Sujet Précédent Sujet Suivant

HIjackthis

Fermé
CaptainZack - 22 nov. 2008 à 14:21
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 - 15 déc. 2008 à 22:18
Bonjour,

Mon ordinateur depuis peu est super lent mais juste sur internet, Genre mon débit a baisser de moitié.
Deplus des page de pub s'ouvre sur firefox quand je navigue sur internet alors qu'avant tous fonctionnait nickel.
J'ai fait un scan avec HijackThis, je met le Copier/Coller si quelqu'un pourrait m'aider ;) merci

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:12:34, on 22/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\WebCam\M1000\M1000Mnt.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
F:\Soirée pétanque\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SteamKeyFr\SteamKeyFr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\documents and settings\waelkens\local settings\application data\kmaik.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.aldi.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Soirée pétanque\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SteamKeyFr] "C:\Program Files\SteamKeyFr\SteamKeyFr.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [TrueDownloaderAutoStart] C:\Program Files\TrueDownloader\TrueDownloader.exe /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Steam] "D:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [kmaik] "c:\documents and settings\waelkens\local settings\application data\kmaik.exe" kmaik
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &Download with TrueDownloader! - C:\Program Files\TrueDownloader\TrueDownloader.htm
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mut: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .xmz: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.aldi.com/
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106243543703
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - http://phpadsnew.merco6.com/libraries/SOPCORE.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/it/Woo2/fr/chat/nPaxChat.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
A voir également:

59 réponses

Précédent
Réponse 21 / 59
CaptainZack
26 nov. 2008 à 18:04
Bonsoir,

Je n'ai pas eu à taper 1 ou 2, et l'ordinateur s'est redémarrer.

Voila le rapport :

ComboFix 08-11-22.02 - waelkens 2008-11-26 16:16:38.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.367 [GMT 1:00]
Lancé depuis: d:\iso\ComboFix.exe
Commutateurs utilisés :: d:\iso\CFscript
* Un nouveau point de restauration a été créé

FILE ::
c:\docume~1\waelkens\LOCALS~1\Temp\lac97inf.sys
c:\windows\system32\drivers\a2tl4gdj.sys
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LAC97INF
-------\Service_lac97inf


((((((((((((((((((((((((((((( Fichiers créés du 2008-10-26 au 2008-11-26 ))))))))))))))))))))))))))))))))))))
.

2008-11-25 10:43 . 2008-11-25 10:44 <REP> d-------- c:\program files\RogueRemover FREE
2008-11-25 10:40 . 2008-11-25 10:42 <REP> d-------- C:\RogueRemover
2008-11-23 22:41 . 2008-11-24 12:03 <REP> d-------- C:\ToolBar SD
2008-11-23 19:14 . 2008-11-23 19:14 <REP> d-------- c:\documents and settings\waelkens\Application Data\Grisoft
2008-11-23 19:12 . 2008-11-23 19:12 <REP> d-------- c:\documents and settings\All Users\Application Data\Grisoft
2008-11-23 19:12 . 2007-05-30 13:10 10,872 --a------ c:\windows\system32\drivers\AvgAsCln.sys
2008-11-23 14:24 . 2008-11-23 23:06 <REP> d-------- C:\Lop SD
2008-11-22 19:33 . 2008-11-23 11:49 3,820 --a------ c:\windows\system32\tmp.reg
2008-11-22 19:32 . 2008-11-22 19:34 <REP> d-------- c:\documents and settings\waelkens\SmitfraudFix
2008-11-22 19:32 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe
2008-11-22 19:32 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe
2008-11-22 19:32 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe
2008-11-22 19:32 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\o4Patch.exe
2008-11-22 19:32 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe
2008-11-22 19:32 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe
2008-11-22 19:32 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe
2008-11-22 19:32 . 2003-06-05 20:13 53,248 --a------ c:\windows\system32\Process.exe
2008-11-22 19:32 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe
2008-11-22 19:32 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe
2008-11-22 17:11 . 2008-11-22 17:11 <REP> d-------- C:\rsit
2008-11-22 16:56 . 2008-11-22 17:04 <REP> d-------- c:\program files\Navilog1
2008-11-22 03:26 . 2008-11-22 03:26 <REP> d-------- c:\documents and settings\All Users\Application Data\Blizzard
2008-11-21 17:42 . 2008-11-21 17:42 <REP> d-------- C:\Logs
2008-11-20 09:56 . 2008-11-20 09:56 <REP> d-------- c:\program files\Lavasoft
2008-11-20 09:56 . 2008-11-20 09:57 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-16 20:56 . 2008-11-25 21:35 <REP> d-------- c:\program files\adslTV
2008-11-16 20:56 . 2008-11-16 20:56 <REP> d-------- c:\documents and settings\waelkens\Application Data\vlc
2008-11-15 18:27 . 2008-11-15 18:27 <REP> d-------- c:\documents and settings\All Users\Application Data\2DBoy
2008-11-14 22:24 . 2008-11-14 22:24 118 --a------ c:\windows\system32\MRT.INI
2008-11-13 17:46 . 2008-11-13 17:46 <REP> d-------- c:\documents and settings\waelkens\OngameNetwork
2008-11-11 08:36 . 2008-11-11 08:36 <REP> d-------- C:\Medion
2008-11-02 08:25 . 2008-11-02 08:25 2,425 --ah----- C:\mxfilerelatedcache.mxc2
2008-11-02 08:25 . 2008-11-02 08:25 1,520 --a------ C:\yannickk_1.avd

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-26 15:26 --------- d-----w c:\program files\Wanadoo
2008-11-26 15:26 --------- d-----w c:\documents and settings\waelkens\Application Data\Skype
2008-11-26 15:25 17,408 ----a-w c:\windows\system32\drivers\USBCRFT.SYS
2008-11-26 15:13 46,366 ----a-w c:\documents and settings\waelkens\Application Data\wklnhst.dat
2008-11-25 09:49 5,632 -csha-w c:\program files\Thumbs.db
2008-11-23 18:14 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-11-21 10:39 --------- d-----w c:\program files\Fichiers communs\Blizzard Entertainment
2008-11-21 10:11 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-20 14:18 --------- d-----w c:\documents and settings\waelkens\Application Data\Orbit
2008-11-20 08:51 --------- d-----w c:\documents and settings\waelkens\Application Data\Lavasoft
2008-11-14 22:20 --------- d-----w c:\program files\DivX
2008-11-07 21:22 --------- d-----w c:\program files\Mozilla Thunderbird
2008-11-05 18:00 --------- d-----w c:\documents and settings\waelkens\Application Data\uTorrent
2008-10-29 12:41 --------- d-----w c:\program files\RomStation
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 13:16 --------- d-----w c:\program files\Morgan
2008-10-18 12:22 209,636 ----a-w c:\windows\IPUI_DivXG400.exe
2008-10-18 12:20 --------- d-----w c:\program files\Rippackv3
2008-10-16 12:51 --------- d-----w c:\documents and settings\waelkens\Application Data\FileZilla
2008-10-16 10:52 --------- d-----w c:\documents and settings\waelkens\Application Data\Apple Computer
2008-10-15 17:08 --------- d-----w c:\program files\DaemonTools_WhenUSave_Installer
2008-10-15 17:07 --------- d-----w c:\program files\Kodak
2008-10-15 16:40 --------- d-----w c:\program files\eRightSoft
2008-10-15 15:49 --------- d-----w c:\program files\BitComet
2008-10-15 09:49 --------- d-----w c:\program files\iTunes
2008-10-15 09:49 --------- d-----w c:\program files\iPod
2008-10-15 09:49 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-15 09:48 --------- d-----w c:\program files\Bonjour
2008-10-15 09:47 --------- d-----w c:\program files\QuickTime
2008-10-15 09:46 --------- d-----w c:\program files\Fichiers communs\Apple
2008-10-15 09:44 --------- d-----w c:\program files\Apple Software Update
2008-10-02 14:49 --------- d-----w c:\program files\Warcraft III
2008-10-01 11:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
2008-09-30 14:30 98,304 ----a-w c:\windows\DUMPc8fd.tmp
2008-09-30 14:28 98,304 ----a-w c:\windows\DUMP3718.tmp
2008-09-28 06:41 --------- d-----w c:\program files\Combined Community Codec Pack
2008-09-26 13:44 --------- d-----w c:\documents and settings\waelkens\Application Data\Dev-Cpp
2008-09-26 13:02 --------- d-----w c:\documents and settings\waelkens\Application Data\codeblocks
2008-09-26 11:56 --------- d-----w c:\program files\Microsoft Visual Studio 9.0
2008-09-26 11:56 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-06-09 08:26 85,944 -c--a-w c:\documents and settings\waelkens\Application Data\GDIPFONTCACHEV1.DAT
2007-11-18 14:15 47,360 -c--a-w c:\documents and settings\waelkens\Application Data\pcouffin.sys
2007-05-21 11:11 47 -c--a-w c:\documents and settings\waelkens\fixsize.cmd
2007-04-04 20:30 95,232 -c--a-w c:\documents and settings\waelkens\filechop.exe
2007-03-08 23:10 18,690 -c--a-w c:\documents and settings\waelkens\make-multi.exe
2007-02-25 12:00 1 -c--a-w c:\documents and settings\waelkens\SI.bin
2006-07-28 08:30 88,102 -c--a-w c:\program files\Aug2006_xinput_x64.cab
2006-07-28 08:30 47,018 -c--a-w c:\program files\Aug2006_xinput_x86.cab
2006-07-28 08:30 41,995 -c--a-w c:\program files\dxdllreg_x86.cab
2006-07-28 08:30 183,863 -c--a-w c:\program files\Aug2006_XACT_x64.cab
2006-07-28 08:30 138,195 -c--a-w c:\program files\Aug2006_XACT_x86.cab
2006-07-28 07:32 82,338 -c--a-w c:\program files\dxupdate.cab
2006-07-28 07:32 2,248,984 -c--a-w c:\program files\dsetup32.dll
2006-07-28 07:31 484,632 -c--a-w c:\program files\DXSETUP.exe
2006-07-28 07:30 74,520 -c--a-w c:\program files\DSETUP.dll
2006-06-05 23:07 31 -c----w c:\documents and settings\waelkens\getfile.dat
2006-05-31 05:39 181,745 -c----w c:\program files\JUN2006_XACT_x64.cab
2006-05-31 05:39 134,631 -c----w c:\program files\JUN2006_XACT_x86.cab
2006-03-31 11:56 917,318 -c----w c:\program files\Apr2006_MDX1_x86.cab
2006-03-31 11:56 87,989 -c----w c:\program files\Apr2006_xinput_x64.cab
2006-03-31 11:56 46,898 -c----w c:\program files\Apr2006_xinput_x86.cab
2006-03-31 11:56 4,163,518 -c----w c:\program files\Apr2006_MDX1_x86_Archive.cab
2006-03-31 11:56 180,021 -c----w c:\program files\Apr2006_XACT_x64.cab
2006-03-31 11:56 133,991 -c----w c:\program files\Apr2006_XACT_x86.cab
2006-03-31 11:56 1,398,718 -c----w c:\program files\Apr2006_d3dx9_30_x64.cab
2006-03-31 11:56 1,116,109 -c----w c:\program files\Apr2006_d3dx9_30_x86.cab
2006-02-16 13:05 278,528 -c--a-w c:\program files\Fichiers communs\FDEUnInstaller.exe
2006-02-03 08:00 179,247 -c----w c:\program files\Feb2006_XACT_x64.cab
2006-02-03 08:00 133,297 -c----w c:\program files\Feb2006_XACT_x86.cab
2006-02-03 08:00 1,363,684 -c----w c:\program files\Feb2006_d3dx9_29_x64.cab
2006-02-03 08:00 1,085,608 -c----w c:\program files\Feb2006_d3dx9_29_x86.cab
2005-12-05 17:31 86,925 -c----w c:\program files\Oct2005_xinput_x64.cab
2005-12-05 17:31 46,247 -c----w c:\program files\Oct2005_xinput_x86.cab
2005-12-05 17:31 1,358,864 -c----w c:\program files\Dec2005_d3dx9_28_x64.cab
2005-12-05 17:31 1,080,344 -c----w c:\program files\Dec2005_d3dx9_28_x86.cab
2005-10-26 11:48 40,448 -c--a-w c:\documents and settings\waelkens\trial_setup.exe
2005-07-22 18:14 1,351,430 -c----w c:\program files\Aug2005_d3dx9_27_x64.cab
2005-07-22 18:14 1,078,532 -c----w c:\program files\Aug2005_d3dx9_27_x86.cab
2005-05-26 13:49 1,336,890 -c----w c:\program files\Jun2005_d3dx9_26_x64.cab
2005-05-26 13:49 1,065,813 -c----w c:\program files\Jun2005_d3dx9_26_x86.cab
2005-03-18 16:40 1,348,242 -c----w c:\program files\Apr2005_d3dx9_25_x64.cab
2005-03-18 16:40 1,079,850 -c----w c:\program files\Apr2005_d3dx9_25_x86.cab
2005-02-05 19:03 1,248,387 -c----w c:\program files\Feb2005_d3dx9_24_x64.cab
2005-02-05 19:03 1,014,113 -c----w c:\program files\Feb2005_d3dx9_24_x86.cab
2004-09-27 10:29 976,020 -c----w c:\program files\BDAXP.cab
2004-09-27 10:29 703,080 -c----w c:\program files\BDA.cab
2004-09-27 10:29 15,493,481 -c----w c:\program files\DirectX.cab
2004-09-27 10:29 13,265,040 -c----w c:\program files\dxnt.cab
2004-09-27 10:29 1,156,363 -c----w c:\program files\BDANT.cab
1996-12-02 17:44 582,144 -c--a-w c:\program files\Fichiers communs\dao350.dll
2005-01-25 16:24 8 -csh--r c:\windows\system32\F2A38CDCBF.sys
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2005-01-25 16:24 5,744 -csha-w c:\windows\system32\KGyGaAvL.sys
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 12:30 216,064 --sh--r c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((( snapshot@2008-11-23_12.33.44,79 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2008-11-26 15:24:47 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_660.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-12-09 1937408]
"SteamKeyFr"="c:\program files\SteamKeyFr\SteamKeyFr.exe" [2004-01-28 212992]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-01-12 25367592]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 68856]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 401491]
"TrueDownloaderAutoStart"="c:\program files\TrueDownloader\TrueDownloader.exe" [2005-02-20 520258]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"LightScribe Control Panel"="c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"Steam"="d:\program files\Valve\Steam\Steam.exe" [2008-10-15 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AOLDialer"="c:\program files\Fichiers communs\AOL\ACS\AOLDial.exe" [2004-04-08 496752]
"PCMService"="c:\program files\Home Cinema\PowerCinema\PCMService.exe" [2005-02-04 118926]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"Adobe Photo Downloader"="f:\soirée pétanque\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 132624]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"Dit"="Dit.exe" [2004-07-20 c:\windows\Dit.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-07-16 626176]
Logiciel Kodak EasyShare.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 282624]
SpySubtract.lnk - c:\program files\interMute\SpySubtract\SpySub.exe [2007-03-18 1187840]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{FA010552-4A27-4cb1-A1BB-3E2D697F1639}"= "c:\program files\interMute\SpySubtract\sshook.dll" [2007-03-18 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"msacm.l3acm"= c:\windows\system32\l3codecp.acm
"MSACM.CEGSM"= mobilev.acm
"VIDC.FFDS"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Documents and Settings\\waelkens\\Bureau\\yannicl\\programme C C++\\eMule0.49b\\emule.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\adslTV\\adsltv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Warcraft
"4670:TCP"= 4670:TCP:emule port
"4671:UDP"= 4671:UDP:emule portudp
"3724:TCP"= 3724:TCP:BLIZZARD

