Gros blocage : brast.exe

le probleme est que lorsque je double clic sur sd fix rien ne se passe comme si quelquechose bloquait le demarrage de programme

ouh la je suis en mode sans echec mais l'ecran est tout noir avec marquer aux 4 coins mode sans echec

jai peur tout d'un coup...

euh je suis etre vrauiment nul mais je vois pas ya rien l'écran est tout aucun icone nada... comment puis je lancer sdfix en mode sans echec ?

en mode sans echec jarrive a louverture il me demande un mot de passe administrateur chose que jamais je n'ai fais ni renseigné, là je suis un peu bloqué

en fait jai initialise un mot de passe admin donc maintenant c'est ok je suis en mode sans echec je double clic sur SDFix.exe et rien ne se passe, aucun lancement de tache

bon jai fait ce que tu mas mais pour hijackthis (oueden) c'est pareil le programme s'arrete au bout dune seconde impossible de faire un rapport ou quoi que ce soit

idem ne se lance pas...

tous les programmes je les lance soit en mode normal et apres sans echec
pareil pour malware bytes, tout ce que je lance en anti virus s'arrete

probleme aucun point de restauration n'est disponible ...

Rapport Lop S&D :
--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.40GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Mickael ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:17 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
G:\ (USB) - FAT - Total:1950 Mo (Free:1 Go)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 22/11/2008|21:02 )

--------------------\\ Listing des dossiers dans APPLIC~1


[27/09/2008|10:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[22/11/2008|16:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Firefly Studios
[06/04/2008|10:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[06/04/2008|10:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[22/11/2008|17:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[06/04/2008|10:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Memeo
[19/03/2008|12:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[22/11/2008|18:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spyware Terminator
[08/02/2007|22:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TuneUp Software
[24/03/2008|21:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[08/02/2007|21:02] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[08/02/2007|21:02] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[22/11/2008|18:07] C:\DOCUME~1\Mickael\APPLIC~1\Azureus
[07/10/2007|03:52] C:\DOCUME~1\Mickael\APPLIC~1\dvdcss
[06/04/2008|13:36] C:\DOCUME~1\Mickael\APPLIC~1\Google
[08/02/2007|21:39] C:\DOCUME~1\Mickael\APPLIC~1\Identities
[22/11/2008|16:49] C:\DOCUME~1\Mickael\APPLIC~1\InstallShield
[19/03/2008|13:17] C:\DOCUME~1\Mickael\APPLIC~1\Macromedia
[09/02/2007|18:51] C:\DOCUME~1\Mickael\APPLIC~1\Media Player Classic
[07/04/2008|08:04] C:\DOCUME~1\Mickael\APPLIC~1\Microsoft
[22/11/2008|16:50] C:\DOCUME~1\Mickael\APPLIC~1\My Games
[13/10/2007|11:44] C:\DOCUME~1\Mickael\APPLIC~1\Sports Interactive
[22/11/2008|17:23] C:\DOCUME~1\Mickael\APPLIC~1\Spyware Terminator
[27/09/2008|10:24] C:\DOCUME~1\Mickael\APPLIC~1\Sun
[08/02/2007|22:34] C:\DOCUME~1\Mickael\APPLIC~1\TuneUp Software
[22/11/2008|21:00] C:\DOCUME~1\Mickael\APPLIC~1\U3
[09/11/2008|17:55] C:\DOCUME~1\Mickael\APPLIC~1\uTorrent
[09/02/2007|18:42] C:\DOCUME~1\Mickael\APPLIC~1\vlc

[08/02/2007|21:02] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[22/11/2008 18:28][--a------] C:\WINDOWS\tasks\Maintenance en 1 clic.job
[22/11/2008 20:45][--ah-----] C:\WINDOWS\tasks\SA.DAT
[28/08/2001 15:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[08/02/2007|23:34] C:\Program Files\Analog Devices
[19/03/2008|13:04] C:\Program Files\ANI
[21/11/2008|23:59] C:\Program Files\AxBx
[31/03/2008|19:31] C:\Program Files\CCleaner
[08/02/2007|20:59] C:\Program Files\ComPlus Applications
[09/02/2007|18:44] C:\Program Files\DFX
[21/11/2008|20:28] C:\Program Files\directx
[19/03/2008|13:04] C:\Program Files\D-Link
[27/09/2008|10:22] C:\Program Files\Fichiers communs
[20/02/2007|19:00] C:\Program Files\Firaxis Games
[04/05/2008|09:36] C:\Program Files\GameShadow
[06/04/2008|10:50] C:\Program Files\Google
[21/11/2008|20:23] C:\Program Files\InstallShield Installation Information
[09/02/2007|18:19] C:\Program Files\Intel
[08/02/2007|23:13] C:\Program Files\Internet Explorer
[27/09/2008|10:23] C:\Program Files\Java
[06/04/2008|10:48] C:\Program Files\Memeo
[09/02/2007|18:58] C:\Program Files\Microsoft Office
[09/02/2007|18:54] C:\Program Files\Microsoft Visual Studio
[09/02/2007|18:54] C:\Program Files\Microsoft Works
[09/02/2007|18:54] C:\Program Files\Microsoft.NET
[08/02/2007|23:21] C:\Program Files\MSBuild
[08/02/2007|21:00] C:\Program Files\NetMeeting
[19/03/2008|13:14] C:\Program Files\Orange
[08/02/2007|21:07] C:\Program Files\Outlook Express
[06/04/2008|10:51] C:\Program Files\Picasa2
[08/02/2007|23:42] C:\Program Files\PowerQuest
[21/11/2008|20:40] C:\Program Files\Railroad Tycoon 3
[08/02/2007|23:16] C:\Program Files\Reference Assemblies
[19/03/2008|13:07] C:\Program Files\SAGEM
[09/02/2007|18:40] C:\Program Files\Satsuki Decoder Pack
[19/03/2008|13:07] C:\Program Files\Securitoo
[08/02/2007|21:01] C:\Program Files\Services en ligne
[13/10/2007|09:30] C:\Program Files\Sports Interactive
[27/09/2008|10:23] C:\Program Files\Sun
[08/02/2007|22:34] C:\Program Files\TuneUp Utilities 2007
[08/02/2007|21:39] C:\Program Files\Uninstall Information
[09/02/2007|18:42] C:\Program Files\VideoLAN
[06/04/2008|10:49] C:\Program Files\Western Digital
[06/04/2008|10:47] C:\Program Files\Western Digital Technologies
[09/02/2007|18:43] C:\Program Files\Windows Media Player
[08/02/2007|20:59] C:\Program Files\Windows NT
[08/02/2007|21:01] C:\Program Files\WindowsUpdate
[08/02/2007|22:31] C:\Program Files\WinRAR

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[09/02/2007|18:54] C:\Program Files\Fichiers communs\DESIGNER
[06/04/2008|10:48] C:\Program Files\Fichiers communs\eSellerate
[19/03/2008|13:13] C:\Program Files\Fichiers communs\France Telecom
[22/11/2008|16:52] C:\Program Files\Fichiers communs\InstallShield
[27/09/2008|10:22] C:\Program Files\Fichiers communs\Java
[09/02/2007|18:59] C:\Program Files\Fichiers communs\Microsoft Shared
[08/02/2007|21:00] C:\Program Files\Fichiers communs\MSSoap
[08/02/2007|21:52] C:\Program Files\Fichiers communs\ODBC
[08/02/2007|21:00] C:\Program Files\Fichiers communs\Services
[08/02/2007|21:52] C:\Program Files\Fichiers communs\SpeechEngines
[09/02/2007|18:58] C:\Program Files\Fichiers communs\System
[22/11/2008|17:45] C:\Program Files\Fichiers communs\Wise Installation Wizard

--------------------\\ Process

( 34 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\Mickael\LOCALS~1\Temp\nsg2B.tmp
C:\DOCUME~1\Mickael\LOCALS~1\Temp\nsk28.tmp
C:\DOCUME~1\Mickael\LOCALS~1\Temp\nst2F.tmp

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme


--------------------\\ Recherche d'autres infections

--------------------\\ ROOTKIT !!

Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV.SYS]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_TDSSSERV.SYS]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_TDSSSERV.SYS]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV.SYS]



[F:179][D:20]-> C:\DOCUME~1\Mickael\LOCALS~1\Temp
[F:1][D:0]-> C:\DOCUME~1\Mickael\Cookies
[F:6][D:4]-> C:\DOCUME~1\Mickael\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 22/11/2008|21:05 - Option : [1]

--------------------\\ Fin du rapport a 21:05:48

DiagHelp version v1.4 - http://www.malekal.com
excute le 22/11/2008 à 21:10:51,78


Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\NTOSBOOT-B00DFAAD.pf -->22/11/2008 20:47:23
C:\WINDOWS\prefetch\Layout.ini -->17/11/2008 22:37:20
C:\WINDOWS\prefetch\W.EXE-023FC26E.pf -->08/02/2007 21:39:29
C:\WINDOWS\prefetch\REGEDIT.EXE-1B606482.pf -->08/02/2007 21:39:29
C:\WINDOWS\prefetch\IMAPI.EXE-0BF740A4.pf -->08/02/2007 21:39:27
C:\WINDOWS\prefetch\CTFMON.EXE-0E17969B.pf -->08/02/2007 21:39:26
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->08/02/2007 21:39:26
C:\WINDOWS\prefetch\U2.EXE-0C867A1C.pf -->08/02/2007 21:39:25
C:\WINDOWS\prefetch\RUNDLL32.EXE-49F747DB.pf -->08/02/2007 21:39:21
C:\WINDOWS\prefetch\MSIEXEC.EXE-2F8A8CAE.pf -->08/02/2007 21:39:19

C:\WINDOWS\System32\drivers\sp_rsdrv2.sys -->21/11/2008 23:18:11
C:\WINDOWS\System32\drivers\beep.sys -->21/11/2008 23:08:02
C:\WINDOWS\System32\drivers\ethgfiax.sys -->21/11/2008 22:52:34
C:\WINDOWS\System32\drivers\PxHelp20.sys -->08/03/2007 00:51:00
C:\WINDOWS\System32\drivers\cdralw2k.sys -->08/03/2007 00:51:00
C:\WINDOWS\System32\drivers\cdr4_xp.sys -->08/03/2007 00:51:00
C:\WINDOWS\System32\drivers\secdrv.sys -->20/02/2007 19:04:33

C:\WINDOWS\System32\ANIWZCSUSERNAME -->22/11/2008 20:46:02
C:\WINDOWS\System32\karna.dat -->22/11/2008 20:45:31
C:\WINDOWS\System32\brastk.exe -->22/11/2008 20:37:02
C:\WINDOWS\System32\ANIWZCS{DDE45F2B-E548-4EEF-9789-40EE50C96248} -->22/11/2008 19:44:31
C:\WINDOWS\System32\ANIWZCSUSERNAME{DDE45F2B-E548-4EEF-9789-40EE50C96248} -->22/11/2008 19:44:26
C:\WINDOWS\System32\wini108023.exe -->22/11/2008 17:05:58
C:\WINDOWS\System32\ANIWZCS{B1BBBAE7-AF69-4B52-9E8A-6BC1A4ADFE0B} -->22/11/2008 00:08:50
C:\WINDOWS\System32\ANIWZCSUSERNAME{B1BBBAE7-AF69-4B52-9E8A-6BC1A4ADFE0B} -->22/11/2008 00:08:42
C:\WINDOWS\System32\35d0bab9ac339768d2c82dbf67a7c475.exe -->21/11/2008 22:59:51
C:\WINDOWS\System32\jsne87fidgf.dll -->21/11/2008 22:52:34
C:\WINDOWS\System32\winwim32.dll -->21/11/2008 22:51:07
C:\WINDOWS\System32\wpa.dbl -->21/11/2008 12:22:41
C:\WINDOWS\System32\PerfStringBackup.INI -->01/11/2008 09:39:56
C:\WINDOWS\System32\perfh00C.dat -->01/11/2008 09:39:56
C:\WINDOWS\System32\perfh009.dat -->01/11/2008 09:39:56
C:\WINDOWS\System32\perfc00C.dat -->01/11/2008 09:39:56
C:\WINDOWS\System32\perfc009.dat -->01/11/2008 09:39:56
C:\WINDOWS\System32\CmdLineExt.dll -->10/10/2008 11:31:24
C:\WINDOWS\System32\jupdate-1.6.0_07-b06.log -->27/09/2008 10:23:43
C:\WINDOWS\System32\javaws.exe -->10/06/2008 01:32:34
C:\WINDOWS\System32\javacpl.cpl -->10/06/2008 01:32:34
C:\WINDOWS\System32\javaw.exe -->10/06/2008 00:21:04
C:\WINDOWS\System32\java.exe -->10/06/2008 00:21:01
C:\WINDOWS\System32\ANIWZCS{DA0F401A-309C-48E8-820D-9C0324977028} -->09/04/2008 16:51:15
C:\WINDOWS\System32\ANIWZCSUSERNAME{DA0F401A-309C-48E8-820D-9C0324977028} -->09/04/2008 16:50:55

