est bon j ai tous fait les scan et tous voici les rapports =)

ComboFix 08-10-04.07 - antoine 2008-10-05 19:14:26.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.546 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\antoine\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\jestertb.dll
C:\WINDOWS\system32\122142955842863281\71122142955842863281.exe
C:\WINDOWS\system32\122142955842863281\91122142955842863281.exe
C:\WINDOWS\system32\12215006285430218\7112215006285430250.exe
C:\WINDOWS\system32\12215006285430218\9112215006285430250.exe
C:\WINDOWS\system32\rtl60.bpl
C:\WINDOWS\system32\skinboxer43.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Legacy_MCHINJDRV
-------\Service_Boonty Games
-------\Service_mchInjDrv

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-05 au 2008-10-05 ))))))))))))))))))))))))))))))))))))
.

2008-10-05 19:24 . 2008-10-05 19:24 <REP> d-------- C:\WINDOWS\LastGood
2008-09-30 11:47 . 2008-09-30 11:47 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\TuneUp Software
2008-09-30 11:47 . 2008-09-30 11:47 9,728 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-09-30 11:38 . 2008-09-30 11:38 <REP> d-------- C:\WINDOWS\system32\879_SP_1222767513248531
2008-09-30 10:48 . 2008-09-30 10:48 <REP> d-------- C:\Documents and Settings\LocalService\Mes documents
2008-09-30 10:05 . 2008-09-30 10:41 <REP> d-------- C:\Program Files\Simulateur de conduite 3D
2008-09-27 12:49 . 2008-09-27 12:50 <REP> d-------- C:\WINDOWS\system32\879_SP_12225125966014562
2008-09-27 12:41 . 2008-09-27 12:41 <REP> d-------- C:\WINDOWS\system32\879_SP_12225121035522406
2008-09-27 12:37 . 2008-09-27 12:37 <REP> d-------- C:\WINDOWS\system32\879_SP_12225118375255562
2008-09-27 12:35 . 2008-09-27 12:35 <REP> d-------- C:\WINDOWS\system32\879_SP_12225117355154453
2008-09-25 10:48 . 2008-05-02 22:46 139,792 -ra------ C:\WINDOWS\system32\nv3dcht.chm
2008-09-25 10:48 . 2008-05-02 22:46 59,261 -ra------ C:\WINDOWS\system32\nvmobcht.chm
2008-09-25 10:46 . 2008-09-25 10:52 <REP> d-------- C:\WINDOWS\NV35643568.TMP
2008-09-24 16:57 . 2008-03-28 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-09-24 15:57 . 2008-09-25 10:48 <REP> d-------- C:\WINDOWS\nvidia icons
2008-09-24 15:57 . 2008-05-02 22:46 182,347 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-09-24 15:56 . 2008-09-24 16:06 <REP> d-------- C:\WINDOWS\NV30883092.TMP
2008-09-24 15:34 . 2008-10-05 19:24 266,654 --a------ C:\WINDOWS\system32\nvapps.xml
2008-09-24 15:33 . 2008-09-25 10:52 <REP> d-------- C:\WINDOWS\nview
2008-09-24 15:33 . 2008-05-02 22:46 442,368 -ra------ C:\WINDOWS\system32\nvuninst.exe
2008-09-24 15:33 . 2008-05-02 22:46 442,368 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-09-24 15:33 . 2008-05-02 22:46 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-09-23 13:37 . 2008-09-23 13:37 502 --a------ C:\WINDOWS\[u]0[/u]
2008-09-23 13:37 . 2008-09-23 13:37 81 --a------ C:\WINDOWS\Times New Roman
2008-09-23 13:36 . 2008-09-23 13:36 <REP> d-------- C:\Program Files\SoftwarePassport
2008-09-23 13:36 . 2008-09-23 13:36 <REP> d-------- C:\Program Files\Mindscape
2008-09-23 13:36 . 2008-09-23 13:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-09-23 01:37 . 2008-09-23 01:37 0 --a------ C:\WINDOWS\xc_std_1222126638_32122390.AVI
2008-09-19 02:21 . 2008-09-19 02:21 0 --a------ C:\WINDOWS\xc_std_1221783688_29654515.AVI
2008-09-19 01:50 . 2008-09-19 01:50 0 --a------ C:\WINDOWS\xc_std_1221781847_27813468.AVI
2008-09-18 15:28 . 2008-09-18 15:29 0 --a------ C:\WINDOWS\xc_std_1221744536_9030421.AVI
2008-09-18 14:33 . 2008-09-18 14:33 0 --a------ C:\WINDOWS\xc_std_1221741186_5679578.AVI
2008-09-18 01:10 . 2008-09-18 01:10 0 --a------ C:\WINDOWS\xc_std_1221693048_43596078.AVI
2008-09-18 00:31 . 2008-09-18 00:31 0 --a------ C:\WINDOWS\xc_std_1221690687_41235218.AVI
2008-09-17 21:12 . 2008-09-17 21:12 0 --a------ C:\WINDOWS\xc_std_1221678761_29309468.AVI
2008-09-16 22:40 . 2008-09-16 22:40 0 --a------ C:\WINDOWS\xc_std_1221597621_23410406.AVI
2008-09-16 12:56 . 2008-09-16 12:56 0 --a------ C:\WINDOWS\xc_std_1221562569_12799375.AVI
2008-09-16 10:55 . 2008-09-16 10:55 0 --a------ C:\WINDOWS\xc_std_1221555322_5551750.AVI
2008-09-15 22:31 . 2008-09-15 22:31 0 --a------ C:\WINDOWS\xc_std_1221510659_15460109.AVI
2008-09-15 19:43 . 2008-10-05 19:18 <REP> d-------- C:\WINDOWS\system32\12215006285430218
2008-09-14 23:59 . 2008-10-05 19:18 <REP> d-------- C:\WINDOWS\system32\122142955842863281
2008-09-12 15:22 . 2008-09-12 15:22 0 --a------ C:\WINDOWS\xc_std_1221225757_17121296.AVI
2008-09-12 12:24 . 2008-09-12 12:24 0 --a------ C:\WINDOWS\xc_std_1221215054_6418000.AVI
2008-09-11 16:41 . 2008-09-11 16:41 20,480 --a------ C:\WINDOWS\VIS_1221144115_1.exe
2008-09-11 16:41 . 2008-09-11 16:41 16,384 --a------ C:\WINDOWS\1221144115_0.exe
2008-09-11 16:25 . 2008-09-11 16:25 <REP> dr-hs---- C:\WINDOWS\system32\DBR122
2008-09-11 16:25 . 2008-09-11 16:25 20,480 --a------ C:\WINDOWS\VIS_1221143139_1.exe
2008-09-11 16:25 . 2008-09-11 16:25 16,384 --a------ C:\WINDOWS\1221143139_0.exe
2008-09-11 16:25 . 2008-09-11 16:25 10 --a------ C:\WINDOWS\system32\instime_122.dse
2008-09-11 16:25 . 2008-09-30 11:49 10 --a------ C:\WINDOWS\system32\cxtime_122.dse
2008-09-09 15:14 . 2008-09-09 15:14 <REP> d-------- C:\Documents and Settings\antoine\Application Data\SPORE
2008-09-09 15:04 . 2008-09-09 15:04 <REP> d-------- C:\Program Files\Electronic Arts
2008-09-09 11:20 . 2008-09-09 11:20 <REP> d-------- C:\ProgramData
2008-09-09 11:20 . 2008-09-09 15:03 1,546 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-09-06 11:43 . 2008-09-06 11:43 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-05 17:25 --------- d-----w C:\Program Files\Steam
2008-10-05 16:28 --------- d-----w C:\Program Files\SpeedFan
2008-10-05 12:55 --------- d-----w C:\Program Files\a-squared Free
2008-10-05 12:48 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-04 09:40 --------- d-----w C:\Documents and Settings\antoine\Application Data\Azureus
2008-10-04 09:36 --------- d-----w C:\Program Files\eMule
2008-09-24 14:57 --------- d-----w C:\Program Files\ATI Technologies
2008-09-23 11:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-23 11:36 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-09-16 07:42 --------- d-----w C:\Program Files\ma-config.com
2008-09-16 07:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-09-10 01:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-09 09:23 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-09-08 21:27 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-03 14:35 --------- d-----w C:\Program Files\CamStudio
2008-09-03 09:18 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia
2008-09-03 09:17 --------- d-----w C:\Program Files\AVSMedia
2008-08-31 11:08 --------- d-----w C:\Program Files\Cool All Video Converter Platinum
2008-08-31 11:07 --------- d-----w C:\Program Files\AVS4YOU
2008-08-31 10:55 --------- d-----w C:\Program Files\XP Codec Pack
2008-08-31 10:31 --------- d-----w C:\Documents and Settings\antoine\Application Data\AVS4YOU
2008-08-31 10:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-08-31 10:29 --------- d-----w C:\Program Files\Common Files
2008-08-30 14:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-01-26 14:11 22,328 ----a-w C:\Documents and Settings\antoine\Application Data\PnkBstrK.sys
.

