Sujet Précédent Sujet Suivant

Infection VIRALE? (publicité,desactive...)

Résolu
musdu83 -  
 musdu83 -
Bonjour,j'ai les logiciels suivant:

CCleaner
Zone Alarm
avast edition familial
yahoo bloqueur pop up
antipub et proxomitron (logiciel qui devrait normalement bloquer les publiciters)
Spybot Search et Detroy
Free Window Registry Repair (logiciel qui trouve les erreurs et les supprime)
firefox (parametre pour bloquer les pop ups)

j'ai scanner et reparer de tous les cotés mais je n'arrete pas de recevoir des publicites sur mon ordinateur,mes mises a jours et mon pare feu se desactive et mon ordinateur des fois quands je l'allume montre le message d'erreur suivan:

'remove disk or other media press any key to restart'

voici: ce que dis hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:23:49, on 13/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Salaat Time\SalaatTime.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\RayV\RayV\RayV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\VnrPack\VnrPack20.exe
C:\Program Files\GetModule\GetModule23.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\documents and settings\mustapha\local settings\application data\wmgsm.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\regsvr32.exe
C:\Program Files\Antipub\antipub.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\MUSTAPHA\Local Settings\Temporary Internet Files\Content.IE5\1TC4HQLA\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {0574D50F-C261-490D-BF39-4E91183C4EFB} - C:\WINDOWS\system32\xxyvSJcd.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {b926ec48-cfac-63a9-4134-1d09d0be2ba1} - {1ab2eb0d-90d1-4314-9a36-cafc84ce629b} - C:\WINDOWS\system32\jzskku.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: (no name) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
O2 - BHO: (no name) - {746F50F1-2B39-4BF2-9E3D-EBBC82FB72B9} - C:\WINDOWS\system32\rqRLeFWP.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {8EEB2711-9D21-4f9c-99A1-B7FC5A8CA56A} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A3194EE0-A963-41DA-B9A7-4E1BD5165808} - (no file)
O2 - BHO: (no name) - {BF2C994B-F11F-46BB-813C-20EF95F55CA0} - (no file)
O2 - BHO: bannerstyles15 browser enhancer - {c4553992-8e98-b064-fe6e-61afd5258f1b} - C:\WINDOWS\system32\kahnbmeblowi.dll
O2 - BHO: (no name) - {d07cd5d3-c484-4c19-b27a-3cd2da9f3302} - C:\WINDOWS\system32\ucdvth.dll
O3 - Toolbar: (no name) - {157B91D9-D643-403b-92FE-FB48DA68D6C4} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [mczwwyhosm] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\kahnbmeblowi.dll"
O4 - HKLM\..\Run: [OpenDNS Update] "C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [SalaatTime] C:\Program Files\Salaat Time\SalaatTime.exe
O4 - HKCU\..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Documents and Settings\MUSTAPHA\Bureau\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [VnrPack20] "C:\Program Files\VnrPack\VnrPack20.exe"
O4 - HKCU\..\Run: [VnrBlock21] "C:\Program Files\VnrBlock\VnrBlock21.exe"
O4 - HKCU\..\Run: [GetModule23] "C:\Program Files\GetModule\GetModule23.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [wmgsm] "c:\documents and settings\mustapha\local settings\application data\wmgsm.exe" wmgsm
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ORDI
O17 - HKLM\Software\..\Telephony: DomainName = ORDI
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ORDI
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ORDI
O20 - AppInit_DLLs: ucdvth.dll jzskku.dll
O20 - Winlogon Notify: xxyvSJcd - xxyvSJcd.dll (file missing)
O23 - Service: Service de configuration Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
A voir également:

51 réponses

Réponse 1 / 51
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Salut,

Important : Désactive TeaTimer, le résident de Spybot, il va gêner la désinfection en empêchant la modification des BHO.

---> Démarre Spybot, clique sur Mode, coche Mode avancé
---> A gauche, clique sur Outils, puis sur Résident
---> Décoche la case devant Résident "TeaTimer" :
http://apu.mabul.org/up/5/apu-5-gpdx9e06cwz2dypom2q7n6nc.jpg
---> Quitte Spybot

Note : Je te conseille de ne pas le réactiver, il a été incapable d'empêcher l'infection de ton PC.

- Télécharge Navilog1 (de IL-MAFIOSO) et enregistre-le sur le bureau :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

- Double-clique sur Navilog1.exe afin de lancer l'installation

- Si le fix ne lance pas automatiquement après son installation, double-clique sur Navilog1 présent sur le bureau

- Appuie sur F ou f puis valide par Entrée

- Appuie sur une touche de ton clavier à chaque fois que cela est demandé, tu arriveras au menu des options

- Choisis l'option 1 et appuie sur la touche Entrée pour valider ton choix

- Patiente jusqu'au message : *** Analyse Termine le ..... ***

- Le scan fini, le bloc-notes contenant le rapport sera affiché, poste le contenu de ce rapport dans ta prochaine réponse

- Si le résultat du scan ne s'affiche pas, tu le trouveras dans C:\fixnavi.txt

N'utilise pas l'option 2, 3 et 4 sans notre accord, des fichiers légitimes peuvent être inclus dans ce scan.
0
Réponse 2 / 51
musdu83
 
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "MUSTAPHA"

Mise à jour le 29.09.2008 à 17h30 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : FAT32

Recherche executé en mode normal

*** Recherche Programmes installés ***

Favorit

*** Recherche dossiers dans "C:\WINDOWS" ***

*** Recherche dossiers dans "C:\Program Files" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudÉ~1\progra~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudÉ~1" ***

*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\MUSTAPHA\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\adelus\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\INVITÉ\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\MERZA2\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\MUSTAPHA\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\adelus\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\INVITÉ\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\MERZA2\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\MUSTAPHA\menud+~1\progra~1" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\MUSTAPHA\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\adelus\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\INVITÉ\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\MERZA2\locals~1\applic~1" *

*** Recherche fichiers ***

*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé !

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :

* Dans "C:\Documents and Settings\MUSTAPHA\locals~1\applic~1" :

wmgsm.dat trouvé !
wmgsm.exe trouvé !
wmgsm_nav.dat trouvé !
wmgsm_navps.dat trouvé !

* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :

* Dans "C:\DOCUME~1\adelus\locals~1\applic~1" :

iksayce.dat trouvé !
iksayce_nav.dat trouvé !
iksayce_navps.dat trouvé !

* Dans "C:\DOCUME~1\INVITÉ\locals~1\applic~1" :

* Dans "C:\DOCUME~1\MERZA2\locals~1\applic~1" :

3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

C:\WINDOWS\system32\lonTutwa.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\PWFeLRqr.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\IQstCcfe.ini2 trouvé ! infection Vundo possible non traitée par cet outil !

*** Analyse terminée le 13/10/2008 à 7:58:13,01 ***

VOILA ET ENCORE MERCI DE TRAITER MON PROBLEME
0
Réponse 3 / 51
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Tu es également infecté par Vundo mais on verra ça après.

---> Relance Navilog1, fais l'option 2 et poste le rapport.
0
Réponse 4 / 51
musdu83
 
Clean Navipromo version 3.6.6 commencé le 13/10/2008 à 8:07:35,50

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "MUSTAPHA"

Mise à jour le 29.09.2008 à 17h30 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : FAT32

Mode suppression automatique
avec prise en charge résultats Catchme et GNS

Nettoyage exécuté au redémarrage de l'ordinateur

*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *

* Suppression dans "C:\Documents and Settings\MUSTAPHA\locals~1\applic~1" *

* Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

* Suppression dans "C:\DOCUME~1\adelus\locals~1\applic~1" *

* Suppression dans "C:\DOCUME~1\INVITÉ\locals~1\applic~1" *

* Suppression dans "C:\DOCUME~1\MERZA2\locals~1\applic~1" *

*** Suppression dossiers dans "C:\WINDOWS" ***

*** Suppression dossiers dans "C:\Program Files" ***

*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudÉ~1\progra~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudÉ~1" ***

*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\MUSTAPHA\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\adelus\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\INVITÉ\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\MERZA2\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\MUSTAPHA\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\adelus\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\INVITÉ\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\MERZA2\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\MUSTAPHA\menud+~1\progra~1" ***

*** Suppression fichiers ***

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\MUSTAPHA\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :

* Dans "C:\WINDOWS\system32" *

* Dans "C:\Documents and Settings\MUSTAPHA\locals~1\applic~1" *

wmgsm.exe trouvé !
Copie wmgsm.exe réalisée avec succès !
wmgsm.exe supprimé !

wmgsm.dat trouvé !
Copie wmgsm.dat réalisée avec succès !
wmgsm.dat supprimé !

wmgsm_nav.dat trouvé !
Copie wmgsm_nav.dat réalisée avec succès !
wmgsm_nav.dat supprimé !

wmgsm_navps.dat trouvé !
Copie wmgsm_navps.dat réalisée avec succès !
wmgsm_navps.dat supprimé !

C:\WINDOWS\prefetch\wmgsm*.pf trouvé !
Copie C:\WINDOWS\prefetch\wmgsm*.pf réalisée avec succès !
C:\WINDOWS\prefetch\wmgsm*.pf supprimé !

* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

* Dans "C:\DOCUME~1\adelus\locals~1\applic~1" *

iksayce.dat trouvé !
Copie iksayce.dat réalisée avec succès !
iksayce.dat supprimé !

iksayce_nav.dat trouvé !
Copie iksayce_nav.dat réalisée avec succès !
iksayce_nav.dat supprimé !

iksayce_navps.dat trouvé !
Copie iksayce_navps.dat réalisée avec succès !
iksayce_navps.dat supprimé !

* Dans "C:\DOCUME~1\INVITÉ\locals~1\applic~1" *

* Dans "C:\DOCUME~1\MERZA2\locals~1\applic~1" *

*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Nettoyage terminé le 13/10/2008 à 8:15:29,09 ***

VOILA JE VAIS EN COURS (j'ai 14 ans) je reviendrai vers 4H/5H DONNE LA SOLUTION JE REGARDERAI APRES EN ATTENDANS TE LAISSE MON MSN: MUSDU83000@HOTMAIL.FR
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 51
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Ok, à toute.