C:\WINDOWS\WindowsUpdate.log -->22/11/2008 20:46:02
C:\WINDOWS\0.log -->22/11/2008 20:46:01
C:\WINDOWS\bootstat.dat -->22/11/2008 20:45:57
C:\WINDOWS\karna.dat -->22/11/2008 20:45:31
C:\WINDOWS\brastk.exe -->22/11/2008 20:45:31
C:\WINDOWS\SchedLgU.Txt -->22/11/2008 20:44:45
C:\WINDOWS\ntbtlog.txt -->22/11/2008 20:34:52
C:\WINDOWS\win.ini -->22/11/2008 20:16:01
C:\WINDOWS\system.ini -->22/11/2008 20:16:01
C:\WINDOWS\ModemLog_SoftV90 Data Fax Modem.txt -->22/11/2008 20:01:50
C:\WINDOWS\xml2u32l.dll -->21/11/2008 23:40:24
C:\WINDOWS\EFCDBAE1B8E7AEA0F06A66E3D9469B2.exe -->21/11/2008 23:06:30
C:\WINDOWS\ODBC.INI -->09/02/2007 19:00:04
C:\WINDOWS\WMSysPr9.prx -->09/02/2007 18:43:34
C:\WINDOWS\REGLOCS.OLD -->08/02/2007 21:38:45

winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Unsigned
ndis.sys
Verified: Signed
null.sys
Verified: Signed


ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
explorer.exe pid: 1352
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x58b50000 0x9a000 5.82.2900.2527 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x745e0000 0x2c6000 3.01.4000.2435 C:\WINDOWS\system32\msi.dll
0x01ca0000 0x18000 C:\WINDOWS\LC.dll
0x01d80000 0x7000 C:\WINDOWS\system32\jsne87fidgf.dll
0x02910000 0x3c000 3.00.0000.3762 C:\WINDOWS\system32\igfxpph.dll
0x02950000 0x1e000 3.00.0000.3762 C:\WINDOWS\system32\hccutils.DLL
0x02990000 0x29000 3.00.0000.3762 C:\WINDOWS\system32\igfxres.dll
0x029d0000 0x56000 3.00.0000.3762 C:\WINDOWS\system32\igfxsrvc.dll
0x02a40000 0x25000 3.00.0000.3762 C:\WINDOWS\system32\igfxdev.dll
0x02a80000 0x2b000 C:\Program Files\WinRAR\rarext.dll
0x325c0000 0x12000 11.00.5510.0000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
0x60980000 0x7000 3.01.4000.1823 C:\WINDOWS\system32\MSISIP.DLL
0x74e10000 0x10000 5.06.0000.8820 C:\WINDOWS\system32\wshext.dll
0x73d20000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL
0x59000000 0xe000 5.06.0000.6626 C:\WINDOWS\system32\wshFR.DLL
0x36d30000 0x19000 11.00.5510.0000 C:\PROGRA~1\Microsoft Office\OFFICE11\MCPS.DLL

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
winlogon.exe pid: 688
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
0x58b50000 0x9a000 5.82.2900.2527 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x00e50000 0x4f000 C:\WINDOWS\system32\aeeedecd.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76f80000 0x7f000 2001.12.4414.0258 C:\WINDOWS\system32\CLBCATQ.DLL


Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 9C11-4669

Répertoire de C:\WINDOWS\system32

19/08/2004 17:09 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 19 023 638 528 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 9C11-4669

Répertoire de C:\WINDOWS\Downloaded Program Files

27/09/2008 10:24 <REP> .
27/09/2008 10:24 <REP> ..
08/02/2007 21:01 65 desktop.ini
20/03/2006 16:34 24 576 dwusplay.dll
20/03/2006 16:34 196 608 dwusplay.exe
20/03/2006 16:34 484 272 isusweb.dll
10/06/2008 03:55 1 055 jinstall-6u7.inf
5 fichier(s) 706 576 octets

Total des fichiers listés :
5 fichier(s) 706 576 octets
2 Rép(s) 19 023 638 528 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..


Liste des fichiers en exception sur le pare-feu XP SP2

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"="C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe:*:enabled:CSS"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\WINDOWS\\system32\\winver.exe"="C:\\WINDOWS\\system32\\winver.exe:*:Enabled:winver"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Export de la clef SharedTaskScheduler

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
"{C5BF49A2-94F3-42BD-F434-3604812C897D}"="mcb7uehuj3n8weuhejsw"

REGEDIT4

[taskmgr.exe]


exports des policies
REGEDIT4

[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001



Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
172 - WZCSLDR2.exe
216 - AirGCFG.exe
228 - SystrayApp.exe
288 - brastk.exe --[Hidden]--
344 - ctfmon.exe
352 - LClock.exe
360 - GoogleToolbarNo
636 - AlertModule.exe
664 - csrss.exe
688 - winlogon.exe
732 - services.exe
744 - lsass.exe
888 - svchost.exe
984 - svchost.exe
1020 - svchost.exe
1060 - svchost.exe
1352 - explorer.exe
1484 - MDM.EXE
1552 - sp_rsser.exe
1880 - alg.exe
2984 - LaunchPad.exe
3584 - cmd.exe

Total number of processes = 23
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D7000 - \WINDOWS\system32\ntoskrnl.exe
8070E000 - \WINDOWS\system32\hal.dll
F7A63000 - \WINDOWS\system32\KDCOM.DLL
F7973000 - \WINDOWS\system32\BOOTVID.dll
F7513000 - ACPI.sys
F7A65000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS
F7502000 - pci.sys
F7563000 - isapnp.sys
F7573000 - 4ad7f1344083e9b53ed5064664b1aadf.sys
F7A67000 - intelide.sys
F77E3000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
F7583000 - MountMgr.sys
F74E3000 - ftdisk.sys
F7A69000 - dmload.sys
F74BD000 - dmio.sys
F77EB000 - PartMgr.sys
F7B2B000 - pciide.sys
F7593000 - VolSnap.sys
F74A5000 - atapi.sys
F75A3000 - disk.sys
F75B3000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
F7486000 - fltMgr.sys
F75C3000 - PxHelp20.sys
F746F000 - KSecDD.sys
F73E2000 - Ntfs.sys
F73B5000 - NDIS.sys
F739A000 - Mup.sys
F7703000 - \SystemRoot\system32\DRIVERS\intelppm.sys
F72AB000 - \SystemRoot\system32\DRIVERS\ialmnt5.sys
F7297000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
F7843000 - \SystemRoot\system32\DRIVERS\usbuhci.sys
F7274000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
F784B000 - \SystemRoot\system32\DRIVERS\usbehci.sys
F7202000 - \SystemRoot\system32\DRIVERS\HSFBS2S2.sys
F71DF000 - \SystemRoot\system32\DRIVERS\ks.sys
F70E0000 - \SystemRoot\system32\DRIVERS\HSFDPSP2.sys
F7038000 - \SystemRoot\system32\DRIVERS\HSFCXTS2.sys
F7853000 - \SystemRoot\System32\Drivers\Modem.SYS
F7713000 - \SystemRoot\system32\DRIVERS\cdrom.sys
F7723000 - \SystemRoot\system32\DRIVERS\redbook.sys
F7733000 - \SystemRoot\system32\DRIVERS\imapi.sys
F6FC3000 - \SystemRoot\system32\drivers\smwdm.sys
F7BC3000 - \SystemRoot\system32\drivers\SENSUPGD.SYS
F6F9F000 - \SystemRoot\system32\drivers\portcls.sys
F7743000 - \SystemRoot\system32\drivers\drmk.sys
F7A89000 - \SystemRoot\system32\drivers\aeaudio.sys
F785B000 - \SystemRoot\system32\DRIVERS\fdc.sys
F6F8E000 - \SystemRoot\system32\DRIVERS\serial.sys
F7A2F000 - \SystemRoot\system32\DRIVERS\serenum.sys
F6F7A000 - \SystemRoot\system32\DRIVERS\parport.sys
F7753000 - \SystemRoot\system32\DRIVERS\i8042prt.sys
F7863000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
F7BC5000 - \SystemRoot\system32\DRIVERS\audstub.sys
F7763000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
F7A33000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
F6F63000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
F7773000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
F7783000 - \SystemRoot\system32\DRIVERS\raspptp.sys
F786B000 - \SystemRoot\system32\DRIVERS\TDI.SYS
F6F52000 - \SystemRoot\system32\DRIVERS\psched.sys
F7793000 - \SystemRoot\system32\DRIVERS\msgpc.sys
F7873000 - \SystemRoot\system32\DRIVERS\ptilink.sys
F787B000 - \SystemRoot\system32\DRIVERS\raspti.sys
F6EF9000 - \SystemRoot\system32\DRIVERS\rdpdr.sys
F77A3000 - \SystemRoot\system32\DRIVERS\termdd.sys
F7883000 - \SystemRoot\system32\DRIVERS\mouclass.sys
F7A8F000 - \SystemRoot\system32\DRIVERS\swenum.sys
F6EC5000 - \SystemRoot\system32\DRIVERS\update.sys
F7A5B000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
F77B3000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F77D3000 - \SystemRoot\system32\DRIVERS\usbhub.sys
F7A91000 - \SystemRoot\system32\DRIVERS\USBD.SYS
F788B000 - \SystemRoot\system32\DRIVERS\flpydisk.sys
F7A93000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F7B31000 - \SystemRoot\System32\Drivers\Null.SYS
F7613000 - \SystemRoot\System32\Drivers\Beep.SYS
F789B000 - \SystemRoot\System32\drivers\vga.sys
F7A95000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F7A97000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F78A3000 - \SystemRoot\System32\Drivers\Msfs.SYS
F78AB000 - \SystemRoot\System32\Drivers\Npfs.SYS
F79F7000 - \SystemRoot\system32\DRIVERS\hidusb.sys
F7623000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
F78B3000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
F79FF000 - \SystemRoot\system32\DRIVERS\rasacd.sys
EED38000 - \SystemRoot\system32\DRIVERS\ipsec.sys
EECE0000 - \SystemRoot\system32\DRIVERS\tcpip.sys
EECB8000 - \SystemRoot\system32\DRIVERS\netbt.sys
EEC96000 - \SystemRoot\System32\drivers\afd.sys
F7633000 - \SystemRoot\system32\DRIVERS\netbios.sys
EEC6B000 - \SystemRoot\system32\DRIVERS\rdbss.sys
F7B4E000 - \SystemRoot\System32\Drivers\PQNTDrv.SYS
EEBD4000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
F7643000 - \SystemRoot\System32\Drivers\Fips.SYS
EEBB3000 - \SystemRoot\system32\DRIVERS\ipnat.sys
F7653000 - \SystemRoot\system32\DRIVERS\wanarp.sys
EEA8E000 - \SystemRoot\system32\DRIVERS\mouhid.sys
EE9DF000 - \SystemRoot\System32\Drivers\Fastfat.SYS
F6E95000 - \SystemRoot\System32\Drivers\Cdfs.SYS
EE9C7000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F7B1B000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
EEA1A000 - \SystemRoot\System32\drivers\Dxapi.sys
F794B000 - \SystemRoot\System32\watchdog.sys
BF9C1000 - \SystemRoot\System32\drivers\dxg.sys
F7B56000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9E1000 - \SystemRoot\System32\ialmdnt5.dll
BF9D3000 - \SystemRoot\System32\ialmrnt5.dll
BFA00000 - \SystemRoot\System32\ialmdev5.DLL
BFA1F000 - \SystemRoot\System32\ialmdd5.DLL
BFFA0000 - \SystemRoot\System32\ATMFD.DLL
F7A8D000 - \SystemRoot\System32\Drivers\ParVdm.SYS
F796B000 - \??\C:\WINDOWS\system32\ANIO.SYS
EE605000 - \SystemRoot\system32\DRIVERS\srv.sys
EE807000 - \SystemRoot\system32\DRIVERS\mdmxsdk.sys
EE5B5000 - \SystemRoot\system32\DRIVERS\secdrv.sys
EE4B0000 - \SystemRoot\system32\drivers\wdmaud.sys
EE67F000 - \SystemRoot\system32\drivers\sysaudio.sys
EDF77000 - \SystemRoot\system32\DRIVERS\sr.sys
EDF4D000 - \SystemRoot\system32\drivers\kmixer.sys
F78D3000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS
F7C13000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 122