------- Sigcheck -------

2006-06-21 00:11 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\system32\spoolsv.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 1271032]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"MSMSGS"="C:\Program Files\Messenger\Msmsgs.exe" [2005-08-31 1658592]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-20 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-01-19 221184]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-19 217088]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Entraînement Cerebral Spécial Kids - Planificateur"="C:\Program Files\Micro Application\Entraînement Cérébral Spécial Kids\data\Launcher.exe" [2008-03-14 352256]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"Habu"="C:\Program Files\Razer\Habu\razerhid.exe" [2006-08-23 159744]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 13529088]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 86016]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-30 C:\WINDOWS\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2008-05-02 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Docteur Club Internet.lnk - C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe [2008-01-25 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"MaxRecentDocs"= 15 (0xf)
"NoInstrumentation"= 0 (0x0)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
"DisallowCpl"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.YV12"= yv12vfw.dll
"VIDC.FFDS"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-19 14336]
R3 HabuFltr;Habu Mouse;C:\WINDOWS\system32\drivers\habu.sys [2006-08-14 23552]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-09-02 191656]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\127.tmp [ ]
S3 mtv1bus;Pimp My Mobile Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\mtv1bus.sys [2006-09-11 63216]
S3 mtv1mdfl;Pimp My Mobile Modem Filter;C:\WINDOWS\system32\DRIVERS\mtv1mdfl.sys [2006-09-11 8368]
S3 mtv1mdm;Pimp My Mobile Modem Drivers;C:\WINDOWS\system32\DRIVERS\mtv1mdm.sys [2006-09-11 97520]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-11 306432]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{375bbc48-d553-11dc-9a9d-0019dbf703c9}]
\Shell\Auto\command - cmd /C launch.bat
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cc55d59-7b26-11dd-9c47-0019dbf703c9}]
\Shell\Auto\command - cmd /C launch.bat
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

*Newly Created Service* - MCHINJDRV
.
Contenu du dossier 'Tâches planifiées'

2008-09-26 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 14:31]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-rdaqwovb - C:\WINDOWS\system32\roforsxu.exe
Notify-nnnnLfcC - (no file)

.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\antoine\Application Data\Mozilla\Firefox\Profiles\v54aube6.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/firefox
FF -: plugin - C:\Documents and Settings\antoine\Application Data\Mozilla\Firefox\Profiles\v54aube6.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF -: plugin - C:\Program Files\ma-config.com\nphardwaredetection.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-05 19:24:48
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\antoine\LOCALS~1\Temp\mc27.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\system32\127.tmp"
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Razer\Habu\razertra.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Heure de fin: 2008-10-05 19:28:48 - La machine a redémarré [antoine]
ComboFix-quarantined-files.txt 2008-10-05 17:28:43
ComboFix2.txt 2008-04-22 14:50:39

Avant-CF: 113,560,584,192 octets libres
Après-CF: 113,644,044,288 octets libres

268 --- E O F --- 2008-09-10 01:04:49

Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1230
Windows 5.1.2600 Service Pack 2

05/10/2008 21:36:44
mbam-log-2008-10-05 (21-36-44).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 151931
Temps écoulé: 1 hour(s), 30 minute(s), 56 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 9
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{6d422996-4f55-407c-828e-059d2c312f5e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7c054d23-ff37-467e-8f0f-a82d43c203d2} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a00281d9-67be-4881-bb34-2fb7196d4db5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de4a7692-b2cb-4d1a-9956-76a8a028caa0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{15fabe1b-ee9a-4652-aaa3-fdcf6635ff79} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{6d1e583a-d2aa-4aca-ace8-451f73c609f1} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\atfxqogp.bsog (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\eMule\LinkCreator.exe (Rogue.Fake!emule.exe) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

il n y a que le scan de kapersky qui se fait mais je nai pas trouver ce que tu me disait ^^ par contre jai vu que je nest plus le trojan vundo deja c cool!!! =) merci je t envoi le dernier rapport dès qu il est finit merci encore
-1
Réponse 9 / 25
ganeshbis Messages postés 48 Statut Membre 1
 
re

voici mon rapport kapersky
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, October 6, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, October 05, 2008 19:45:19
Records in database: 1293078
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
H:\

Scan statistics:
Files scanned: 115351
Threat name: 3
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 01:57:21

File name / Threat name / Threats count
C:\Documents and Settings\antoine\Mes documents\Antoine\logiciels mise a jours\VirtualDub_1.6.9_b23604_Fr.exe Infected: not-a-virus:AdWare.Win32.Rabio.ev 1
C:\QooBox\Quarantine\C\WINDOWS\system32\122142955842863281\71122142955842863281.exe.vir Infected: not-a-virus:PSWTool.Win32.Messen.aq 1
C:\QooBox\Quarantine\C\WINDOWS\system32\122142955842863281\91122142955842863281.exe.vir Infected: not-a-virus:PSWTool.Win32.NetPass.bz 1
C:\QooBox\Quarantine\C\WINDOWS\system32\12215006285430218\7112215006285430250.exe.vir Infected: not-a-virus:PSWTool.Win32.Messen.aq 1
C:\QooBox\Quarantine\C\WINDOWS\system32\12215006285430218\9112215006285430250.exe.vir Infected: not-a-virus:PSWTool.Win32.NetPass.bz 1

The selected area was scanned.

En ce qui concerne mon par feu je n en n ai pas enfin c celui de windows me semble t-il mon scan antivir ce fait je le poste dès sa fin merci encore =)
-1
Réponse 10 / 25
ganeshbis Messages postés 48 Statut Membre 1
 
et voici le rapport antivir =)

Avira AntiVir Personal
Report file date: lundi 6 octobre 2008 10:20

Scanning for 1658825 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: XPSP2-0181848AE

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 17/07/2008 17:04:18
AVSCAN.DLL : 8.1.4.0 40705 Bytes 17/07/2008 17:04:18
LUKE.DLL : 8.1.4.5 164097 Bytes 17/07/2008 17:04:18
LUKERES.DLL : 8.1.4.0 12033 Bytes 17/07/2008 17:04:18
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 20:52:57
ANTIVIR2.VDF : 7.0.6.217 3773440 Bytes 26/09/2008 16:21:30
ANTIVIR3.VDF : 7.0.6.243 186368 Bytes 04/10/2008 12:05:43
Engineversion : 8.1.1.35
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.76 319867 Bytes 18/09/2008 16:17:04
AESCN.DLL : 8.1.0.23 119156 Bytes 15/07/2008 16:47:29
AERDL.DLL : 8.1.1.2 438644 Bytes 18/09/2008 16:17:04
AEPACK.DLL : 8.1.2.3 364918 Bytes 24/09/2008 16:45:42
AEOFFICE.DLL : 8.1.0.25 196986 Bytes 18/09/2008 16:17:03
AEHEUR.DLL : 8.1.0.59 1438071 Bytes 18/09/2008 16:17:02
AEHELP.DLL : 8.1.0.15 115063 Bytes 30/05/2008 11:01:53
AEGEN.DLL : 8.1.0.36 315764 Bytes 19/08/2008 16:12:17
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 15:48:22
AECORE.DLL : 8.1.1.11 172406 Bytes 03/09/2008 22:55:52
AEBB.DLL : 8.1.0.1 53617 Bytes 17/07/2008 17:04:18
AVWINLL.DLL : 1.0.0.12 15105 Bytes 17/07/2008 17:04:18
AVPREF.DLL : 8.0.2.0 38657 Bytes 17/07/2008 17:04:18
AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 15:48:16
AVREG.DLL : 8.0.0.1 33537 Bytes 17/07/2008 17:04:18
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 17/07/2008 17:04:18
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 17/07/2008 17:04:18
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 17/07/2008 17:04:15
RCTEXT.DLL : 8.0.52.0 86273 Bytes 17/07/2008 17:04:15