- Télécharge et installe MalwareByte's Anti-Malware :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm

- Mets-le à jour

- Redémarre en mode sans échec (Recommandé) :
https://blog.sosordi.net/

- Choisis ta session habituelle

- Fais un scan complet avec MalwareByte's Anti-Malware

- Supprime tout ce que le logiciel trouve, enregistre le rapport

- Redémarre en mode normal et poste le rapport ici

Tutorial :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
0
Réponse 6 / 51
musdu83
 
Je suis de retour

j'ai telechargez le logiciel je suis entrain de scanner mais 40000 elements devrai je attendre 270 000 Elements?
0
Réponse 7 / 51
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Oui, scanne tout.
0
Réponse 8 / 51
musdu83
 
Le reparage de mon ordinateur est bientots reparer?
0
Réponse 9 / 51
musdu83
 
enfin bientot terminer?
0
Réponse 10 / 51
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Je ne suis pas devin.
0
Réponse 11 / 51
musdu83
 
non mais je veut dire apres le rappot de d'erreur que je vais te donner tu va me redonner un logiciel?

ps: puis je utiliser mon logiciel pour reparer les erreurs dans les registre et CCleaner?
0
Réponse 12 / 51
musdu83
 
non mais je veut dire apres le rappot de d'erreur que je vais te donner tu va me redonner un logiciel?

ps: puis je utiliser mon logiciel pour reparer les erreurs dans les registre et CCleaner?
0
Réponse 13 / 51
musdu83
 
le scan est terminé

j'enregistre le rapport et je supprime les virus ou je supprime d abord et j'enregistre le rapoort apres
0
Réponse 14 / 51
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Envoie le deuxième rapport.
0
Réponse 15 / 51
musdu83
 
VOILA:

Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1266
Windows 5.1.2600 Service Pack 3

13/10/2008 20:52:17
mbam-log-2008-10-13 (20-52-17).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 132645
Temps écoulé: 57 minute(s), 3 second(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 30
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 34

Processus mémoire infecté(s):
C:\Program Files\GetModule\GetModule23.exe (Adware.ISM) -> Unloaded process successfully.
C:\Program Files\VnrPack\VnrPack20.exe (Adware.Agent) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\rqRLeFWP.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jzskku.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ucdvth.dll (Trojan.Vundo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0574d50f-c261-490d-bf39-4e91183c4efb} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyvsjcd (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0574d50f-c261-490d-bf39-4e91183c4efb} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ab2eb0d-90d1-4314-9a36-cafc84ce629b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1ab2eb0d-90d1-4314-9a36-cafc84ce629b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ef9930e6-11e3-4f9f-b91e-d2f4785fcbd3} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{ef9930e6-11e3-4f9f-b91e-d2f4785fcbd3} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Features\9ee2330ae5f4470cac801baac83818c9 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d07cd5d3-c484-4c19-b27a-3cd2da9f3302} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d07cd5d3-c484-4c19-b27a-3cd2da9f3302} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c24d7016-d00f-41ef-9781-984b6b5ff38f} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ec88fcd0-2ed5-4d65-9b4c-71d146b43a2e} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e532cfb1-5edd-4663-8c22-bcd67b5e5bd4} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\GetModule (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VnrPack (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QdrDrive (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c4553992-8e98-b064-fe6e-61afd5258f1b} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c4553992-8e98-b064-fe6e-61afd5258f1b} (Adware.BHO) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\getmodule23 (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\ConTest.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\SysRestore.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vnrpack20 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vnrblock21 (Backdoor.Bot) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\rqrlefwp -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\rqrlefwp -> Delete on reboot.

Dossier(s) infecté(s):
C:\Program Files\Ascentive (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\QdrDrive (Adware.AdBand) -> Quarantined and deleted successfully.
C:\Program Files\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\VnrPack (Adware.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\xxyvSJcd.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jzskku.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\rqRLeFWP.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\PWFeLRqr.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\PWFeLRqr.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lkexbmww.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wwmbxekl.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkwjmjm.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mjmjwkkj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\etkbokpu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\upkobkte.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tlhensie.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eisnehlt.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcCtsQI.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\IQstCcfe.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\IQstCcfe.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\GetModule\GetModule23.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kggwvhgm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uvypsggb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ypyvvc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\exttuieg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zbdqyn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tvbmnmrr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ucdvth.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ConTest.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysRestore.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
C:\Program Files\QdrDrive\qdrloader.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\GetModule\kwdik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule\dicik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\VnrPack\VnrPack20.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\VnrPack\trgts.gz (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\VnrPack\dicts.gz (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kahnbmeblowi.dll (Adware.BHO) -> Delete on reboot.
0
Réponse 16 / 51
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix\Combofix.txt
0
Réponse 17 / 51
musdu83
 
ComboFix 08-10-14.01 - adelus 2008-10-14 20:20:18.2 - [color=red][b]FAT32[/b][/color]x86
Lancé depuis: C:\Documents and Settings\MUSTAPHA\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\adelus\real.txt
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\ktd32.atm
C:\WINDOWS\system32\cbycfgyw.dll
C:\WINDOWS\system32\gapbbmau.dll
C:\WINDOWS\system32\ieecutig.ini
C:\WINDOWS\system32\ifhrid.dll
C:\WINDOWS\system32\lonTutwa.ini
C:\WINDOWS\system32\lonTutwa.ini2
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\rwjwit.dll
C:\WINDOWS\system32\wgerxqic.ini
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-14 au 2008-10-14 ))))))))))))))))))))))))))))))))))))
.