Liste des programmes installes

Adobe Flash Player 9 ActiveX
ANIO Service
ANIWZCS2 Service
Archiveur WinRAR
CCleaner (remove only)
Correctif pour le Lecteur Windows Media [Voir Q828026 pour plus d'informations]
D-Link Wireless G DWA-110
DFX for Windows Media Player
GameShadow
Google Desktop
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Intel(R) Extreme Graphics Driver
Java(TM) 6 Update 7
livebox
Memeo AutoSync
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
MSXML 6.0 Parser (KB925673)
Navigateur Orange
OpenOffice.org Installer 1.0
Orange - Logiciels Internet
PartitionMagic
Picasa 2
PowerQuest PartitionMagic 8.0
Satsuki Decoder Pack
Sid Meier's Civilization 4
Sid Meier's Civilization 4
SoundMAX
TuneUp Utilities 2007
WD Diagnostics
WebFldrs XP
Windows Communication Foundation
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Media Format Runtime
Windows Media Player 10
Windows Presentation Foundation
Windows Workflow Foundation
XML Paper Specification Shared Components Pack 1.0



Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 9C11-4669

Répertoire de C:\Program Files

22/11/2008 17:49 <REP> .
22/11/2008 17:49 <REP> ..
08/02/2007 23:34 <REP> Analog Devices
19/03/2008 13:04 <REP> ANI
21/11/2008 23:59 <REP> AxBx
31/03/2008 19:31 <REP> CCleaner
08/02/2007 20:59 <REP> ComPlus Applications
09/02/2007 18:44 <REP> DFX
21/11/2008 20:28 <REP> directx
19/03/2008 13:04 <REP> D-Link
27/09/2008 10:22 <REP> Fichiers communs
20/02/2007 19:00 <REP> Firaxis Games
04/05/2008 09:36 <REP> GameShadow
06/04/2008 10:50 <REP> Google
09/02/2007 18:19 <REP> Intel
08/02/2007 23:13 <REP> Internet Explorer
27/09/2008 10:23 <REP> Java
06/04/2008 10:48 <REP> Memeo
09/02/2007 18:58 <REP> Microsoft Office
09/02/2007 18:54 <REP> Microsoft Visual Studio
09/02/2007 18:54 <REP> Microsoft Works
09/02/2007 18:54 <REP> Microsoft.NET
08/02/2007 23:21 <REP> MSBuild
08/02/2007 21:00 <REP> NetMeeting
19/03/2008 13:14 <REP> Orange
08/02/2007 21:07 <REP> Outlook Express
06/04/2008 10:51 <REP> Picasa2
08/02/2007 23:42 <REP> PowerQuest
21/11/2008 20:40 <REP> Railroad Tycoon 3
08/02/2007 23:16 <REP> Reference Assemblies
19/03/2008 13:07 <REP> SAGEM
09/02/2007 18:40 <REP> Satsuki Decoder Pack
19/03/2008 13:07 <REP> Securitoo
08/02/2007 21:01 <REP> Services en ligne
13/10/2007 09:30 <REP> Sports Interactive
27/09/2008 10:23 <REP> Sun
08/02/2007 22:34 <REP> TuneUp Utilities 2007
09/02/2007 18:42 <REP> VideoLAN
06/04/2008 10:49 <REP> Western Digital
06/04/2008 10:47 <REP> Western Digital Technologies
09/02/2007 18:43 <REP> Windows Media Player
08/02/2007 20:59 <REP> Windows NT
08/02/2007 22:31 <REP> WinRAR
0 fichier(s) 0 octets
43 Rép(s) 19 023 609 856 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 9C11-4669

Répertoire de C:\Program Files\fichiers communs

27/09/2008 10:22 <REP> .
27/09/2008 10:22 <REP> ..
09/02/2007 18:54 <REP> DESIGNER
06/04/2008 10:48 <REP> eSellerate
19/03/2008 13:13 <REP> France Telecom
22/11/2008 16:52 <REP> InstallShield
27/09/2008 10:22 <REP> Java
09/02/2007 18:59 <REP> Microsoft Shared
08/02/2007 21:00 <REP> MSSoap
08/02/2007 21:52 <REP> ODBC
08/02/2007 21:00 <REP> Services
08/02/2007 21:52 <REP> SpeechEngines
09/02/2007 18:58 <REP> System
22/11/2008 17:45 <REP> Wise Installation Wizard
0 fichier(s) 0 octets
14 Rép(s) 19 023 605 760 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 9C11-4669

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

09/02/2007 18:54 <REP> .
09/02/2007 18:54 <REP> ..
09/02/2007 18:54 <REP> 1033
09/02/2007 18:54 <REP> 1036
11/07/2003 10:15 1 292 872 MSONSEXT.DLL
15/07/2003 06:52 35 896 MSOSV.DLL
03/06/1999 12:09 122 937 MSOWS409.DLL
07/03/2001 07:00 127 033 MSOWS40c.DLL
11/07/2003 02:25 80 448 PKMWS.DLL
5 fichier(s) 1 659 186 octets
4 Rép(s) 19 023 605 760 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 9C11-4669

Répertoire de C:\

22/11/2008 18:48 3 051 991 ComboFix.exe
22/11/2008 17:06 184 848 dhup.exe
28/06/2007 14:36 401 720 eden.exe.exe
22/11/2008 17:06 72 704 jwwgtuh.exe
21/11/2008 22:52 66 064 MediaTube_ver1.1573.0.exe
22/11/2008 19:18 1 529 241 SDFix.exe
21/11/2008 22:53 66 064 StarCodec_ver1.5897.0.exe
21/11/2008 22:52 161 796 wfhth.exe
22/11/2008 19:44 161 796 yjvmtaa.exe
22/11/2008 19:44 128 000 yvmkdwn.exe
10 fichier(s) 5 824 224 octets
0 Rép(s) 19 023 605 760 octets libres




c:\Documents and Settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
c:\Documents and Settings\Mickael\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\ARPPRODUCTICON.exe
c:\Documents and Settings\Mickael\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\Uninstall_WD_Diagnos_0AB76F69E7614CFAB9B0A1906B4E9E4B.exe
c:\Documents and Settings\Mickael\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe
c:\Documents and Settings\Mickael\Application Data\Microsoft\Installer\{4FBC6F79-4811-4422-9305-92979B8C6392}\ARPPRODUCTICON.exe
c:\Documents and Settings\Mickael\Application Data\Microsoft\Installer\{4FBC6F79-4811-4422-9305-92979B8C6392}\GameShadow.exe_0A3DE514292C4EBA987823B82B0B2BA2.exe
c:\Documents and Settings\Mickael\Application Data\Microsoft\Installer\{4FBC6F79-4811-4422-9305-92979B8C6392}\GameShadow.exe1_0A3DE514292C4EBA987823B82B0B2BA2.exe
c:\Documents and Settings\Mickael\Application Data\Microsoft\Installer\{4FBC6F79-4811-4422-9305-92979B8C6392}\Uninstall_GameShadow_4FBC6F7948114422930592979B8C6392.exe
c:\Documents and Settings\Mickael\Application Data\Microsoft\Installer\{FECA6067-869C-4F32-9F6E-574E1496CE44}\ARPPRODUCTICON.exe
c:\Documents and Settings\Mickael\Application Data\Microsoft\Installer\{FECA6067-869C-4F32-9F6E-574E1496CE44}\NewShortcut1_382DF8239D2E4C58905714D70E38FCBA.exe
c:\Documents and Settings\Mickael\Application Data\Microsoft\Installer\{FECA6067-869C-4F32-9F6E-574E1496CE44}\NewShortcut2_382DF8239D2E4C58905714D70E38FCBA.exe
c:\Documents and Settings\Mickael\Application Data\Microsoft\Installer\{FECA6067-869C-4F32-9F6E-574E1496CE44}\NewShortcut3_382DF8239D2E4C58905714D70E38FCBA.exe
c:\Documents and Settings\Mickael\Application Data\Microsoft\Installer\{FECA6067-869C-4F32-9F6E-574E1496CE44}\NewShortcut4_382DF8239D2E4C58905714D70E38FCBA.exe
c:\Documents and Settings\Mickael\Application Data\Microsoft\Installer\{FECA6067-869C-4F32-9F6E-574E1496CE44}\NewShortcut5_382DF8239D2E4C58905714D70E38FCBA.exe
c:\Documents and Settings\Mickael\Application Data\Microsoft\Installer\{FECA6067-869C-4F32-9F6E-574E1496CE44}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
c:\Documents and Settings\Mickael\Application Data\U3\0000184CF4711AE6\cleanup.exe
c:\Documents and Settings\Mickael\Application Data\U3\0000184CF4711AE6\Launchpad Removal.exe
c:\Documents and Settings\Mickael\Application Data\U3\0000184CF4711AE6\LaunchPad.exe
c:\Documents and Settings\Mickael\Application Data\U3\0000184CF4711AE6\U3AccessGrant.exe
c:\Documents and Settings\Mickael\Application Data\U3\0000184CF4711AE6\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\appstop.exe
c:\Documents and Settings\Mickael\Application Data\U3\0000184CF4711AE6\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\master.exe
c:\Documents and Settings\Mickael\Application Data\U3\0000184CF4711AE6\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\TASKKILL.EXE
c:\Documents and Settings\Mickael\Application Data\U3\0000184CF4711AE6\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\TASKLIST.EXE
c:\Documents and Settings\Mickael\Application Data\U3\0000184CF4711AE6\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\U3AppWrapper.exe
c:\Documents and Settings\Mickael\Application Data\U3\temp\cleanup.exe
c:\Documents and Settings\Mickael\Application Data\U3\temp\Launchpad Removal.exe
c:\Documents and Settings\Mickael\Bureau\adaware2008plus.exe
c:\Documents and Settings\Mickael\Bureau\HiJackThis.exe
c:\Documents and Settings\Mickael\Bureau\LopSD.exe
c:\Documents and Settings\Mickael\Bureau\mbam-setup.exe
c:\Documents and Settings\Mickael\Bureau\Azureus\Azureus.exe
c:\Documents and Settings\Mickael\Bureau\Azureus\AzureusUpdater.exe
c:\Documents and Settings\Mickael\Bureau\Azureus\uninstall.exe
c:\Documents and Settings\Mickael\Bureau\Azureus\.install4j\i4jdel.exe
c:\Documents and Settings\Mickael\Bureau\Azureus\plugins\azemp\azmplay.exe
c:\Documents and Settings\Mickael\Bureau\DiagHelp\catchme.exe
c:\Documents and Settings\Mickael\Bureau\DiagHelp\diff.exe
c:\Documents and Settings\Mickael\Bureau\DiagHelp\dumphive.exe
c:\Documents and Settings\Mickael\Bureau\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Mickael\Bureau\DiagHelp\find2.exe
c:\Documents and Settings\Mickael\Bureau\DiagHelp\Fport.exe
c:\Documents and Settings\Mickael\Bureau\DiagHelp\grep.exe
c:\Documents and Settings\Mickael\Bureau\DiagHelp\gzip.exe
c:\Documents and Settings\Mickael\Bureau\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Mickael\Bureau\DiagHelp\LFiles.exe
c:\Documents and Settings\Mickael\Bureau\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Mickael\Bureau\DiagHelp\md5sums.exe
c:\Documents and Settings\Mickael\Bureau\DiagHelp\pslist.exe
c:\Documents and Settings\Mickael\Bureau\DiagHelp\sigcheck.exe
c:\Documents and Settings\Mickael\Bureau\DiagHelp\streams.exe
c:\Documents and Settings\Mickael\Bureau\DiagHelp\swreg.exe
c:\Documents and Settings\Mickael\Bureau\DiagHelp\tar.exe
c:\Documents and Settings\Mickael\Bureau\Spyware Terminator\sp_rsser.exe
c:\Documents and Settings\Mickael\Bureau\Spyware Terminator\SpywareTerminator.exe
c:\Documents and Settings\Mickael\Bureau\Spyware Terminator\SpywareTerminatorShield.Exe
c:\Documents and Settings\Mickael\Bureau\Spyware Terminator\unins000.exe
c:\Documents and Settings\Mickael\Local Settings\Application Data\Google\Picasa2\update\LifescapeUpdater\setup.exe
c:\Documents and Settings\Mickael\Local Settings\Temp\664.exe
c:\Documents and Settings\Mickael\Local Settings\Temp\csrssc.exe
c:\Documents and Settings\Mickael\Local Settings\Temp\sfx32tmp1145953.exe
c:\Documents and Settings\Mickael\Local Settings\Temp\sfx32tmp193515.exe
c:\Documents and Settings\Mickael\Local Settings\Temp\sfx32tmp659234.exe
c:\Documents and Settings\Mickael\Local Settings\Temp\sfx32tmp679609.exe
c:\Documents and Settings\Mickael\Local Settings\Temp\sfx32tmp721406.exe
c:\Documents and Settings\Mickael\Local Settings\Temp\winlogin.exe
c:\Documents and Settings\Mickael\Local Settings\Temp\21.tmp\b2e.exe
c:\Documents and Settings\Mickael\Local Settings\Temp\23.tmp\b2e.exe
c:\Documents and Settings\Mickael\Mes documents\Fichier important ne pas effacer\dell pilote drivres\2300_A02.EXE
c:\Documents and Settings\Mickael\Mes documents\Fichier important ne pas effacer\dell pilote drivres\CD110910.exe
c:\Documents and Settings\Mickael\Mes documents\Fichier important ne pas effacer\dell pilote drivres\CDD1109.exe
c:\Documents and Settings\Mickael\Mes documents\Fichier important ne pas effacer\dell pilote drivres\driver dell dimension 2300_Web_Hottest_Videos_Personal_Player.exe
c:\Documents and Settings\Mickael\Mes documents\Fichier important ne pas effacer\dell pilote drivres\MAKEDD.EXE
c:\Documents and Settings\Mickael\Mes documents\Fichier important ne pas effacer\dell pilote drivres\MDAC.exe
c:\Documents and Settings\Mickael\Mes documents\Fichier important ne pas effacer\dell pilote drivres\microsoft-net-framework_microsoft_.net_framework_v3.0_francais_12834.exe
c:\Documents and Settings\Mickael\Mes documents\Fichier important ne pas effacer\dell pilote drivres\R41334.EXE
c:\Documents and Settings\Mickael\Mes documents\Fichier important ne pas effacer\dell pilote drivres\R45244.EXE
c:\Documents and Settings\Mickael\Mes documents\Fichier important ne pas effacer\dell pilote drivres\R46202.EXE
c:\Documents and Settings\Mickael\Mes documents\Fichier important ne pas effacer\dell pilote drivres\R48857.EXE
c:\Documents and Settings\Mickael\Mes documents\Fichier important ne pas effacer\dell pilote drivres\R49440.EXE
c:\Documents and Settings\Mickael\Mes documents\Fichier important ne pas effacer\dell pilote drivres\R53550.EXE
c:\Documents and Settings\Mickael\Mes documents\Fichier important ne pas effacer\dell pilote drivres\R79733.EXE
c:\Documents and Settings\Mickael\Mes documents\Fichier important ne pas effacer\dell pilote drivres\restauration systeme dell dimension 2300_ShareAccelerator.exe
c:\Documents and Settings\Mickael\Mes documents\Utilisateur1\CZ110900.exe
c:\Documents and Settings\Mickael\Mes documents\Utilisateur1\R53550.EXE
c:\Documents and Settings\Mickael\Application Data\U3\0000184CF4711AE6\SanDiskFormatExtension.dll
c:\Documents and Settings\Mickael\Application Data\U3\0000184CF4711AE6\SanDiskSecurityExtension.dll
c:\Documents and Settings\Mickael\Application Data\U3\0000184CF4711AE6\u3dapi10.dll