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-30 78416]
R1 cpuidlep;CpuIdle Pro System Driver;c:\windows\system32\drivers\cpuidlep.sys [2008-05-01 4484]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-30 20560]
R2 UxTuneUp;Extension de conception TuneUp;c:\windows\System32\svchost.exe -k netsvcs [2005-01-20 14336]
R3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2005-02-05 802048]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2005-01-20 1272000]
R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [2005-01-20 19928]
S2 FILESpy;FILESpy;\??\c:\program files\Softwin\BitDefender9\filespy.sys []
S3 AIDA32Driver;AIDA32Driver;\??\c:\program files\AIDA32 - Personal System Information\aida32.sys [2004-02-23 3584]
S3 CardReaderFilter;Card Reader Filter;\??\c:\windows\system32\Drivers\USBCRFT.SYS [2005-01-20 17408]
S3 M1000Srv;M5603C USB2.0 Camera Driver;c:\windows\system32\Drivers\M1000KNT.sys [2007-01-10 274567]
S3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [2004-01-23 13952]
S3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [2004-01-23 28800]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ac68d9a-f886-11da-a67e-001109df929d}]
\Shell\AutoRun\command - L:\PreyStub.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bd32168-dd23-11db-a8d2-001109df929d}]
\Shell\AutoRun\command - K:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{925fa382-1aac-11db-a6cd-001109df929d}]
\Shell\AutoRun\command - M:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca5651a3-8e67-11da-a58f-001109df929d}]
\Shell\AutoRun\command - livebox.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2008-11-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-21 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2006-10-06 06:27]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-26 16:24:55
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\rsaenh.dll

- - - - - - - > 'lsass.exe'(784)
c:\windows\system32\msprivs.dll
c:\windows\system32\rsaenh.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\scardsvr.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Fichiers communs\AOL\ACS\AOLacsd.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\progra~1\Wanadoo\TaskBarIcon.exe
c:\windows\system32\rundll32.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\program files\Fichiers communs\EPSON\EBAPI\eEBSvc.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\program files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
c:\windows\system32\FTRTSVC.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
c:\program files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\progra~1\COMMON~1\X10\Common\X10nets.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2008-11-26 16:36:11 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-26 15:36:07
ComboFix2.txt 2008-11-23 11:35:08

Avant-CF: 7 758 241 792 octets libres
Après-CF: 7,638,421,504 octets libres

313 --- E O F --- 2008-11-14 21:24:20
0
Réponse 22 / 59
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
26 nov. 2008 à 18:35
Re,

relance Toolbar S&D sur ton Bureau.

* Choisis l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
0
CaptainZack
26 nov. 2008 à 18:57
Re,


-----------\\ ToolBar S&D 1.2.5 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.20GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : waelkens ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1290 [VPS 081126-0] 4.8.1290 (Activated)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:7 Go)
D:\ (Local Disk) - NTFS - Total:68 Go (Free:7 Go)
E:\ (Local Disk) - FAT32 - Total:5 Go (Free:1 Go)
F:\ (Local Disk) - NTFS - Total:149 Go (Free:44 Go)
G:\ (CD or DVD)
H:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
I:\ (CD or DVD)
K:\ (USB)
L:\ (USB)
M:\ (USB)
O:\ (CD or DVD)
P:\ (CD or DVD)
S:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 20-11-2008|20:25 )
Option : [1] ( 26/11/2008|18:52 )

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(waelkens) - {DDC359D1-844A-42a7-9AA1-88A850A938A8} => chrome


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"First Home Page"="http://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b1"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/"


--------------------\\ Recherche d'autres infections

--------------------\\ ROOTKIT !!

Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv]

--------------------\\ ROGUES ..

C:\PROGRA~1\Spyware-Secure

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-010425_iPod.crash
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-010425_iPod.plist
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-010426_iPod.crash
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-010426_iPod.plist
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-010428_iPod.crash
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-010428_iPod.plist
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-010429_iPod.crash
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-010429_iPod.plist
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-010430_iPod.crash
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-010430_iPod.plist
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-123643_yannick-s-ipod.crash
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-123643_yannick-s-ipod.plist
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-123644_yannick-s-ipod.crash
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-123644_yannick-s-ipod.plist
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-123650_yannick-s-ipod.crash
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-123650_yannick-s-ipod.plist
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-123934_yannick-s-ipod.crash
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-123934_yannick-s-ipod.plist
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-123935_yannick-s-ipod.crash
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-123935_yannick-s-ipod.plist
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-123937_yannick-s-ipod.crash
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-123937_yannick-s-ipod.plist
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-123938_yannick-s-ipod.crash
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-123938_yannick-s-ipod.plist
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-124330_yannick-s-ipod.crash
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-124330_yannick-s-ipod.plist
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-124331_yannick-s-ipod.crash
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-124331_yannick-s-ipod.plist
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-124337_yannick-s-ipod.crash
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-124337_yannick-s-ipod.plist
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-124344_yannick-s-ipod.crash
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-124344_yannick-s-ipod.plist
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-124349_yannick-s-ipod.crash
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-124349_yannick-s-ipod.plist
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-124350_yannick-s-ipod.crash
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-124350_yannick-s-ipod.plist
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-124356_yannick-s-ipod.crash
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-124356_yannick-s-ipod.plist
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-124402_yannick-s-ipod.crash
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-124402_yannick-s-ipod.plist
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-124403_yannick-s-ipod.crash
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-124403_yannick-s-ipod.plist
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-124427_yannick-s-ipod.crash
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-124427_yannick-s-ipod.plist
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-124428_yannick-s-ipod.crash
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-124428_yannick-s-ipod.plist
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-124434_yannick-s-ipod.crash
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-124434_yannick-s-ipod.plist
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-124435_yannick-s-ipod.crash
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-124435_yannick-s-ipod.plist
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-124441_yannick-s-ipod.crash
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-124441_yannick-s-ipod.plist
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-131037_yannick-s-ipod.crash
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-131037_yannick-s-ipod.plist
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-131038_yannick-s-ipod.crash
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-131038_yannick-s-ipod.plist
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-131042_yannick-s-ipod.crash
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-131042_yannick-s-ipod.plist
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-131043_yannick-s-ipod.crash
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-131043_yannick-s-ipod.plist
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-131354_yannick-s-ipod.crash
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-131354_yannick-s-ipod.plist
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-131355_yannick-s-ipod.crash
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-131355_yannick-s-ipod.plist
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-131401_yannick-s-ipod.crash
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-131401_yannick-s-ipod.plist
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-131402_yannick-s-ipod.crash
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-131402_yannick-s-ipod.plist
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-131403_yannick-s-ipod.crash
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-131403_yannick-s-ipod.plist
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-131404_yannick-s-ipod.crash
C:\DOCUME~1\waelkens\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\yannick's ipod\ssh-keygen_2008-10-16-131404_yannick-s-ipod.plist
C:\DOCUME~1\waelkens\Mes documents\Mes fichiers reçus\Corona DJ - Move The Sound (Crack Dub Mix).mp3



1 - "C:\ToolBar SD\TB_1.txt" - 23/11/2008|22:44 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 24/11/2008|12:03 - Option : [2]
3 - "C:\ToolBar SD\TB_3.txt" - 26/11/2008|18:54 - Option : [1]

-----------\\ Fin du rapport a 18:54:32,98
0
Réponse 23 / 59
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
26 nov. 2008 à 20:02
Re,

Copie ou imprime les instructions avant

Déconnecte toi d'internet et ferme toutes tes applications.

Désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

folder::
C:\PROGRA~1\Spyware-Secure

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv]


Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe

Clique sur le fichier CFscript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscrïpt vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Réactive ton parefeu, ton antivirus, la garde de ton antispyware

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation.
0
Réponse 24 / 59
CaptainZack
27 nov. 2008 à 12:04
Bonjour,
Voici le rapport de Combo fix :

ComboFix 08-11-22.02 - waelkens 2008-11-27 11:45:03.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.375 [GMT 1:00]
Lancé depuis: d:\iso\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\waelkens\Bureau\CFscript
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~1\Spyware-Secure
c:\progra~1\Spyware-Secure\language
c:\progra~1\Spyware-Secure\Spyware-Secure.url

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-27 au 2008-11-27 ))))))))))))))))))))))))))))))))))))
.