2008-10-14 19:40 . 2008-10-14 19:40 <REP> d-------- C:\Program Files\Counter-Strike Source
2008-10-14 19:40 . 2008-10-14 19:40 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\InstallShield Installation Information
2008-10-14 19:10 . 2008-10-14 19:10 <REP> d-------- C:\Program Files\Valve Lan
2008-10-13 19:31 . 2008-10-13 19:31 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-13 19:31 . 2008-10-13 19:31 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\Malwarebytes
2008-10-13 19:31 . 2008-10-13 19:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-13 19:31 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-13 19:31 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-13 07:49 . 2008-10-13 07:49 <REP> d-------- C:\Program Files\Navilog1
2008-10-12 22:25 . 2008-10-12 22:25 <REP> d-------- C:\Program Files\Antipub
2008-10-12 21:12 . 2008-10-12 21:13 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\MailFrontier
2008-10-12 20:33 . 2008-10-12 20:33 <REP> d-------- C:\Documents and Settings\adelus\Application Data\MailFrontier
2008-10-12 17:43 . 2008-07-09 09:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-10-12 17:43 . 2008-07-09 09:05 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-10-12 17:43 . 2008-07-09 09:05 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-10-12 17:43 . 2008-07-09 09:05 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-10-12 17:42 . 2008-10-12 17:42 <REP> d-------- C:\Program Files\Zone Labs
2008-10-12 17:42 . 2008-07-09 09:05 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-10-12 17:42 . 2008-10-14 17:54 360,555 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-10-12 17:10 . 2008-10-12 17:10 <REP> d-------- C:\Program Files\Alwil Software
2008-10-12 14:31 . 2008-10-12 14:31 <REP> d-------- C:\Program Files\Sunbelt Software
2008-10-12 14:22 . 2008-10-12 14:22 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-12 13:41 . 2008-10-12 21:43 4,194,394 --a------ C:\WINDOWS\pfirewall.log.old
2008-10-12 12:37 . 2008-10-12 12:37 <REP> d-------- C:\Program Files\MSN Password Recovery
2008-10-11 23:56 . 2008-10-11 23:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-10-11 23:19 . 2008-10-11 23:19 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\FileZilla
2008-10-11 23:18 . 2008-10-11 23:19 <REP> d-------- C:\Program Files\FileZilla FTP Client
2008-10-11 23:09 . 2008-10-11 23:09 <REP> d-------- C:\Program Files\Yahoo!
2008-10-11 10:03 . 2008-10-11 10:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-10 16:53 . 2008-10-10 16:53 <REP> d-------- C:\Program Files\OpenDNS Updater
2008-10-09 21:03 . 2008-10-09 21:03 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\Smart PC Solutions
2008-10-09 20:56 . 2008-10-09 20:56 <REP> d-------- C:\Program Files\Free Window Registry Repair
2008-10-09 19:41 . 2008-10-09 19:41 <REP> d-------- C:\Program Files\Microsoft Works
2008-10-09 19:37 . 2008-10-09 19:37 <REP> d-------- C:\Program Files\Microsoft.NET
2008-10-09 19:26 . 2008-10-09 19:26 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\Uniblue
2008-10-09 18:40 . 2008-10-09 18:40 3,120 --a------ C:\WINDOWS\system32\118290.54
2008-10-09 18:40 . 2008-10-09 18:40 3,120 --a------ C:\WINDOWS\118294.78
2008-10-09 18:38 . 1996-08-20 20:37 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
2008-10-09 18:38 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
2008-10-09 18:38 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
2008-10-09 18:24 . 2008-10-09 18:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-08 23:15 . 2008-10-08 23:15 <REP> d-------- C:\Program Files\MSN Messenger
2008-10-08 23:01 . 2008-08-09 09:24 59,728 --a------ C:\msimg32.dll
2008-10-08 16:44 . 2008-10-08 16:44 <REP> d-------- C:\WINDOWS\system32\tz1
2008-10-08 16:44 . 2008-10-08 16:44 <REP> d-------- C:\WINDOWS\system32\hpd
2008-10-08 16:44 . 2008-10-08 16:44 <REP> d-------- C:\WINDOWS\system32\EV02
2008-10-08 16:44 . 2008-10-08 16:44 <REP> d-------- C:\WINDOWS\system32\ci
2008-10-08 16:44 . 2008-10-08 16:44 <REP> d-------- C:\temp\xp34
2008-10-08 16:44 . 2008-10-08 16:44 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-10-08 16:43 . 2008-10-08 16:43 79,097 --a------ C:\WINDOWS\system32\lmyvkpevviupbcntk.exe
2008-10-08 16:42 . 2008-10-08 16:42 288,734 --a------ C:\WINDOWS\vntb9283.exe
2008-10-08 16:42 . 2008-10-08 16:42 181,890 --a------ C:\WINDOWS\bdtb3452.exe
2008-10-08 16:42 . 2008-10-08 16:42 70,548 --a------ C:\WINDOWS\dwtb2837.exe
2008-10-08 16:14 . 2008-10-08 16:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-10-08 11:10 . 2008-10-08 11:10 <REP> d-------- C:\Documents and Settings\adelus\Application Data\HiYo
2008-10-07 22:10 . 2008-10-07 22:10 99 -r-hs---- C:\WINDOWS\smms.bat
2008-10-07 07:46 . 2008-10-07 07:46 <REP> d-------- C:\Program Files\Windows Live Toolbar
2008-10-07 07:46 . 2008-10-07 07:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-10-06 18:36 . 2008-10-06 18:36 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\HiYo
2008-10-04 19:54 . 2008-10-04 19:54 268 --ah----- C:\sqmdata00.sqm
2008-10-04 19:54 . 2008-10-04 19:54 244 --ah----- C:\sqmnoopt00.sqm
2008-10-04 19:54 . 2008-10-04 19:54 172 --ah----- C:\sqmnoopt01.sqm
2008-10-04 19:54 . 2008-10-04 19:54 172 --ah----- C:\sqmdata01.sqm
2008-10-04 19:49 . 2008-10-04 19:49 <REP> d-------- C:\Program Files\MessengerDiscovery
2008-10-04 19:49 . 2004-03-09 00:00 212,240 --a------ C:\WINDOWS\system32\richtx32.OCX
2008-10-04 19:49 . 2004-03-09 00:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.ocx
2008-10-02 22:30 . 2008-10-02 22:30 <REP> d-------- C:\Program Files\Wakfu
2008-10-02 15:58 . 2008-10-02 16:01 2,066 --ahs---- C:\WINDOWS\system32\meddekom.dat
2008-10-01 20:27 . 2008-10-11 23:10 959 --a------ C:\rollback.ini
2008-10-01 16:19 . 2008-10-14 07:21 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-01 16:19 . 2008-10-14 07:21 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-01 16:17 . 2008-10-09 19:49 50 --a------ C:\WINDOWS\winzipme.ini
2008-10-01 15:47 . 2008-10-01 15:47 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\Hide IP NG
2008-10-01 14:13 . 2008-10-01 14:13 <REP> d-------- C:\Documents and Settings\LocalService\Bureau
2008-10-01 13:41 . 2008-10-01 13:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-10-01 13:41 . 2008-07-09 09:05 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-10-01 13:41 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-10-01 13:41 . 2008-10-12 21:12 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-10-01 13:40 . 2008-10-01 13:40 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-10-01 13:39 . 2008-10-01 13:39 <REP> d-------- C:\WINDOWS\Internet Logs
2008-09-30 21:53 . 2008-09-30 21:53 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Contacts
2008-09-29 21:35 . 2008-09-29 21:35 <REP> d-------- C:\Documents and Settings\MERZA2\Application Data\SiteAdvisor
2008-09-28 15:12 . 2008-09-28 15:12 <REP> d-------- C:\2fab93e879cf551fd5c6145d76bada9d
2008-09-28 15:12 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-09-28 15:08 . 2008-09-28 15:08 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-09-28 15:08 . 2008-09-28 15:08 <REP> d-------- C:\Program Files\MSBuild
2008-09-28 15:07 . 2008-09-28 15:07 <REP> d-------- C:\Program Files\Reference Assemblies
2008-09-28 15:07 . 2008-09-28 15:07 <REP> d-------- C:\[u]0[/u]300fff9c12bc6739aba4b52
2008-09-28 15:07 . 2008-07-06 14:06 1,676,288 --------- C:\WINDOWS\system32\xpssvcs.dll
2008-09-28 15:07 . 2008-07-06 14:06 1,676,288 --------- C:\WINDOWS\system32\dllcache\xpssvcs.dll
2008-09-28 15:07 . 2008-07-06 12:50 597,504 --------- C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2008-09-28 15:07 . 2008-07-06 14:06 575,488 --------- C:\WINDOWS\system32\xpsshhdr.dll
2008-09-28 15:07 . 2008-07-06 14:06 575,488 --------- C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2008-09-28 15:07 . 2008-07-06 14:06 117,760 --------- C:\WINDOWS\system32\prntvpt.dll
2008-09-28 15:07 . 2008-07-06 14:06 89,088 --------- C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2008-09-28 15:06 . 2008-09-28 15:06 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2008-09-28 14:39 . 2008-09-28 14:39 <REP> d-------- C:\7655925401048e40a58c7cb238cb44
2008-09-28 14:38 . 2006-04-13 11:30 1,073,152 --a------ C:\WINDOWS\system32\libmysql_c.dll
2008-09-27 22:42 . 2008-09-27 22:42 <REP> d-------- C:\Documents and Settings\merza\Bureau
2008-09-27 22:42 . 2008-09-27 22:42 <REP> d-------- C:\Documents and Settings\merza
2008-09-27 21:27 . 2008-09-27 21:27 <REP> d-------- C:\Program Files\WinPcap
2008-09-27 20:55 . 2008-09-27 20:55 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\SACore
2008-09-27 20:45 . 2008-09-27 20:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-09-27 17:20 . 2008-09-27 17:20 <REP> d-------- C:\Program Files\SiteAdvisor
2008-09-27 17:20 . 2008-09-27 17:20 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\SiteAdvisor
2008-09-27 17:13 . 2008-09-27 17:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-27 17:08 . 2008-09-27 17:08 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\DNA
2008-09-27 16:43 . 2008-09-27 16:43 <REP> d-------- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
2008-09-27 15:42 . 2008-09-27 15:42 <REP> d-------- C:\Documents and Settings\adelus\Application Data\DivX
2008-09-27 15:20 . 2008-09-27 15:20 <REP> d-------- C:\Documents and Settings\adelus\Application Data\Symantec
2008-09-27 14:16 . 2008-09-27 14:16 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\LimeWire
2008-09-27 14:14 . 2008-09-27 14:14 <REP> d-------- C:\Program Files\LimeWire
2008-09-27 12:08 . 2008-09-27 12:08 0 --a------ C:\WINDOWS\system32\newsettings.ces
2008-09-27 09:42 . 2008-09-27 09:42 1,196 --a------ C:\WINDOWS\mozver.dat
2008-09-27 09:40 . 2008-09-27 09:40 0 --a------ C:\WINDOWS\nsreg.dat
2008-09-26 22:49 . 2008-10-12 16:29 966 --a------ C:\WINDOWS\wininit.ini
2008-09-26 22:18 . 2008-09-26 22:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-26 21:56 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-09-26 21:56 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-09-26 21:56 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-09-26 21:56 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-09-26 21:56 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-09-26 21:56 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-09-26 21:56 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-09-26 21:56 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-15 11:17 2,012 ----a-w C:\WINDOWS\system32\ealregsnapshot1.reg
2008-09-10 17:31 --------- d-----w C:\Documents and Settings\adelus\Application Data\ItsLabel
2008-09-10 12:10 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-09-10 12:10 --------- d-----w C:\Documents and Settings\MUSTAPHA\Application Data\SPORE Creature Creator
2008-09-10 07:41 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2008-09-09 20:36 --------- d-----w C:\Documents and Settings\MUSTAPHA\Application Data\ItsLabel
2008-09-09 16:39 --------- d-----w C:\Documents and Settings\MUSTAPHA\Application Data\SecondLife
2008-09-09 16:37 --------- d-----w C:\Documents and Settings\MUSTAPHA\Application Data\EoRezo
2008-09-07 10:11 --------- d-----w C:\Program Files\Java
2008-09-07 10:11 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-09-05 23:08 --------- d-----w C:\Program Files\Get IP
2008-09-03 09:10 --------- d-----w C:\Program Files\DivX
2008-08-30 15:31 --------- d-----w C:\Documents and Settings\MUSTAPHA\Application Data\ATI
2008-08-30 15:30 --------- d-----w C:\Documents and Settings\MUSTAPHA\Application Data\AVG7
2008-08-05 22:02 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-08-05 22:02 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-08-05 22:00 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-08-05 22:00 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-08-05 21:59 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-08-05 21:59 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-08-05 21:59 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-08-05 21:59 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-08-05 21:59 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-08-05 21:59 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-08-05 21:59 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-08-05 21:59 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-08-05 21:58 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-08-05 21:58 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-08-05 21:58 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-08-05 21:58 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-08-05 21:58 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-08-05 21:58 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-08-05 21:58 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-29 19:10 73,720 ----a-w C:\WINDOWS\system32\dxva2.dll
2008-07-29 19:10 493,048 ----a-w C:\WINDOWS\system32\evr.dll
2008-07-29 19:10 26,112 ----a-w C:\WINDOWS\system32\TsWpfWrp.exe
2008-07-29 18:35 326,160 ----a-w C:\WINDOWS\system32\PresentationHost.exe
2008-07-29 17:59 781,344 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll
2008-07-29 17:59 43,544 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll
2008-07-29 17:59 161,296 ----a-w C:\WINDOWS\system32\UIAutomationCore.dll
2008-07-29 17:59 105,016 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2008-07-29 17:24 97,800 ----a-w C:\WINDOWS\system32\infocardapi.dll
2008-07-29 17:24 622,080 ----a-w C:\WINDOWS\system32\icardagt.exe
2008-07-29 17:24 11,264 ----a-w C:\WINDOWS\system32\icardres.dll
2008-07-25 09:16 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2008-07-25 09:16 83,968 ----a-w C:\WINDOWS\system32\mscories.dll
2008-07-25 09:16 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2008-07-25 09:16 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
2008-07-23 16:50 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-07-23 16:50 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-07-23 16:50 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-03-12 21:59 14,490 ----a-w C:\Documents and Settings\adelus\dofwni.exe
2008-03-08 18:24 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-10-12 02:09 94,208 --sh--w C:\WINDOWS\system32\SalaatTime.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SalaatTime"="C:\Program Files\Salaat Time\SalaatTime.exe" [2007-08-26 13443072]
"Shareaza"="C:\Shareaza\Shareaza.exe" [2008-01-01 4739072]
"RayV"="C:\Program Files\RayV\RayV\RayV.exe" [2008-09-07 3708200]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OpenDNS Update"="C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe" [2008-10-09 281088]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\MUSTAPHA\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]

C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]

C:\Documents and Settings\Invit‚\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]

C:\Documents and Settings\adelus\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]

C:\Documents and Settings\MUSTAPHA\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]

C:\Documents and Settings\MERZA2\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]

C:\Documents and Settings\MUSTAPHA\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-05-22 2756608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=ucdvth.dll jzskku.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"<NO NAME>"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Documents and Settings\\merza\\Bureau\\Dofus\\Dofus.exe"=
"C:\\Nostale(FR)\\Nostale.exe"=
"C:\\Program Files\\ASUS\\ASUS Live Update\\ALU.EXE"=
"C:\\Program Files\\RayV\\RayV\\RayV.exe"=
"C:\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\System32\\ZoneLabs\\vsmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\WINDOWS\System32\StkCSrv.exe [2007-04-18 24576]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-08-21 30208]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\StkCMini.sys [2007-06-05 1260672]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-03-28 57024]
S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-11-24 50976]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {857D4360-762B-978B-76AD-491AA719E47A} /qb
.
- - - - ORPHELINS SUPPRIMES - - - -

URLSearchHooks-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
BHO-{A3194EE0-A963-41DA-B9A7-4E1BD5165808} - (no file)
BHO-{BF2C994B-F11F-46BB-813C-20EF95F55CA0} - (no file)
WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
HKCU-Run-iksayce - c:\documents and settings\adelus\local settings\application data\iksayce.exe
HKLM-Run-mczwwyhosm - C:\WINDOWS\system32\kahnbmeblowi.dll
ShellExecuteHooks-{0574D50F-C261-490D-BF39-4E91183C4EFB} - (no file)

.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R0 -: HKLM-Main,Start Page = hxxp://lo.st
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-14 20:24:13
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-10-14 20:26:29
ComboFix-quarantined-files.txt 2008-10-14 18:26:06

Avant-CF: 65 268 645 888 octets libres
Après-CF: 65,286,963,200 octets libres

336 --- E O F --- 2008-09-10 21:17:55

voila désolé pour la lenteur de ma reponse
0
Réponse 18 / 51
musdu83
 
ComboFix 08-10-14.01 - adelus 2008-10-14 20:20:18.2 - [color=red][b]FAT32[/b][/color]x86
Lancé depuis: C:\Documents and Settings\MUSTAPHA\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\adelus\real.txt
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\ktd32.atm
C:\WINDOWS\system32\cbycfgyw.dll
C:\WINDOWS\system32\gapbbmau.dll
C:\WINDOWS\system32\ieecutig.ini
C:\WINDOWS\system32\ifhrid.dll
C:\WINDOWS\system32\lonTutwa.ini
C:\WINDOWS\system32\lonTutwa.ini2
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\rwjwit.dll
C:\WINDOWS\system32\wgerxqic.ini
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-14 au 2008-10-14 ))))))))))))))))))))))))))))))))))))
.

