enieme post sur des fenetres intempetives - Sécurité - Virus
TomsGuide.com : 700 000 inscrits répondent à toutes vos questions high-tech et informatique.
Pour obtenir de l'aide, inscrivez-vous gratuitement !
 

Ajouter une réponse



Mot :   Pseudo :  
 
Bas de page
Auteur
 Sujet : enieme post sur des fenetres intempetives
 
beaglecut
Vive l'open source
Profil : IDNaute
Plus d'informations
n°250687
21-10-2007 à 15:17:26

salut à tous...

Bon, c'est bien le bordel sur mon pc d'puis une semaine;

-fenetres intempestives qui me proposent de telecharger des antivirus ou antspyware etc...
-Des icones s'installent sur mon bureau; "only security guide" & "live safety center"
-Consequence mon pc est en constant ralentissement, et je stres rien qu'à l'idée de me connecter sur le web (bon j'n rajoute un peu effectivement)

:sol: J'ai pourtant eu l'impression d'avoir tout essayé ; scan avast, a-squared, spybot search&destroy, vundo fix, superantispyware free edition, ad aware ...

bref c le bordel, merci de m'aider

donc je met ici un hijack;

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15:14:15, on 21/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Player Metaboli\GPlayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Serban\Bureau\Securite\HiJackThis_v2.exe

O2 - BHO: (no name) - {56117F60-3D5F-4A62-ADB7-4948FD942F13} - C:\WINDOWS\system32\ssqpp.dll
O2 - BHO: (no name) - {5C606903-F5FB-4ACF-AC3D-B243D7B5159C} - (no file)
O2 - BHO: (no name) - {6AA62B16-4F1B-429C-93FC-0AC003FD760E} - (no file)
O2 - BHO: (no name) - {7BCAB8B4-F48F-4472-8B4B-53CAF9BC372C} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - (no file)
O2 - BHO: (no name) - {9CAC449F-A741-467F-B528-81A426995175} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\uyclfdho.dll
O2 - BHO: (no name) - {BF3503D6-8FE4-4788-8464-F9F8304C30E7} - C:\WINDOWS\system32\ddccd.dll (file missing)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\uyclfdho.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\MSDXM.OCX
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BroadcomWireless] C:\Program Files\Broadcom\Wireless\Utility\WlanUtil.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\System32\oqjcqwnm.dll",sitypnow
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\
O20 - Winlogon Notify: afekgvvb - C:\WINDOWS\
O20 - Winlogon Notify: esilchil - esilchil.dll (file missing)
O20 - Winlogon Notify: uyclfdho - C:\WINDOWS\SYSTEM32\uyclfdho.dll
O20 - Winlogon Notify: wmndmlcq - C:\WINDOWS\
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 7129 bytes

Liens sponsorisés


Inscrivez-vous ou connectez-vous pour masquer ceci.

chercheur_
Profil : Helper
Plus d'informations
n°250698
21-10-2007 à 15:56:52

Bonjour

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4

* Double-clique VundoFix.exe afin de le lancer.
* Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est complété, clique sur le bouton Remove Vundo.
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown" ); clique OK

Démarre ton PC à nouveau.

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".


Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.

Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis et le contenu du rapport situé dans C:\vundofix.txt


---------------
Le meilleur antivirus, c'est vous
Vous avez un problème ? Créez votre propre post !
beaglecut
Vive l'open source
Profil : IDNaute
Plus d'informations
n°250751
21-10-2007 à 17:50:40

Bon, deja merci pour ta reponse, alors j'ai bien fait ce que tu m'as dit...

Voici tt d'abord le rapport de combofix.exe :