2008-11-25 10:43 . 2008-11-25 10:44 <REP> d-------- c:\program files\RogueRemover FREE
2008-11-25 10:40 . 2008-11-25 10:42 <REP> d-------- C:\RogueRemover
2008-11-23 22:41 . 2008-11-26 18:54 <REP> d-------- C:\ToolBar SD
2008-11-23 19:14 . 2008-11-23 19:14 <REP> d-------- c:\documents and settings\waelkens\Application Data\Grisoft
2008-11-23 19:12 . 2008-11-23 19:12 <REP> d-------- c:\documents and settings\All Users\Application Data\Grisoft
2008-11-23 19:12 . 2007-05-30 13:10 10,872 --a------ c:\windows\system32\drivers\AvgAsCln.sys
2008-11-23 14:24 . 2008-11-23 23:06 <REP> d-------- C:\Lop SD
2008-11-22 19:33 . 2008-11-23 11:49 3,820 --a------ c:\windows\system32\tmp.reg
2008-11-22 19:32 . 2008-11-22 19:34 <REP> d-------- c:\documents and settings\waelkens\SmitfraudFix
2008-11-22 19:32 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe
2008-11-22 19:32 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe
2008-11-22 19:32 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe
2008-11-22 19:32 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\o4Patch.exe
2008-11-22 19:32 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe
2008-11-22 19:32 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe
2008-11-22 19:32 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe
2008-11-22 19:32 . 2003-06-05 20:13 53,248 --a------ c:\windows\system32\Process.exe
2008-11-22 19:32 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe
2008-11-22 19:32 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe
2008-11-22 17:11 . 2008-11-22 17:11 <REP> d-------- C:\rsit
2008-11-22 16:56 . 2008-11-22 17:04 <REP> d-------- c:\program files\Navilog1
2008-11-22 03:26 . 2008-11-22 03:26 <REP> d-------- c:\documents and settings\All Users\Application Data\Blizzard
2008-11-21 17:42 . 2008-11-21 17:42 <REP> d-------- C:\Logs
2008-11-20 09:56 . 2008-11-20 09:56 <REP> d-------- c:\program files\Lavasoft
2008-11-20 09:56 . 2008-11-20 09:57 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-16 20:56 . 2008-11-25 21:35 <REP> d-------- c:\program files\adslTV
2008-11-16 20:56 . 2008-11-16 20:56 <REP> d-------- c:\documents and settings\waelkens\Application Data\vlc
2008-11-15 18:27 . 2008-11-15 18:27 <REP> d-------- c:\documents and settings\All Users\Application Data\2DBoy
2008-11-14 22:24 . 2008-11-14 22:24 118 --a------ c:\windows\system32\MRT.INI
2008-11-13 17:46 . 2008-11-13 17:46 <REP> d-------- c:\documents and settings\waelkens\OngameNetwork
2008-11-11 08:36 . 2008-11-11 08:36 <REP> d-------- C:\Medion
2008-11-02 08:25 . 2008-11-02 08:25 2,425 --ah----- C:\mxfilerelatedcache.mxc2
2008-11-02 08:25 . 2008-11-02 08:25 1,520 --a------ C:\yannickk_1.avd

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-27 10:43 46,366 ----a-w c:\documents and settings\waelkens\Application Data\wklnhst.dat
2008-11-27 10:39 --------- d-----w c:\program files\Wanadoo
2008-11-27 10:19 --------- d-----w c:\documents and settings\waelkens\Application Data\Skype
2008-11-26 19:36 17,408 ----a-w c:\windows\system32\drivers\USBCRFT.SYS
2008-11-25 09:49 5,632 -csha-w c:\program files\Thumbs.db
2008-11-23 18:14 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-11-21 10:39 --------- d-----w c:\program files\Fichiers communs\Blizzard Entertainment
2008-11-21 10:11 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-20 14:18 --------- d-----w c:\documents and settings\waelkens\Application Data\Orbit
2008-11-20 08:51 --------- d-----w c:\documents and settings\waelkens\Application Data\Lavasoft
2008-11-14 22:20 --------- d-----w c:\program files\DivX
2008-11-07 21:22 --------- d-----w c:\program files\Mozilla Thunderbird
2008-11-05 18:00 --------- d-----w c:\documents and settings\waelkens\Application Data\uTorrent
2008-11-05 11:23 98,304 ----a-w c:\windows\system32\CmdLineExt.dll
2008-10-29 12:41 --------- d-----w c:\program files\RomStation
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 13:16 --------- d-----w c:\program files\Morgan
2008-10-18 12:22 209,636 ----a-w c:\windows\IPUI_DivXG400.exe
2008-10-18 12:20 --------- d-----w c:\program files\Rippackv3
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 12:51 --------- d-----w c:\documents and settings\waelkens\Application Data\FileZilla
2008-10-16 10:52 --------- d-----w c:\documents and settings\waelkens\Application Data\Apple Computer
2008-10-15 17:08 --------- d-----w c:\program files\DaemonTools_WhenUSave_Installer
2008-10-15 17:07 --------- d-----w c:\program files\Kodak
2008-10-15 16:40 --------- d-----w c:\program files\eRightSoft
2008-10-15 15:49 --------- d-----w c:\program files\BitComet
2008-10-15 09:49 --------- d-----w c:\program files\iTunes
2008-10-15 09:49 --------- d-----w c:\program files\iPod
2008-10-15 09:49 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-15 09:48 --------- d-----w c:\program files\Bonjour
2008-10-15 09:47 --------- d-----w c:\program files\QuickTime
2008-10-15 09:46 --------- d-----w c:\program files\Fichiers communs\Apple
2008-10-15 09:44 --------- d-----w c:\program files\Apple Software Update
2008-10-02 14:49 --------- d-----w c:\program files\Warcraft III
2008-10-01 11:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-30 14:30 98,304 ----a-w c:\windows\DUMPc8fd.tmp
2008-09-30 14:28 98,304 ----a-w c:\windows\DUMP3718.tmp
2008-09-28 06:41 --------- d-----w c:\program files\Combined Community Codec Pack
2008-09-19 21:55 200,704 -c--a-w c:\windows\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 -c--a-w c:\windows\system32\libdivx.dll
2008-09-15 15:39 1,846,144 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:45 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-29 19:06 1,350,664 ----a-w c:\windows\system32\msxml6.dll
2008-08-29 08:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-06-09 08:26 85,944 -c--a-w c:\documents and settings\waelkens\Application Data\GDIPFONTCACHEV1.DAT
2007-11-18 14:15 47,360 -c--a-w c:\documents and settings\waelkens\Application Data\pcouffin.sys
2007-05-21 11:11 47 -c--a-w c:\documents and settings\waelkens\fixsize.cmd
2007-04-04 20:30 95,232 -c--a-w c:\documents and settings\waelkens\filechop.exe
2007-03-08 23:10 18,690 -c--a-w c:\documents and settings\waelkens\make-multi.exe
2007-02-25 12:00 1 -c--a-w c:\documents and settings\waelkens\SI.bin
2006-07-28 08:30 88,102 -c--a-w c:\program files\Aug2006_xinput_x64.cab
2006-07-28 08:30 47,018 -c--a-w c:\program files\Aug2006_xinput_x86.cab
2006-07-28 08:30 41,995 -c--a-w c:\program files\dxdllreg_x86.cab
2006-07-28 08:30 183,863 -c--a-w c:\program files\Aug2006_XACT_x64.cab
2006-07-28 08:30 138,195 -c--a-w c:\program files\Aug2006_XACT_x86.cab
2006-07-28 07:32 82,338 -c--a-w c:\program files\dxupdate.cab
2006-07-28 07:32 2,248,984 -c--a-w c:\program files\dsetup32.dll
2006-07-28 07:31 484,632 -c--a-w c:\program files\DXSETUP.exe
2006-07-28 07:30 74,520 -c--a-w c:\program files\DSETUP.dll
2006-06-05 23:07 31 -c----w c:\documents and settings\waelkens\getfile.dat
2006-05-31 05:39 181,745 -c----w c:\program files\JUN2006_XACT_x64.cab
2006-05-31 05:39 134,631 -c----w c:\program files\JUN2006_XACT_x86.cab
2006-03-31 11:56 917,318 -c----w c:\program files\Apr2006_MDX1_x86.cab
2006-03-31 11:56 87,989 -c----w c:\program files\Apr2006_xinput_x64.cab
2006-03-31 11:56 46,898 -c----w c:\program files\Apr2006_xinput_x86.cab
2006-03-31 11:56 4,163,518 -c----w c:\program files\Apr2006_MDX1_x86_Archive.cab
2006-03-31 11:56 180,021 -c----w c:\program files\Apr2006_XACT_x64.cab
2006-03-31 11:56 133,991 -c----w c:\program files\Apr2006_XACT_x86.cab
2006-03-31 11:56 1,398,718 -c----w c:\program files\Apr2006_d3dx9_30_x64.cab
2006-03-31 11:56 1,116,109 -c----w c:\program files\Apr2006_d3dx9_30_x86.cab
2006-02-16 13:05 278,528 -c--a-w c:\program files\Fichiers communs\FDEUnInstaller.exe
2006-02-03 08:00 179,247 -c----w c:\program files\Feb2006_XACT_x64.cab
2006-02-03 08:00 133,297 -c----w c:\program files\Feb2006_XACT_x86.cab
2006-02-03 08:00 1,363,684 -c----w c:\program files\Feb2006_d3dx9_29_x64.cab
2006-02-03 08:00 1,085,608 -c----w c:\program files\Feb2006_d3dx9_29_x86.cab
2005-12-05 17:31 86,925 -c----w c:\program files\Oct2005_xinput_x64.cab
2005-12-05 17:31 46,247 -c----w c:\program files\Oct2005_xinput_x86.cab
2005-12-05 17:31 1,358,864 -c----w c:\program files\Dec2005_d3dx9_28_x64.cab
2005-12-05 17:31 1,080,344 -c----w c:\program files\Dec2005_d3dx9_28_x86.cab
2005-10-26 11:48 40,448 -c--a-w c:\documents and settings\waelkens\trial_setup.exe
2005-07-22 18:14 1,351,430 -c----w c:\program files\Aug2005_d3dx9_27_x64.cab
2005-07-22 18:14 1,078,532 -c----w c:\program files\Aug2005_d3dx9_27_x86.cab
2005-05-26 13:49 1,336,890 -c----w c:\program files\Jun2005_d3dx9_26_x64.cab
2005-05-26 13:49 1,065,813 -c----w c:\program files\Jun2005_d3dx9_26_x86.cab
2005-03-18 16:40 1,348,242 -c----w c:\program files\Apr2005_d3dx9_25_x64.cab
2005-03-18 16:40 1,079,850 -c----w c:\program files\Apr2005_d3dx9_25_x86.cab
2005-02-05 19:03 1,248,387 -c----w c:\program files\Feb2005_d3dx9_24_x64.cab
2005-02-05 19:03 1,014,113 -c----w c:\program files\Feb2005_d3dx9_24_x86.cab
2004-09-27 10:29 976,020 -c----w c:\program files\BDAXP.cab
2005-01-25 16:24 8 -csh--r c:\windows\system32\F2A38CDCBF.sys
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2005-01-25 16:24 5,744 -csha-w c:\windows\system32\KGyGaAvL.sys
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 12:30 216,064 --sh--r c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((( snapshot@2008-11-23_12.33.44,79 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2008-07-19 14:43:08 1,163,960 ----a-w c:\windows\system32\aswBoot.exe
+ 2008-11-18 17:41:38 1,233,112 ----a-w c:\windows\system32\aswBoot.exe
- 2008-07-19 14:30:53 94,392 ----a-w c:\windows\system32\AVASTSS.scr
+ 2008-11-18 17:35:22 97,480 ----a-w c:\windows\system32\AvastSS.scr
- 2008-07-19 14:32:15 26,944 ----a-w c:\windows\system32\drivers\aavmker4.sys
+ 2008-11-18 18:00:11 26,944 ----a-w c:\windows\system32\drivers\aavmker4.sys
- 2008-07-19 14:37:42 20,560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
+ 2008-11-18 18:02:43 20,560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
- 2008-01-17 16:34:01 93,264 ----a-w c:\windows\system32\drivers\aswmon.sys
+ 2008-11-18 18:04:36 93,296 ----a-w c:\windows\system32\drivers\aswmon.sys
- 2008-07-19 14:37:21 94,416 ----a-w c:\windows\system32\drivers\aswmon2.sys
+ 2008-11-18 18:04:21 94,032 ----a-w c:\windows\system32\drivers\aswmon2.sys
- 2008-07-19 14:33:42 23,152 ----a-w c:\windows\system32\drivers\aswRdr.sys
+ 2008-11-18 18:01:09 23,152 ----a-w c:\windows\system32\drivers\aswRdr.sys
- 2008-07-19 14:35:18 78,416 ----a-w c:\windows\system32\drivers\aswSP.sys
+ 2008-11-18 18:03:33 110,160 ----a-w c:\windows\system32\drivers\aswSP.sys
- 2008-07-19 14:32:36 42,912 ----a-w c:\windows\system32\drivers\aswTdi.sys
+ 2008-11-18 18:01:23 50,864 ----a-w c:\windows\system32\drivers\aswTdi.sys
+ 2008-11-27 10:18:22 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_670.dat
+ 2008-11-27 10:19:47 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_e50.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-12-09 1937408]
"SteamKeyFr"="c:\program files\SteamKeyFr\SteamKeyFr.exe" [2004-01-28 212992]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-01-12 25367592]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 68856]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 401491]
"TrueDownloaderAutoStart"="c:\program files\TrueDownloader\TrueDownloader.exe" [2005-02-20 520258]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"LightScribe Control Panel"="c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"Steam"="d:\program files\Valve\Steam\Steam.exe" [2008-10-15 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AOLDialer"="c:\program files\Fichiers communs\AOL\ACS\AOLDial.exe" [2004-04-08 496752]
"PCMService"="c:\program files\Home Cinema\PowerCinema\PCMService.exe" [2005-02-04 118926]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"Adobe Photo Downloader"="f:\soirée pétanque\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 132624]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-18 81000]
"Dit"="Dit.exe" [2004-07-20 c:\windows\Dit.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-07-16 626176]
Logiciel Kodak EasyShare.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 282624]
SpySubtract.lnk - c:\program files\interMute\SpySubtract\SpySub.exe [2007-03-18 1187840]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{FA010552-4A27-4cb1-A1BB-3E2D697F1639}"= "c:\program files\interMute\SpySubtract\sshook.dll" [2007-03-18 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"msacm.l3acm"= c:\windows\system32\l3codecp.acm
"MSACM.CEGSM"= mobilev.acm
"VIDC.FFDS"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Documents and Settings\\waelkens\\Bureau\\yannicl\\programme C C++\\eMule0.49b\\emule.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\adslTV\\adsltv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Warcraft
"4670:TCP"= 4670:TCP:emule port
"4671:UDP"= 4671:UDP:emule portudp
"3724:TCP"= 3724:TCP:BLIZZARD