2008-10-14 19:40 . 2008-10-14 19:40 <REP> d-------- C:\Program Files\Counter-Strike Source
2008-10-14 19:40 . 2008-10-14 19:40 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\InstallShield Installation Information
2008-10-14 19:10 . 2008-10-14 19:10 <REP> d-------- C:\Program Files\Valve Lan
2008-10-13 19:31 . 2008-10-13 19:31 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-13 19:31 . 2008-10-13 19:31 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\Malwarebytes
2008-10-13 19:31 . 2008-10-13 19:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-13 19:31 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-13 19:31 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-13 07:49 . 2008-10-13 07:49 <REP> d-------- C:\Program Files\Navilog1
2008-10-12 22:25 . 2008-10-12 22:25 <REP> d-------- C:\Program Files\Antipub
2008-10-12 21:12 . 2008-10-12 21:13 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\MailFrontier
2008-10-12 20:33 . 2008-10-12 20:33 <REP> d-------- C:\Documents and Settings\adelus\Application Data\MailFrontier
2008-10-12 17:43 . 2008-07-09 09:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-10-12 17:43 . 2008-07-09 09:05 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-10-12 17:43 . 2008-07-09 09:05 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-10-12 17:43 . 2008-07-09 09:05 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-10-12 17:42 . 2008-10-12 17:42 <REP> d-------- C:\Program Files\Zone Labs
2008-10-12 17:42 . 2008-07-09 09:05 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-10-12 17:42 . 2008-10-14 17:54 360,555 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-10-12 17:10 . 2008-10-12 17:10 <REP> d-------- C:\Program Files\Alwil Software
2008-10-12 14:31 . 2008-10-12 14:31 <REP> d-------- C:\Program Files\Sunbelt Software
2008-10-12 14:22 . 2008-10-12 14:22 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-12 13:41 . 2008-10-12 21:43 4,194,394 --a------ C:\WINDOWS\pfirewall.log.old
2008-10-12 12:37 . 2008-10-12 12:37 <REP> d-------- C:\Program Files\MSN Password Recovery
2008-10-11 23:56 . 2008-10-11 23:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-10-11 23:19 . 2008-10-11 23:19 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\FileZilla
2008-10-11 23:18 . 2008-10-11 23:19 <REP> d-------- C:\Program Files\FileZilla FTP Client
2008-10-11 23:09 . 2008-10-11 23:09 <REP> d-------- C:\Program Files\Yahoo!
2008-10-11 10:03 . 2008-10-11 10:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-10 16:53 . 2008-10-10 16:53 <REP> d-------- C:\Program Files\OpenDNS Updater
2008-10-09 21:03 . 2008-10-09 21:03 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\Smart PC Solutions
2008-10-09 20:56 . 2008-10-09 20:56 <REP> d-------- C:\Program Files\Free Window Registry Repair
2008-10-09 19:41 . 2008-10-09 19:41 <REP> d-------- C:\Program Files\Microsoft Works
2008-10-09 19:37 . 2008-10-09 19:37 <REP> d-------- C:\Program Files\Microsoft.NET
2008-10-09 19:26 . 2008-10-09 19:26 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\Uniblue
2008-10-09 18:40 . 2008-10-09 18:40 3,120 --a------ C:\WINDOWS\system32\118290.54
2008-10-09 18:40 . 2008-10-09 18:40 3,120 --a------ C:\WINDOWS\118294.78
2008-10-09 18:38 . 1996-08-20 20:37 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
2008-10-09 18:38 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
2008-10-09 18:38 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
2008-10-09 18:24 . 2008-10-09 18:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-08 23:15 . 2008-10-08 23:15 <REP> d-------- C:\Program Files\MSN Messenger
2008-10-08 23:01 . 2008-08-09 09:24 59,728 --a------ C:\msimg32.dll
2008-10-08 16:44 . 2008-10-08 16:44 <REP> d-------- C:\WINDOWS\system32\tz1
2008-10-08 16:44 . 2008-10-08 16:44 <REP> d-------- C:\WINDOWS\system32\hpd
2008-10-08 16:44 . 2008-10-08 16:44 <REP> d-------- C:\WINDOWS\system32\EV02
2008-10-08 16:44 . 2008-10-08 16:44 <REP> d-------- C:\WINDOWS\system32\ci
2008-10-08 16:44 . 2008-10-08 16:44 <REP> d-------- C:\temp\xp34
2008-10-08 16:44 . 2008-10-08 16:44 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-10-08 16:43 . 2008-10-08 16:43 79,097 --a------ C:\WINDOWS\system32\lmyvkpevviupbcntk.exe
2008-10-08 16:42 . 2008-10-08 16:42 288,734 --a------ C:\WINDOWS\vntb9283.exe
2008-10-08 16:42 . 2008-10-08 16:42 181,890 --a------ C:\WINDOWS\bdtb3452.exe
2008-10-08 16:42 . 2008-10-08 16:42 70,548 --a------ C:\WINDOWS\dwtb2837.exe
2008-10-08 16:14 . 2008-10-08 16:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-10-08 11:10 . 2008-10-08 11:10 <REP> d-------- C:\Documents and Settings\adelus\Application Data\HiYo
2008-10-07 22:10 . 2008-10-07 22:10 99 -r-hs---- C:\WINDOWS\smms.bat
2008-10-07 07:46 . 2008-10-07 07:46 <REP> d-------- C:\Program Files\Windows Live Toolbar
2008-10-07 07:46 . 2008-10-07 07:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-10-06 18:36 . 2008-10-06 18:36 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\HiYo
2008-10-04 19:54 . 2008-10-04 19:54 268 --ah----- C:\sqmdata00.sqm
2008-10-04 19:54 . 2008-10-04 19:54 244 --ah----- C:\sqmnoopt00.sqm
2008-10-04 19:54 . 2008-10-04 19:54 172 --ah----- C:\sqmnoopt01.sqm
2008-10-04 19:54 . 2008-10-04 19:54 172 --ah----- C:\sqmdata01.sqm
2008-10-04 19:49 . 2008-10-04 19:49 <REP> d-------- C:\Program Files\MessengerDiscovery
2008-10-04 19:49 . 2004-03-09 00:00 212,240 --a------ C:\WINDOWS\system32\richtx32.OCX
2008-10-04 19:49 . 2004-03-09 00:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.ocx
2008-10-02 22:30 . 2008-10-02 22:30 <REP> d-------- C:\Program Files\Wakfu
2008-10-02 15:58 . 2008-10-02 16:01 2,066 --ahs---- C:\WINDOWS\system32\meddekom.dat
2008-10-01 20:27 . 2008-10-11 23:10 959 --a------ C:\rollback.ini
2008-10-01 16:19 . 2008-10-14 07:21 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-01 16:19 . 2008-10-14 07:21 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-01 16:17 . 2008-10-09 19:49 50 --a------ C:\WINDOWS\winzipme.ini
2008-10-01 15:47 . 2008-10-01 15:47 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\Hide IP NG
2008-10-01 14:13 . 2008-10-01 14:13 <REP> d-------- C:\Documents and Settings\LocalService\Bureau
2008-10-01 13:41 . 2008-10-01 13:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-10-01 13:41 . 2008-07-09 09:05 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-10-01 13:41 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-10-01 13:41 . 2008-10-12 21:12 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-10-01 13:40 . 2008-10-01 13:40 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-10-01 13:39 . 2008-10-01 13:39 <REP> d-------- C:\WINDOWS\Internet Logs
2008-09-30 21:53 . 2008-09-30 21:53 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Contacts
2008-09-29 21:35 . 2008-09-29 21:35 <REP> d-------- C:\Documents and Settings\MERZA2\Application Data\SiteAdvisor
2008-09-28 15:12 . 2008-09-28 15:12 <REP> d-------- C:\2fab93e879cf551fd5c6145d76bada9d
2008-09-28 15:12 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-09-28 15:08 . 2008-09-28 15:08 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-09-28 15:08 . 2008-09-28 15:08 <REP> d-------- C:\Program Files\MSBuild
2008-09-28 15:07 . 2008-09-28 15:07 <REP> d-------- C:\Program Files\Reference Assemblies
2008-09-28 15:07 . 2008-09-28 15:07 <REP> d-------- C:\[u]0[/u]300fff9c12bc6739aba4b52
2008-09-28 15:07 . 2008-07-06 14:06 1,676,288 --------- C:\WINDOWS\system32\xpssvcs.dll
2008-09-28 15:07 . 2008-07-06 14:06 1,676,288 --------- C:\WINDOWS\system32\dllcache\xpssvcs.dll
2008-09-28 15:07 . 2008-07-06 12:50 597,504 --------- C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2008-09-28 15:07 . 2008-07-06 14:06 575,488 --------- C:\WINDOWS\system32\xpsshhdr.dll
2008-09-28 15:07 . 2008-07-06 14:06 575,488 --------- C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2008-09-28 15:07 . 2008-07-06 14:06 117,760 --------- C:\WINDOWS\system32\prntvpt.dll
2008-09-28 15:07 . 2008-07-06 14:06 89,088 --------- C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2008-09-28 15:06 . 2008-09-28 15:06 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2008-09-28 14:39 . 2008-09-28 14:39 <REP> d-------- C:\7655925401048e40a58c7cb238cb44
2008-09-28 14:38 . 2006-04-13 11:30 1,073,152 --a------ C:\WINDOWS\system32\libmysql_c.dll
2008-09-27 22:42 . 2008-09-27 22:42 <REP> d-------- C:\Documents and Settings\merza\Bureau
2008-09-27 22:42 . 2008-09-27 22:42 <REP> d-------- C:\Documents and Settings\merza
2008-09-27 21:27 . 2008-09-27 21:27 <REP> d-------- C:\Program Files\WinPcap
2008-09-27 20:55 . 2008-09-27 20:55 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\SACore
2008-09-27 20:45 . 2008-09-27 20:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-09-27 17:20 . 2008-09-27 17:20 <REP> d-------- C:\Program Files\SiteAdvisor
2008-09-27 17:20 . 2008-09-27 17:20 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\SiteAdvisor
2008-09-27 17:13 . 2008-09-27 17:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-27 17:08 . 2008-09-27 17:08 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\DNA
2008-09-27 16:43 . 2008-09-27 16:43 <REP> d-------- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
2008-09-27 15:42 . 2008-09-27 15:42 <REP> d-------- C:\Documents and Settings\adelus\Application Data\DivX
2008-09-27 15:20 . 2008-09-27 15:20 <REP> d-------- C:\Documents and Settings\adelus\Application Data\Symantec
2008-09-27 14:16 . 2008-09-27 14:16 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\LimeWire
2008-09-27 14:14 . 2008-09-27 14:14 <REP> d-------- C:\Program Files\LimeWire
2008-09-27 12:08 . 2008-09-27 12:08 0 --a------ C:\WINDOWS\system32\newsettings.ces
2008-09-27 09:42 . 2008-09-27 09:42 1,196 --a------ C:\WINDOWS\mozver.dat
2008-09-27 09:40 . 2008-09-27 09:40 0 --a------ C:\WINDOWS\nsreg.dat
2008-09-26 22:49 . 2008-10-12 16:29 966 --a------ C:\WINDOWS\wininit.ini
2008-09-26 22:18 . 2008-09-26 22:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-26 21:56 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-09-26 21:56 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-09-26 21:56 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-09-26 21:56 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-09-26 21:56 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-09-26 21:56 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-09-26 21:56 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-09-26 21:56 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-15 11:17 2,012 ----a-w C:\WINDOWS\system32\ealregsnapshot1.reg
2008-09-10 17:31 --------- d-----w C:\Documents and Settings\adelus\Application Data\ItsLabel
2008-09-10 12:10 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-09-10 12:10 --------- d-----w C:\Documents and Settings\MUSTAPHA\Application Data\SPORE Creature Creator
2008-09-10 07:41 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2008-09-09 20:36 --------- d-----w C:\Documents and Settings\MUSTAPHA\Application Data\ItsLabel
2008-09-09 16:39 --------- d-----w C:\Documents and Settings\MUSTAPHA\Application Data\SecondLife
2008-09-09 16:37 --------- d-----w C:\Documents and Settings\MUSTAPHA\Application Data\EoRezo
2008-09-07 10:11 --------- d-----w C:\Program Files\Java
2008-09-07 10:11 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-09-05 23:08 --------- d-----w C:\Program Files\Get IP
2008-09-03 09:10 --------- d-----w C:\Program Files\DivX
2008-08-30 15:31 --------- d-----w C:\Documents and Settings\MUSTAPHA\Application Data\ATI
2008-08-30 15:30 --------- d-----w C:\Documents and Settings\MUSTAPHA\Application Data\AVG7
2008-08-05 22:02 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-08-05 22:02 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-08-05 22:00 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-08-05 22:00 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-08-05 21:59 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-08-05 21:59 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-08-05 21:59 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-08-05 21:59 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-08-05 21:59 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-08-05 21:59 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-08-05 21:59 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-08-05 21:59 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-08-05 21:58 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-08-05 21:58 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-08-05 21:58 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-08-05 21:58 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-08-05 21:58 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-08-05 21:58 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-08-05 21:58 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-29 19:10 73,720 ----a-w C:\WINDOWS\system32\dxva2.dll
2008-07-29 19:10 493,048 ----a-w C:\WINDOWS\system32\evr.dll
2008-07-29 19:10 26,112 ----a-w C:\WINDOWS\system32\TsWpfWrp.exe
2008-07-29 18:35 326,160 ----a-w C:\WINDOWS\system32\PresentationHost.exe
2008-07-29 17:59 781,344 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll
2008-07-29 17:59 43,544 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll
2008-07-29 17:59 161,296 ----a-w C:\WINDOWS\system32\UIAutomationCore.dll
2008-07-29 17:59 105,016 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2008-07-29 17:24 97,800 ----a-w C:\WINDOWS\system32\infocardapi.dll
2008-07-29 17:24 622,080 ----a-w C:\WINDOWS\system32\icardagt.exe
2008-07-29 17:24 11,264 ----a-w C:\WINDOWS\system32\icardres.dll
2008-07-25 09:16 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2008-07-25 09:16 83,968 ----a-w C:\WINDOWS\system32\mscories.dll
2008-07-25 09:16 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2008-07-25 09:16 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
2008-07-23 16:50 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-07-23 16:50 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-07-23 16:50 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-03-12 21:59 14,490 ----a-w C:\Documents and Settings\adelus\dofwni.exe
2008-03-08 18:24 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-10-12 02:09 94,208 --sh--w C:\WINDOWS\system32\SalaatTime.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SalaatTime"="C:\Program Files\Salaat Time\SalaatTime.exe" [2007-08-26 13443072]
"Shareaza"="C:\Shareaza\Shareaza.exe" [2008-01-01 4739072]
"RayV"="C:\Program Files\RayV\RayV\RayV.exe" [2008-09-07 3708200]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OpenDNS Update"="C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe" [2008-10-09 281088]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\MUSTAPHA\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]