ComboFix 07-10-20.6 - Serban 2007-10-21 17:23:47.1 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.157 [GMT 2:00]
Running from: C:\Documents and Settings\Serban\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\Serban\Application Data\macromedia\Flash Player\#SharedObjects\E6KSB64S\iforex.com
C:\Documents and Settings\Serban\Application Data\macromedia\Flash Player\#SharedObjects\E6KSB64S\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Serban\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Serban\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\Serban\Bureau\Live Safety Center.lnk
C:\Documents and Settings\Serban\Bureau\Online Security Guide.lnk
C:\Documents and Settings\Serban\Favoris\Online Security Guide.lnk
C:\Program Files\Fichiers communs\BestsellerAntivirus
C:\Program Files\Fichiers communs\BestsellerAntivirus\bm.exe
C:\Program Files\Hammer.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\afekgvvb.dllbox
C:\WINDOWS\system32\bhqijdwe.ini
C:\WINDOWS\system32\dccdd.bak1
C:\WINDOWS\system32\dccdd.bak1
C:\WINDOWS\system32\dccdd.ini2
C:\WINDOWS\system32\dccdd.ini2
C:\WINDOWS\system32\dccdd.tmp
C:\WINDOWS\system32\dccdd.tmp
C:\WINDOWS\system32\drivers\fmtr.sys
C:\WINDOWS\system32\edboqlgj.ini
C:\WINDOWS\system32\esilchil.dllbox
C:\WINDOWS\system32\ewdjiqhb.dll
C:\WINDOWS\system32\gdamxuec.exe
C:\WINDOWS\system32\hajqxvgm.dll
C:\WINDOWS\system32\hajqxvgm.dllbox
C:\WINDOWS\system32\jglqobde.dll
C:\WINDOWS\system32\joroupmb.exe
C:\WINDOWS\system32\jquyrqpf.exe
C:\WINDOWS\system32\mpcgacdv.dll
C:\WINDOWS\system32\mttbdmln.exe
C:\WINDOWS\system32\muamqxxm.dll
C:\WINDOWS\system32\muamqxxm.dllbox
C:\WINDOWS\system32\nnrsejsq.exe
C:\WINDOWS\system32\nwwexnqw.ini
C:\WINDOWS\system32\ppqss.bak1
C:\WINDOWS\system32\ppqss.bak1
C:\WINDOWS\system32\ppqss.bak2
C:\WINDOWS\system32\ppqss.bak2
C:\WINDOWS\system32\ppqss.ini
C:\WINDOWS\system32\ppqss.ini
C:\WINDOWS\system32\pqtss.bak1
C:\WINDOWS\system32\pqtss.bak1
C:\WINDOWS\system32\pqtss.bak2
C:\WINDOWS\system32\pqtss.bak2
C:\WINDOWS\system32\pqtss.ini
C:\WINDOWS\system32\pqtss.ini
C:\WINDOWS\system32\pqtss.ini2
C:\WINDOWS\system32\pqtss.ini2
C:\WINDOWS\system32\pqtss.tmp
C:\WINDOWS\system32\pqtss.tmp
C:\WINDOWS\system32\qxngstvv.exe
C:\WINDOWS\system32\ssqpp.dll
C:\WINDOWS\system32\ssqpp.dll
C:\WINDOWS\system32\uyclfdho.dllbox
C:\WINDOWS\system32\vdcagcpm.ini
C:\WINDOWS\system32\wmndmlcq.dllbox
C:\WINDOWS\system32\wqnxewwn.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_FMTR
-------\fmtr


((((((((((((((((((((((((((((( Fichiers créés 2007-09-21 to 2007-10-21 ))))))))))))))))))))))))))))))))))))
.