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ac68d9a-f886-11da-a67e-001109df929d}]
\Shell\AutoRun\command - L:\PreyStub.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bd32168-dd23-11db-a8d2-001109df929d}]
\Shell\AutoRun\command - K:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{925fa382-1aac-11db-a6cd-001109df929d}]
\Shell\AutoRun\command - M:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca5651a3-8e67-11da-a58f-001109df929d}]
\Shell\AutoRun\command - livebox.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2008-11-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-21 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2006-10-06 06:27]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-27 11:49:18
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\rsaenh.dll

- - - - - - - > 'lsass.exe'(784)
c:\windows\system32\msprivs.dll
c:\windows\system32\rsaenh.dll
.
Heure de fin: 2008-11-27 11:51:17
ComboFix-quarantined-files.txt 2008-11-27 10:50:48
ComboFix2.txt 2008-11-26 15:36:12
ComboFix3.txt 2008-11-23 11:35:08

Avant-CF: 7 676 477 440 octets libres
Après-CF: 7,653,351,424 octets libres

294 --- E O F --- 2008-11-14 21:24:20


-----------------------------------------------------------------------------------------------------------------------------


Et celui de HijackThis : Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:57:03, on 27/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SteamKeyFr\SteamKeyFr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Soirée pétanque\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SteamKeyFr] "C:\Program Files\SteamKeyFr\SteamKeyFr.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [TrueDownloaderAutoStart] C:\Program Files\TrueDownloader\TrueDownloader.exe /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Steam] "D:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &Download with TrueDownloader! - C:\Program Files\TrueDownloader\TrueDownloader.htm
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mut: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .xmz: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.aldi.com/
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106243543703
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - http://phpadsnew.merco6.com/libraries/SOPCORE.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/it/Woo2/fr/chat/nPaxChat.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 59
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
27 nov. 2008 à 12:44
Bonjour,

relance Toolbar S&D avec l'option 1 et regarde si, dans le rapport, tu as encore ces lignes :


--------------------\\ ROOTKIT !!

Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv]


Ne poste pas le rapport.

Donne moi simplement l'information oui ou non.
0
Réponse 26 / 59
CaptainZack
27 nov. 2008 à 13:01
Re,

Oui, ces deux lignes apparaissent encore sur le rapport.
0
Réponse 27 / 59
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
27 nov. 2008 à 13:07
Re,

1) Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

2) Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton Bureau à partir de ce lien :

https://download.cnet.com/Malwarebytes/3000-8022_4-10804572.html

3) A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.

4) Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.

5) Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.

6) MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue. La fenêtre principale de MBAM s'affiche :

7) Dans l'onglet analyse, vérifie que "Exécuter un examen rapide" est coché et clique sur le bouton Rechercher pour démarrer l'analyse.

8) MBAM analyse ton ordinateur. L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.

9) A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.

10) Si des malwares ont été détectés, leur liste s'affiche.
En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

11) MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Ferme le Bloc-notes. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)

12) Ferme MBAM en cliquant sur Quitter.

13) Poste le rapport dans ta réponse
0
Réponse 28 / 59
CaptainZack
27 nov. 2008 à 13:37
Re,

Le scan c'est passer sans probléme voici le rapport :

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1428
Windows 5.1.2600 Service Pack 2

27/11/2008 13:33:47
mbam-log-2008-11-27 (13-33-47).txt

Type de recherche: Examen rapide
Eléments examinés: 55862
Temps écoulé: 4 minute(s), 28 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 11

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\Administrateur\results.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Cookies\MM2048.DAT (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\NetworkService\Cookies\MM256.DAT (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\NetworkService\Cookies\bumo.reg (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\NetworkService\Cookies\jababug.inf (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\NetworkService\Cookies\uwux.exe (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\NetworkService\Cookies\jiceji._sy (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\NetworkService\Cookies\esycire._dl (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\waelkens\results.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\results.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Cookies\syssp.exe (Fake.Dropped.Malware) -> Delete on reboot.






Maintenant je reboot le PC, à tout de suite.
0
Réponse 29 / 59
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
27 nov. 2008 à 15:57
Re,

Télécharge OAD http://sosvirus.changelog.fr/OAD.exe
- Enregistre le sur ton Bureau

Double clique sur le OAD pour le lancer

- nom de fichier à rechercher tape ou fais un copier coller de : 
TDSSserv

- Type de recherche : sélectionne l'option 6 puis valide [entree]

OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ai terminé.
Le rapport de recherche s'affichera automatiquement à dès qu'il en aura terminé.

- Fais un copier / coller de ce rapport dans ton prochain post.

Note importante : Suivant la taille des disques dur cette recherche peut prendre plusieurs minutes. Sois patient(e)
0
Réponse 30 / 59
CaptainZack
27 nov. 2008 à 18:11
Re,


27/11/2008 ---- 16:42:14,12

----------------------------------
§§§§§§ [TDSSserv] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete


********************
[Registre]
********************


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\TDSSserv.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\TDSSserv.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV\0000]
"Service"="TDSSserv"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV\0000]
"DeviceDesc"="TDSSserv"

*******************
[Fichier]
*******************



*********************
[Même date]
*********************

Aucun fichier créé à la même date détecté


Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------
0
Réponse 31 / 59
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
27 nov. 2008 à 18:27
Re,

Copie ou imprime les instructions avant

Déconnecte toi d'internet et ferme toutes tes applications.

Désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes : 



Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Mi­nimal\TDSSserv.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Ne­twork\TDSSserv.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TD­SSSERV]



Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe

Clique sur le fichier CFscript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscrïpt vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Réactive ton parefeu, ton antivirus, la garde de ton antispyware

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation.
0
Réponse 32 / 59
CaptainZack
28 nov. 2008 à 13:44
Bonjour,

Rapport ComboFix :

ComboFix 08-11-22.02 - waelkens 2008-11-28 13:22:01.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.562 [GMT 1:00]
Lancé depuis: d:\iso\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\waelkens\Bureau\CFscript
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-10-28 au 2008-11-28 ))))))))))))))))))))))))))))))))))))
.

2008-11-27 13:27 . 2008-11-27 13:27 <REP> d-------- c:\documents and settings\waelkens\Application Data\Malwarebytes
2008-11-27 13:27 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-27 13:26 . 2008-11-27 13:27 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-27 13:26 . 2008-11-27 13:26 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-27 13:26 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-25 10:43 . 2008-11-25 10:44 <REP> d-------- c:\program files\RogueRemover FREE
2008-11-25 10:40 . 2008-11-25 10:42 <REP> d-------- C:\RogueRemover
2008-11-23 22:41 . 2008-11-27 12:57 <REP> d-------- C:\ToolBar SD
2008-11-23 19:14 . 2008-11-23 19:14 <REP> d-------- c:\documents and settings\waelkens\Application Data\Grisoft
2008-11-23 19:12 . 2008-11-23 19:12 <REP> d-------- c:\documents and settings\All Users\Application Data\Grisoft
2008-11-23 19:12 . 2007-05-30 13:10 10,872 --a------ c:\windows\system32\drivers\AvgAsCln.sys
2008-11-23 14:24 . 2008-11-23 23:06 <REP> d-------- C:\Lop SD
2008-11-22 19:33 . 2008-11-23 11:49 3,820 --a------ c:\windows\system32\tmp.reg
2008-11-22 19:32 . 2008-11-22 19:34 <REP> d-------- c:\documents and settings\waelkens\SmitfraudFix
2008-11-22 19:32 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe
2008-11-22 19:32 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe
2008-11-22 19:32 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe
2008-11-22 19:32 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\o4Patch.exe
2008-11-22 19:32 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe
2008-11-22 19:32 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe
2008-11-22 19:32 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe
2008-11-22 19:32 . 2003-06-05 20:13 53,248 --a------ c:\windows\system32\Process.exe
2008-11-22 19:32 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe
2008-11-22 19:32 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe
2008-11-22 17:11 . 2008-11-22 17:11 <REP> d-------- C:\rsit
2008-11-22 16:56 . 2008-11-22 17:04 <REP> d-------- c:\program files\Navilog1
2008-11-22 03:26 . 2008-11-22 03:26 <REP> d-------- c:\documents and settings\All Users\Application Data\Blizzard
2008-11-21 17:42 . 2008-11-21 17:42 <REP> d-------- C:\Logs
2008-11-20 09:56 . 2008-11-20 09:56 <REP> d-------- c:\program files\Lavasoft
2008-11-20 09:56 . 2008-11-20 09:57 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-16 20:56 . 2008-11-25 21:35 <REP> d-------- c:\program files\adslTV
2008-11-16 20:56 . 2008-11-16 20:56 <REP> d-------- c:\documents and settings\waelkens\Application Data\vlc
2008-11-15 18:27 . 2008-11-15 18:27 <REP> d-------- c:\documents and settings\All Users\Application Data\2DBoy
2008-11-14 22:24 . 2008-11-14 22:24 118 --a------ c:\windows\system32\MRT.INI
2008-11-13 17:46 . 2008-11-13 17:46 <REP> d-------- c:\documents and settings\waelkens\OngameNetwork
2008-11-11 08:36 . 2008-11-11 08:36 <REP> d-------- C:\Medion
2008-11-02 08:25 . 2008-11-02 08:25 2,425 --ah----- C:\mxfilerelatedcache.mxc2
2008-11-02 08:25 . 2008-11-02 08:25 1,520 --a------ C:\yannickk_1.avd