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, F:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: lundi 6 octobre 2008 10:20

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'speedfan.exe' - '1' Module(s) have been scanned
Scan process 'CCC.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'FxSvr2.exe' - '1' Module(s) have been scanned
Scan process 'razerofa.exe' - '1' Module(s) have been scanned
Scan process 'razertra.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'Msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'SuperCopier2.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'razerhid.exe' - '1' Module(s) have been scanned
Scan process 'CFD.exe' - '1' Module(s) have been scanned
Scan process 'Launcher.exe' - '1' Module(s) have been scanned
Scan process 'MOM.exe' - '1' Module(s) have been scanned
Scan process 'NBService.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'LogiTray.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
43 processes with 43 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '59' files ).

Starting the file scan:

Begin scan in 'C:\' <Norbert>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'F:\' <bibi>

End of the scan: lundi 6 octobre 2008 11:47
Used time: 1:26:38 Hour(s)

The scan has been done completely.

7804 Scanning directories
374247 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
374245 Files not concerned
7801 Archives were scanned
2 Warnings
0 Notes
-1
Réponse 11 / 25
ganeshbis Messages postés 48 Statut Membre 1
 
re
voila le rapport de combofix

ComboFix 08-10-04.07 - antoine 2008-10-06 13:27:29.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.574 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\antoine\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\antoine\Bureau\CFScript1.txt
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]

FILE ::
C:\Documents and Settings\antoine\Mes documents\Antoine\logiciels mise a jours\VirtualDub_1.6.9_b23604_Fr.exe
C:\WINDOWS\[u]0</u>
C:\WINDOWS\NV30883092.TMP
C:\WINDOWS\NV35643568.TMP
C:\QooBox -- Whitelisted --
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\antoine\Mes documents\Antoine\logiciels mise a jours\VirtualDub_1.6.9_b23604_Fr.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MCHINJDRV

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-06 au 2008-10-06 ))))))))))))))))))))))))))))))))))))
.

2008-10-06 13:35 . 2008-10-06 13:35 <REP> d-------- C:\WINDOWS\LastGood
2008-10-05 21:55 . 2008-10-05 21:55 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-10-05 19:39 . 2008-10-05 19:39 <REP> d-------- C:\Program Files\Sun
2008-10-05 19:35 . 2008-10-05 19:35 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-05 19:35 . 2008-10-05 19:35 <REP> d-------- C:\Documents and Settings\antoine\Application Data\Malwarebytes
2008-10-05 19:35 . 2008-10-05 19:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-05 19:35 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-05 19:35 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-05 19:33 . 2008-10-05 21:39 <REP> d-------- C:\Program Files\NOS
2008-10-05 19:33 . 2008-10-05 21:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-09-30 11:47 . 2008-09-30 11:47 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\TuneUp Software
2008-09-30 11:47 . 2008-09-30 11:47 9,728 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-09-30 11:38 . 2008-09-30 11:38 <REP> d-------- C:\WINDOWS\system32\879_SP_1222767513248531
2008-09-30 10:48 . 2008-09-30 10:48 <REP> d-------- C:\Documents and Settings\LocalService\Mes documents
2008-09-30 10:05 . 2008-09-30 10:41 <REP> d-------- C:\Program Files\Simulateur de conduite 3D
2008-09-27 12:49 . 2008-09-27 12:50 <REP> d-------- C:\WINDOWS\system32\879_SP_12225125966014562
2008-09-27 12:41 . 2008-09-27 12:41 <REP> d-------- C:\WINDOWS\system32\879_SP_12225121035522406
2008-09-27 12:37 . 2008-09-27 12:37 <REP> d-------- C:\WINDOWS\system32\879_SP_12225118375255562
2008-09-27 12:35 . 2008-09-27 12:35 <REP> d-------- C:\WINDOWS\system32\879_SP_12225117355154453
2008-09-25 10:48 . 2008-05-02 22:46 139,792 -ra------ C:\WINDOWS\system32\nv3dcht.chm
2008-09-25 10:48 . 2008-05-02 22:46 59,261 -ra------ C:\WINDOWS\system32\nvmobcht.chm
2008-09-25 10:46 . 2008-09-25 10:52 <REP> d-------- C:\WINDOWS\NV35643568.TMP
2008-09-24 16:57 . 2008-03-28 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-09-24 15:57 . 2008-09-25 10:48 <REP> d-------- C:\WINDOWS\nvidia icons
2008-09-24 15:57 . 2008-05-02 22:46 182,347 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-09-24 15:56 . 2008-09-24 16:06 <REP> d-------- C:\WINDOWS\NV30883092.TMP
2008-09-24 15:34 . 2008-10-06 13:35 266,654 --a------ C:\WINDOWS\system32\nvapps.xml
2008-09-24 15:33 . 2008-09-25 10:52 <REP> d-------- C:\WINDOWS\nview
2008-09-24 15:33 . 2008-05-02 22:46 442,368 -ra------ C:\WINDOWS\system32\nvuninst.exe
2008-09-24 15:33 . 2008-05-02 22:46 442,368 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-09-24 15:33 . 2008-05-02 22:46 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-09-23 13:37 . 2008-09-23 13:37 502 --a------ C:\WINDOWS\[u]0[/u]
2008-09-23 13:37 . 2008-09-23 13:37 81 --a------ C:\WINDOWS\Times New Roman
2008-09-23 13:36 . 2008-09-23 13:36 <REP> d-------- C:\Program Files\SoftwarePassport
2008-09-23 13:36 . 2008-09-23 13:36 <REP> d-------- C:\Program Files\Mindscape
2008-09-23 13:36 . 2008-09-23 13:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-09-23 01:37 . 2008-09-23 01:37 0 --a------ C:\WINDOWS\xc_std_1222126638_32122390.AVI
2008-09-19 02:21 . 2008-09-19 02:21 0 --a------ C:\WINDOWS\xc_std_1221783688_29654515.AVI
2008-09-19 01:50 . 2008-09-19 01:50 0 --a------ C:\WINDOWS\xc_std_1221781847_27813468.AVI
2008-09-18 15:28 . 2008-09-18 15:29 0 --a------ C:\WINDOWS\xc_std_1221744536_9030421.AVI
2008-09-18 14:33 . 2008-09-18 14:33 0 --a------ C:\WINDOWS\xc_std_1221741186_5679578.AVI
2008-09-18 01:10 . 2008-09-18 01:10 0 --a------ C:\WINDOWS\xc_std_1221693048_43596078.AVI
2008-09-18 00:31 . 2008-09-18 00:31 0 --a------ C:\WINDOWS\xc_std_1221690687_41235218.AVI
2008-09-17 21:12 . 2008-09-17 21:12 0 --a------ C:\WINDOWS\xc_std_1221678761_29309468.AVI
2008-09-16 22:40 . 2008-09-16 22:40 0 --a------ C:\WINDOWS\xc_std_1221597621_23410406.AVI
2008-09-16 12:56 . 2008-09-16 12:56 0 --a------ C:\WINDOWS\xc_std_1221562569_12799375.AVI
2008-09-16 10:55 . 2008-09-16 10:55 0 --a------ C:\WINDOWS\xc_std_1221555322_5551750.AVI
2008-09-15 22:31 . 2008-09-15 22:31 0 --a------ C:\WINDOWS\xc_std_1221510659_15460109.AVI
2008-09-15 19:43 . 2008-10-05 19:18 <REP> d-------- C:\WINDOWS\system32\12215006285430218
2008-09-14 23:59 . 2008-10-05 19:18 <REP> d-------- C:\WINDOWS\system32\122142955842863281
2008-09-12 15:22 . 2008-09-12 15:22 0 --a------ C:\WINDOWS\xc_std_1221225757_17121296.AVI
2008-09-12 12:24 . 2008-09-12 12:24 0 --a------ C:\WINDOWS\xc_std_1221215054_6418000.AVI
2008-09-11 16:41 . 2008-09-11 16:41 20,480 --a------ C:\WINDOWS\VIS_1221144115_1.exe
2008-09-11 16:41 . 2008-09-11 16:41 16,384 --a------ C:\WINDOWS\1221144115_0.exe
2008-09-11 16:25 . 2008-09-11 16:25 <REP> dr-hs---- C:\WINDOWS\system32\DBR122
2008-09-11 16:25 . 2008-09-11 16:25 20,480 --a------ C:\WINDOWS\VIS_1221143139_1.exe
2008-09-11 16:25 . 2008-09-11 16:25 16,384 --a------ C:\WINDOWS\1221143139_0.exe
2008-09-11 16:25 . 2008-09-11 16:25 10 --a------ C:\WINDOWS\system32\instime_122.dse
2008-09-11 16:25 . 2008-09-30 11:49 10 --a------ C:\WINDOWS\system32\cxtime_122.dse
2008-09-09 15:14 . 2008-09-09 15:14 <REP> d-------- C:\Documents and Settings\antoine\Application Data\SPORE
2008-09-09 15:04 . 2008-09-09 15:04 <REP> d-------- C:\Program Files\Electronic Arts
2008-09-09 11:20 . 2008-09-09 11:20 <REP> d-------- C:\ProgramData
2008-09-09 11:20 . 2008-09-09 15:03 1,546 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-09-06 11:43 . 2008-09-06 11:43 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-06 11:36 --------- d-----w C:\Program Files\Steam
2008-10-06 08:15 --------- d-----w C:\Documents and Settings\antoine\Application Data\Azureus
2008-10-06 08:13 --------- d-----w C:\Program Files\eMule
2008-10-06 08:12 --------- d-----w C:\Program Files\SpeedFan
2008-10-05 17:38 --------- d-----w C:\Program Files\Java
2008-10-05 12:55 --------- d-----w C:\Program Files\a-squared Free
2008-10-05 12:48 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-24 14:57 --------- d-----w C:\Program Files\ATI Technologies
2008-09-23 11:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-23 11:36 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-09-16 07:42 --------- d-----w C:\Program Files\ma-config.com
2008-09-16 07:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-09-10 01:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-09 09:23 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-09-08 21:27 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-03 14:35 --------- d-----w C:\Program Files\CamStudio
2008-09-03 09:18 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia
2008-09-03 09:17 --------- d-----w C:\Program Files\AVSMedia
2008-08-31 11:08 --------- d-----w C:\Program Files\Cool All Video Converter Platinum
2008-08-31 11:07 --------- d-----w C:\Program Files\AVS4YOU
2008-08-31 10:55 --------- d-----w C:\Program Files\XP Codec Pack
2008-08-31 10:31 --------- d-----w C:\Documents and Settings\antoine\Application Data\AVS4YOU
2008-08-31 10:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-08-31 10:29 --------- d-----w C:\Program Files\Common Files
2008-08-30 14:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-01-26 14:11 22,328 ----a-w C:\Documents and Settings\antoine\Application Data\PnkBstrK.sys
.