2007-10-21 17:20 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-21 15:05 <REP> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-21 15:02 <REP> d-------- C:\Documents and Settings\Serban\Application Data\MSN6
2007-10-21 15:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2007-10-21 14:53 <REP> d-------- C:\VundoFix Backups
2007-10-21 13:23 <REP> d-------- C:\Temp
2007-10-21 00:36 <REP> d-------- C:\Documents and Settings\Serban\Application Data\vlc
2007-10-21 00:27 <REP> d-------- C:\Program Files\VideoLAN
2007-10-20 23:17 <REP> d-------- C:\Program Files\HarmoTab
2007-10-20 23:16 290,816 --------- C:\WINDOWS\Setup1.exe
2007-10-20 23:16 74,752 --a------ C:\WINDOWS\ST6UNST.EXE
2007-10-20 21:24 <REP> d-------- C:\Remote Programs
2007-10-20 21:24 <REP> d-------- C:\Program Files\Player Metaboli
2007-10-20 21:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Exetender
2007-10-20 21:24 53,314 --------- C:\WINDOWS\ExentInfo.exe
2007-10-20 21:24 68 --a------ C:\WINDOWS\GPlrLanc.dat
2007-10-20 21:14 <REP> d-------- C:\Games
2007-10-20 14:56 <REP> d---s---- C:\Documents and Settings\Serban\UserData
2007-10-18 16:51 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-10-18 16:51 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-10-18 16:47 <REP> d-------- C:\Program Files\Logon Loader
2007-10-16 20:12 <REP> d-------- C:\WINDOWS\system32\Lang
2007-10-16 20:06 135,168 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2007-10-16 20:06 48 --a------ C:\WINDOWS\system32\drivers\RtkHDAud.dat
2007-10-16 20:04 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-10-16 20:04 60,288 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys
2007-10-16 20:02 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2007-10-16 19:12 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-10-16 19:12 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-10-16 19:12 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-10-16 11:03 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-16 09:32 <REP> d--h----- C:\WINDOWS\$hf_mig$
2007-10-16 00:58 <REP> d-------- C:\Documents and Settings\LocalService\Menu D‚marrer
2007-10-16 00:18 <REP> d-------- C:\WINDOWS\ServicePackFiles
2007-10-15 23:09 <REP> d-------- C:\Program Files\Realtek
2007-10-15 22:42 <REP> d-------- C:\WINDOWS\provisioning
2007-10-15 22:42 <REP> d-------- C:\WINDOWS\peernet
2007-10-15 22:33 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-10-15 22:29 <REP> d-------- C:\WINDOWS\EHome
2007-10-15 22:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-10-15 21:18 3,328 --a------ C:\WINDOWS\system32\drivers\pciide.sys
2007-10-15 21:18 3,328 --a--c--- C:\WINDOWS\system32\dllcache\pciide.sys
2007-10-15 21:15 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2007-10-15 21:15 4,569 --------- C:\WINDOWS\system32\secupd.dat
2007-10-14 18:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-14 18:24 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-14 18:24 <REP> d-------- C:\Documents and Settings\Serban\Application Data\SUPERAntiSpyware.com
2007-10-14 18:19 <REP> d-------- C:\Program Files\a-squared Free
2007-10-14 13:14 <REP> d-------- C:\Program Files\Lavasoft
2007-10-14 13:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-14 13:12 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-10-14 13:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-14 00:18 1,635 --a------ C:\WINDOWS\system32\cspmjm.exe
2007-10-14 00:14 1,635 --a------ C:\WINDOWS\system32\ieqvpe.exe
2007-10-12 19:26 <REP> d-------- C:\Program Files\Macromedia
2007-10-12 19:26 <REP> d-------- C:\Program Files\Fichiers communs\Macromedia
2007-10-12 19:25 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-10-12 18:55 <REP> d-------- C:\Program Files\FileZilla Client
2007-10-12 17:37 40,960 -----c--- C:\WINDOWS\system32\dllcache\evtgprov.dll
2007-10-12 17:28 <REP> d--h-c--- C:\WINDOWS\$xpsp1hfm$
2007-10-12 17:28 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-10-11 21:38 <REP> d-------- C:\Program Files\Realtek AC97
2007-10-09 21:05 <REP> d-------- C:\Program Files\Straighthold Trader
2007-10-09 18:19 <REP> d-------- C:\Program Files\fxsolutions
2007-10-09 17:36 <REP> d-------- C:\Program Files\AvaTrader
2007-10-09 15:17 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2007-10-09 15:15 <REP> d-------- C:\Program Files\Fichiers communs\Bcgsoft
2007-10-09 15:15 <REP> d-------- C:\Documents and Settings\Serban\Application Data\WH SELFINVEST
2007-10-09 15:14 <REP> d-------- C:\Program Files\WHS ProStation
2007-10-09 15:14 1,802,240 --a------ C:\WINDOWS\system32\BCGCBPRO670u.dll
2007-10-09 15:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-10-09 15:14 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-10-09 15:14 22,528 --a------ C:\WINDOWS\system32\borlndmm.dll
2007-10-09 12:23 46,592 --a------ C:\WINDOWS\system32\dxdllreg.exe
2007-10-09 12:22 <REP> d-------- C:\DirectX9
2007-10-09 12:21 <REP> d-------- C:\WINDOWS\system32\bits
2007-10-09 11:41 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2007-10-09 11:41 40,960 --a------ C:\WINDOWS\system32\ChCfg.exe
2007-10-07 18:17 <REP> d-------- C:\Program Files\ATI Technologies
2007-10-07 17:58 <REP> d-------- C:\Program Files\AMD
2007-10-07 17:58 <REP> d-------- C:\Documents and Settings\Serban\Application Data\InstallShield
2007-10-07 17:58 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-10-07 17:58 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-10-07 17:58 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-10-07 17:58 187,160 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-10-07 17:58 170,776 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-10-07 17:58 43,520 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2007-10-07 17:58 33,624 --a------ C:\WINDOWS\system32\wups.dll
2007-10-07 17:54 <REP> d-------- C:\Program Files\Lavalys
2007-10-07 17:47 <REP> d-------- C:\Program Files\Broadcom
2007-10-07 17:47 754,688 --a------ C:\WINDOWS\system32\drivers\bcmwl564.sys
2007-10-07 17:47 604,928 --a------ C:\WINDOWS\system32\drivers\bcmwl5.sys
2007-10-07 17:47 28,544 --a------ C:\WINDOWS\system32\drivers\callistx.sys
2007-10-07 14:39 <REP> d-------- C:\Program Files\Sunbelt Software
2007-10-06 12:03 <REP> d-------- C:\Documents and Settings\Serban\Application Data\Canon
2007-10-06 11:48 <REP> d-------- C:\Documents and Settings\Serban\Application Data\ZoomBrowser EX
2007-10-06 11:46 146,944 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-10-06 11:46 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-10-06 11:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2007-10-06 11:36 <REP> d-------- C:\Program Files\Fichiers communs\Canon