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-28 12:21 46,312 ----a-w c:\documents and settings\waelkens\Application Data\wklnhst.dat
2008-11-28 12:18 --------- d-----w c:\documents and settings\waelkens\Application Data\Skype
2008-11-28 12:17 --------- d-----w c:\program files\Wanadoo
2008-11-27 22:53 17,408 ----a-w c:\windows\system32\drivers\USBCRFT.SYS
2008-11-27 11:08 5,632 -csha-w c:\program files\Thumbs.db
2008-11-23 18:14 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-11-21 10:39 --------- d-----w c:\program files\Fichiers communs\Blizzard Entertainment
2008-11-21 10:11 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-20 14:18 --------- d-----w c:\documents and settings\waelkens\Application Data\Orbit
2008-11-20 08:51 --------- d-----w c:\documents and settings\waelkens\Application Data\Lavasoft
2008-11-14 22:20 --------- d-----w c:\program files\DivX
2008-11-07 21:22 --------- d-----w c:\program files\Mozilla Thunderbird
2008-11-05 18:00 --------- d-----w c:\documents and settings\waelkens\Application Data\uTorrent
2008-11-05 11:23 98,304 ----a-w c:\windows\system32\CmdLineExt.dll
2008-10-29 12:41 --------- d-----w c:\program files\RomStation
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 13:16 --------- d-----w c:\program files\Morgan
2008-10-18 12:22 209,636 ----a-w c:\windows\IPUI_DivXG400.exe
2008-10-18 12:20 --------- d-----w c:\program files\Rippackv3
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 12:51 --------- d-----w c:\documents and settings\waelkens\Application Data\FileZilla
2008-10-16 10:52 --------- d-----w c:\documents and settings\waelkens\Application Data\Apple Computer
2008-10-15 17:08 --------- d-----w c:\program files\DaemonTools_WhenUSave_Installer
2008-10-15 17:07 --------- d-----w c:\program files\Kodak
2008-10-15 16:40 --------- d-----w c:\program files\eRightSoft
2008-10-15 15:49 --------- d-----w c:\program files\BitComet
2008-10-15 09:49 --------- d-----w c:\program files\iTunes
2008-10-15 09:49 --------- d-----w c:\program files\iPod
2008-10-15 09:49 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-15 09:48 --------- d-----w c:\program files\Bonjour
2008-10-15 09:47 --------- d-----w c:\program files\QuickTime
2008-10-15 09:46 --------- d-----w c:\program files\Fichiers communs\Apple
2008-10-15 09:44 --------- d-----w c:\program files\Apple Software Update
2008-10-02 14:49 --------- d-----w c:\program files\Warcraft III
2008-10-01 11:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-30 14:30 98,304 ----a-w c:\windows\DUMPc8fd.tmp
2008-09-30 14:28 98,304 ----a-w c:\windows\DUMP3718.tmp
2008-09-28 06:41 --------- d-----w c:\program files\Combined Community Codec Pack
2008-09-19 21:55 200,704 -c--a-w c:\windows\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 -c--a-w c:\windows\system32\libdivx.dll
2008-09-15 15:39 1,846,144 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:45 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-29 19:06 1,350,664 ----a-w c:\windows\system32\msxml6.dll
2008-08-29 08:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-06-09 08:26 85,944 -c--a-w c:\documents and settings\waelkens\Application Data\GDIPFONTCACHEV1.DAT
2007-11-18 14:15 47,360 -c--a-w c:\documents and settings\waelkens\Application Data\pcouffin.sys
2007-05-21 11:11 47 -c--a-w c:\documents and settings\waelkens\fixsize.cmd
2007-04-04 20:30 95,232 -c--a-w c:\documents and settings\waelkens\filechop.exe
2007-03-08 23:10 18,690 -c--a-w c:\documents and settings\waelkens\make-multi.exe
2007-02-25 12:00 1 -c--a-w c:\documents and settings\waelkens\SI.bin
2006-07-28 08:30 88,102 -c--a-w c:\program files\Aug2006_xinput_x64.cab
2006-07-28 08:30 47,018 -c--a-w c:\program files\Aug2006_xinput_x86.cab
2006-07-28 08:30 41,995 -c--a-w c:\program files\dxdllreg_x86.cab
2006-07-28 08:30 183,863 -c--a-w c:\program files\Aug2006_XACT_x64.cab
2006-07-28 08:30 138,195 -c--a-w c:\program files\Aug2006_XACT_x86.cab
2006-07-28 07:32 82,338 -c--a-w c:\program files\dxupdate.cab
2006-07-28 07:32 2,248,984 -c--a-w c:\program files\dsetup32.dll
2006-07-28 07:31 484,632 -c--a-w c:\program files\DXSETUP.exe
2006-07-28 07:30 74,520 -c--a-w c:\program files\DSETUP.dll
2006-06-05 23:07 31 -c----w c:\documents and settings\waelkens\getfile.dat
2006-05-31 05:39 181,745 -c----w c:\program files\JUN2006_XACT_x64.cab
2006-05-31 05:39 134,631 -c----w c:\program files\JUN2006_XACT_x86.cab
2006-03-31 11:56 917,318 -c----w c:\program files\Apr2006_MDX1_x86.cab
2006-03-31 11:56 87,989 -c----w c:\program files\Apr2006_xinput_x64.cab
2006-03-31 11:56 46,898 -c----w c:\program files\Apr2006_xinput_x86.cab
2006-03-31 11:56 4,163,518 -c----w c:\program files\Apr2006_MDX1_x86_Archive.cab
2006-03-31 11:56 180,021 -c----w c:\program files\Apr2006_XACT_x64.cab
2006-03-31 11:56 133,991 -c----w c:\program files\Apr2006_XACT_x86.cab
2006-03-31 11:56 1,398,718 -c----w c:\program files\Apr2006_d3dx9_30_x64.cab
2006-03-31 11:56 1,116,109 -c----w c:\program files\Apr2006_d3dx9_30_x86.cab
2006-02-16 13:05 278,528 -c--a-w c:\program files\Fichiers communs\FDEUnInstaller.exe
2006-02-03 08:00 179,247 -c----w c:\program files\Feb2006_XACT_x64.cab
2006-02-03 08:00 133,297 -c----w c:\program files\Feb2006_XACT_x86.cab
2006-02-03 08:00 1,363,684 -c----w c:\program files\Feb2006_d3dx9_29_x64.cab
2006-02-03 08:00 1,085,608 -c----w c:\program files\Feb2006_d3dx9_29_x86.cab
2005-12-05 17:31 86,925 -c----w c:\program files\Oct2005_xinput_x64.cab
2005-12-05 17:31 46,247 -c----w c:\program files\Oct2005_xinput_x86.cab
2005-12-05 17:31 1,358,864 -c----w c:\program files\Dec2005_d3dx9_28_x64.cab
2005-12-05 17:31 1,080,344 -c----w c:\program files\Dec2005_d3dx9_28_x86.cab
2005-10-26 11:48 40,448 -c--a-w c:\documents and settings\waelkens\trial_setup.exe
2005-07-22 18:14 1,351,430 -c----w c:\program files\Aug2005_d3dx9_27_x64.cab
2005-07-22 18:14 1,078,532 -c----w c:\program files\Aug2005_d3dx9_27_x86.cab
2005-05-26 13:49 1,336,890 -c----w c:\program files\Jun2005_d3dx9_26_x64.cab
2005-05-26 13:49 1,065,813 -c----w c:\program files\Jun2005_d3dx9_26_x86.cab
2005-03-18 16:40 1,348,242 -c----w c:\program files\Apr2005_d3dx9_25_x64.cab
2005-03-18 16:40 1,079,850 -c----w c:\program files\Apr2005_d3dx9_25_x86.cab
2005-02-05 19:03 1,248,387 -c----w c:\program files\Feb2005_d3dx9_24_x64.cab
2005-02-05 19:03 1,014,113 -c----w c:\program files\Feb2005_d3dx9_24_x86.cab
2004-09-27 10:29 976,020 -c----w c:\program files\BDAXP.cab
2005-01-25 16:24 8 -csh--r c:\windows\system32\F2A38CDCBF.sys
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2005-01-25 16:24 5,744 -csha-w c:\windows\system32\KGyGaAvL.sys
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 12:30 216,064 --sh--r c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((( snapshot@2008-11-23_12.33.44,79 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2008-07-19 14:43:08 1,163,960 ----a-w c:\windows\system32\aswBoot.exe
+ 2008-11-18 17:41:38 1,233,112 ----a-w c:\windows\system32\aswBoot.exe
- 2008-07-19 14:30:53 94,392 ----a-w c:\windows\system32\AVASTSS.scr
+ 2008-11-18 17:35:22 97,480 ----a-w c:\windows\system32\AvastSS.scr
- 2008-07-19 14:32:15 26,944 ----a-w c:\windows\system32\drivers\aavmker4.sys
+ 2008-11-18 18:00:11 26,944 ----a-w c:\windows\system32\drivers\aavmker4.sys
- 2008-07-19 14:37:42 20,560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
+ 2008-11-18 18:02:43 20,560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
- 2008-01-17 16:34:01 93,264 ----a-w c:\windows\system32\drivers\aswmon.sys
+ 2008-11-18 18:04:36 93,296 ----a-w c:\windows\system32\drivers\aswmon.sys
- 2008-07-19 14:37:21 94,416 ----a-w c:\windows\system32\drivers\aswmon2.sys
+ 2008-11-18 18:04:21 94,032 ----a-w c:\windows\system32\drivers\aswmon2.sys
- 2008-07-19 14:33:42 23,152 ----a-w c:\windows\system32\drivers\aswRdr.sys
+ 2008-11-18 18:01:09 23,152 ----a-w c:\windows\system32\drivers\aswRdr.sys
- 2008-07-19 14:35:18 78,416 ----a-w c:\windows\system32\drivers\aswSP.sys
+ 2008-11-18 18:03:33 110,160 ----a-w c:\windows\system32\drivers\aswSP.sys
- 2008-07-19 14:32:36 42,912 ----a-w c:\windows\system32\drivers\aswTdi.sys
+ 2008-11-18 18:01:23 50,864 ----a-w c:\windows\system32\drivers\aswTdi.sys
+ 2008-11-27 12:38:17 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_704.dat
+ 2008-11-27 12:39:40 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_f20.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-12-09 1937408]
"SteamKeyFr"="c:\program files\SteamKeyFr\SteamKeyFr.exe" [2004-01-28 212992]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-01-12 25367592]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 68856]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 401491]
"TrueDownloaderAutoStart"="c:\program files\TrueDownloader\TrueDownloader.exe" [2005-02-20 520258]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"LightScribe Control Panel"="c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"Steam"="d:\program files\Valve\Steam\Steam.exe" [2008-10-15 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AOLDialer"="c:\program files\Fichiers communs\AOL\ACS\AOLDial.exe" [2004-04-08 496752]
"PCMService"="c:\program files\Home Cinema\PowerCinema\PCMService.exe" [2005-02-04 118926]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"Adobe Photo Downloader"="f:\soirée pétanque\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 132624]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-18 81000]
"Dit"="Dit.exe" [2004-07-20 c:\windows\Dit.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-07-16 626176]
Logiciel Kodak EasyShare.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 282624]
SpySubtract.lnk - c:\program files\interMute\SpySubtract\SpySub.exe [2007-03-18 1187840]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{FA010552-4A27-4cb1-A1BB-3E2D697F1639}"= "c:\program files\interMute\SpySubtract\sshook.dll" [2007-03-18 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"msacm.l3acm"= c:\windows\system32\l3codecp.acm
"MSACM.CEGSM"= mobilev.acm
"VIDC.FFDS"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Documents and Settings\\waelkens\\Bureau\\yannicl\\programme C C++\\eMule0.49b\\emule.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\adslTV\\adsltv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Warcraft
"4670:TCP"= 4670:TCP:emule port
"4671:UDP"= 4671:UDP:emule portudp
"3724:TCP"= 3724:TCP:BLIZZARD

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-26 110160]
R1 cpuidlep;CpuIdle Pro System Driver;c:\windows\system32\drivers\cpuidlep.sys [2008-05-01 4484]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 UxTuneUp;Extension de conception TuneUp;c:\windows\System32\svchost.exe -k netsvcs [2005-01-20 14336]
R3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2005-02-05 802048]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2005-01-20 1272000]
R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [2005-01-20 19928]
S2 FILESpy;FILESpy;\??\c:\program files\Softwin\BitDefender9\filespy.sys []
S3 AIDA32Driver;AIDA32Driver;\??\c:\program files\AIDA32 - Personal System Information\aida32.sys [2004-02-23 3584]
S3 CardReaderFilter;Card Reader Filter;\??\c:\windows\system32\Drivers\USBCRFT.SYS [2005-01-20 17408]
S3 M1000Srv;M5603C USB2.0 Camera Driver;c:\windows\system32\Drivers\M1000KNT.sys [2007-01-10 274567]
S3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [2004-01-23 13952]
S3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [2004-01-23 28800]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ac68d9a-f886-11da-a67e-001109df929d}]
\Shell\AutoRun\command - L:\PreyStub.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bd32168-dd23-11db-a8d2-001109df929d}]
\Shell\AutoRun\command - K:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{925fa382-1aac-11db-a6cd-001109df929d}]
\Shell\AutoRun\command - M:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca5651a3-8e67-11da-a58f-001109df929d}]
\Shell\AutoRun\command - livebox.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2008-11-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-21 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2006-10-06 06:27]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 13:28:28
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\rsaenh.dll

- - - - - - - > 'lsass.exe'(812)
c:\windows\system32\msprivs.dll
c:\windows\system32\rsaenh.dll
.
Heure de fin: 2008-11-28 13:30:07
ComboFix-quarantined-files.txt 2008-11-28 12:29:33
ComboFix2.txt 2008-11-27 10:51:19
ComboFix3.txt 2008-11-26 15:36:12
ComboFix4.txt 2008-11-23 11:35:08

Avant-CF: 6 770 520 064 octets libres
Après-CF: 6,771,019,776 octets libres

307 --- E O F --- 2008-11-28 12:22:07




et l'autre rapport de HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:42:13, on 28/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Soirée pétanque\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SteamKeyFr] "C:\Program Files\SteamKeyFr\SteamKeyFr.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [TrueDownloaderAutoStart] C:\Program Files\TrueDownloader\TrueDownloader.exe /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Steam] "D:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &Download with TrueDownloader! - C:\Program Files\TrueDownloader\TrueDownloader.htm
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mut: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .xmz: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.aldi.com/
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106243543703
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - http://phpadsnew.merco6.com/libraries/SOPCORE.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/it/Woo2/fr/chat/nPaxChat.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0
Réponse 33 / 59
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
28 nov. 2008 à 20:07
Re,

Démarrer, exécuter, tu tapes
 combofix /u
dans la fenêtre et OK.