****** Fin du rapport DiagHelp

rapport usb fix :


-------------- UsbFix V2.412 ---------------

* User : Mickael - LSD-7572F89B44E
* Outils mis a jours le 22/11/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 21:38:01 le 22/11/2008
* Windows Xp - Internet Explorer 6.0.2900.2180


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Documents and Settings\Mickael\Bureau\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\System32\alg.exe
C:\DOCUME~1\Mickael\LOCALS~1\Temp\1.tmp\b2e.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\agent.exe

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe

F: - Lecteur fixe

G: - Lecteur de CD-ROM

H: - Lecteur amovible


+- Contenu de l'autorun : F:\autorun.inf

[autorun]
open=wd_windows_tools\setup.exe
ICON=AUTORUN\WDLOGO.ICO


+- Contenu de l'autorun : G:\autorun.inf

[AutoRun]
open=LaunchU3.exe -a
icon=LaunchU3.exe,0

[Definitions]
Launchpad=LaunchPad.exe
Vtype=2

[CopyFiles]
FileNumber=1
File1=LaunchPad.zip

[Update]
URL=http://u3.sandisk.com/download/lp_installer.asp?custom=1.4.0.4&brand=cruzer


[Comment]
brand=cruzer

+- Contenu de l'autorun : H:\autorun.inf

[AutoRun]
shellexecute=H:\m.exe /s
Action=Autorun


--------------- [ Lecteur C ] ----------------

C: - Lecteur fixe


+- Listing des fichiers présents :

[08/02/2007 21:02][--a------] C:\AUTOEXEC.BAT
[03/08/2004 23:38][-rahs----] C:\NTDETECT.COM
[22/11/2008 18:48][--a------] C:\ComboFix.exe
[22/11/2008 18:48][--a------] C:\dhup.exe
[22/11/2008 18:48][--a------] C:\eden.exe.exe
[22/11/2008 18:48][--a------] C:\jwwgtuh.exe
[22/11/2008 18:48][--a------] C:\MediaTube_ver1.1573.0.exe
[22/11/2008 18:48][--a------] C:\SDFix.exe
[22/11/2008 18:48][--a------] C:\StarCodec_ver1.5897.0.exe
[22/11/2008 18:48][--a------] C:\wfhth.exe
[22/11/2008 18:48][--a------] C:\yjvmtaa.exe
[22/11/2008 18:48][--a------] C:\yvmkdwn.exe
[22/11/2008 21:16][---hs----] C:\boot.ini
[22/11/2008 21:26][--a------] C:\lopR.txt
[22/11/2008 21:26][--a------] C:\resultat.txt
[22/11/2008 21:26][--a------] C:\UsbFix.txt
[08/02/2007 21:02][--a------] C:\CONFIG.SYS
[08/02/2007 21:02][--a------] C:\IO.SYS
[08/02/2007 21:02][--a------] C:\MSDOS.SYS
[08/02/2007 21:02][--a------] C:\pagefile.sys

--------------- [ Lecteur F ] ----------------

F: - Lecteur fixe


+- Listing des fichiers présents :

[18/05/2007 10:37][-rah-----] F:\autorun.inf

--------------- [ Lecteur G ] ----------------

G: - Lecteur de CD-ROM


+- Listing des fichiers présents :

[13/02/2007 02:33][-r-------] G:\LaunchU3.exe
[12/02/2007 20:53][-r-------] G:\autorun.inf

--------------- [ Lecteur H ] ----------------

H: - Lecteur amovible


+- Listing des fichiers présents :

[12/02/2007 18:33][-ra------] H:\LaunchU3.exe
[12/02/2007 18:33][-ra------] H:\RSIT.exe
[12/02/2007 18:33][-ra------] H:\m.exe
[07/04/2008 00:19][--a------] H:\pmp_usb.ini
[22/11/2008 21:35][---h-----] H:\autorun.inf
[22/11/2008 21:07][--a------] H:\lopR.txt
[22/11/2008 21:07][--a------] H:\resultat.txt
[22/11/2008 21:07][--a------] H:\lopR2.txt

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
LClock=lclock.exe
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
xsjfn83jkemfofght=C:\DOCUME~1\Mickael\LOCALS~1\Temp\winlogin.exe
12ZFG94-F641-2SF-K31P-5N1ER6H6L2=C:\RECYCLER\S-1-5-21-5952429372-3003131092-600296880-4023\service.exe
Jnskdfmf9eldfd=C:\DOCUME~1\Mickael\LOCALS~1\Temp\csrssc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

IgfxTray=C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds=C:\WINDOWS\system32\hkcmd.exe
KernelFaultCheck=%systemroot%\system32\dumprep 0 -k
ANIWZCS2Service=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
D-Link D-Link Wireless G DWA-110=C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
SystrayORAHSS="C:\Program Files\Orange\Systray\SystrayApp.exe"
ISUSPM="C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
xsjfn83jkemfofght=C:\DOCUME~1\Mickael\LOCALS~1\Temp\winlogin.exe
SpywareTerminator="C:\DOCUME~1\Mickael\Bureau\Spyware Terminator\SpywareTerminatorShield.exe"
MSConfig=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
brastk=brastk.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
Installed=1
NoChange=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command

--------------- [ Nettoyage des disques ] ----------------

Supprimé ! - [22/11/2008 17:06][--a------] C:\jwwgtuh.exe
Supprimé ! - [18/05/2007 10:37][-rah-----] F:\autorun.inf
Supprimé ! - [17/01/2008 19:05][d--------] F:\AutoRun
Echec de la supression !! - [12/02/2007 20:53] G:\autorun.inf
Echec de la supression !! - [12/02/2007 20:53] G:\autorun.inf
Echec de la supression !! - [12/02/2007 20:53] G:\autorun.inf
Supprimé ! - [22/11/2008 21:35][---h-----] H:\autorun.inf
Supprimé ! - [22/11/2008 21:35][---h-----] H:\m.exe

--------------- [ Resumé ] ----------------

-> /!\ Le resultat doit etre interprété par un spécialiste /!\

[08/02/2007 21:02][--a------] C:\AUTOEXEC.BAT
[03/08/2004 23:38][-rahs----] C:\NTDETECT.COM
[22/11/2008 18:48][--a------] C:\ComboFix.exe
[22/11/2008 18:48][--a------] C:\dhup.exe
[22/11/2008 18:48][--a------] C:\eden.exe.exe
[22/11/2008 18:48][--a------] C:\MediaTube_ver1.1573.0.exe
[22/11/2008 18:48][--a------] C:\SDFix.exe
[22/11/2008 18:48][--a------] C:\StarCodec_ver1.5897.0.exe
[22/11/2008 18:48][--a------] C:\wfhth.exe
[22/11/2008 18:48][--a------] C:\yjvmtaa.exe
[22/11/2008 18:48][--a------] C:\yvmkdwn.exe
[22/11/2008 21:16][---hs----] C:\boot.ini
[13/02/2007 02:33][-r-------] G:\LaunchU3.exe
[12/02/2007 20:53][-r-------] G:\autorun.inf
[12/02/2007 18:33][-ra------] H:\LaunchU3.exe
[12/02/2007 18:33][-ra------] H:\RSIT.exe
[07/04/2008 00:19][--a------] H:\pmp_usb.ini

--------------- ! Fin du rapport ! ----------------

par contre exterminate it me demande un code d'activation ?

je fais quoi pour le code d'activation ??

trsetup ne se lance pas malheuresement

bonjour
jai supprimé les programmes demandés
par contre dès que je me connecte sur le net le pc s'arrete et me parle de'une erreur beep.sys
sd fix marche mais pas combofix

autant pour moi sd fix ne marche pas non plus ...