C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]

C:\Documents and Settings\Invit‚\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]

C:\Documents and Settings\adelus\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]

C:\Documents and Settings\MUSTAPHA\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]

C:\Documents and Settings\MERZA2\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]

C:\Documents and Settings\MUSTAPHA\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-05-22 2756608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=ucdvth.dll jzskku.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"<NO NAME>"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Documents and Settings\\merza\\Bureau\\Dofus\\Dofus.exe"=
"C:\\Nostale(FR)\\Nostale.exe"=
"C:\\Program Files\\ASUS\\ASUS Live Update\\ALU.EXE"=
"C:\\Program Files\\RayV\\RayV\\RayV.exe"=
"C:\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\System32\\ZoneLabs\\vsmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\WINDOWS\System32\StkCSrv.exe [2007-04-18 24576]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-08-21 30208]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\StkCMini.sys [2007-06-05 1260672]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-03-28 57024]
S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-11-24 50976]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {857D4360-762B-978B-76AD-491AA719E47A} /qb
.
- - - - ORPHELINS SUPPRIMES - - - -

URLSearchHooks-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
BHO-{A3194EE0-A963-41DA-B9A7-4E1BD5165808} - (no file)
BHO-{BF2C994B-F11F-46BB-813C-20EF95F55CA0} - (no file)
WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
HKCU-Run-iksayce - c:\documents and settings\adelus\local settings\application data\iksayce.exe
HKLM-Run-mczwwyhosm - C:\WINDOWS\system32\kahnbmeblowi.dll
ShellExecuteHooks-{0574D50F-C261-490D-BF39-4E91183C4EFB} - (no file)

.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R0 -: HKLM-Main,Start Page = hxxp://lo.st
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-14 20:24:13
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-10-14 20:26:29
ComboFix-quarantined-files.txt 2008-10-14 18:26:06

Avant-CF: 65 268 645 888 octets libres
Après-CF: 65,286,963,200 octets libres

336 --- E O F --- 2008-09-10 21:17:55

voila désolé pour la lenteur de ma reponse
0
Réponse 19 / 51
musdu83
 
ComboFix 08-10-14.01 - adelus 2008-10-14 20:20:18.2 - [color=red][b]FAT32[/b][/color]x86
Lancé depuis: C:\Documents and Settings\MUSTAPHA\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\adelus\real.txt
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\ktd32.atm
C:\WINDOWS\system32\cbycfgyw.dll
C:\WINDOWS\system32\gapbbmau.dll
C:\WINDOWS\system32\ieecutig.ini
C:\WINDOWS\system32\ifhrid.dll
C:\WINDOWS\system32\lonTutwa.ini
C:\WINDOWS\system32\lonTutwa.ini2
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\rwjwit.dll
C:\WINDOWS\system32\wgerxqic.ini
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-14 au 2008-10-14 ))))))))))))))))))))))))))))))))))))
.