------- Sigcheck -------

2006-06-21 00:11 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\system32\spoolsv.exe
.
((((((((((((((((((((((((((((( snapshot@2008-10-05_19.28.13.62 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-12 13:06:42 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A90000000001}\SC_Reader.exe
- 2008-02-22 00:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-09 23:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2008-02-22 00:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-09 23:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2008-02-22 01:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-10 00:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 1271032]
"MSMSGS"="C:\Program Files\Messenger\Msmsgs.exe" [2005-08-31 1658592]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-20 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-01-19 221184]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-19 217088]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Entraînement Cerebral Spécial Kids - Planificateur"="C:\Program Files\Micro Application\Entraînement Cérébral Spécial Kids\data\Launcher.exe" [2008-03-14 352256]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"Habu"="C:\Program Files\Razer\Habu\razerhid.exe" [2006-08-23 159744]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 13529088]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 86016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-30 C:\WINDOWS\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2008-05-02 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Docteur Club Internet.lnk - C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe [2008-01-25 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"MaxRecentDocs"= 15 (0xf)
"NoInstrumentation"= 0 (0x0)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
"DisallowCpl"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.YV12"= yv12vfw.dll
"VIDC.FFDS"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-19 14336]
R3 HabuFltr;Habu Mouse;C:\WINDOWS\system32\drivers\habu.sys [2006-08-14 23552]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-09-02 191656]
S3 mtv1bus;Pimp My Mobile Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\mtv1bus.sys [2006-09-11 63216]
S3 mtv1mdfl;Pimp My Mobile Modem Filter;C:\WINDOWS\system32\DRIVERS\mtv1mdfl.sys [2006-09-11 8368]
S3 mtv1mdm;Pimp My Mobile Modem Drivers;C:\WINDOWS\system32\DRIVERS\mtv1mdm.sys [2006-09-11 97520]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-11 306432]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{375bbc48-d553-11dc-9a9d-0019dbf703c9}]
\Shell\Auto\command - cmd /C launch.bat
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cc55d59-7b26-11dd-9c47-0019dbf703c9}]
\Shell\Auto\command - cmd /C launch.bat
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

*Newly Created Service* - MCHINJDRV
.
Contenu du dossier 'Tâches planifiées'

2008-09-26 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 14:31]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-06 13:36:16
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\antoine\LOCALS~1\Temp\mc26.tmp"
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Razer\Habu\razertra.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Heure de fin: 2008-10-06 13:40:50 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-06 11:40:43
ComboFix2.txt 2008-10-05 17:28:50
ComboFix3.txt 2008-04-22 14:50:39

Avant-CF: 116 521 218 048 octets libres
Après-CF: 116,537,548,800 octets libres

271 --- E O F --- 2008-09-10 01:04:49

et le rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:55:31, on 06/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Micro Application\Entraînement Cérébral Spécial Kids\data\Launcher.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Razer\Habu\razerhid.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Messenger\Msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Razer\Habu\razertra.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Entraînement Cerebral Spécial Kids - Planificateur] "C:\Program Files\Micro Application\Entraînement Cérébral Spécial Kids\data\Launcher.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\msagent" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_05] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE RÉSEAU')
O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
-1
Réponse 12 / 25
ganeshbis Messages postés 48 Statut Membre 1
 
re

voici le rapport OAD

06/10/2008 ---- 19:21:45,53

----------------------------------
§§§§§§ [mchInjDrv] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete

********************
[Registre]
********************

"DeviceItem0070"="[Pilotes non Plug-and-Play] -> [mchInjDrv] (0x00000000)"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCHINJDRV]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000]
"Service"="mchInjDrv"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000]
"DeviceDesc"="mchInjDrv"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000\Control]
"ActiveService"="mchInjDrv"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mchInjDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mchInjDrv\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mchInjDrv\Enum]
"0"="Root\\LEGACY_MCHINJDRV\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MCHINJDRV]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MCHINJDRV\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MCHINJDRV\0000]
"Service"="mchInjDrv"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MCHINJDRV\0000]
"DeviceDesc"="mchInjDrv"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mchInjDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000]
"Service"="mchInjDrv"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000]
"DeviceDesc"="mchInjDrv"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000\Control]
"ActiveService"="mchInjDrv"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv\Enum]
"0"="Root\\LEGACY_MCHINJDRV\\0000"