2e rapport
***** THE SYSTEM HAS BEEN RESTARTED *****
23/11/2008 20:34:15: Trojan Remover has been restarted
----------
Cleaning up TDSS keys/files:
----------
C:\RECYCLER\S-1-5-21-5952429372-3003131092-600296880-4023\service.exe - process is either not running or could not be terminated
C:\RECYCLER\S-1-5-21-5952429372-3003131092-600296880-4023\service.exe has been renamed to C:\RECYCLER\S-1-5-21-5952429372-3003131092-600296880-4023\service.exe.vir
C:\WINDOWS\system32\aeeedecd.dll has been renamed to C:\WINDOWS\system32\aeeedecd.dll.vir
=======================================================
Removing the following registry keys:
HKLM\SYSTEM\CurrentControlSet\Services\4ad7f1344083e9b53ed5064664b1aadf - removed
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\aeeedecd - already removed (or did not exist)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdsssnfo.sys - already removed (or did not exist)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdsssnfo.sys - already removed (or did not exist)
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv - already removed (or did not exist)
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys - already removed (or did not exist)
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv) - already removed (or did not exist)
HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys) - already removed (or did not exist)
=======================================================
=======================================================
Deleting the following registry value(s):
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\[12ZFG94-F641-2SF-K31P-5N1ER6H6L2] - deleted
=======================================================
Trojan Remover forced a System Restart by terminating WINLOGON.EXE.
The Cleanup Utility was used to remove locked registry keys.
C:\WINDOWS\system32\4ad7f1344083e9b53ed5064664b1aadf.sys has been renamed to C:\WINDOWS\system32\4ad7f1344083e9b53ed5064664b1aadf.sys.vir
23/11/2008 20:34:15: Trojan Remover closed
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.4.2553. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 20:30:06 23 nov. 2008
Using Database v7206
Operating System: Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Mickael\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Mickael\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************

************************************************************
20:30:06: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************************
20:30:06: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************************
20:30:06: ----- SCANNING FOR ROOTKIT SERVICES -----
Hidden Service Keyname: 4ad7f1344083e9b53ed5064664b1aadf
Hidden file: C:\WINDOWS\system32\4ad7f1344083e9b53ed5064664b1aadf.sys - this Service will be set to Disabled and the reference removed
Hidden file: C:\WINDOWS\system32\4ad7f1344083e9b53ed5064664b1aadf.sys has been marked for renaming when the PC is restarted
----------

************************************************************
20:30:11: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1036288 bytes
Created: 17/06/2005
Modified: 15/06/2005
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created: 19/08/2004
Modified: 19/08/2004
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
1027072 bytes
Created: 19/08/2004
Modified: 17/12/2003
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: IgfxTray
Value Data: C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe
155648 bytes
Created: 09/02/2007
Modified: 10/02/2004
Company: Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe
118784 bytes
Created: 09/02/2007
Modified: 10/02/2004
Company: Intel Corporation
--------------------
Value Name: ANIWZCS2Service
Value Data: C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
49152 bytes
Created: 19/03/2008
Modified: 19/01/2007
Company: Wireless Service
--------------------
Value Name: D-Link D-Link Wireless G DWA-110
Value Data: C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
1662976 bytes
Created: 19/03/2008
Modified: 04/05/2007
Company: D-Link
--------------------
Value Name: SystrayORAHSS
Value Data: "C:\Program Files\Orange\Systray\SystrayApp.exe"
C:\Program Files\Orange\Systray\SystrayApp.exe
94208 bytes
Created: 19/03/2008
Modified: 25/09/2007
Company: France Telecom SA
--------------------
Value Name: ISUSPM
Value Data: "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
213936 bytes
Created: 20/03/2006
Modified: 20/03/2006
Company: Macrovision Corporation
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
144784 bytes
Created: 27/09/2008
Modified: 10/06/2008
Company: Sun Microsystems, Inc.
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1231240 bytes
Created: 23/11/2008
Modified: 22/11/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 19/08/2004
Modified: 19/08/2004
Company: Microsoft Corporation
--------------------
Value Name: LClock
Value Data: lclock.exe
C:\WINDOWS\lclock.exe
65536 bytes
Created: 08/02/2007
Modified: 08/12/2004
Company:
--------------------
Value Name: swg
Value Data: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
68856 bytes
Created: 17/04/2008
Modified: 17/04/2008
Company: Google Inc.
--------------------
Value Name: 12ZFG94-F641-2SF-K31P-5N1ER6H6L2
Value Data: C:\RECYCLER\S-1-5-21-5952429372-3003131092-600296880-4023\service.exe
C:\RECYCLER\S-1-5-21-5952429372-3003131092-600296880-4023\service.exe
72704 bytes
Created: 21/11/2008
Modified: 21/11/2008
Company:
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty

************************************************************
20:30:12: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

************************************************************
20:30:12: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
20:30:13: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
20:30:13: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
C:\WINDOWS\INF\wmp10.inf
34751 bytes
Created: 09/02/2007
Modified: 11/08/2004
Company:
----------

************************************************************
20:30:13: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: BITS
Path: %systemroot%\system32\qmgr.dll
C:\WINDOWS\system32\qmgr.dll
382464 bytes
Created: 08/02/2007
Modified: 19/08/2004
Company: Microsoft Corporation
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
Key: UxTuneUp
Path: %SystemRoot%\System32\uxtuneup.dll
C:\WINDOWS\System32\uxtuneup.dll
24072 bytes
Created: 08/02/2007
Modified: 17/01/2007
Company: TuneUp Software GmbH
--------------------

************************************************************
20:30:14: Scanning ----- SERVICES REGISTRY KEYS -----
Key: aeaudio
ImagePath: system32\drivers\aeaudio.sys
C:\WINDOWS\system32\drivers\aeaudio.sys
4816 bytes
Created: 08/02/2007
Modified: 01/04/2002
Company: Andrea Electronics Corporation
----------
Key: ANIO
ImagePath: \??\C:\WINDOWS\system32\ANIO.SYS
C:\WINDOWS\system32\ANIO.SYS
28195 bytes
Created: 19/03/2008
Modified: 11/12/2005
Company: Alpha Networks Inc.
----------
Key: ANIWZCSdService
ImagePath: C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
49152 bytes
Created: 19/03/2008
Modified: 19/01/2007
Company: Wireless Service
----------
Key: AutoSyncService
ImagePath: "C:\Program Files\Memeo\AutoSync\MemeoService.exe"
C:\Program Files\Memeo\AutoSync\MemeoService.exe
31768 bytes
Created: 06/07/2007
Modified: 06/07/2007
Company: Memeo
----------
Key: ethgfiax
ImagePath: system32\drivers\ethgfiax.sys
C:\WINDOWS\system32\drivers\ethgfiax.sys
134912 bytes
Created: 21/11/2008
Modified: 21/11/2008
Company:
----------
Key: FontCache3.0.0.0
ImagePath: c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
36864 bytes
Created: 20/10/2006
Modified: 20/10/2006
Company: Microsoft Corporation
----------
Key: FTRTSVC
ImagePath: "C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe"
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
65536 bytes
Created: 19/03/2008
Modified: 25/09/2007
Company: France Telecom SA
----------
Key: GoogleDesktopManager
ImagePath: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe"
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
1862144 bytes
Created: 06/04/2008
Modified: 06/04/2008
Company: Google
----------
Key: gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
138168 bytes
Created: 06/04/2008
Modified: 06/04/2008
Company: Google
----------
Key: HSFHWBS2
ImagePath: system32\DRIVERS\HSFBS2S2.sys
C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
220032 bytes
Created: 08/02/2007
Modified: 03/08/2004
Company: Conexant Systems, Inc.
----------
Key: HSF_DP
ImagePath: system32\DRIVERS\HSFDPSP2.sys
C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
1041536 bytes
Created: 08/02/2007
Modified: 03/08/2004
Company: Conexant Systems, Inc.
----------
Key: ialm
ImagePath: system32\DRIVERS\ialmnt5.sys
C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
681469 bytes
Created: 09/02/2007
Modified: 10/02/2004
Company: Intel Corporation
----------
Key: idsvc
ImagePath: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
741376 bytes
Created: 30/10/2006
Modified: 30/10/2006
Company: Microsoft Corporation
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150016 bytes
Created: 19/08/2004
Modified: 19/08/2004
Company: Microsoft Corporation
----------
Key: MDM
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
322120 bytes
Created: 19/06/2003
Modified: 19/06/2003
Company: Microsoft Corporation
----------
Key: ose
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
89136 bytes
Created: 28/07/2003
Modified: 28/07/2003
Company: Microsoft Corporation
----------
Key: PCAMPR5
ImagePath: \??\C:\WINDOWS\system32\PCAMPR5.SYS
C:\WINDOWS\system32\PCAMPR5.SYS
34688 bytes
Created: 19/03/2008
Modified: 23/09/2003
Company: Printing Communications Assoc., Inc. (PCAUSA)
----------
Key: PCANDIS5
ImagePath: \??\C:\WINDOWS\system32\PCANDIS5.SYS
C:\WINDOWS\system32\PCANDIS5.SYS
32128 bytes
Created: 19/03/2008
Modified: 01/03/2006
Company: Printing Communications Assoc., Inc. (PCAUSA)
----------
Key: RT73
ImagePath: system32\DRIVERS\Dr71WU.sys
C:\WINDOWS\system32\DRIVERS\Dr71WU.sys
429440 bytes
Created: 19/03/2008
Modified: 21/12/2006
Company: Ralink Technology, Corp.
----------
Key: smwdm
ImagePath: system32\drivers\smwdm.sys
C:\WINDOWS\system32\drivers\smwdm.sys
500568 bytes
Created: 08/02/2007
Modified: 28/05/2002
Company: Analog Devices, Inc.
----------
Key: sp_rssrv
ImagePath: "C:\Documents and Settings\Mickael\Bureau\Spyware Terminator\sp_rsser.exe"
C:\Documents and Settings\Mickael\Bureau\Spyware Terminator\sp_rsser.exe
606720 bytes
Created: 21/11/2008
Modified: 22/06/2008
Company: Crawler.com
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{C0879A72-AA14-4950-BD19-A5A05A09E55B}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 19/08/2004
Modified: 19/08/2004
Company: Microsoft Corporation
----------
Key: winachsf
ImagePath: system32\DRIVERS\HSFCXTS2.sys
C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys
685056 bytes
Created: 08/02/2007
Modified: 03/08/2004
Company: Conexant Systems, Inc.
----------

************************************************************
20:30:19: Scanning -----VXD ENTRIES-----

************************************************************
20:30:19: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : aeeedecd
DLLName: C:\WINDOWS\system32\aeeedecd.dll
C:\WINDOWS\system32\aeeedecd.dll
312847 bytes
Created: 21/08/2002
Modified: 21/08/2002
Company:
C:\WINDOWS\system32\aeeedecd.dll appears to be in-use/locked
C:\WINDOWS\system32\aeeedecd.dll - this reference has been removed
C:\WINDOWS\system32\aeeedecd.dll - file ownership assigned to: LSD-7572F89B44E\Mickael
C:\WINDOWS\system32\aeeedecd.dll - file backed up to C:\WINDOWS\system32\aeeedecd.dll.vir
C:\WINDOWS\system32\aeeedecd.dll - file has been neutralised
C:\WINDOWS\system32\aeeedecd.dll - marked for renaming when the PC is restarted
----------
Key : igfxcui
DLLName: igfxsrvc.dll
C:\WINDOWS\system32\igfxsrvc.dll
339968 bytes
Created: 09/02/2007
Modified: 10/02/2004
Company: Intel Corporation
----------

************************************************************
20:30:25: Scanning ----- CONTEXTMENUHANDLERS -----
Key: ShellExtension
CLSID: [empty]
----------
Key: SPTContMenu
CLSID: {BD88A479-9623-4897-8546-BC62B9628F44}
Path: C:\Documents and Settings\Mickael\Bureau\Spyware Terminator\sptcontmenu.dll
C:\Documents and Settings\Mickael\Bureau\Spyware Terminator\sptcontmenu.dll
164352 bytes
Created: 21/11/2008
Modified: 22/06/2008
Company: Crawler.com
----------
Key: TuneUp Shredder Shell Extension
CLSID: {4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
Path: C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll
C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll
25608 bytes
Created: 17/01/2007
Modified: 17/01/2007
Company: TuneUp Software GmbH
----------

************************************************************
20:30:25: Scanning ----- FOLDER\COLUMNHANDLERS -----

************************************************************
20:30:25: Scanning ----- BROWSER HELPER OBJECTS -----
No Browser Helper Objects found to scan

************************************************************
20:30:25: Scanning ----- SHELLSERVICEOBJECTS -----
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
122368 bytes
Created: 19/08/2004
Modified: 19/08/2004
Company: Microsoft Corporation
----------

************************************************************
20:30:25: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
20:30:25: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
20:30:25: Scanning ----- APPINIT_DLLS -----
No APPINIT_DLLS value found to check

************************************************************
20:30:25: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
20:30:25: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 08/02/2007
Modified: 08/02/2007
Company:
--------------------