2008-10-14 19:40 . 2008-10-14 19:40 <REP> d-------- C:\Program Files\Counter-Strike Source
2008-10-14 19:40 . 2008-10-14 19:40 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\InstallShield Installation Information
2008-10-14 19:10 . 2008-10-14 19:10 <REP> d-------- C:\Program Files\Valve Lan
2008-10-13 19:31 . 2008-10-13 19:31 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-13 19:31 . 2008-10-13 19:31 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\Malwarebytes
2008-10-13 19:31 . 2008-10-13 19:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-13 19:31 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-13 19:31 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-13 07:49 . 2008-10-13 07:49 <REP> d-------- C:\Program Files\Navilog1
2008-10-12 22:25 . 2008-10-12 22:25 <REP> d-------- C:\Program Files\Antipub
2008-10-12 21:12 . 2008-10-12 21:13 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\MailFrontier
2008-10-12 20:33 . 2008-10-12 20:33 <REP> d-------- C:\Documents and Settings\adelus\Application Data\MailFrontier
2008-10-12 17:43 . 2008-07-09 09:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-10-12 17:43 . 2008-07-09 09:05 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-10-12 17:43 . 2008-07-09 09:05 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-10-12 17:43 . 2008-07-09 09:05 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-10-12 17:42 . 2008-10-12 17:42 <REP> d-------- C:\Program Files\Zone Labs
2008-10-12 17:42 . 2008-07-09 09:05 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-10-12 17:42 . 2008-10-14 17:54 360,555 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-10-12 17:10 . 2008-10-12 17:10 <REP> d-------- C:\Program Files\Alwil Software
2008-10-12 14:31 . 2008-10-12 14:31 <REP> d-------- C:\Program Files\Sunbelt Software
2008-10-12 14:22 . 2008-10-12 14:22 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-12 13:41 . 2008-10-12 21:43 4,194,394 --a------ C:\WINDOWS\pfirewall.log.old
2008-10-12 12:37 . 2008-10-12 12:37 <REP> d-------- C:\Program Files\MSN Password Recovery
2008-10-11 23:56 . 2008-10-11 23:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-10-11 23:19 . 2008-10-11 23:19 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\FileZilla
2008-10-11 23:18 . 2008-10-11 23:19 <REP> d-------- C:\Program Files\FileZilla FTP Client
2008-10-11 23:09 . 2008-10-11 23:09 <REP> d-------- C:\Program Files\Yahoo!
2008-10-11 10:03 . 2008-10-11 10:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-10 16:53 . 2008-10-10 16:53 <REP> d-------- C:\Program Files\OpenDNS Updater
2008-10-09 21:03 . 2008-10-09 21:03 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\Smart PC Solutions
2008-10-09 20:56 . 2008-10-09 20:56 <REP> d-------- C:\Program Files\Free Window Registry Repair
2008-10-09 19:41 . 2008-10-09 19:41 <REP> d-------- C:\Program Files\Microsoft Works
2008-10-09 19:37 . 2008-10-09 19:37 <REP> d-------- C:\Program Files\Microsoft.NET
2008-10-09 19:26 . 2008-10-09 19:26 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\Uniblue
2008-10-09 18:40 . 2008-10-09 18:40 3,120 --a------ C:\WINDOWS\system32\118290.54
2008-10-09 18:40 . 2008-10-09 18:40 3,120 --a------ C:\WINDOWS\118294.78
2008-10-09 18:38 . 1996-08-20 20:37 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
2008-10-09 18:38 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
2008-10-09 18:38 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
2008-10-09 18:24 . 2008-10-09 18:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-08 23:15 . 2008-10-08 23:15 <REP> d-------- C:\Program Files\MSN Messenger
2008-10-08 23:01 . 2008-08-09 09:24 59,728 --a------ C:\msimg32.dll
2008-10-08 16:44 . 2008-10-08 16:44 <REP> d-------- C:\WINDOWS\system32\tz1
2008-10-08 16:44 . 2008-10-08 16:44 <REP> d-------- C:\WINDOWS\system32\hpd
2008-10-08 16:44 . 2008-10-08 16:44 <REP> d-------- C:\WINDOWS\system32\EV02
2008-10-08 16:44 . 2008-10-08 16:44 <REP> d-------- C:\WINDOWS\system32\ci
2008-10-08 16:44 . 2008-10-08 16:44 <REP> d-------- C:\temp\xp34
2008-10-08 16:44 . 2008-10-08 16:44 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-10-08 16:43 . 2008-10-08 16:43 79,097 --a------ C:\WINDOWS\system32\lmyvkpevviupbcntk.exe
2008-10-08 16:42 . 2008-10-08 16:42 288,734 --a------ C:\WINDOWS\vntb9283.exe
2008-10-08 16:42 . 2008-10-08 16:42 181,890 --a------ C:\WINDOWS\bdtb3452.exe
2008-10-08 16:42 . 2008-10-08 16:42 70,548 --a------ C:\WINDOWS\dwtb2837.exe
2008-10-08 16:14 . 2008-10-08 16:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-10-08 11:10 . 2008-10-08 11:10 <REP> d-------- C:\Documents and Settings\adelus\Application Data\HiYo
2008-10-07 22:10 . 2008-10-07 22:10 99 -r-hs---- C:\WINDOWS\smms.bat
2008-10-07 07:46 . 2008-10-07 07:46 <REP> d-------- C:\Program Files\Windows Live Toolbar
2008-10-07 07:46 . 2008-10-07 07:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-10-06 18:36 . 2008-10-06 18:36 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\HiYo
2008-10-04 19:54 . 2008-10-04 19:54 268 --ah----- C:\sqmdata00.sqm
2008-10-04 19:54 . 2008-10-04 19:54 244 --ah----- C:\sqmnoopt00.sqm
2008-10-04 19:54 . 2008-10-04 19:54 172 --ah----- C:\sqmnoopt01.sqm
2008-10-04 19:54 . 2008-10-04 19:54 172 --ah----- C:\sqmdata01.sqm
2008-10-04 19:49 . 2008-10-04 19:49 <REP> d-------- C:\Program Files\MessengerDiscovery
2008-10-04 19:49 . 2004-03-09 00:00 212,240 --a------ C:\WINDOWS\system32\richtx32.OCX
2008-10-04 19:49 . 2004-03-09 00:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.ocx
2008-10-02 22:30 . 2008-10-02 22:30 <REP> d-------- C:\Program Files\Wakfu
2008-10-02 15:58 . 2008-10-02 16:01 2,066 --ahs---- C:\WINDOWS\system32\meddekom.dat
2008-10-01 20:27 . 2008-10-11 23:10 959 --a------ C:\rollback.ini
2008-10-01 16:19 . 2008-10-14 07:21 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-01 16:19 . 2008-10-14 07:21 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-01 16:17 . 2008-10-09 19:49 50 --a------ C:\WINDOWS\winzipme.ini
2008-10-01 15:47 . 2008-10-01 15:47 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\Hide IP NG
2008-10-01 14:13 . 2008-10-01 14:13 <REP> d-------- C:\Documents and Settings\LocalService\Bureau
2008-10-01 13:41 . 2008-10-01 13:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-10-01 13:41 . 2008-07-09 09:05 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-10-01 13:41 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-10-01 13:41 . 2008-10-12 21:12 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-10-01 13:40 . 2008-10-01 13:40 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-10-01 13:39 . 2008-10-01 13:39 <REP> d-------- C:\WINDOWS\Internet Logs
2008-09-30 21:53 . 2008-09-30 21:53 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Contacts
2008-09-29 21:35 . 2008-09-29 21:35 <REP> d-------- C:\Documents and Settings\MERZA2\Application Data\SiteAdvisor
2008-09-28 15:12 . 2008-09-28 15:12 <REP> d-------- C:\2fab93e879cf551fd5c6145d76bada9d
2008-09-28 15:12 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-09-28 15:08 . 2008-09-28 15:08 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-09-28 15:08 . 2008-09-28 15:08 <REP> d-------- C:\Program Files\MSBuild
2008-09-28 15:07 . 2008-09-28 15:07 <REP> d-------- C:\Program Files\Reference Assemblies
2008-09-28 15:07 . 2008-09-28 15:07 <REP> d-------- C:\[u]0[/u]300fff9c12bc6739aba4b52
2008-09-28 15:07 . 2008-07-06 14:06 1,676,288 --------- C:\WINDOWS\system32\xpssvcs.dll
2008-09-28 15:07 . 2008-07-06 14:06 1,676,288 --------- C:\WINDOWS\system32\dllcache\xpssvcs.dll
2008-09-28 15:07 . 2008-07-06 12:50 597,504 --------- C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2008-09-28 15:07 . 2008-07-06 14:06 575,488 --------- C:\WINDOWS\system32\xpsshhdr.dll
2008-09-28 15:07 . 2008-07-06 14:06 575,488 --------- C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2008-09-28 15:07 . 2008-07-06 14:06 117,760 --------- C:\WINDOWS\system32\prntvpt.dll
2008-09-28 15:07 . 2008-07-06 14:06 89,088 --------- C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2008-09-28 15:06 . 2008-09-28 15:06 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2008-09-28 14:39 . 2008-09-28 14:39 <REP> d-------- C:\7655925401048e40a58c7cb238cb44
2008-09-28 14:38 . 2006-04-13 11:30 1,073,152 --a------ C:\WINDOWS\system32\libmysql_c.dll
2008-09-27 22:42 . 2008-09-27 22:42 <REP> d-------- C:\Documents and Settings\merza\Bureau
2008-09-27 22:42 . 2008-09-27 22:42 <REP> d-------- C:\Documents and Settings\merza
2008-09-27 21:27 . 2008-09-27 21:27 <REP> d-------- C:\Program Files\WinPcap
2008-09-27 20:55 . 2008-09-27 20:55 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\SACore
2008-09-27 20:45 . 2008-09-27 20:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-09-27 17:20 . 2008-09-27 17:20 <REP> d-------- C:\Program Files\SiteAdvisor
2008-09-27 17:20 . 2008-09-27 17:20 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\SiteAdvisor
2008-09-27 17:13 . 2008-09-27 17:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-27 17:08 . 2008-09-27 17:08 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\DNA
2008-09-27 16:43 . 2008-09-27 16:43 <REP> d-------- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
2008-09-27 15:42 . 2008-09-27 15:42 <REP> d-------- C:\Documents and Settings\adelus\Application Data\DivX
2008-09-27 15:20 . 2008-09-27 15:20 <REP> d-------- C:\Documents and Settings\adelus\Application Data\Symantec
2008-09-27 14:16 . 2008-09-27 14:16 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\LimeWire
2008-09-27 14:14 . 2008-09-27 14:14 <REP> d-------- C:\Program Files\LimeWire
2008-09-27 12:08 . 2008-09-27 12:08 0 --a------ C:\WINDOWS\system32\newsettings.ces
2008-09-27 09:42 . 2008-09-27 09:42 1,196 --a------ C:\WINDOWS\mozver.dat
2008-09-27 09:40 . 2008-09-27 09:40 0 --a------ C:\WINDOWS\nsreg.dat
2008-09-26 22:49 . 2008-10-12 16:29 966 --a------ C:\WINDOWS\wininit.ini
2008-09-26 22:18 . 2008-09-26 22:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-26 21:56 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-09-26 21:56 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-09-26 21:56 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-09-26 21:56 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-09-26 21:56 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-09-26 21:56 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-09-26 21:56 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-09-26 21:56 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-15 11:17 2,012 ----a-w C:\WINDOWS\system32\ealregsnapshot1.reg
2008-09-10 17:31 --------- d-----w C:\Documents and Settings\adelus\Application Data\ItsLabel
2008-09-10 12:10 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-09-10 12:10 --------- d-----w C:\Documents and Settings\MUSTAPHA\Application Data\SPORE Creature Creator
2008-09-10 07:41 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2008-09-09 20:36 --------- d-----w C:\Documents and Settings\MUSTAPHA\Application Data\ItsLabel
2008-09-09 16:39 --------- d-----w C:\Documents and Settings\MUSTAPHA\Application Data\SecondLife
2008-09-09 16:37 --------- d-----w C:\Documents and Settings\MUSTAPHA\Application Data\EoRezo
2008-09-07 10:11 --------- d-----w C:\Program Files\Java
2008-09-07 10:11 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-09-05 23:08 --------- d-----w C:\Program Files\Get IP
2008-09-03 09:10 --------- d-----w C:\Program Files\DivX
2008-08-30 15:31 --------- d-----w C:\Documents and Settings\MUSTAPHA\Application Data\ATI
2008-08-30 15:30 --------- d-----w C:\Documents and Settings\MUSTAPHA\Application Data\AVG7
2008-08-05 22:02 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-08-05 22:02 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-08-05 22:00 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-08-05 22:00 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-08-05 21:59 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-08-05 21:59 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-08-05 21:59 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-08-05 21:59 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-08-05 21:59 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-08-05 21:59 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-08-05 21:59 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-08-05 21:59 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-08-05 21:58 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-08-05 21:58 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-08-05 21:58 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-08-05 21:58 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-08-05 21:58 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-08-05 21:58 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-08-05 21:58 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-29 19:10 73,720 ----a-w C:\WINDOWS\system32\dxva2.dll
2008-07-29 19:10 493,048 ----a-w C:\WINDOWS\system32\evr.dll
2008-07-29 19:10 26,112 ----a-w C:\WINDOWS\system32\TsWpfWrp.exe
2008-07-29 18:35 326,160 ----a-w C:\WINDOWS\system32\PresentationHost.exe
2008-07-29 17:59 781,344 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll
2008-07-29 17:59 43,544 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll
2008-07-29 17:59 161,296 ----a-w C:\WINDOWS\system32\UIAutomationCore.dll
2008-07-29 17:59 105,016 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2008-07-29 17:24 97,800 ----a-w C:\WINDOWS\system32\infocardapi.dll
2008-07-29 17:24 622,080 ----a-w C:\WINDOWS\system32\icardagt.exe
2008-07-29 17:24 11,264 ----a-w C:\WINDOWS\system32\icardres.dll
2008-07-25 09:16 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2008-07-25 09:16 83,968 ----a-w C:\WINDOWS\system32\mscories.dll
2008-07-25 09:16 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2008-07-25 09:16 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
2008-07-23 16:50 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-07-23 16:50 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-07-23 16:50 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-03-12 21:59 14,490 ----a-w C:\Documents and Settings\adelus\dofwni.exe
2008-03-08 18:24 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-10-12 02:09 94,208 --sh--w C:\WINDOWS\system32\SalaatTime.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SalaatTime"="C:\Program Files\Salaat Time\SalaatTime.exe" [2007-08-26 13443072]
"Shareaza"="C:\Shareaza\Shareaza.exe" [2008-01-01 4739072]
"RayV"="C:\Program Files\RayV\RayV\RayV.exe" [2008-09-07 3708200]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OpenDNS Update"="C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe" [2008-10-09 281088]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\MUSTAPHA\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]