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le Bureau. et pas ailleurs

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes : 


Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Mi­nimal\TDSSserv.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Ne­twork\TDSSserv.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TD­SSSERV]


Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe

Clique sur le fichier CFscript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscrïpt vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.


Réactive ton parefeu, ton antivirus, la garde de ton antispyware

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation.

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
Réponse 34 / 59
CaptainZack
30 nov. 2008 à 21:55
Bonjour,

désolée pour le temps de réponse, Voici le scan de HijackThis :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:50:41, on 30/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SteamKeyFr\SteamKeyFr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Soirée pétanque\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SteamKeyFr] "C:\Program Files\SteamKeyFr\SteamKeyFr.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [TrueDownloaderAutoStart] C:\Program Files\TrueDownloader\TrueDownloader.exe /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Steam] "D:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &Download with TrueDownloader! - C:\Program Files\TrueDownloader\TrueDownloader.htm
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .mut: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O12 - Plugin for .xmz: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.aldi.com/
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106243543703
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - http://phpadsnew.merco6.com/libraries/SOPCORE.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/it/Woo2/fr/chat/nPaxChat.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0
Réponse 35 / 59
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
30 nov. 2008 à 23:26
Re,

Double clique sur OAD (sur ton Bureau) pour le lancer

- nom de fichier à rechercher tape ou fais un copier coller de :

TDSSserv


- Type de recherche : sélectionne l'option 6 puis valide [entree]

OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ai terminé.
Le rapport de recherche s'affichera automatiquement à dès qu'il en aura terminé.

- Fais un copier / coller de ce rapport dans ton prochain post.
0
Réponse 36 / 59
CaptainZack
1 déc. 2008 à 17:32
Bonjour,

01/12/2008 ---- 17:28:10,50

----------------------------------
§§§§§§ [TDSSserv] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete


********************
[Registre]
********************


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\TDSSserv.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\TDSSserv.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV\0000]
"Service"="TDSSserv"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV\0000]
"DeviceDesc"="TDSSserv"

*******************
[Fichier]
*******************



*********************
[Même date]
*********************

Aucun fichier créé à la même date détecté


Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------





Encore merci pour ton aide et ta patience .
0
Réponse 37 / 59
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
1 déc. 2008 à 23:16
Re,

fais ceci :

Démarrer, Exécuter, cope 

combofix /u


dans le cadre puis clique sur OK.

Ensuite :

supprime (si il existe Combofix.exe sur ton Bureau ainsi que le répertoire Qoobox à la racine du disque, en général C:\Qoobox).

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le Bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

en particulier installe la Console de récupération.

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
Réponse 38 / 59
CaptainZack
2 déc. 2008 à 14:57
Re ,

VOici le rapport :




ComboFix 08-12-01.01 - waelkens 2008-12-02 14:09:42.6 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.575 [GMT 1:00]
Lancé depuis: c:\documents and settings\waelkens\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-11-02 au 2008-12-02 ))))))))))))))))))))))))))))))))))))
.

2008-11-28 16:40 . 2008-11-28 16:50 139,264 --a------ c:\windows\War3Unin.exe
2008-11-28 16:40 . 2008-11-28 17:02 81,377 --a------ c:\windows\War3Unin.dat
2008-11-28 16:40 . 2008-11-28 16:50 2,829 --a------ c:\windows\War3Unin.pif
2008-11-27 13:27 . 2008-11-27 13:27 <REP> d-------- c:\documents and settings\waelkens\Application Data\Malwarebytes
2008-11-27 13:27 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-27 13:26 . 2008-11-27 13:27 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-27 13:26 . 2008-11-27 13:26 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-27 13:26 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-25 10:43 . 2008-11-25 10:44 <REP> d-------- c:\program files\RogueRemover FREE
2008-11-25 10:40 . 2008-11-25 10:42 <REP> d-------- C:\RogueRemover
2008-11-23 22:41 . 2008-11-27 12:57 <REP> d-------- C:\ToolBar SD
2008-11-23 19:14 . 2008-11-23 19:14 <REP> d-------- c:\documents and settings\waelkens\Application Data\Grisoft
2008-11-23 19:12 . 2008-11-23 19:12 <REP> d-------- c:\documents and settings\All Users\Application Data\Grisoft
2008-11-23 19:12 . 2007-05-30 13:10 10,872 --a------ c:\windows\system32\drivers\AvgAsCln.sys
2008-11-23 14:24 . 2008-11-23 23:06 <REP> d-------- C:\Lop SD
2008-11-22 19:33 . 2008-11-23 11:49 3,820 --a------ c:\windows\system32\tmp.reg
2008-11-22 19:32 . 2008-11-22 19:34 <REP> d-------- c:\documents and settings\waelkens\SmitfraudFix
2008-11-22 19:32 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe
2008-11-22 19:32 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe
2008-11-22 19:32 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe
2008-11-22 19:32 . 2003-06-05 20:13 53,248 --a------ c:\windows\system32\Process.exe
2008-11-22 19:32 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe
2008-11-22 19:32 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe
2008-11-22 17:11 . 2008-11-22 17:11 <REP> d-------- C:\rsit
2008-11-22 16:56 . 2008-11-22 17:04 <REP> d-------- c:\program files\Navilog1
2008-11-22 03:26 . 2008-11-22 03:26 <REP> d-------- c:\documents and settings\All Users\Application Data\Blizzard
2008-11-21 17:42 . 2008-11-21 17:42 <REP> d-------- C:\Logs
2008-11-20 09:56 . 2008-11-20 09:56 <REP> d-------- c:\program files\Lavasoft
2008-11-20 09:56 . 2008-11-20 09:57 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-16 20:56 . 2008-11-25 21:35 <REP> d-------- c:\program files\adslTV
2008-11-16 20:56 . 2008-11-16 20:56 <REP> d-------- c:\documents and settings\waelkens\Application Data\vlc
2008-11-15 18:27 . 2008-11-15 18:27 <REP> d-------- c:\documents and settings\All Users\Application Data\2DBoy
2008-11-14 22:24 . 2008-11-14 22:24 118 --a------ c:\windows\system32\MRT.INI
2008-11-13 17:46 . 2008-11-13 17:46 <REP> d-------- c:\documents and settings\waelkens\OngameNetwork
2008-11-11 08:36 . 2008-11-11 08:36 <REP> d-------- C:\Medion
2008-11-02 08:25 . 2008-11-02 08:25 2,425 --ah----- C:\mxfilerelatedcache.mxc2
2008-11-02 08:25 . 2008-11-02 08:25 1,520 --a------ C:\yannickk_1.avd