************************************************************
No User Startup Groups were located to check

************************************************************
20:30:25: Scanning ----- SCHEDULED TASKS -----
Taskname: Maintenance en 1 clic.job
File: C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
470024 bytes
Created: 17/01/2007
Modified: 17/01/2007
Company: TuneUp Software GmbH
Parameters: /schedulestart
Next Run Time: 28/11/2008 17:15:00
Status: La tâche n'a pas encore été exécutée
Creator: Mickael
Comments: Lance la maintenance en 1 clic à des heures précises
----------

************************************************************
20:30:26: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
20:30:26: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
1 TDSS rootkit driver(s) heuristically detected
C:\WINDOWS\system32\drivers\tdsssnfo.sys appears to contain: BACKDOOR.TDSS
C:\WINDOWS\system32\drivers\tdsssnfo.sys - file has been erased using RAW erasure
-----
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Mickael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Mickael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
1036854 bytes
Created: 08/02/2007
Modified: 29/05/2007
Company:
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Mickael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
1036854 bytes
Created: 08/02/2007
Modified: 29/05/2007
Company:
----------
Additional checks completed

************************************************************
20:31:19: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
[1 loaded module]
--------------------
C:\WINDOWS\system32\csrss.exe
[10 loaded modules in total]
--------------------
C:\WINDOWS\system32\winlogon.exe
[74 loaded modules in total]
--------------------
C:\WINDOWS\system32\services.exe
[41 loaded modules in total]
--------------------
C:\WINDOWS\system32\lsass.exe
[46 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[47 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[37 loaded modules in total]
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
[146 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[25 loaded modules in total]
--------------------
C:\WINDOWS\system32\spoolsv.exe
[53 loaded modules in total]
--------------------
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe - file already scanned
[11 loaded modules in total]
--------------------
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE - file already scanned
[19 loaded modules in total]
--------------------
C:\Documents and Settings\Mickael\Bureau\Spyware Terminator\sp_rsser.exe - file already scanned
[19 loaded modules in total]
--------------------
C:\WINDOWS\system32\wdfmgr.exe
[13 loaded modules in total]
--------------------
C:\WINDOWS\System32\alg.exe
[30 loaded modules in total]
--------------------
C:\WINDOWS\system32\hkcmd.exe - file already scanned
[25 loaded modules in total]
--------------------
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe - file already scanned
[34 loaded modules in total]
--------------------
C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe - file already scanned
[34 loaded modules in total]
--------------------
C:\Program Files\Orange\Systray\SystrayApp.exe - file already scanned
[26 loaded modules in total]
--------------------
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe - file already scanned
[19 loaded modules in total]
--------------------
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe - file already scanned
[16 loaded modules in total]
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
[21 loaded modules in total]
--------------------
C:\WINDOWS\lclock.exe - file already scanned
[18 loaded modules in total]
--------------------
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe - file already scanned
[47 loaded modules in total]
--------------------
C:\WINDOWS\system32\wscntfy.exe
[12 loaded modules in total]
--------------------
C:\WINDOWS\explorer.exe - file already scanned
[79 loaded modules in total]
--------------------
C:\Documents and Settings\Mickael\Application Data\Simply Super Software\Trojan Remover\kyj6.exe
FileSize: 2884472
[This is a Trojan Remover component]
[64 loaded modules in total]
--------------------

************************************************************
20:31:41: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

************************************************************
20:31:41: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

************************************************************
20:31:41: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
20:31:41: Scanning ------ %TEMP% DIRECTORY ------
No files found to scan
************************************************************
20:31:41: Scanning ------ C:\WINDOWS\Temp DIRECTORY ------
No files found to scan
************************************************************
20:31:41: Scanning ------ ROOT DIRECTORY ------

************************************************************
20:31:42: ------ Scan for other files to remove ------
No malware-related files found to remove

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.google.com/?gws_rd=ssl
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.google.com/?gws_rd=ssl
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.google.com/?gws_rd=ssl

************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
=== ONE OR MORE FILES WERE RENAMED OR REMOVED ===
Scan completed at: 20:31:42 23 nov. 2008
Total Scan time: 00:01:35
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
23/11/2008 20:32:35: restart commenced
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.4.2553. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 20:23:32 23 nov. 2008
Using Database v7206
Operating System: Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Mickael\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Mickael\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************

************************************************************
20:23:32: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************************
20:23:32: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************************
20:23:32: ----- SCANNING FOR ROOTKIT SERVICES -----
Hidden Service Keyname: 4ad7f1344083e9b53ed5064664b1aadf
Hidden File: C:\WINDOWS\system32\4ad7f1344083e9b53ed5064664b1aadf.sys - this reference has been left in place
----------
Rootkit Services scan stopped at user request.
The Windows Registry was not scanned.
The ShellExecuteHooks were not scanned.
Hidden Registry Entries were not scanned for.
The ScreenSaver was not checked.
The Windows Registry Active Setup keys were not scanned.
The ServiceDLLs registry keys were not scanned.
The Services registry keys were not scanned.
The VxD Entries were not scanned.
The Winlogon\Notify DLLs were not scanned.
The ContextMenuHandlers were not scanned.
The Browser Helper Objects were not scanned.
The Global Startup Group was not scanned.
The User Startup Groups were not scanned.
The Scheduled Tasks were not scanned.
The ShellIconOverylayIdentifiers were not scanned.
Running Processes were not scanned.
The Windows Services file was not checked.
The AUTOEXEC files were not checked.
The HOSTS file was not checked.
The check on Explorer.exe was not carried out.
Internet Explorer settings were not checked.

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 20:23:45 23 nov. 2008
Total Scan time: 00:00:13
************************************************************

c'est parti
en esperant que ca marche que je n'ai pas internet sur mon pc infecté

Rapport :

ComboFix 08-11-22.02 - Mickael 2008-11-23 20:13:06.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.589 [GMT 1:00]
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Mickael\LOCALS~1\Temp\tmp1.tmp
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\brastk.exe
c:\windows\karna.dat
c:\windows\system32\124909
c:\windows\system32\124909\124909.dll
c:\windows\system32\brastk.exe
c:\windows\system32\jsne87fidgf.dll
c:\windows\system32\karna.dat
c:\windows\system32\sxmg4.dll
c:\windows\system32\wini108023.exe
c:\windows\system32\winwim32.dll
h:\recycler\Desktop.ini

----- BITS: Il y a peut-être des sites infectés -----

hxxp://accesspornovideo.net

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS
-------\Service_poof


((((((((((((((((((((((((((((( Fichiers créés du 2008-10-23 au 2008-11-23 ))))))))))))))))))))))))))))))))))))
.

2008-11-23 16:07 . 2008-11-23 16:07 134,656 --a------ C:\yjvmtaa.exe
2008-11-23 16:07 . 2008-11-23 20:03 128,000 --a------ C:\yvmkdwn.exe
2008-11-23 15:53 . 2008-11-23 20:03 3,284 --a------ c:\windows\system32\ANIWZCS{4FB99B1E-D90B-49DC-B244-BB4E8747648D}
2008-11-23 15:46 . 2008-11-23 20:03 8 --a------ c:\windows\system32\ANIWZCSUSERNAME{4FB99B1E-D90B-49DC-B244-BB4E8747648D}
2008-11-23 15:43 . 2008-11-23 15:43 7 --a------ c:\windows\system32\ANIWZCSUSERNAME{BC142CEF-D6DF-46D2-8E09-4C48051A294A}
2008-11-22 21:35 . 2008-11-23 15:30 <REP> d-------- c:\program files\UsbFix
2008-11-22 21:29 . 2008-11-22 23:03 <REP> d-------- c:\program files\Exterminate It!
2008-11-22 21:01 . 2008-11-22 21:26 <REP> d-------- C:\Lop SD
2008-11-22 20:12 . 2008-11-22 20:14 <REP> d-------- C:\Hijackthis
2008-11-22 20:08 . 2007-06-28 14:36 401,720 --a------ C:\eden.exe.exe
2008-11-22 19:52 . 2007-02-08 21:52 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2008-11-22 19:52 . 2007-02-08 21:52 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2008-11-22 19:52 . 2007-02-08 20:59 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2008-11-22 19:52 . 2007-02-08 21:52 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
2008-11-22 19:52 . 2007-02-08 21:52 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2008-11-22 19:52 . 2008-11-23 16:00 <REP> d-------- c:\documents and settings\Administrateur\Favoris
2008-11-22 19:52 . 2007-02-08 21:52 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2008-11-22 19:52 . 2008-11-22 19:52 <REP> d-------- c:\documents and settings\Administrateur
2008-11-22 19:19 . 2008-11-22 19:18 1,529,241 --a------ C:\SDFix.exe
2008-11-22 17:45 . 2008-11-22 17:46 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-22 17:20 . 2003-03-19 03:14 499,712 --a------ c:\windows\system32\MSVCP71.DLL
2008-11-22 16:49 . 2008-11-22 16:49 <REP> d-------- c:\documents and settings\Mickael\Application Data\InstallShield
2008-11-22 16:43 . 2008-11-22 19:44 3,284 --a------ c:\windows\system32\ANIWZCS{DDE45F2B-E548-4EEF-9789-40EE50C96248}
2008-11-22 16:43 . 2008-11-22 19:44 8 --a------ c:\windows\system32\ANIWZCSUSERNAME{DDE45F2B-E548-4EEF-9789-40EE50C96248}
2008-11-21 23:59 . 2008-11-21 23:59 <REP> d-------- c:\program files\AxBx
2008-11-21 23:40 . 2008-11-21 23:40 131,072 --a------ c:\windows\xml2u32l.dll
2008-11-21 23:18 . 2008-11-22 17:23 <REP> d-------- c:\documents and settings\Mickael\Application Data\Spyware Terminator
2008-11-21 23:18 . 2008-11-22 18:43 <REP> d-------- c:\documents and settings\All Users\Application Data\Spyware Terminator
2008-11-21 23:18 . 2008-11-21 23:18 141,312 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys
2008-11-21 23:06 . 2008-11-21 23:06 185,360 --a------ c:\windows\EFCDBAE1B8E7AEA0F06A66E3D9469B2.exe
2008-11-21 22:59 . 2008-11-21 22:59 83,984 --a------ c:\windows\system32\35d0bab9ac339768d2c82dbf67a7c475.exe
2008-11-21 22:59 . 2008-11-21 23:16 336 --a------ C:\log.udt
2008-11-21 22:54 . 2008-11-21 23:02 73,728 --a------ c:\windows\system32\TDSSnmvk.dll
2008-11-21 22:54 . 2008-11-23 20:03 2,348 --a------ c:\windows\system32\TDSSspid.dll
2008-11-21 22:53 . 2008-11-21 22:53 66,064 --a------ C:\StarCodec_ver1.5897.0.exe
2008-11-21 22:53 . 2008-11-21 23:02 60,416 --a------ c:\windows\system32\drivers\TDSSsnfo.sys
2008-11-21 22:53 . 2008-11-21 23:02 35,840 --a------ c:\windows\system32\TDSScfrx.dll
2008-11-21 22:53 . 2008-11-21 23:02 31,232 --a------ c:\windows\system32\TDSSjeoh.dll
2008-11-21 22:53 . 2008-11-21 23:02 29,696 --a------ c:\windows\system32\TDSSrrqc.dll
2008-11-21 22:53 . 2008-11-21 23:02 527 --a------ c:\windows\system32\TDSSpoop.dat
2008-11-21 22:52 . 2008-11-22 17:06 184,848 --a------ C:\dhup.exe
2008-11-21 22:52 . 2008-11-21 22:52 134,912 --a------ c:\windows\system32\drivers\ethgfiax.sys
2008-11-21 22:52 . 2008-11-21 22:52 66,064 --a------ C:\MediaTube_ver1.1573.0.exe
2008-11-21 22:52 . 2008-11-22 17:06 2 --a------ C:\-1676589463
2008-11-21 20:28 . 2008-11-21 20:28 <REP> d-------- c:\program files\directx
2008-11-21 20:23 . 2008-11-21 20:40 <REP> d-------- c:\program files\Railroad Tycoon 3
2008-11-09 17:53 . 2008-11-09 17:55 <REP> d-------- c:\documents and settings\Mickael\Application Data\uTorrent

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-23 19:08 --------- d-----w c:\documents and settings\Mickael\Application Data\U3
2008-11-22 17:07 --------- d-----w c:\documents and settings\Mickael\Application Data\Azureus
2008-11-22 16:45 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-11-22 15:52 --------- d-----w c:\program files\Fichiers communs\InstallShield
2008-11-22 15:51 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-22 15:50 --------- d-----w c:\documents and settings\Mickael\Application Data\My Games
2008-11-22 15:45 --------- d-----w c:\documents and settings\All Users\Application Data\Firefly Studios
2008-09-27 09:25 --------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2008-09-27 09:23 --------- d-----w c:\program files\Sun
2008-09-27 09:23 --------- d-----w c:\program files\Java
2008-09-27 09:22 --------- d-----w c:\program files\Fichiers communs\Java
.