*******************
[Fichier]
*******************

*********************
[Même date]
*********************

Aucun fichier créé à la même date détecté

Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------

et le silent runner

"Silent Runners.vbs", revision 58, https://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"SuperCopier2.exe" = "C:\Program Files\SuperCopier2\SuperCopier2.exe" ["SFX TEAM"]
"Steam" = ""c:\program files\steam\steam.exe" -silent" ["Valve Corporation"]
"MSMSGS" = ""C:\Program Files\Messenger\Msmsgs.exe" /background" [MS]
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ["Google Inc."]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NeroFilterCheck" = "C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" ["Nero AG"]
"LVCOMSX" = "C:\WINDOWS\system32\LVCOMSX.EXE" ["Labtec Inc."]
"LogitechVideoTray" = "C:\Program Files\Logitech\Video\LogiTray.exe" ["Labtec Inc."]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"avgnt" = ""C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"]
"StartCCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"" ["Advanced Micro Devices, Inc."]
"BJCFD" = "C:\Program Files\BroadJump\Client Foundation\CFD.exe" ["BroadJump, Inc."]
"Habu" = "C:\Program Files\Razer\Habu\razerhid.exe" [empty string]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"ISUSPM Startup" = "C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup" ["InstallShield Software Corporation"]
"ISUSScheduler" = ""C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start" ["InstallShield Software Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub"
-> {HKLM...CLSID} = "Adobe PDF Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll" [file not found]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Programme d'aide de l'Assistant de connexion Windows Live"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"
\InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll" ["Google Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
-> {HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"
-> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Labtec Pictures"
-> {HKLM...CLSID} = "My Labtec Pictures"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Video\Namespc2.dll" ["Labtec Inc."]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Mes dossiers de partage"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll" [MS]
"{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" = "TuneUp Shredder Shell Extension"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
"{44440D00-FF19-4AFC-B765-9A0970567D97}" = "TuneUp Theme Extension"
-> {HKLM...CLSID} = "TuneUp Theme Extension"
\InProcServer32\(Default) = "C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]
"{A155339D-CCCD-4714-85EB-3754B804C9DF}" = "a-squared Free Shell Extension"
-> {HKLM...CLSID} = "a-squared Free Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\a-squared Free\a2freecontmenu.dll" ["Emsi Software GmbH"]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll" [null data]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"
-> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
a-squared Free Shell Extension\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"
-> {HKLM...CLSID} = "a-squared Free Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\a-squared Free\a2freecontmenu.dll" ["Emsi Software GmbH"]
MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
a-squared Free Shell Extension\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"
-> {HKLM...CLSID} = "a-squared Free Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\a-squared Free\a2freecontmenu.dll" ["Emsi Software GmbH"]
MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

Default executables:
--------------------

<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile"

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\

"SaveZoneInformation" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"HideZoneInfoOnProperties" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"CDRAutoRun" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoStrCmpLogical" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoToolbarsOnTaskbar" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoResolveTrack" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoResolveSearch" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoNetworkConnections" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Start Menu and Taskbar|
Remove Network Connections from Start Menu}

"NoSMHelp" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Start Menu and Taskbar|
Remove Help menu from Start Menu}

"NoRecentDocsMenu" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoSMMyPictures" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Start Menu and Taskbar|
Remove My Pictures icon from Start Menu}

"NoRecentDocsHistory" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoStartMenuMFUprogramsList" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoUserNameInStartMenu" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"ClearRecentDocsOnExit" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoInstrumentation" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoCDBurning" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"MemCheckBoxInRunDlg" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoSMBalloonTip" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"DisallowCpl" = (REG_DWORD) dword:0x00000001
{User Configuration|Administrative Templates|Control Panel|
Hide specified control panel applets / items}

"NoLowDiskSpaceChecks" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"CDRAutoRun" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoRemoteRecursiveEvents" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"ForceClassicControlPanel" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoSimpleStartMenu" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl\

"1" = (REG_SZ) Polices
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideLogoffScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideStartupScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

"SynchronousMachineGroupPolicy" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"SynchronousUserGroupPolicy" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideLogoffScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideStartupScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\antoine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

LogitechQuickSync\
"Provider" = "Logitech QuickSync"
"InvokeProgID" = "Applications\QSync.exe"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\Applications\QSync.exe\shell\open\command\(Default) = ""C:\Program Files\Logitech\Video\QSync.exe"" ["Labtec Inc."]

MPCPlayCDAudioOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayCDAudio"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /cd" ["Gabest"]

MPCPlayDVDMovieOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayDVDMovie"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /dvd" ["Gabest"]

MPCPlayMusicFilesOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayMusicFiles"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]

MPCPlayVideoFilesOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayVideoFiles"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]

MSWMEncVCArrival\
"Provider" = "Codeur Windows Media Série 9"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = "C:\Program Files\Windows Media Components\Encoder\WMEnc.exe"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

VLCPlayCDAudioOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.CDAudio"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\play\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file cdda:%1" ["VideoLAN Team"]

VLCPlayDVDMovieOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.DVDMovie"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\play\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file dvd:%1" ["VideoLAN Team"]

Startup items in "antoine" & "All Users" startup folders:
---------------------------------------------------------

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Docteur Club Internet" -> shortcut to: "C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe -boot" [file not found]

Enabled Scheduled Tasks:
------------------------

"1-Click Maintenance" -> launches: "C:\Program Files\TuneUp Utilities 2008\OneClick.exe /schedulestart" ["TuneUp Software GmbH"]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Rechercher"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_07"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll" [file not found]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_07"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll" ["Sun Microsystems, Inc."]

{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [file not found]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\
"MenuText" = "Spybot - Search & Destroy Configuration"
"CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}"
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "@C:\Program Files\Messenger\Msgslang.dll,-61144"
"MenuText" = "@C:\Program Files\Messenger\Msgslang.dll,-61144"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

Miscellaneous IE Hijack Points
------------------------------

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\
<<H>> "TuneUp" = "file://C|/Documents and Settings/All Users/Application Data/TuneUp Software/Common/base.css" [file not found]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

a-squared Free Service, a2free, ""C:\Program Files\a-squared Free\a2service.exe"" ["Emsi Software GmbH"]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
Avira AntiVir Personal – Free Antivirus Guard, AntiVirService, ""C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"" ["Avira GmbH"]
Avira AntiVir Personal – Free Antivirus Scheduler, AntiVirScheduler, ""C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"" ["Avira GmbH"]
Nero BackItUp Scheduler 3, Nero BackItUp Scheduler 3, "C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe" ["Nero AG"]
NMIndexingService, NMIndexingService, ""C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe"" ["Nero AG"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
TuneUp Extension de thème, UxTuneUp, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]}
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor MP210 series\Driver = "CNMLM8S.DLL" ["CANON INC."]

---------- (launch time: 2008-10-06 19:28:32)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 44 seconds, including 5 seconds for message boxes)

par contre en ce qui concerne le fichier mc27.tmp je ne l ai pas trouver =( j ai desinstaller Entraînement Cérébral Spécial Kids aussi ce netais pas indispensable!! =p encore merci de me donner de ton temps =)
-1
Réponse 13 / 25
ganeshbis Messages postés 48 Statut Membre 1
 
ui apparemment le pc va mieux quand même ne serai ce que au niveau de ma connexion =)
-1
Réponse 14 / 25
afideg Messages postés 10970 Statut Contributeur sécurité 602
 
Re,

Je t'ai laissé un MP
Regarde sur la page CCM --> au-dessus à droite, une petite enveloppe clignote --> double-clic pour lire le message.

Où as-tu téléchargé C:/Documents and Settings/All Users/Application Data/TuneUp Software ?
Gadget inutile à mes yeux.
ANTIVIR, KERIO et MBMA (Malwarebyte's Anti-Malware) devraient largement suffire.
Je n'ai ni Ad-Aware, ni Spybot S&D, ni ...
J'ai Kaspersky Internet Security et Spyware Terminator (pour le fun).

J'ai demandé un avis extérieur; patiente un peu.
(Pour ce service mchInjDrv, et pour toutes ces lignes contenant 122...)

Merci.
Bonne soirée
Al.
-1
Réponse 15 / 25
ganeshbis Messages postés 48 Statut Membre 1
 
bjr
dois-je poster quelque chose a un endroit précis ou je prendre juste mon mal en patience en attendant que l on viennent me dire quoi faire? merci ^^
-1
Réponse 16 / 25
afideg Messages postés 10970 Statut Contributeur sécurité 602
 
Bonjour,

Non, ne poste rien pour le moment.
Le helper doit avoir reçu l'appel à cette heure.
Il est probablement occupé à déchiffrer ton topic et les rapports.