C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]

C:\Documents and Settings\Invit‚\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]

C:\Documents and Settings\adelus\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]

C:\Documents and Settings\MUSTAPHA\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]

C:\Documents and Settings\MERZA2\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]

C:\Documents and Settings\MUSTAPHA\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-05-22 2756608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=ucdvth.dll jzskku.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"<NO NAME>"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Documents and Settings\\merza\\Bureau\\Dofus\\Dofus.exe"=
"C:\\Nostale(FR)\\Nostale.exe"=
"C:\\Program Files\\ASUS\\ASUS Live Update\\ALU.EXE"=
"C:\\Program Files\\RayV\\RayV\\RayV.exe"=
"C:\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\System32\\ZoneLabs\\vsmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\WINDOWS\System32\StkCSrv.exe [2007-04-18 24576]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-08-21 30208]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\StkCMini.sys [2007-06-05 1260672]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-03-28 57024]
S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-11-24 50976]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {857D4360-762B-978B-76AD-491AA719E47A} /qb
.
- - - - ORPHELINS SUPPRIMES - - - -

URLSearchHooks-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
BHO-{A3194EE0-A963-41DA-B9A7-4E1BD5165808} - (no file)
BHO-{BF2C994B-F11F-46BB-813C-20EF95F55CA0} - (no file)
WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
HKCU-Run-iksayce - c:\documents and settings\adelus\local settings\application data\iksayce.exe
HKLM-Run-mczwwyhosm - C:\WINDOWS\system32\kahnbmeblowi.dll
ShellExecuteHooks-{0574D50F-C261-490D-BF39-4E91183C4EFB} - (no file)

.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R0 -: HKLM-Main,Start Page = hxxp://lo.st
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-14 20:24:13
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-10-14 20:26:29
ComboFix-quarantined-files.txt 2008-10-14 18:26:06

Avant-CF: 65 268 645 888 octets libres
Après-CF: 65,286,963,200 octets libres

336 --- E O F --- 2008-09-10 21:17:55

voila désolé pour la lenteur de ma reponse
0
Réponse 20 / 51
musdu83
 
ComboFix 08-10-14.01 - adelus 2008-10-14 20:20:18.2 - [color=red][b]FAT32[/b][/color]x86
Lancé depuis: C:\Documents and Settings\MUSTAPHA\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\adelus\real.txt
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\ktd32.atm
C:\WINDOWS\system32\cbycfgyw.dll
C:\WINDOWS\system32\gapbbmau.dll
C:\WINDOWS\system32\ieecutig.ini
C:\WINDOWS\system32\ifhrid.dll
C:\WINDOWS\system32\lonTutwa.ini
C:\WINDOWS\system32\lonTutwa.ini2
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\rwjwit.dll
C:\WINDOWS\system32\wgerxqic.ini
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-14 au 2008-10-14 ))))))))))))))))))))))))))))))))))))
.