------- Sigcheck -------

2005-06-28 18:56 359808 77c0c5e7d6cfe2052b8cf28b8722f528 c:\windows\system32\drivers\tcpip.sys

2005-03-02 19:13 2181632 3e2a0a4a0c0b19fc113618a9562a3b2a c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2005-03-02 19:08 2181376 63729dd0f2aae36cc52b89c05505146c c:\windows\Driver Cache\i386\ntoskrnl.exe
2005-06-15 23:00 2321152 bebb29fbd9c14448a7bc12204a362d9e c:\windows\system32\ntoskrnl.exe

2005-06-15 23:01 1036288 cc5b99af6247175a151b0cc4e71c7f58 c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-17 68856]
"12ZFG94-F641-2SF-K31P-5N1ER6H6L2"="c:\recycler\S-1-5-21-5952429372-3003131092-600296880-4023\service.exe" [2008-11-21 72704]
"LClock"="lclock.exe" [2004-12-08 c:\windows\LClock.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-10 118784]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"D-Link D-Link Wireless G DWA-110"="c:\program files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe" [2007-05-04 1662976]
"SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208]
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"LSD_III"="c:\windows\LSD\end.cmd" [2005-07-14 2310]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\aeeedecd]
2002-08-21 12:21 312847 c:\windows\system32\aeeedecd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VP40"= vp4vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Mickael^Menu Démarrer^Programmes^Démarrage^Memeo AutoSync Launcher.lnk]
path=c:\documents and settings\Mickael\Menu Démarrer\Programmes\Démarrage\Memeo AutoSync Launcher.lnk
backup=c:\windows\pss\Memeo AutoSync Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-04-06 10:50 1862144 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ORAHSSSessionManager]
--a------ 2007-09-25 19:10 102400 c:\program files\Orange\SessionManager\SessionManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-02-21 02:18 366400 c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
--a------ 2008-06-22 19:44 1817600 c:\docume~1\Mickael\Bureau\Spyware Terminator\SpywareTerminatorShield.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"Firewalboverride"=dword:00000004

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=

R2 UxTuneUp;Extension de conception TuneUp;c:\windows\System32\svchost.exe -k netsvcs [2004-08-19 14336]
S1 ethgfiax;ethgfiax;c:\windows\system32\drivers\ethgfiax.sys [2008-11-21 134912]
S4 AutoSyncService;Memeo AutoSync service;"c:\program files\Memeo\AutoSync\MemeoService.exe" [2007-07-06 31768]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'

2008-11-22 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-01-17 14:47]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKU-Default-Run-brastk - c:\windows\system32\brastk.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-23 20:15:52
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\windows\system32\_4ad7f1344083e9b53ed5064664b1aadf.sys_.vir 36864 bytes executable

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\4ad7f1344083e9b53ed5064664b1aadf]
"ImagePath"="system32\4ad7f1344083e9b53ed5064664b1aadf.sys"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\aeeedecd.dll
c:\windows\system32\rsaenh.dll

- - - - - - - > 'lsass.exe'(748)
c:\windows\system32\msprivs.dll
c:\windows\system32\rsaenh.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\[u]0[/u]\FTRTSVC.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\documents and settings\Mickael\Bureau\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2008-11-23 20:17:34 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-23 19:17:32

Avant-CF: 18,929,807,360 octets libres
Après-CF: 19,004,473,344 octets libres

202

je t'envoie 2 rapports : hijack this et trojan remover

Premiere partie hijack this
ComboFix 08-11-22.02 - Mickael 2008-11-23 20:13:06.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.589 [GMT 1:00]
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Mickael\LOCALS~1\Temp\tmp1.tmp
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\brastk.exe
c:\windows\karna.dat
c:\windows\system32\124909
c:\windows\system32\124909\124909.dll
c:\windows\system32\brastk.exe
c:\windows\system32\jsne87fidgf.dll
c:\windows\system32\karna.dat
c:\windows\system32\sxmg4.dll
c:\windows\system32\wini108023.exe
c:\windows\system32\winwim32.dll
h:\recycler\Desktop.ini

----- BITS: Il y a peut-être des sites infectés -----

hxxp://accesspornovideo.net

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS
-------\Service_poof


((((((((((((((((((((((((((((( Fichiers créés du 2008-10-23 au 2008-11-23 ))))))))))))))))))))))))))))))))))))
.

2008-11-23 16:07 . 2008-11-23 16:07 134,656 --a------ C:\yjvmtaa.exe
2008-11-23 16:07 . 2008-11-23 20:03 128,000 --a------ C:\yvmkdwn.exe
2008-11-23 15:53 . 2008-11-23 20:03 3,284 --a------ c:\windows\system32\ANIWZCS{4FB99B1E-D90B-49DC-B244-BB4E8747648D}
2008-11-23 15:46 . 2008-11-23 20:03 8 --a------ c:\windows\system32\ANIWZCSUSERNAME{4FB99B1E-D90B-49DC-B244-BB4E8747648D}
2008-11-23 15:43 . 2008-11-23 15:43 7 --a------ c:\windows\system32\ANIWZCSUSERNAME{BC142CEF-D6DF-46D2-8E09-4C48051A294A}
2008-11-22 21:35 . 2008-11-23 15:30 <REP> d-------- c:\program files\UsbFix
2008-11-22 21:29 . 2008-11-22 23:03 <REP> d-------- c:\program files\Exterminate It!
2008-11-22 21:01 . 2008-11-22 21:26 <REP> d-------- C:\Lop SD
2008-11-22 20:12 . 2008-11-22 20:14 <REP> d-------- C:\Hijackthis
2008-11-22 20:08 . 2007-06-28 14:36 401,720 --a------ C:\eden.exe.exe
2008-11-22 19:52 . 2007-02-08 21:52 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2008-11-22 19:52 . 2007-02-08 21:52 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2008-11-22 19:52 . 2007-02-08 20:59 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2008-11-22 19:52 . 2007-02-08 21:52 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
2008-11-22 19:52 . 2007-02-08 21:52 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2008-11-22 19:52 . 2008-11-23 16:00 <REP> d-------- c:\documents and settings\Administrateur\Favoris
2008-11-22 19:52 . 2007-02-08 21:52 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2008-11-22 19:52 . 2008-11-22 19:52 <REP> d-------- c:\documents and settings\Administrateur
2008-11-22 19:19 . 2008-11-22 19:18 1,529,241 --a------ C:\SDFix.exe
2008-11-22 17:45 . 2008-11-22 17:46 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-22 17:20 . 2003-03-19 03:14 499,712 --a------ c:\windows\system32\MSVCP71.DLL
2008-11-22 16:49 . 2008-11-22 16:49 <REP> d-------- c:\documents and settings\Mickael\Application Data\InstallShield
2008-11-22 16:43 . 2008-11-22 19:44 3,284 --a------ c:\windows\system32\ANIWZCS{DDE45F2B-E548-4EEF-9789-40EE50C96248}
2008-11-22 16:43 . 2008-11-22 19:44 8 --a------ c:\windows\system32\ANIWZCSUSERNAME{DDE45F2B-E548-4EEF-9789-40EE50C96248}
2008-11-21 23:59 . 2008-11-21 23:59 <REP> d-------- c:\program files\AxBx
2008-11-21 23:40 . 2008-11-21 23:40 131,072 --a------ c:\windows\xml2u32l.dll
2008-11-21 23:18 . 2008-11-22 17:23 <REP> d-------- c:\documents and settings\Mickael\Application Data\Spyware Terminator
2008-11-21 23:18 . 2008-11-22 18:43 <REP> d-------- c:\documents and settings\All Users\Application Data\Spyware Terminator
2008-11-21 23:18 . 2008-11-21 23:18 141,312 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys
2008-11-21 23:06 . 2008-11-21 23:06 185,360 --a------ c:\windows\EFCDBAE1B8E7AEA0F06A66E3D9469B2.exe
2008-11-21 22:59 . 2008-11-21 22:59 83,984 --a------ c:\windows\system32\35d0bab9ac339768d2c82dbf67a7c475.exe
2008-11-21 22:59 . 2008-11-21 23:16 336 --a------ C:\log.udt
2008-11-21 22:54 . 2008-11-21 23:02 73,728 --a------ c:\windows\system32\TDSSnmvk.dll
2008-11-21 22:54 . 2008-11-23 20:03 2,348 --a------ c:\windows\system32\TDSSspid.dll
2008-11-21 22:53 . 2008-11-21 22:53 66,064 --a------ C:\StarCodec_ver1.5897.0.exe
2008-11-21 22:53 . 2008-11-21 23:02 60,416 --a------ c:\windows\system32\drivers\TDSSsnfo.sys
2008-11-21 22:53 . 2008-11-21 23:02 35,840 --a------ c:\windows\system32\TDSScfrx.dll
2008-11-21 22:53 . 2008-11-21 23:02 31,232 --a------ c:\windows\system32\TDSSjeoh.dll
2008-11-21 22:53 . 2008-11-21 23:02 29,696 --a------ c:\windows\system32\TDSSrrqc.dll
2008-11-21 22:53 . 2008-11-21 23:02 527 --a------ c:\windows\system32\TDSSpoop.dat
2008-11-21 22:52 . 2008-11-22 17:06 184,848 --a------ C:\dhup.exe
2008-11-21 22:52 . 2008-11-21 22:52 134,912 --a------ c:\windows\system32\drivers\ethgfiax.sys
2008-11-21 22:52 . 2008-11-21 22:52 66,064 --a------ C:\MediaTube_ver1.1573.0.exe
2008-11-21 22:52 . 2008-11-22 17:06 2 --a------ C:\-1676589463
2008-11-21 20:28 . 2008-11-21 20:28 <REP> d-------- c:\program files\directx
2008-11-21 20:23 . 2008-11-21 20:40 <REP> d-------- c:\program files\Railroad Tycoon 3
2008-11-09 17:53 . 2008-11-09 17:55 <REP> d-------- c:\documents and settings\Mickael\Application Data\uTorrent

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-23 19:08 --------- d-----w c:\documents and settings\Mickael\Application Data\U3
2008-11-22 17:07 --------- d-----w c:\documents and settings\Mickael\Application Data\Azureus
2008-11-22 16:45 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-11-22 15:52 --------- d-----w c:\program files\Fichiers communs\InstallShield
2008-11-22 15:51 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-22 15:50 --------- d-----w c:\documents and settings\Mickael\Application Data\My Games
2008-11-22 15:45 --------- d-----w c:\documents and settings\All Users\Application Data\Firefly Studios
2008-09-27 09:25 --------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2008-09-27 09:23 --------- d-----w c:\program files\Sun
2008-09-27 09:23 --------- d-----w c:\program files\Java
2008-09-27 09:22 --------- d-----w c:\program files\Fichiers communs\Java
.