À ce soir.
Je m'absente maintenant.

Al.
-1
Réponse 17 / 25
afideg Messages postés 10970 Statut Contributeur sécurité 602
 
Bonsoir,

Désolé pour ce retard.
Voici pour suivre comment nous allons procéder.

D'abord faire analyser ces fichiers en gras ci-dessous chez VirusTotal:

C:\WINDOWS\VIS_1221143139_1.exe
C:\WINDOWS\VIS_1221144115_1.exe
C:\WINDOWS\1221144115_0.exe
C:\WINDOWS\1221143139_0.exe
C:\WINDOWS\system32\instime_122.dse
C:\WINDOWS\system32\cxtime_122.dse

1°- Assure toi d'avoir accès aux dossiers/fichiers cachés :
Soit en faisant : Ouvrir un dossier, n'importe lequel. Aller dans "Outils" >"Options des dossiers" > "Affichage"
Soit en faisant « Démarrer »/ »PanneauConfiguration/OptionsDossiers /onglet « Affichage »
et là :
cocher la case devant les lignes:
- afficher les fichiers et dossier cachés
- afficher contenu dossier système
décocher la case devant les lignes:
- masquer les extensions des fichiers dont le type est connu
- masquer les fichiers protégés du système d'exploitation
Tu vas recevoir un message qui te dit que cela peut endommager le système,
n'en tiens pas compte.
Puis cliquer APPLIQUER à TOUS les Dossiers > [OK]
Si tu n'es pas à l'aise dans la navigation des dossiers, je t'invite à suivre ce tutorial : < http://www.malekal.com/rechercher_fichiers.php >

2°- Une aide pour la suite ici, en cas de besoin: http://bibou0007.com/tutos-f45/tutorial-sur-virustotal-t190.htm

3°- Vas là :< https://www.virustotal.com/gui/ >
•- sur la page qui s'affiche tu cliques sur [Parcourir]
•- ensuite sur la nouvelle page qui s'affiche, tu suis le chemin du fichier VIS_1221143139_1.exe
c'est-à-dire via "Poste de travail" > C:\WINDOWS\
•- Tu ouvres le dossier "WINDOWS\", et quand tu y as trouvé le fichier VIS_1221143139_1.exe , tu cliques sur "Ouvrir" ( sur cette dernière page affichée)
•- le fichier VIS_1221143139_1.exe se retrouve alors ainsi dans la fenêtre de VirusTotal, pour l'analyse
•- là, tu cliques sur "send file" = « Envoyer » ( de la page de VirusTotal )
•- et tu attends le résultat (il faut parfois patienter)
•- Dans l'encadré: "Situation actuelle: terminé" ==> cliquer sur "Formaté"
•- Une nouvelle fenêtre de votre navigateur apparaîtra...
•- Dans la nouvelle fenêtre, cliquer sur cette image : < http://img215.imageshack.us/img215/6039/virustotalpourcopierip3.jpg >
•- Faire un clic-droit sur la page, choisir => "Sélectionner tout" > puis encore clic-droit => Copier...
Enfin , clic-droit => Coller le(s) résultat(s) dans le WordPad ou Bloc-Notes ==> et le poster sur forum ici.

4°- Tu suis la même procédure pour les autres fichiers (attention, les 2 derniers se trouvent dans C:\WINDOWS\system32)

Bonne chance
Al.

EDIT ==> ne rien faire d'autre ce soir; sauf peut-être supprimer SuperCopier2 localisé en C:\Program Files\ et sans doute dans "Panneau de configuration" > "Ajout/Suppr. de programmes".
( SuperCopier 2 tente d'installer le pilote MCHINJDRV ==> et je suis allergique à SuperCopier 2 ).
-1
Réponse 18 / 25
afideg Messages postés 10970 Statut Contributeur sécurité 602
 
Re,

Tu as toujours l'icône de ComboFix sur le bureau
1°- PREALABLES :
A)- Tout d'abord > Désactive le Tea-Timer de Spybot en passant par les options de Spybot: une fois dans le logiciel, il faut aller dans le menu "Mode" => coche "Mode avancé" => "Outils"(en bas de page)=> "Résident" => et tu décoches cette case: "Résident Teatimer" . Tu ne dois plus voir l'icône du Tea- Timer dans la barre de tâches!
•- Ne fais pas l'impasse sur cette étape, car ça peut faire échouer la procédure de désinfection !
B)- Supprime également la protection en temps-réel (bouclier) de ANTIVIR.

2°- Sélectionne (mettre en surbrillance) tout le texte en caractères gras suivant :

File::
C:\WINDOWS\0
C:\WINDOWS\xc_std_1222126638_32122390.AVI
C:\WINDOWS\xc_std_1221783688_29654515.AVI
C:\WINDOWS\xc_std_1221781847_27813468.AVI
C:\WINDOWS\xc_std_1221744536_9030421.AVI
C:\WINDOWS\xc_std_1221741186_5679578.AVI
C:\WINDOWS\xc_std_1221693048_43596078.AVI
C:\WINDOWS\xc_std_1221690687_41235218.AVI
C:\WINDOWS\xc_std_1221678761_29309468.AVI
C:\WINDOWS\xc_std_1221597621_23410406.AVI
C:\WINDOWS\xc_std_1221562569_12799375.AVI
C:\WINDOWS\xc_std_1221555322_5551750.AVI
C:\WINDOWS\xc_std_1221510659_15460109.AVI
C:\WINDOWS\xc_std_1221215054_6418000.AVI
C:\WINDOWS\xc_std_1221225757_17121296.AVI
C:\WINDOWS\VIS_1221143139_1.exe
C:\WINDOWS\VIS_1221144115_1.exe
C:\WINDOWS\1221144115_0.exe
C:\WINDOWS\1221143139_0.exe

Folder::
C:\WINDOWS\system32\12215006285430218
C:\WINDOWS\system32\122142955842863281
C:\WINDOWS\system32\DBR122
C:\WINDOWS\system32\879_SP_1222767513248531
C:\WINDOWS\system32\879_SP_12225125966014562
C:\WINDOWS\system32\879_SP_12225121035522406
C:\WINDOWS\system32\879_SP_12225118375255562
C:\WINDOWS\system32\879_SP_12225117355154453
C:\Program Files\SuperCopier2

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"=-

3°- Copie le texte sélectionné (CTRL+C) ==> en appuyant simultanément sur les touches CTRL et C.
Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
Colle (bien dans le coin supérieur gauche) ce texte dans ce bloc-notes (CTRL+V) ==> en appuyant simultanément sur les touches CTRL et V .
Sauvegarde (enregistre-le sur le bureau) sous le nom CFScript1.txt
• Regarde ici (ce n’est qu’un exemple !) < http://img509.imageshack.us/img509/5984/screenshot332wc3.png >

4°- Ensuite, dépose ce fichier texte sur l'application de ComboFix (icône rouge “ComboFix.exe” (Tristan.exe) sur le bureau) en faisant un “glisser/déposer” de ce fichier “ gras>CFScript1.txt</gras> ” sur le fichier “ComboFix.exe”(Tristan.exe) comme sur la capture: < http://apu.mabul.org/up/apu/2008/08/12/img-210914jjufm.gif >
L'icône ComboFix.exe (Tristan.exe) change alors de "brillance" dans sa couleur.
Un module s'affiche ==> clic sur "Exécuter"

Patiente le temps du scan.
Le bureau va disparaître à plusieurs reprises: c'est normal!
(CAUTION: Do not mouse-click ComboFix's window while it is running. = Ne touche à rien tant que le scan n'est pas terminé. That may cause it to stall.)