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-02 13:08 --------- d-----w c:\documents and settings\waelkens\Application Data\Skype
2008-12-02 13:07 --------- d-----w c:\program files\Wanadoo
2008-12-02 13:06 5,632 -csha-w c:\program files\Thumbs.db
2008-12-02 09:49 17,408 ----a-w c:\windows\system32\drivers\USBCRFT.SYS
2008-11-29 13:22 --------- d-----w c:\program files\Mozilla Thunderbird
2008-11-29 06:54 46,012 ----a-w c:\documents and settings\waelkens\Application Data\wklnhst.dat
2008-11-28 15:15 --------- d-----w c:\program files\Warcraft III
2008-11-23 18:14 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-11-21 10:39 --------- d-----w c:\program files\Fichiers communs\Blizzard Entertainment
2008-11-21 10:11 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-20 14:18 --------- d-----w c:\documents and settings\waelkens\Application Data\Orbit
2008-11-20 08:51 --------- d-----w c:\documents and settings\waelkens\Application Data\Lavasoft
2008-11-14 22:20 --------- d-----w c:\program files\DivX
2008-11-05 18:00 --------- d-----w c:\documents and settings\waelkens\Application Data\uTorrent
2008-11-05 11:23 98,304 ----a-w c:\windows\system32\CmdLineExt.dll
2008-10-29 12:41 --------- d-----w c:\program files\RomStation
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 13:16 --------- d-----w c:\program files\Morgan
2008-10-18 12:22 209,636 ----a-w c:\windows\IPUI_DivXG400.exe
2008-10-18 12:20 --------- d-----w c:\program files\Rippackv3
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 12:51 --------- d-----w c:\documents and settings\waelkens\Application Data\FileZilla
2008-10-16 10:52 --------- d-----w c:\documents and settings\waelkens\Application Data\Apple Computer
2008-10-15 17:08 --------- d-----w c:\program files\DaemonTools_WhenUSave_Installer
2008-10-15 17:07 --------- d-----w c:\program files\Kodak
2008-10-15 16:40 --------- d-----w c:\program files\eRightSoft
2008-10-15 15:49 --------- d-----w c:\program files\BitComet
2008-10-15 09:49 --------- d-----w c:\program files\iTunes
2008-10-15 09:49 --------- d-----w c:\program files\iPod
2008-10-15 09:49 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-15 09:48 --------- d-----w c:\program files\Bonjour
2008-10-15 09:47 --------- d-----w c:\program files\QuickTime
2008-10-15 09:46 --------- d-----w c:\program files\Fichiers communs\Apple
2008-10-15 09:44 --------- d-----w c:\program files\Apple Software Update
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-30 14:30 98,304 ----a-w c:\windows\DUMPc8fd.tmp
2008-09-30 14:28 98,304 ----a-w c:\windows\DUMP3718.tmp
2008-09-19 21:55 200,704 -c--a-w c:\windows\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 -c--a-w c:\windows\system32\libdivx.dll
2008-09-15 15:39 1,846,144 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:45 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-06-09 08:26 85,944 -c--a-w c:\documents and settings\waelkens\Application Data\GDIPFONTCACHEV1.DAT
2007-11-18 14:15 47,360 -c--a-w c:\documents and settings\waelkens\Application Data\pcouffin.sys
2007-05-21 11:11 47 -c--a-w c:\documents and settings\waelkens\fixsize.cmd
2007-04-04 20:30 95,232 -c--a-w c:\documents and settings\waelkens\filechop.exe
2007-03-08 23:10 18,690 -c--a-w c:\documents and settings\waelkens\make-multi.exe
2007-02-25 12:00 1 -c--a-w c:\documents and settings\waelkens\SI.bin
2006-07-28 08:30 88,102 -c--a-w c:\program files\Aug2006_xinput_x64.cab
2006-07-28 08:30 47,018 -c--a-w c:\program files\Aug2006_xinput_x86.cab
2006-07-28 08:30 41,995 -c--a-w c:\program files\dxdllreg_x86.cab
2006-07-28 08:30 183,863 -c--a-w c:\program files\Aug2006_XACT_x64.cab
2006-07-28 08:30 138,195 -c--a-w c:\program files\Aug2006_XACT_x86.cab
2006-07-28 07:32 82,338 -c--a-w c:\program files\dxupdate.cab
2006-07-28 07:32 2,248,984 -c--a-w c:\program files\dsetup32.dll
2006-07-28 07:31 484,632 -c--a-w c:\program files\DXSETUP.exe
2006-07-28 07:30 74,520 -c--a-w c:\program files\DSETUP.dll
2006-06-05 23:07 31 -c----w c:\documents and settings\waelkens\getfile.dat
2006-05-31 05:39 181,745 -c----w c:\program files\JUN2006_XACT_x64.cab
2006-05-31 05:39 134,631 -c----w c:\program files\JUN2006_XACT_x86.cab
2006-03-31 11:56 917,318 -c----w c:\program files\Apr2006_MDX1_x86.cab
2006-03-31 11:56 87,989 -c----w c:\program files\Apr2006_xinput_x64.cab
2006-03-31 11:56 46,898 -c----w c:\program files\Apr2006_xinput_x86.cab
2006-03-31 11:56 4,163,518 -c----w c:\program files\Apr2006_MDX1_x86_Archive.cab
2006-03-31 11:56 180,021 -c----w c:\program files\Apr2006_XACT_x64.cab
2006-03-31 11:56 133,991 -c----w c:\program files\Apr2006_XACT_x86.cab
2006-03-31 11:56 1,398,718 -c----w c:\program files\Apr2006_d3dx9_30_x64.cab
2006-03-31 11:56 1,116,109 -c----w c:\program files\Apr2006_d3dx9_30_x86.cab
2006-02-16 13:05 278,528 -c--a-w c:\program files\Fichiers communs\FDEUnInstaller.exe
2006-02-03 08:00 179,247 -c----w c:\program files\Feb2006_XACT_x64.cab
2006-02-03 08:00 133,297 -c----w c:\program files\Feb2006_XACT_x86.cab
2006-02-03 08:00 1,363,684 -c----w c:\program files\Feb2006_d3dx9_29_x64.cab
2006-02-03 08:00 1,085,608 -c----w c:\program files\Feb2006_d3dx9_29_x86.cab
2005-12-05 17:31 86,925 -c----w c:\program files\Oct2005_xinput_x64.cab
2005-12-05 17:31 46,247 -c----w c:\program files\Oct2005_xinput_x86.cab
2005-12-05 17:31 1,358,864 -c----w c:\program files\Dec2005_d3dx9_28_x64.cab
2005-12-05 17:31 1,080,344 -c----w c:\program files\Dec2005_d3dx9_28_x86.cab
2005-10-26 11:48 40,448 -c--a-w c:\documents and settings\waelkens\trial_setup.exe
2005-07-22 18:14 1,351,430 -c----w c:\program files\Aug2005_d3dx9_27_x64.cab
2005-07-22 18:14 1,078,532 -c----w c:\program files\Aug2005_d3dx9_27_x86.cab
2005-05-26 13:49 1,336,890 -c----w c:\program files\Jun2005_d3dx9_26_x64.cab
2005-05-26 13:49 1,065,813 -c----w c:\program files\Jun2005_d3dx9_26_x86.cab
2005-03-18 16:40 1,348,242 -c----w c:\program files\Apr2005_d3dx9_25_x64.cab
2005-03-18 16:40 1,079,850 -c----w c:\program files\Apr2005_d3dx9_25_x86.cab
2005-02-05 19:03 1,248,387 -c----w c:\program files\Feb2005_d3dx9_24_x64.cab
2005-02-05 19:03 1,014,113 -c----w c:\program files\Feb2005_d3dx9_24_x86.cab
2004-09-27 10:29 976,020 -c----w c:\program files\BDAXP.cab
2004-09-27 10:29 703,080 -c----w c:\program files\BDA.cab
2004-09-27 10:29 15,493,481 -c----w c:\program files\DirectX.cab
2004-09-27 10:29 13,265,040 -c----w c:\program files\dxnt.cab
2004-09-27 10:29 1,156,363 -c----w c:\program files\BDANT.cab
1996-12-02 17:44 582,144 -c--a-w c:\program files\Fichiers communs\dao350.dll
2005-01-25 16:24 8 -csh--r c:\windows\system32\F2A38CDCBF.sys
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2005-01-25 16:24 5,744 -csha-w c:\windows\system32\KGyGaAvL.sys
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 12:30 216,064 --sh--r c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-12-09 1937408]
"SteamKeyFr"="c:\program files\SteamKeyFr\SteamKeyFr.exe" [2004-01-28 212992]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-01-12 25367592]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 68856]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 401491]
"TrueDownloaderAutoStart"="c:\program files\TrueDownloader\TrueDownloader.exe" [2005-02-20 520258]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"LightScribe Control Panel"="c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"Steam"="d:\program files\Valve\Steam\Steam.exe" [2008-10-15 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AOLDialer"="c:\program files\Fichiers communs\AOL\ACS\AOLDial.exe" [2004-04-08 496752]
"PCMService"="c:\program files\Home Cinema\PowerCinema\PCMService.exe" [2005-02-04 118926]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"Adobe Photo Downloader"="f:\soirée pétanque\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 132624]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"Dit"="Dit.exe" [2004-07-20 c:\windows\Dit.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-07-16 626176]
Logiciel Kodak EasyShare.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 282624]
SpySubtract.lnk - c:\program files\interMute\SpySubtract\SpySub.exe [2007-03-18 1187840]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{FA010552-4A27-4cb1-A1BB-3E2D697F1639}"= "c:\program files\interMute\SpySubtract\sshook.dll" [2007-03-18 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"msacm.l3acm"= c:\windows\system32\l3codecp.acm
"MSACM.CEGSM"= mobilev.acm
"VIDC.FFDS"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Documents and Settings\\waelkens\\Bureau\\yannicl\\programme C C++\\eMule0.49b\\emule.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\adslTV\\adsltv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Warcraft
"4670:TCP"= 4670:TCP:emule port
"4671:UDP"= 4671:UDP:emule portudp
"3724:TCP"= 3724:TCP:BLIZZARD

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 cpuidlep;CpuIdle Pro System Driver;c:\windows\system32\drivers\cpuidlep.sys [2008-05-01 4484]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2005-02-05 802048]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2005-01-20 1272000]
R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [2005-01-20 19928]
S2 FILESpy;FILESpy;\??\c:\program files\Softwin\BitDefender9\filespy.sys []
S3 AIDA32Driver;AIDA32Driver;\??\c:\program files\AIDA32 - Personal System Information\aida32.sys [2004-02-23 3584]
S3 CardReaderFilter;Card Reader Filter;\??\c:\windows\system32\Drivers\USBCRFT.SYS [2005-01-20 17408]
S3 M1000Srv;M5603C USB2.0 Camera Driver;c:\windows\system32\Drivers\M1000KNT.sys [2007-01-10 274567]
S3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [2004-01-23 13952]
S3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [2004-01-23 28800]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ac68d9a-f886-11da-a67e-001109df929d}]
\Shell\AutoRun\command - L:\PreyStub.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bd32168-dd23-11db-a8d2-001109df929d}]
\Shell\AutoRun\command - K:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{925fa382-1aac-11db-a6cd-001109df929d}]
\Shell\AutoRun\command - M:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca5651a3-8e67-11da-a58f-001109df929d}]
\Shell\AutoRun\command - livebox.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2008-11-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-28 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2006-10-06 06:27]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\waelkens\Application Data\Mozilla\Firefox\Profiles\vrvfhw56.default\
FF -: plugin - c:\documents and settings\waelkens\Application Data\Mozilla\Firefox\Profiles\vrvfhw56.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - c:\program files\ma-config.com\nphardwaredetection.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPMyrMus.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-02 14:13:55
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2008-12-02 14:15:26
ComboFix-quarantined-files.txt 2008-12-02 13:15:01
ComboFix2.txt 2008-11-30 20:47:32

Avant-CF: 8 406 802 432 octets libres
Après-CF: 8,398,376,960 octets libres

284 --- E O F --- 2008-11-28 12:22:07
0
Réponse 39 / 59
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
3 déc. 2008 à 00:57
Re,

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :



folder::
c:\program files\DaemonTools_WhenUSave_Installer

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Mi­nimal\TDSSserv.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Ne­twork\TDSSserv.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TD­SSSERV]



Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe

Clique sur le fichier CFscript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscrïpt vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.


Réactive ton parefeu, ton antivirus, la garde de ton antispyware

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
0
Réponse 40 / 59
CapitainZack
8 déc. 2008 à 23:47
Salut,
deja désolée d'avoir éter si long a répondre mais je n'ai vraiment pas pu avant, J'ai fait ce que tu m'a demander voila le résultat :


omboFix 08-12-01.01 - waelkens 2008-12-08 23:32:30.7 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.580 [GMT 1:00]
Lancé depuis: c:\documents and settings\waelkens\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\waelkens\Bureau\CFscript.txt
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\DaemonTools_WhenUSave_Installer

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-08 au 2008-12-08 ))))))))))))))))))))))))))))))))))))
.

2008-11-28 16:40 . 2008-11-28 16:50 139,264 --a------ c:\windows\War3Unin.exe
2008-11-28 16:40 . 2008-11-28 17:02 81,377 --a------ c:\windows\War3Unin.dat
2008-11-28 16:40 . 2008-11-28 16:50 2,829 --a------ c:\windows\War3Unin.pif
2008-11-27 13:27 . 2008-11-27 13:27 <REP> d-------- c:\documents and settings\waelkens\Application Data\Malwarebytes
2008-11-27 13:27 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-27 13:26 . 2008-11-27 13:27 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-27 13:26 . 2008-11-27 13:26 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-27 13:26 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-25 10:43 . 2008-11-25 10:44 <REP> d-------- c:\program files\RogueRemover FREE
2008-11-25 10:40 . 2008-11-25 10:42 <REP> d-------- C:\RogueRemover
2008-11-23 22:41 . 2008-11-27 12:57 <REP> d-------- C:\ToolBar SD
2008-11-23 19:14 . 2008-11-23 19:14 <REP> d-------- c:\documents and settings\waelkens\Application Data\Grisoft
2008-11-23 19:12 . 2008-11-23 19:12 <REP> d-------- c:\documents and settings\All Users\Application Data\Grisoft
2008-11-23 19:12 . 2007-05-30 13:10 10,872 --a------ c:\windows\system32\drivers\AvgAsCln.sys
2008-11-23 14:24 . 2008-11-23 23:06 <REP> d-------- C:\Lop SD
2008-11-22 19:33 . 2008-11-23 11:49 3,820 --a------ c:\windows\system32\tmp.reg
2008-11-22 19:32 . 2008-11-22 19:34 <REP> d-------- c:\documents and settings\waelkens\SmitfraudFix
2008-11-22 19:32 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe
2008-11-22 19:32 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe
2008-11-22 19:32 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe
2008-11-22 19:32 . 2003-06-05 20:13 53,248 --a------ c:\windows\system32\Process.exe
2008-11-22 19:32 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe
2008-11-22 19:32 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe
2008-11-22 17:11 . 2008-11-22 17:11 <REP> d-------- C:\rsit
2008-11-22 16:56 . 2008-11-22 17:04 <REP> d-------- c:\program files\Navilog1
2008-11-22 03:26 . 2008-11-22 03:26 <REP> d-------- c:\documents and settings\All Users\Application Data\Blizzard
2008-11-21 17:42 . 2008-11-21 17:42 <REP> d-------- C:\Logs
2008-11-20 09:56 . 2008-11-20 09:56 <REP> d-------- c:\program files\Lavasoft
2008-11-20 09:56 . 2008-11-20 09:57 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-16 20:56 . 2008-11-25 21:35 <REP> d-------- c:\program files\adslTV
2008-11-16 20:56 . 2008-11-16 20:56 <REP> d-------- c:\documents and settings\waelkens\Application Data\vlc
2008-11-15 18:27 . 2008-11-15 18:27 <REP> d-------- c:\documents and settings\All Users\Application Data\2DBoy
2008-11-14 22:24 . 2008-11-14 22:24 118 --a------ c:\windows\system32\MRT.INI
2008-11-13 17:46 . 2008-11-13 17:46 <REP> d-------- c:\documents and settings\waelkens\OngameNetwork
2008-11-11 08:36 . 2008-11-11 08:36 <REP> d-------- C:\Medion