------- Sigcheck -------

2005-06-28 18:56 359808 77c0c5e7d6cfe2052b8cf28b8722f528 c:\windows\system32\drivers\tcpip.sys

2005-03-02 19:13 2181632 3e2a0a4a0c0b19fc113618a9562a3b2a c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2005-03-02 19:08 2181376 63729dd0f2aae36cc52b89c05505146c c:\windows\Driver Cache\i386\ntoskrnl.exe
2005-06-15 23:00 2321152 bebb29fbd9c14448a7bc12204a362d9e c:\windows\system32\ntoskrnl.exe

2005-06-15 23:01 1036288 cc5b99af6247175a151b0cc4e71c7f58 c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-17 68856]
"12ZFG94-F641-2SF-K31P-5N1ER6H6L2"="c:\recycler\S-1-5-21-5952429372-3003131092-600296880-4023\service.exe" [2008-11-21 72704]
"LClock"="lclock.exe" [2004-12-08 c:\windows\LClock.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-10 118784]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"D-Link D-Link Wireless G DWA-110"="c:\program files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe" [2007-05-04 1662976]
"SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208]
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"LSD_III"="c:\windows\LSD\end.cmd" [2005-07-14 2310]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\aeeedecd]
2002-08-21 12:21 312847 c:\windows\system32\aeeedecd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VP40"= vp4vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Mickael^Menu Démarrer^Programmes^Démarrage^Memeo AutoSync Launcher.lnk]
path=c:\documents and settings\Mickael\Menu Démarrer\Programmes\Démarrage\Memeo AutoSync Launcher.lnk
backup=c:\windows\pss\Memeo AutoSync Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-04-06 10:50 1862144 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ORAHSSSessionManager]
--a------ 2007-09-25 19:10 102400 c:\program files\Orange\SessionManager\SessionManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-02-21 02:18 366400 c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
--a------ 2008-06-22 19:44 1817600 c:\docume~1\Mickael\Bureau\Spyware Terminator\SpywareTerminatorShield.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"Firewalboverride"=dword:00000004

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=

R2 UxTuneUp;Extension de conception TuneUp;c:\windows\System32\svchost.exe -k netsvcs [2004-08-19 14336]
S1 ethgfiax;ethgfiax;c:\windows\system32\drivers\ethgfiax.sys [2008-11-21 134912]
S4 AutoSyncService;Memeo AutoSync service;"c:\program files\Memeo\AutoSync\MemeoService.exe" [2007-07-06 31768]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'

2008-11-22 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-01-17 14:47]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKU-Default-Run-brastk - c:\windows\system32\brastk.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-23 20:15:52
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\windows\system32\_4ad7f1344083e9b53ed5064664b1aadf.sys_.vir 36864 bytes executable

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\4ad7f1344083e9b53ed5064664b1aadf]
"ImagePath"="system32\4ad7f1344083e9b53ed5064664b1aadf.sys"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\aeeedecd.dll
c:\windows\system32\rsaenh.dll

- - - - - - - > 'lsass.exe'(748)
c:\windows\system32\msprivs.dll
c:\windows\system32\rsaenh.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\[u]0[/u]\FTRTSVC.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\documents and settings\Mickael\Bureau\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2008-11-23 20:17:34 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-23 19:17:32

Avant-CF: 18,929,807,360 octets libres
Après-CF: 19,004,473,344 octets libres

202

voici le rapport hijack sur mon portable qui était au départ non infecté :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:30:51, on 23/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek Semiconductor Corp\Realtek Card Reader Monitor\CardReaderMonitor.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Users\user1\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {CBF5B3AF-7C1E-4044-80F7-E4414C9174D6} - C:\Windows\system32\tULdbyvw.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CardReaderMonitor] C:\Program Files\Realtek Semiconductor Corp.\Realtek Card Reader Monitor\CardReaderMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

Pour le pc infecté voici les 2 rapports en premier le rapport combofix puis le rapport Hijackthis :

ComboFix 08-11-22.01 - Mickael 2008-11-23 21:40:06.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.528 [GMT 1:00]
Lancé depuis: c:\documents and settings\Mickael\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Mickael\Bureau\CFscript.txt
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]

FILE ::
C:\eden.exe.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-1676589463
C:\dhup.exe
C:\eden.exe.exe
C:\MediaTube_ver1.1573.0.exe
C:\StarCodec_ver1.5897.0.exe
c:\windows\system32\drivers\ethgfiax.sys
c:\windows\system32\TDSScfrx.dll
c:\windows\system32\TDSSjeoh.dll
c:\windows\system32\TDSSnmvk.dll
c:\windows\system32\TDSSpoop.dat
c:\windows\system32\TDSSrrqc.dll
c:\windows\system32\TDSSspid.dll
C:\yjvmtaa.exe
C:\yvmkdwn.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-23 au 2008-11-23 ))))))))))))))))))))))))))))))))))))
.

2008-11-23 20:23 . 2008-11-23 20:23 <REP> d-------- c:\program files\Trojan Remover
2008-11-23 20:23 . 2008-11-23 20:23 <REP> d-------- c:\documents and settings\Mickael\Application Data\Simply Super Software
2008-11-23 20:23 . 2008-11-23 20:35 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-23 20:23 . 2008-11-23 20:23 <REP> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
2008-11-23 20:23 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2008-11-23 20:23 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2008-11-23 20:23 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2008-11-23 20:23 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll
2008-11-23 20:23 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2008-11-23 20:13 . 2008-11-23 20:13 36,864 --a------ c:\windows\system32\_4ad7f1344083e9b53ed5064664b1aadf.sys_.vir
2008-11-23 15:53 . 2008-11-23 20:03 3,284 --a------ c:\windows\system32\ANIWZCS{4FB99B1E-D90B-49DC-B244-BB4E8747648D}
2008-11-23 15:46 . 2008-11-23 20:03 8 --a------ c:\windows\system32\ANIWZCSUSERNAME{4FB99B1E-D90B-49DC-B244-BB4E8747648D}
2008-11-23 15:43 . 2008-11-23 15:43 7 --a------ c:\windows\system32\ANIWZCSUSERNAME{BC142CEF-D6DF-46D2-8E09-4C48051A294A}
2008-11-22 21:35 . 2008-11-23 15:30 <REP> d-------- c:\program files\UsbFix
2008-11-22 21:29 . 2008-11-22 23:03 <REP> d-------- c:\program files\Exterminate It!
2008-11-22 21:01 . 2008-11-22 21:26 <REP> d-------- C:\Lop SD
2008-11-22 20:12 . 2008-11-22 20:14 <REP> d-------- C:\Hijackthis
2008-11-22 19:52 . 2007-02-08 21:52 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2008-11-22 19:52 . 2007-02-08 21:52 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2008-11-22 19:52 . 2007-02-08 20:59 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2008-11-22 19:52 . 2007-02-08 21:52 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
2008-11-22 19:52 . 2007-02-08 21:52 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2008-11-22 19:52 . 2008-11-23 16:00 <REP> d-------- c:\documents and settings\Administrateur\Favoris
2008-11-22 19:52 . 2007-02-08 21:52 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2008-11-22 19:52 . 2008-11-22 19:52 <REP> d-------- c:\documents and settings\Administrateur
2008-11-22 19:19 . 2008-11-22 19:18 1,529,241 --a------ C:\SDFix.exe
2008-11-22 17:45 . 2008-11-22 17:46 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-22 17:20 . 2003-03-19 03:14 499,712 --a------ c:\windows\system32\MSVCP71.DLL
2008-11-22 16:49 . 2008-11-22 16:49 <REP> d-------- c:\documents and settings\Mickael\Application Data\InstallShield
2008-11-22 16:43 . 2008-11-22 19:44 3,284 --a------ c:\windows\system32\ANIWZCS{DDE45F2B-E548-4EEF-9789-40EE50C96248}
2008-11-22 16:43 . 2008-11-22 19:44 8 --a------ c:\windows\system32\ANIWZCSUSERNAME{DDE45F2B-E548-4EEF-9789-40EE50C96248}
2008-11-21 23:59 . 2008-11-21 23:59 <REP> d-------- c:\program files\AxBx
2008-11-21 23:40 . 2008-11-21 23:40 131,072 --a------ c:\windows\xml2u32l.dll
2008-11-21 23:18 . 2008-11-22 17:23 <REP> d-------- c:\documents and settings\Mickael\Application Data\Spyware Terminator
2008-11-21 23:18 . 2008-11-22 18:43 <REP> d-------- c:\documents and settings\All Users\Application Data\Spyware Terminator
2008-11-21 23:18 . 2008-11-21 23:18 141,312 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys
2008-11-21 23:06 . 2008-11-21 23:06 185,360 --a------ c:\windows\EFCDBAE1B8E7AEA0F06A66E3D9469B2.exe
2008-11-21 22:59 . 2008-11-21 22:59 83,984 --a------ c:\windows\system32\35d0bab9ac339768d2c82dbf67a7c475.exe
2008-11-21 22:59 . 2008-11-21 22:59 36,864 --a------ c:\windows\system32\4ad7f1344083e9b53ed5064664b1aadf.sys.vir
2008-11-21 22:59 . 2008-11-21 23:16 336 --a------ C:\log.udt
2008-11-21 20:28 . 2008-11-21 20:28 <REP> d-------- c:\program files\directx
2008-11-21 20:23 . 2008-11-21 20:40 <REP> d-------- c:\program files\Railroad Tycoon 3
2008-11-09 17:53 . 2008-11-09 17:55 <REP> d-------- c:\documents and settings\Mickael\Application Data\uTorrent

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-23 19:08 --------- d-----w c:\documents and settings\Mickael\Application Data\U3
2008-11-22 17:07 --------- d-----w c:\documents and settings\Mickael\Application Data\Azureus
2008-11-22 16:45 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-11-22 15:52 --------- d-----w c:\program files\Fichiers communs\InstallShield
2008-11-22 15:51 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-22 15:50 --------- d-----w c:\documents and settings\Mickael\Application Data\My Games
2008-11-22 15:45 --------- d-----w c:\documents and settings\All Users\Application Data\Firefly Studios
2008-10-10 10:31 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-09-27 09:25 --------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2008-09-27 09:23 --------- d-----w c:\program files\Sun
2008-09-27 09:23 --------- d-----w c:\program files\Java
2008-09-27 09:22 --------- d-----w c:\program files\Fichiers communs\Java
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-17 68856]
"LClock"="lclock.exe" [2004-12-08 c:\windows\LClock.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-10 118784]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"D-Link D-Link Wireless G DWA-110"="c:\program files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe" [2007-05-04 1662976]
"SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208]
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2008-11-22 1231240]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"LSD_III"="c:\windows\LSD\end.cmd" [2005-07-14 2310]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VP40"= vp4vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Mickael^Menu Démarrer^Programmes^Démarrage^Memeo AutoSync Launcher.lnk]
path=c:\documents and settings\Mickael\Menu Démarrer\Programmes\Démarrage\Memeo AutoSync Launcher.lnk
backup=c:\windows\pss\Memeo AutoSync Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-04-06 10:50 1862144 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ORAHSSSessionManager]
--a------ 2007-09-25 19:10 102400 c:\program files\Orange\SessionManager\SessionManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-02-21 02:18 366400 c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
--a------ 2008-06-22 19:44 1817600 c:\docume~1\Mickael\Bureau\Spyware Terminator\SpywareTerminatorShield.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"Firewalboverride"=dword:00000004

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=

R2 UxTuneUp;Extension de conception TuneUp;c:\windows\System32\svchost.exe -k netsvcs [2004-08-19 14336]
S1 ethgfiax;ethgfiax;c:\windows\system32\drivers\ethgfiax.sys []
S4 AutoSyncService;Memeo AutoSync service;"c:\program files\Memeo\AutoSync\MemeoService.exe" [2007-07-06 31768]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f6c582e-7e6e-11dc-91e1-fadb762bc608}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Tâches planifiées'

2008-11-22 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-01-17 14:47]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-23 21:41:04
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-11-23 21:41:48
ComboFix-quarantined-files.txt 2008-11-23 20:41:33
ComboFix2.txt 2008-11-23 19:17:36

Avant-CF: 18 967 515 136 octets libres
Après-CF: 18,954,997,760 octets libres

167

Ensuite hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:45:16, on 23/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Documents and Settings\Mickael\Bureau\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\lclock.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Mickael\Bureau\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless G DWA-110] C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u7-windows-i586-jc.cab&AuthParam=1580978829_3fac487ff39b191ded7866fc4973d48d&ext=.cab
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Documents and Settings\Mickael\Bureau\Spyware Terminator\sp_rsser.exe

bah ecoutes la ca a lair nickel sur le pc, jai installe adaware et lancer une petite analyse il ma virer quelques malwares restants, en fait le seul truc c'ets que lorque je suis sur le net (avec mon pc) les images ne s'affichent pas (par exemple sur la page google pas de logo google ....

Et voila le raport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:45:16, on 23/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Documents and Settings\Mickael\Bureau\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\lclock.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Mickael\Bureau\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless G DWA-110] C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u7-windows-i586-jc.cab&AuthParam=1580978829_3fac487ff39b191ded7866fc4973d48d&ext=.cab
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Documents and Settings\Mickael\Bureau\Spyware Terminator\sp_rsser.exe