5°- Une fois le scan achevé, un rapport va s'afficher: poste son contenu sur le forum.
Si le fichier n'apparaît pas, il se trouve ici > C:\ComboFix.txt

6°- Arrêter puis redémarrer le PC

7°- Termine par une nouvelle analyse avec ANTIVIR
NOTE pour information à propos de ANTIVIR:
"Boot mode: Normally booted" ==> il est préférable de lancer ANTIVIR en "mode sans échec".
"Search for rootkits.....: off" ===> il est recommandé d'activer la fonction "Search for rootkits".

Merci
Bonne nuit
Al.
-1
Réponse 19 / 25
ganeshbis Messages postés 48 Statut Membre 1
 
re
voici mon rapport combo fix celui d antivir arrive

ComboFix 08-10-04.07 - antoine 2008-10-09 10:21:49.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.578 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\antoine\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\antoine\Bureau\CFScript1.txt
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]

FILE ::
C:\WINDOWS\[u]0[/u]
C:\WINDOWS\1221143139_0.exe
C:\WINDOWS\1221144115_0.exe
C:\WINDOWS\VIS_1221143139_1.exe
C:\WINDOWS\VIS_1221144115_1.exe
C:\WINDOWS\xc_std_1221215054_6418000.AVI
C:\WINDOWS\xc_std_1221225757_17121296.AVI
C:\WINDOWS\xc_std_1221510659_15460109.AVI
C:\WINDOWS\xc_std_1221555322_5551750.AVI
C:\WINDOWS\xc_std_1221562569_12799375.AVI
C:\WINDOWS\xc_std_1221597621_23410406.AVI
C:\WINDOWS\xc_std_1221678761_29309468.AVI
C:\WINDOWS\xc_std_1221690687_41235218.AVI
C:\WINDOWS\xc_std_1221693048_43596078.AVI
C:\WINDOWS\xc_std_1221741186_5679578.AVI
C:\WINDOWS\xc_std_1221744536_9030421.AVI
C:\WINDOWS\xc_std_1221781847_27813468.AVI
C:\WINDOWS\xc_std_1221783688_29654515.AVI
C:\WINDOWS\xc_std_1222126638_32122390.AVI
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\SuperCopier2
C:\Program Files\SuperCopier2\Languages\Español.lng
C:\Program Files\SuperCopier2\Languages\Français.lng
C:\Program Files\SuperCopier2\Languages\Português.lng
C:\Program Files\SuperCopier2\LisezMoi.txt
C:\Program Files\SuperCopier2\ReadMe.txt
C:\Program Files\SuperCopier2\SC2Config.exe
C:\Program Files\SuperCopier2\SC2Hook.dll
C:\Program Files\SuperCopier2\SC2Uninst.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\[u]0[/u]
C:\WINDOWS\1221143139_0.exe
C:\WINDOWS\1221144115_0.exe
C:\WINDOWS\system32\122142955842863281
C:\WINDOWS\system32\122142955842863281\72122142955842863281
C:\WINDOWS\system32\122142955842863281\92122142955842863281
C:\WINDOWS\system32\12215006285430218
C:\WINDOWS\system32\12215006285430218\7212215006285430250
C:\WINDOWS\system32\12215006285430218\9212215006285430250
C:\WINDOWS\system32\879_SP_12225117355154453
C:\WINDOWS\system32\879_SP_12225117355154453\services.exe
C:\WINDOWS\system32\879_SP_12225118375255562
C:\WINDOWS\system32\879_SP_12225121035522406
C:\WINDOWS\system32\879_SP_12225125966014562
C:\WINDOWS\system32\879_SP_12225125966014562\services.exe
C:\WINDOWS\system32\879_SP_1222767513248531
C:\WINDOWS\system32\DBR122
C:\WINDOWS\system32\DBR122\drvsn.dse
C:\WINDOWS\system32\DBR122\services.exe
C:\WINDOWS\VIS_1221143139_1.exe
C:\WINDOWS\VIS_1221144115_1.exe
C:\WINDOWS\xc_std_1221215054_6418000.AVI
C:\WINDOWS\xc_std_1221225757_17121296.AVI
C:\WINDOWS\xc_std_1221510659_15460109.AVI
C:\WINDOWS\xc_std_1221555322_5551750.AVI
C:\WINDOWS\xc_std_1221562569_12799375.AVI
C:\WINDOWS\xc_std_1221597621_23410406.AVI
C:\WINDOWS\xc_std_1221678761_29309468.AVI
C:\WINDOWS\xc_std_1221690687_41235218.AVI
C:\WINDOWS\xc_std_1221693048_43596078.AVI
C:\WINDOWS\xc_std_1221741186_5679578.AVI
C:\WINDOWS\xc_std_1221744536_9030421.AVI
C:\WINDOWS\xc_std_1221781847_27813468.AVI
C:\WINDOWS\xc_std_1221783688_29654515.AVI
C:\WINDOWS\xc_std_1222126638_32122390.AVI

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MCHINJDRV
-------\Service_mchInjDrv

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-09 au 2008-10-09 ))))))))))))))))))))))))))))))))))))
.

2008-10-09 10:27 . 2008-10-09 10:27 <REP> d-------- C:\WINDOWS\LastGood
2008-10-05 21:55 . 2008-10-05 21:55 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-10-05 19:39 . 2008-10-05 19:39 <REP> d-------- C:\Program Files\Sun
2008-10-05 19:35 . 2008-10-05 19:35 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-05 19:35 . 2008-10-05 19:35 <REP> d-------- C:\Documents and Settings\antoine\Application Data\Malwarebytes
2008-10-05 19:35 . 2008-10-05 19:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-05 19:35 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-05 19:35 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-05 19:33 . 2008-10-05 21:39 <REP> d-------- C:\Program Files\NOS
2008-10-05 19:33 . 2008-10-05 21:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-09-30 11:47 . 2008-09-30 11:47 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\TuneUp Software
2008-09-30 11:47 . 2008-09-30 11:47 9,728 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-09-30 10:48 . 2008-09-30 10:48 <REP> d-------- C:\Documents and Settings\LocalService\Mes documents
2008-09-30 10:05 . 2008-09-30 10:41 <REP> d-------- C:\Program Files\Simulateur de conduite 3D
2008-09-25 10:48 . 2008-05-02 22:46 139,792 -ra------ C:\WINDOWS\system32\nv3dcht.chm
2008-09-25 10:48 . 2008-05-02 22:46 59,261 -ra------ C:\WINDOWS\system32\nvmobcht.chm
2008-09-25 10:46 . 2008-09-25 10:52 <REP> d-------- C:\WINDOWS\NV35643568.TMP
2008-09-24 16:57 . 2008-03-28 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-09-24 15:57 . 2008-09-25 10:48 <REP> d-------- C:\WINDOWS\nvidia icons
2008-09-24 15:57 . 2008-05-02 22:46 182,347 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-09-24 15:56 . 2008-09-24 16:06 <REP> d-------- C:\WINDOWS\NV30883092.TMP
2008-09-24 15:34 . 2008-10-09 10:26 266,654 --a------ C:\WINDOWS\system32\nvapps.xml
2008-09-24 15:33 . 2008-09-25 10:52 <REP> d-------- C:\WINDOWS\nview
2008-09-24 15:33 . 2008-05-02 22:46 442,368 -ra------ C:\WINDOWS\system32\nvuninst.exe
2008-09-24 15:33 . 2008-05-02 22:46 442,368 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-09-24 15:33 . 2008-05-02 22:46 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-09-23 13:37 . 2008-09-23 13:37 81 --a------ C:\WINDOWS\Times New Roman
2008-09-23 13:36 . 2008-09-23 13:36 <REP> d-------- C:\Program Files\SoftwarePassport
2008-09-23 13:36 . 2008-09-23 13:36 <REP> d-------- C:\Program Files\Mindscape
2008-09-23 13:36 . 2008-09-23 13:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-09-11 16:25 . 2008-09-11 16:25 10 --a------ C:\WINDOWS\system32\instime_122.dse
2008-09-11 16:25 . 2008-09-30 11:49 10 --a------ C:\WINDOWS\system32\cxtime_122.dse
2008-09-09 15:14 . 2008-09-09 15:14 <REP> d-------- C:\Documents and Settings\antoine\Application Data\SPORE
2008-09-09 15:04 . 2008-09-09 15:04 <REP> d-------- C:\Program Files\Electronic Arts
2008-09-09 11:20 . 2008-09-09 11:20 <REP> d-------- C:\ProgramData
2008-09-09 11:20 . 2008-09-09 15:03 1,546 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-09 08:26 --------- d-----w C:\Program Files\Steam
2008-10-09 08:15 --------- d-----w C:\Documents and Settings\antoine\Application Data\Azureus
2008-10-09 08:04 --------- d-----w C:\Program Files\SpeedFan
2008-10-08 11:17 --------- d-----w C:\Documents and Settings\antoine\Application Data\teamspeak2
2008-10-08 08:55 --------- d-----w C:\Program Files\eMule
2008-10-06 17:22 --------- d-----w C:\Program Files\Micro Application
2008-10-06 17:16 --------- d-----w C:\Program Files\Club-Internet
2008-10-05 17:38 --------- d-----w C:\Program Files\Java
2008-10-05 12:55 --------- d-----w C:\Program Files\a-squared Free
2008-10-05 12:48 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-24 14:57 --------- d-----w C:\Program Files\ATI Technologies
2008-09-23 11:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-23 11:36 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-09-16 07:42 --------- d-----w C:\Program Files\ma-config.com
2008-09-16 07:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-09-10 01:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-09 09:23 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-09-08 21:27 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-03 14:35 --------- d-----w C:\Program Files\CamStudio
2008-09-03 09:18 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia
2008-09-03 09:17 --------- d-----w C:\Program Files\AVSMedia
2008-08-31 11:08 --------- d-----w C:\Program Files\Cool All Video Converter Platinum
2008-08-31 11:07 --------- d-----w C:\Program Files\AVS4YOU
2008-08-31 10:55 --------- d-----w C:\Program Files\XP Codec Pack
2008-08-31 10:31 --------- d-----w C:\Documents and Settings\antoine\Application Data\AVS4YOU
2008-08-31 10:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-08-31 10:29 --------- d-----w C:\Program Files\Common Files
2008-08-30 14:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-01-26 14:11 22,328 ----a-w C:\Documents and Settings\antoine\Application Data\PnkBstrK.sys
2006-06-20 22:15 68,140 ----a-w C:\WINDOWS\inf\OLD6.tmp
.