2008-10-14 19:40 . 2008-10-14 19:40 <REP> d-------- C:\Program Files\Counter-Strike Source
2008-10-14 19:40 . 2008-10-14 19:40 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\InstallShield Installation Information
2008-10-14 19:10 . 2008-10-14 19:10 <REP> d-------- C:\Program Files\Valve Lan
2008-10-13 19:31 . 2008-10-13 19:31 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-13 19:31 . 2008-10-13 19:31 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\Malwarebytes
2008-10-13 19:31 . 2008-10-13 19:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-13 19:31 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-13 19:31 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-13 07:49 . 2008-10-13 07:49 <REP> d-------- C:\Program Files\Navilog1
2008-10-12 22:25 . 2008-10-12 22:25 <REP> d-------- C:\Program Files\Antipub
2008-10-12 21:12 . 2008-10-12 21:13 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\MailFrontier
2008-10-12 20:33 . 2008-10-12 20:33 <REP> d-------- C:\Documents and Settings\adelus\Application Data\MailFrontier
2008-10-12 17:43 . 2008-07-09 09:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-10-12 17:43 . 2008-07-09 09:05 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-10-12 17:43 . 2008-07-09 09:05 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-10-12 17:43 . 2008-07-09 09:05 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-10-12 17:42 . 2008-10-12 17:42 <REP> d-------- C:\Program Files\Zone Labs
2008-10-12 17:42 . 2008-07-09 09:05 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-10-12 17:42 . 2008-10-14 17:54 360,555 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-10-12 17:10 . 2008-10-12 17:10 <REP> d-------- C:\Program Files\Alwil Software
2008-10-12 14:31 . 2008-10-12 14:31 <REP> d-------- C:\Program Files\Sunbelt Software
2008-10-12 14:22 . 2008-10-12 14:22 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-12 13:41 . 2008-10-12 21:43 4,194,394 --a------ C:\WINDOWS\pfirewall.log.old
2008-10-12 12:37 . 2008-10-12 12:37 <REP> d-------- C:\Program Files\MSN Password Recovery
2008-10-11 23:56 . 2008-10-11 23:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-10-11 23:19 . 2008-10-11 23:19 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\FileZilla
2008-10-11 23:18 . 2008-10-11 23:19 <REP> d-------- C:\Program Files\FileZilla FTP Client
2008-10-11 23:09 . 2008-10-11 23:09 <REP> d-------- C:\Program Files\Yahoo!
2008-10-11 10:03 . 2008-10-11 10:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-10 16:53 . 2008-10-10 16:53 <REP> d-------- C:\Program Files\OpenDNS Updater
2008-10-09 21:03 . 2008-10-09 21:03 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\Smart PC Solutions
2008-10-09 20:56 . 2008-10-09 20:56 <REP> d-------- C:\Program Files\Free Window Registry Repair
2008-10-09 19:41 . 2008-10-09 19:41 <REP> d-------- C:\Program Files\Microsoft Works
2008-10-09 19:37 . 2008-10-09 19:37 <REP> d-------- C:\Program Files\Microsoft.NET
2008-10-09 19:26 . 2008-10-09 19:26 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\Uniblue
2008-10-09 18:40 . 2008-10-09 18:40 3,120 --a------ C:\WINDOWS\system32\118290.54
2008-10-09 18:40 . 2008-10-09 18:40 3,120 --a------ C:\WINDOWS\118294.78
2008-10-09 18:38 . 1996-08-20 20:37 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
2008-10-09 18:38 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
2008-10-09 18:38 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
2008-10-09 18:24 . 2008-10-09 18:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-08 23:15 . 2008-10-08 23:15 <REP> d-------- C:\Program Files\MSN Messenger
2008-10-08 23:01 . 2008-08-09 09:24 59,728 --a------ C:\msimg32.dll
2008-10-08 16:44 . 2008-10-08 16:44 <REP> d-------- C:\WINDOWS\system32\tz1
2008-10-08 16:44 . 2008-10-08 16:44 <REP> d-------- C:\WINDOWS\system32\hpd
2008-10-08 16:44 . 2008-10-08 16:44 <REP> d-------- C:\WINDOWS\system32\EV02
2008-10-08 16:44 . 2008-10-08 16:44 <REP> d-------- C:\WINDOWS\system32\ci
2008-10-08 16:44 . 2008-10-08 16:44 <REP> d-------- C:\temp\xp34
2008-10-08 16:44 . 2008-10-08 16:44 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-10-08 16:43 . 2008-10-08 16:43 79,097 --a------ C:\WINDOWS\system32\lmyvkpevviupbcntk.exe
2008-10-08 16:42 . 2008-10-08 16:42 288,734 --a------ C:\WINDOWS\vntb9283.exe
2008-10-08 16:42 . 2008-10-08 16:42 181,890 --a------ C:\WINDOWS\bdtb3452.exe
2008-10-08 16:42 . 2008-10-08 16:42 70,548 --a------ C:\WINDOWS\dwtb2837.exe
2008-10-08 16:14 . 2008-10-08 16:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-10-08 11:10 . 2008-10-08 11:10 <REP> d-------- C:\Documents and Settings\adelus\Application Data\HiYo
2008-10-07 22:10 . 2008-10-07 22:10 99 -r-hs---- C:\WINDOWS\smms.bat
2008-10-07 07:46 . 2008-10-07 07:46 <REP> d-------- C:\Program Files\Windows Live Toolbar
2008-10-07 07:46 . 2008-10-07 07:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-10-06 18:36 . 2008-10-06 18:36 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\HiYo
2008-10-04 19:54 . 2008-10-04 19:54 268 --ah----- C:\sqmdata00.sqm
2008-10-04 19:54 . 2008-10-04 19:54 244 --ah----- C:\sqmnoopt00.sqm
2008-10-04 19:54 . 2008-10-04 19:54 172 --ah----- C:\sqmnoopt01.sqm
2008-10-04 19:54 . 2008-10-04 19:54 172 --ah----- C:\sqmdata01.sqm
2008-10-04 19:49 . 2008-10-04 19:49 <REP> d-------- C:\Program Files\MessengerDiscovery
2008-10-04 19:49 . 2004-03-09 00:00 212,240 --a------ C:\WINDOWS\system32\richtx32.OCX
2008-10-04 19:49 . 2004-03-09 00:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.ocx
2008-10-02 22:30 . 2008-10-02 22:30 <REP> d-------- C:\Program Files\Wakfu
2008-10-02 15:58 . 2008-10-02 16:01 2,066 --ahs---- C:\WINDOWS\system32\meddekom.dat
2008-10-01 20:27 . 2008-10-11 23:10 959 --a------ C:\rollback.ini
2008-10-01 16:19 . 2008-10-14 07:21 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-01 16:19 . 2008-10-14 07:21 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-01 16:17 . 2008-10-09 19:49 50 --a------ C:\WINDOWS\winzipme.ini
2008-10-01 15:47 . 2008-10-01 15:47 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\Hide IP NG
2008-10-01 14:13 . 2008-10-01 14:13 <REP> d-------- C:\Documents and Settings\LocalService\Bureau
2008-10-01 13:41 . 2008-10-01 13:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-10-01 13:41 . 2008-07-09 09:05 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-10-01 13:41 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-10-01 13:41 . 2008-10-12 21:12 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-10-01 13:40 . 2008-10-01 13:40 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-10-01 13:39 . 2008-10-01 13:39 <REP> d-------- C:\WINDOWS\Internet Logs
2008-09-30 21:53 . 2008-09-30 21:53 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Contacts
2008-09-29 21:35 . 2008-09-29 21:35 <REP> d-------- C:\Documents and Settings\MERZA2\Application Data\SiteAdvisor
2008-09-28 15:12 . 2008-09-28 15:12 <REP> d-------- C:\2fab93e879cf551fd5c6145d76bada9d
2008-09-28 15:12 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-09-28 15:08 . 2008-09-28 15:08 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-09-28 15:08 . 2008-09-28 15:08 <REP> d-------- C:\Program Files\MSBuild
2008-09-28 15:07 . 2008-09-28 15:07 <REP> d-------- C:\Program Files\Reference Assemblies
2008-09-28 15:07 . 2008-09-28 15:07 <REP> d-------- C:\[u]0[/u]300fff9c12bc6739aba4b52
2008-09-28 15:07 . 2008-07-06 14:06 1,676,288 --------- C:\WINDOWS\system32\xpssvcs.dll
2008-09-28 15:07 . 2008-07-06 14:06 1,676,288 --------- C:\WINDOWS\system32\dllcache\xpssvcs.dll
2008-09-28 15:07 . 2008-07-06 12:50 597,504 --------- C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2008-09-28 15:07 . 2008-07-06 14:06 575,488 --------- C:\WINDOWS\system32\xpsshhdr.dll
2008-09-28 15:07 . 2008-07-06 14:06 575,488 --------- C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2008-09-28 15:07 . 2008-07-06 14:06 117,760 --------- C:\WINDOWS\system32\prntvpt.dll
2008-09-28 15:07 . 2008-07-06 14:06 89,088 --------- C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2008-09-28 15:06 . 2008-09-28 15:06 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2008-09-28 14:39 . 2008-09-28 14:39 <REP> d-------- C:\7655925401048e40a58c7cb238cb44
2008-09-28 14:38 . 2006-04-13 11:30 1,073,152 --a------ C:\WINDOWS\system32\libmysql_c.dll
2008-09-27 22:42 . 2008-09-27 22:42 <REP> d-------- C:\Documents and Settings\merza\Bureau
2008-09-27 22:42 . 2008-09-27 22:42 <REP> d-------- C:\Documents and Settings\merza
2008-09-27 21:27 . 2008-09-27 21:27 <REP> d-------- C:\Program Files\WinPcap
2008-09-27 20:55 . 2008-09-27 20:55 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\SACore
2008-09-27 20:45 . 2008-09-27 20:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-09-27 17:20 . 2008-09-27 17:20 <REP> d-------- C:\Program Files\SiteAdvisor
2008-09-27 17:20 . 2008-09-27 17:20 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\SiteAdvisor
2008-09-27 17:13 . 2008-09-27 17:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-27 17:08 . 2008-09-27 17:08 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\DNA
2008-09-27 16:43 . 2008-09-27 16:43 <REP> d-------- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
2008-09-27 15:42 . 2008-09-27 15:42 <REP> d-------- C:\Documents and Settings\adelus\Application Data\DivX
2008-09-27 15:20 . 2008-09-27 15:20 <REP> d-------- C:\Documents and Settings\adelus\Application Data\Symantec
2008-09-27 14:16 . 2008-09-27 14:16 <REP> d-------- C:\Documents and Settings\MUSTAPHA\Application Data\LimeWire
2008-09-27 14:14 . 2008-09-27 14:14 <REP> d-------- C:\Program Files\LimeWire
2008-09-27 12:08 . 2008-09-27 12:08 0 --a------ C:\WINDOWS\system32\newsettings.ces
2008-09-27 09:42 . 2008-09-27 09:42 1,196 --a------ C:\WINDOWS\mozver.dat
2008-09-27 09:40 . 2008-09-27 09:40 0 --a------ C:\WINDOWS\nsreg.dat
2008-09-26 22:49 . 2008-10-12 16:29 966 --a------ C:\WINDOWS\wininit.ini
2008-09-26 22:18 . 2008-09-26 22:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-26 21:56 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-09-26 21:56 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-09-26 21:56 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-09-26 21:56 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-09-26 21:56 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-09-26 21:56 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-09-26 21:56 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-09-26 21:56 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-15 11:17 2,012 ----a-w C:\WINDOWS\system32\ealregsnapshot1.reg
2008-09-10 17:31 --------- d-----w C:\Documents and Settings\adelus\Application Data\ItsLabel
2008-09-10 12:10 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-09-10 12:10 --------- d-----w C:\Documents and Settings\MUSTAPHA\Application Data\SPORE Creature Creator
2008-09-10 07:41 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2008-09-09 20:36 --------- d-----w C:\Documents and Settings\MUSTAPHA\Application Data\ItsLabel
2008-09-09 16:39 --------- d-----w C:\Documents and Settings\MUSTAPHA\Application Data\SecondLife
2008-09-09 16:37 --------- d-----w C:\Documents and Settings\MUSTAPHA\Application Data\EoRezo
2008-09-07 10:11 --------- d-----w C:\Program Files\Java
2008-09-07 10:11 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-09-05 23:08 --------- d-----w C:\Program Files\Get IP
2008-09-03 09:10 --------- d-----w C:\Program Files\DivX
2008-08-30 15:31 --------- d-----w C:\Documents and Settings\MUSTAPHA\Application Data\ATI
2008-08-30 15:30 --------- d-----w C:\Documents and Settings\MUSTAPHA\Application Data\AVG7
2008-08-05 22:02 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-08-05 22:02 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-08-05 22:00 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-08-05 22:00 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-08-05 21:59 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-08-05 21:59 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-08-05 21:59 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-08-05 21:59 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-08-05 21:59 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-08-05 21:59 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-08-05 21:59 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-08-05 21:59 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-08-05 21:58 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-08-05 21:58 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-08-05 21:58 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-08-05 21:58 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-08-05 21:58 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-08-05 21:58 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-08-05 21:58 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-29 19:10 73,720 ----a-w C:\WINDOWS\system32\dxva2.dll
2008-07-29 19:10 493,048 ----a-w C:\WINDOWS\system32\evr.dll
2008-07-29 19:10 26,112 ----a-w C:\WINDOWS\system32\TsWpfWrp.exe
2008-07-29 18:35 326,160 ----a-w C:\WINDOWS\system32\PresentationHost.exe
2008-07-29 17:59 781,344 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll
2008-07-29 17:59 43,544 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll
2008-07-29 17:59 161,296 ----a-w C:\WINDOWS\system32\UIAutomationCore.dll
2008-07-29 17:59 105,016 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2008-07-29 17:24 97,800 ----a-w C:\WINDOWS\system32\infocardapi.dll
2008-07-29 17:24 622,080 ----a-w C:\WINDOWS\system32\icardagt.exe
2008-07-29 17:24 11,264 ----a-w C:\WINDOWS\system32\icardres.dll
2008-07-25 09:16 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2008-07-25 09:16 83,968 ----a-w C:\WINDOWS\system32\mscories.dll
2008-07-25 09:16 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2008-07-25 09:16 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
2008-07-23 16:50 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-07-23 16:50 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-07-23 16:50 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-03-12 21:59 14,490 ----a-w C:\Documents and Settings\adelus\dofwni.exe
2008-03-08 18:24 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-10-12 02:09 94,208 --sh--w C:\WINDOWS\system32\SalaatTime.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SalaatTime"="C:\Program Files\Salaat Time\SalaatTime.exe" [2007-08-26 13443072]
"Shareaza"="C:\Shareaza\Shareaza.exe" [2008-01-01 4739072]
"RayV"="C:\Program Files\RayV\RayV\RayV.exe" [2008-09-07 3708200]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OpenDNS Update"="C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe" [2008-10-09 281088]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\MUSTAPHA\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]

C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]

C:\Documents and Settings\Invit‚\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]

C:\Documents and Settings\adelus\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]

C:\Documents and Settings\MUSTAPHA\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]

C:\Documents and Settings\MERZA2\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]

C:\Documents and Settings\MUSTAPHA\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-05-22 2756608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=ucdvth.dll jzskku.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"<NO NAME>"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Documents and Settings\\merza\\Bureau\\Dofus\\Dofus.exe"=
"C:\\Nostale(FR)\\Nostale.exe"=
"C:\\Program Files\\ASUS\\ASUS Live Update\\ALU.EXE"=
"C:\\Program Files\\RayV\\RayV\\RayV.exe"=
"C:\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\System32\\ZoneLabs\\vsmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\WINDOWS\System32\StkCSrv.exe [2007-04-18 24576]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-08-21 30208]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\StkCMini.sys [2007-06-05 1260672]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-03-28 57024]
S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-11-24 50976]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {857D4360-762B-978B-76AD-491AA719E47A} /qb
.
- - - - ORPHELINS SUPPRIMES - - - -

URLSearchHooks-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
BHO-{A3194EE0-A963-41DA-B9A7-4E1BD5165808} - (no file)
BHO-{BF2C994B-F11F-46BB-813C-20EF95F55CA0} - (no file)
WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
HKCU-Run-iksayce - c:\documents and settings\adelus\local settings\application data\iksayce.exe
HKLM-Run-mczwwyhosm - C:\WINDOWS\system32\kahnbmeblowi.dll
ShellExecuteHooks-{0574D50F-C261-490D-BF39-4E91183C4EFB} - (no file)

.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R0 -: HKLM-Main,Start Page = hxxp://lo.st
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-14 20:24:13
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-10-14 20:26:29
ComboFix-quarantined-files.txt 2008-10-14 18:26:06

Avant-CF: 65 268 645 888 octets libres
Après-CF: 65,286,963,200 octets libres

336 --- E O F --- 2008-09-10 21:17:55

Désolé pour la lenteur de ma reponse
0

Discussions similaires

Message "Un bloqueur de publicité empêche la lecture..."
pistouri -
pistouri -

0 réponse
comment desactiver un bloqueur de pub
amour10 -
MPMP10 -

4 réponses
Acces à snapchat temporairement désactivé
Anto_1234 -
Lemoche -

92 réponses
M6 Replay désactiver le bloqueur de publicité
katydel88 -
Mathieu -

14 réponses