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-08 22:30 --------- d-----w c:\program files\Wanadoo
2008-12-08 06:38 --------- d-----w c:\documents and settings\waelkens\Application Data\Skype
2008-12-03 09:41 17,408 ----a-w c:\windows\system32\drivers\USBCRFT.SYS
2008-12-02 17:21 --------- d-----w c:\program files\Mozilla Thunderbird
2008-12-02 17:09 46,012 ----a-w c:\documents and settings\waelkens\Application Data\wklnhst.dat
2008-12-02 13:06 5,632 -csha-w c:\program files\Thumbs.db
2008-11-28 15:15 --------- d-----w c:\program files\Warcraft III
2008-11-23 18:14 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-11-21 10:39 --------- d-----w c:\program files\Fichiers communs\Blizzard Entertainment
2008-11-21 10:11 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-20 14:18 --------- d-----w c:\documents and settings\waelkens\Application Data\Orbit
2008-11-20 08:51 --------- d-----w c:\documents and settings\waelkens\Application Data\Lavasoft
2008-11-14 22:20 --------- d-----w c:\program files\DivX
2008-11-05 18:00 --------- d-----w c:\documents and settings\waelkens\Application Data\uTorrent
2008-11-05 11:23 98,304 ----a-w c:\windows\system32\CmdLineExt.dll
2008-10-29 12:41 --------- d-----w c:\program files\RomStation
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 13:16 --------- d-----w c:\program files\Morgan
2008-10-18 12:22 209,636 ----a-w c:\windows\IPUI_DivXG400.exe
2008-10-18 12:20 --------- d-----w c:\program files\Rippackv3
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 12:51 --------- d-----w c:\documents and settings\waelkens\Application Data\FileZilla
2008-10-16 10:52 --------- d-----w c:\documents and settings\waelkens\Application Data\Apple Computer
2008-10-15 17:07 --------- d-----w c:\program files\Kodak
2008-10-15 16:40 --------- d-----w c:\program files\eRightSoft
2008-10-15 15:49 --------- d-----w c:\program files\BitComet
2008-10-15 09:49 --------- d-----w c:\program files\iTunes
2008-10-15 09:49 --------- d-----w c:\program files\iPod
2008-10-15 09:49 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-15 09:48 --------- d-----w c:\program files\Bonjour
2008-10-15 09:47 --------- d-----w c:\program files\QuickTime
2008-10-15 09:46 --------- d-----w c:\program files\Fichiers communs\Apple
2008-10-15 09:44 --------- d-----w c:\program files\Apple Software Update
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-30 14:30 98,304 ----a-w c:\windows\DUMPc8fd.tmp
2008-09-30 14:28 98,304 ----a-w c:\windows\DUMP3718.tmp
2008-09-19 21:55 200,704 -c--a-w c:\windows\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 -c--a-w c:\windows\system32\libdivx.dll
2008-09-15 15:39 1,846,144 ----a-w c:\windows\system32\win32k.sys
2008-06-09 08:26 85,944 -c--a-w c:\documents and settings\waelkens\Application Data\GDIPFONTCACHEV1.DAT
2007-11-18 14:15 47,360 -c--a-w c:\documents and settings\waelkens\Application Data\pcouffin.sys
2007-05-21 11:11 47 -c--a-w c:\documents and settings\waelkens\fixsize.cmd
2007-04-04 20:30 95,232 -c--a-w c:\documents and settings\waelkens\filechop.exe
2007-03-08 23:10 18,690 -c--a-w c:\documents and settings\waelkens\make-multi.exe
2007-02-25 12:00 1 -c--a-w c:\documents and settings\waelkens\SI.bin
2006-07-28 08:30 88,102 -c--a-w c:\program files\Aug2006_xinput_x64.cab
2006-07-28 08:30 47,018 -c--a-w c:\program files\Aug2006_xinput_x86.cab
2006-07-28 08:30 41,995 -c--a-w c:\program files\dxdllreg_x86.cab
2006-07-28 08:30 183,863 -c--a-w c:\program files\Aug2006_XACT_x64.cab
2006-07-28 08:30 138,195 -c--a-w c:\program files\Aug2006_XACT_x86.cab
2006-07-28 07:32 82,338 -c--a-w c:\program files\dxupdate.cab
2006-07-28 07:32 2,248,984 -c--a-w c:\program files\dsetup32.dll
2006-07-28 07:31 484,632 -c--a-w c:\program files\DXSETUP.exe
2006-07-28 07:30 74,520 -c--a-w c:\program files\DSETUP.dll
2006-06-05 23:07 31 -c----w c:\documents and settings\waelkens\getfile.dat
2006-05-31 05:39 181,745 -c----w c:\program files\JUN2006_XACT_x64.cab
2006-05-31 05:39 134,631 -c----w c:\program files\JUN2006_XACT_x86.cab
2006-03-31 11:56 917,318 -c----w c:\program files\Apr2006_MDX1_x86.cab
2006-03-31 11:56 87,989 -c----w c:\program files\Apr2006_xinput_x64.cab
2006-03-31 11:56 46,898 -c----w c:\program files\Apr2006_xinput_x86.cab
2006-03-31 11:56 4,163,518 -c----w c:\program files\Apr2006_MDX1_x86_Archive.cab
2006-03-31 11:56 180,021 -c----w c:\program files\Apr2006_XACT_x64.cab
2006-03-31 11:56 133,991 -c----w c:\program files\Apr2006_XACT_x86.cab
2006-03-31 11:56 1,398,718 -c----w c:\program files\Apr2006_d3dx9_30_x64.cab
2006-03-31 11:56 1,116,109 -c----w c:\program files\Apr2006_d3dx9_30_x86.cab
2006-02-16 13:05 278,528 -c--a-w c:\program files\Fichiers communs\FDEUnInstaller.exe
2006-02-03 08:00 179,247 -c----w c:\program files\Feb2006_XACT_x64.cab
2006-02-03 08:00 133,297 -c----w c:\program files\Feb2006_XACT_x86.cab
2006-02-03 08:00 1,363,684 -c----w c:\program files\Feb2006_d3dx9_29_x64.cab
2006-02-03 08:00 1,085,608 -c----w c:\program files\Feb2006_d3dx9_29_x86.cab
2005-12-05 17:31 86,925 -c----w c:\program files\Oct2005_xinput_x64.cab
2005-12-05 17:31 46,247 -c----w c:\program files\Oct2005_xinput_x86.cab
2005-12-05 17:31 1,358,864 -c----w c:\program files\Dec2005_d3dx9_28_x64.cab
2005-12-05 17:31 1,080,344 -c----w c:\program files\Dec2005_d3dx9_28_x86.cab
2005-10-26 11:48 40,448 -c--a-w c:\documents and settings\waelkens\trial_setup.exe
2005-07-22 18:14 1,351,430 -c----w c:\program files\Aug2005_d3dx9_27_x64.cab
2005-07-22 18:14 1,078,532 -c----w c:\program files\Aug2005_d3dx9_27_x86.cab
2005-05-26 13:49 1,336,890 -c----w c:\program files\Jun2005_d3dx9_26_x64.cab
2005-05-26 13:49 1,065,813 -c----w c:\program files\Jun2005_d3dx9_26_x86.cab
2005-03-18 16:40 1,348,242 -c----w c:\program files\Apr2005_d3dx9_25_x64.cab
2005-03-18 16:40 1,079,850 -c----w c:\program files\Apr2005_d3dx9_25_x86.cab
2005-02-05 19:03 1,248,387 -c----w c:\program files\Feb2005_d3dx9_24_x64.cab
2005-02-05 19:03 1,014,113 -c----w c:\program files\Feb2005_d3dx9_24_x86.cab
2004-09-27 10:29 976,020 -c----w c:\program files\BDAXP.cab
2004-09-27 10:29 703,080 -c----w c:\program files\BDA.cab
2004-09-27 10:29 15,493,481 -c----w c:\program files\DirectX.cab
2004-09-27 10:29 13,265,040 -c----w c:\program files\dxnt.cab
2004-09-27 10:29 1,156,363 -c----w c:\program files\BDANT.cab
1996-12-02 17:44 582,144 -c--a-w c:\program files\Fichiers communs\dao350.dll
2005-01-25 16:24 8 -csh--r c:\windows\system32\F2A38CDCBF.sys
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2005-01-25 16:24 5,744 -csha-w c:\windows\system32\KGyGaAvL.sys
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 12:30 216,064 --sh--r c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((( snapshot@2008-12-02_14.14.14,00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-08 06:38:30 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_664.dat
+ 2008-12-08 06:39:57 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_f0c.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-12-09 1937408]
"SteamKeyFr"="c:\program files\SteamKeyFr\SteamKeyFr.exe" [2004-01-28 212992]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-01-12 25367592]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 68856]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 401491]
"TrueDownloaderAutoStart"="c:\program files\TrueDownloader\TrueDownloader.exe" [2005-02-20 520258]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"LightScribe Control Panel"="c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"Steam"="d:\program files\Valve\Steam\Steam.exe" [2008-10-15 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AOLDialer"="c:\program files\Fichiers communs\AOL\ACS\AOLDial.exe" [2004-04-08 496752]
"PCMService"="c:\program files\Home Cinema\PowerCinema\PCMService.exe" [2005-02-04 118926]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"Adobe Photo Downloader"="f:\soirée pétanque\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 132624]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"Dit"="Dit.exe" [2004-07-20 c:\windows\Dit.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-07-16 626176]
Logiciel Kodak EasyShare.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 282624]
SpySubtract.lnk - c:\program files\interMute\SpySubtract\SpySub.exe [2007-03-18 1187840]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{FA010552-4A27-4cb1-A1BB-3E2D697F1639}"= "c:\program files\interMute\SpySubtract\sshook.dll" [2007-03-18 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"msacm.l3acm"= c:\windows\system32\l3codecp.acm
"MSACM.CEGSM"= mobilev.acm
"VIDC.FFDS"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Documents and Settings\\waelkens\\Bureau\\yannicl\\programme C C++\\eMule0.49b\\emule.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\adslTV\\adsltv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Warcraft
"4670:TCP"= 4670:TCP:emule port
"4671:UDP"= 4671:UDP:emule portudp
"3724:TCP"= 3724:TCP:BLIZZARD

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 cpuidlep;CpuIdle Pro System Driver;c:\windows\system32\drivers\cpuidlep.sys [2008-05-01 4484]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2005-02-05 802048]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2005-01-20 1272000]
R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [2005-01-20 19928]
S2 FILESpy;FILESpy;\??\c:\program files\Softwin\BitDefender9\filespy.sys []
S3 AIDA32Driver;AIDA32Driver;\??\c:\program files\AIDA32 - Personal System Information\aida32.sys [2004-02-23 3584]
S3 CardReaderFilter;Card Reader Filter;\??\c:\windows\system32\Drivers\USBCRFT.SYS [2005-01-20 17408]
S3 M1000Srv;M5603C USB2.0 Camera Driver;c:\windows\system32\Drivers\M1000KNT.sys [2007-01-10 274567]
S3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [2004-01-23 13952]
S3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [2004-01-23 28800]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ac68d9a-f886-11da-a67e-001109df929d}]
\Shell\AutoRun\command - L:\PreyStub.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bd32168-dd23-11db-a8d2-001109df929d}]
\Shell\AutoRun\command - K:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{925fa382-1aac-11db-a6cd-001109df929d}]
\Shell\AutoRun\command - M:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca5651a3-8e67-11da-a58f-001109df929d}]
\Shell\AutoRun\command - livebox.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2008-11-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-05 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2006-10-06 06:27]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-08 23:37:12
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2008-12-08 23:38:55
ComboFix-quarantined-files.txt 2008-12-08 22:38:21
ComboFix2.txt 2008-12-02 13:15:27
ComboFix3.txt 2008-11-30 20:47:32

Avant-CF: 7 955 668 992 octets libres
Après-CF: 7,969,505,280 octets libres

277 --- E O F --- 2008-11-28 12:22:07
0

Discussions similaires

Hijackthis pour Android mobile
Sartuplady -
le druide -

3 réponses
Analyse en ligne du log Hijackthis
tufs -
tufs -

2 réponses
Analyse des logs hijackthis
philnoug -
nayas13 -

35 réponses
Disparition icone avast pb centre de sécurité
viddaloca -
vieu bison boiteu -

49 réponses
Aide pour terminer le nettoyage trojan et adw
PCbug -
jlpjlp -

18 réponses