------- Sigcheck -------

2006-06-21 00:11 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\system32\spoolsv.exe
.
((((((((((((((((((((((((((((( snapshot@2008-10-05_19.28.13.62 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-12 13:06:42 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A90000000001}\SC_Reader.exe
- 2008-02-22 00:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-09 23:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2008-02-22 00:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-09 23:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2008-02-22 01:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-10 00:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2008-10-08 1410296]
"MSMSGS"="C:\Program Files\Messenger\Msmsgs.exe" [2005-08-31 1658592]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-20 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-01-19 221184]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-19 217088]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"Habu"="C:\Program Files\Razer\Habu\razerhid.exe" [2006-08-23 159744]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 13529088]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 86016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-30 C:\WINDOWS\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2008-05-02 C:\WINDOWS\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"MaxRecentDocs"= 15 (0xf)
"NoInstrumentation"= 0 (0x0)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
"DisallowCpl"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.YV12"= yv12vfw.dll
"VIDC.FFDS"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-19 14336]
R3 HabuFltr;Habu Mouse;C:\WINDOWS\system32\drivers\habu.sys [2006-08-14 23552]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-09-02 191656]
S3 mtv1bus;Pimp My Mobile Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\mtv1bus.sys [2006-09-11 63216]
S3 mtv1mdfl;Pimp My Mobile Modem Filter;C:\WINDOWS\system32\DRIVERS\mtv1mdfl.sys [2006-09-11 8368]
S3 mtv1mdm;Pimp My Mobile Modem Drivers;C:\WINDOWS\system32\DRIVERS\mtv1mdm.sys [2006-09-11 97520]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-11 306432]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{375bbc48-d553-11dc-9a9d-0019dbf703c9}]
\Shell\Auto\command - cmd /C launch.bat
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cc55d59-7b26-11dd-9c47-0019dbf703c9}]
\Shell\Auto\command - cmd /C launch.bat
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat
.
Contenu du dossier 'Tâches planifiées'

2008-09-26 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 14:31]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-09 10:27:04
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

PROCESSUS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\System32\CSCDLL.dll
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Razer\Habu\razertra.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Heure de fin: 2008-10-09 10:30:19 - La machine a redémarré [antoine]
ComboFix-quarantined-files.txt 2008-10-09 08:30:15
ComboFix2.txt 2008-10-06 11:40:51
ComboFix3.txt 2008-10-05 17:28:50
ComboFix4.txt 2008-04-22 14:50:39

Avant-CF: 112 951 238 656 octets libres
Après-CF: 112,959,913,984 octets libres

304 --- E O F --- 2008-09-10 01:04:49
-1
Réponse 20 / 25
ganeshbis Messages postés 48 Statut Membre 1
 
re

et voici celui d antivir en mode sans échec

Avira AntiVir Personal
Report file date: jeudi 9 octobre 2008 10:51

Scanning for 1668572 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: antoine
Computer name: XPSP2-0181848AE

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 17/07/2008 17:04:18
AVSCAN.DLL : 8.1.4.0 40705 Bytes 17/07/2008 17:04:18
LUKE.DLL : 8.1.4.5 164097 Bytes 17/07/2008 17:04:18
LUKERES.DLL : 8.1.4.0 12033 Bytes 17/07/2008 17:04:18
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 20:52:57
ANTIVIR2.VDF : 7.0.6.217 3773440 Bytes 26/09/2008 16:21:30
ANTIVIR3.VDF : 7.0.7.10 327168 Bytes 08/10/2008 12:04:51
Engineversion : 8.1.1.35
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.76 319867 Bytes 18/09/2008 16:17:04
AESCN.DLL : 8.1.0.23 119156 Bytes 15/07/2008 16:47:29
AERDL.DLL : 8.1.1.2 438644 Bytes 18/09/2008 16:17:04
AEPACK.DLL : 8.1.2.3 364918 Bytes 24/09/2008 16:45:42
AEOFFICE.DLL : 8.1.0.25 196986 Bytes 18/09/2008 16:17:03
AEHEUR.DLL : 8.1.0.59 1438071 Bytes 18/09/2008 16:17:02
AEHELP.DLL : 8.1.0.15 115063 Bytes 30/05/2008 11:01:53
AEGEN.DLL : 8.1.0.36 315764 Bytes 19/08/2008 16:12:17
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 15:48:22
AECORE.DLL : 8.1.1.11 172406 Bytes 03/09/2008 22:55:52
AEBB.DLL : 8.1.0.1 53617 Bytes 17/07/2008 17:04:18
AVWINLL.DLL : 1.0.0.12 15105 Bytes 17/07/2008 17:04:18
AVPREF.DLL : 8.0.2.0 38657 Bytes 17/07/2008 17:04:18
AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 15:48:16
AVREG.DLL : 8.0.0.1 33537 Bytes 17/07/2008 17:04:18
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 17/07/2008 17:04:18
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 17/07/2008 17:04:18
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 17/07/2008 17:04:15
RCTEXT.DLL : 8.0.52.0 86273 Bytes 17/07/2008 17:04:15

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, F:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: jeudi 9 octobre 2008 10:51

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
10 processes with 10 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '60' files ).

Starting the file scan:

Begin scan in 'C:\' <Norbert>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'F:\' <bibi>

End of the scan: jeudi 9 octobre 2008 12:13
Used time: 1:22:26 Hour(s)

The scan has been done completely.

7677 Scanning directories
370609 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
370607 Files not concerned
7749 Archives were scanned
2 Warnings
0 Notes
-1

Discussions similaires

infection
gladiator1952 -
gladiator1952 -

6 réponses
Infection pc
Nanie24 -
Nanie24 -

22 réponses
[pnkbstra]infection
swazolie -
billou631 -

9 réponses
infection virus
Utilisateur anonyme -
Utilisateur anonyme -

3 réponses
Infection Bloom ?
ccm81 -
fabul -

8 réponses