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-17 20:32 136 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-10-05 21:20 --------- d-----w C:\Program Files\Alwil Software
2007-10-05 20:02 98,054 ----a-w C:\WINDOWS\Web\wcxnjhhj.exe
2007-10-05 19:56 14,164 ---ha-w C:\WINDOWS\system32\anxqfjox.exe
2007-10-05 19:36 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-05 19:35 --------- d-----w C:\Program Files\Services en ligne
2007-10-05 19:33 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-22 02:33 46,432 ----a-w C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-08-22 02:09 352,256 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-08-22 02:07 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-08-22 02:07 268,800 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-08-22 02:07 2,417,664 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-08-22 01:59 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-08-22 01:59 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-08-22 01:58 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-08-22 01:58 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-08-22 01:57 487,424 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-08-22 01:56 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-08-22 01:48 8,306,688 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-08-22 01:47 3,091,392 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-08-22 01:35 1,586,816 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-08-22 01:21 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-08-22 01:19 266,240 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-08-22 01:17 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-08-22 01:15 172,032 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-08-22 01:13 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-08-22 01:11 450,560 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C606903-F5FB-4ACF-AC3D-B243D7B5159C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6AA62B16-4F1B-429C-93FC-0AC003FD760E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7BCAB8B4-F48F-4472-8B4B-53CAF9BC372C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9CAC449F-A741-467F-B528-81A426995175}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACF4B600-548D-48D4-8B67-E9316E8F1685}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF3503D6-8FE4-4788-8464-F9F8304C30E7}]
C:\WINDOWS\system32\ddccd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"BroadcomWireless"="C:\Program Files\Broadcom\Wireless\Utility\WlanUtil.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"SearchIndexer"="C:\WINDOWS\System32\oqjcqwnm.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\afekgvvb]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\esilchil]
esilchil.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\uyclfdho]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wmndmlcq]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssqpp.dll
"Notification Packages"= scecli scecli

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
R2 X4HSX32;X4HSX32;\??\C:\Program Files\Player Metaboli\X4HSX32.Sys
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-16 18:25:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-21 17:41:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-21 17:45:13 - machine was rebooted
.
--- E O F ---






maintenant voici le rapport hijack


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 17:48:39, on 21/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Serban\Bureau\Securite\HiJackThis_v2.exe

O2 - BHO: (no name) - {5C606903-F5FB-4ACF-AC3D-B243D7B5159C} - (no file)
O2 - BHO: (no name) - {6AA62B16-4F1B-429C-93FC-0AC003FD760E} - (no file)
O2 - BHO: (no name) - {7BCAB8B4-F48F-4472-8B4B-53CAF9BC372C} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9CAC449F-A741-467F-B528-81A426995175} - (no file)
O2 - BHO: (no name) - {BF3503D6-8FE4-4788-8464-F9F8304C30E7} - C:\WINDOWS\system32\ddccd.dll (file missing)
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\MSDXM.OCX
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BroadcomWireless] C:\Program Files\Broadcom\Wireless\Utility\WlanUtil.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\
O20 - Winlogon Notify: afekgvvb - C:\WINDOWS\
O20 - Winlogon Notify: esilchil - esilchil.dll (file missing)
O20 - Winlogon Notify: uyclfdho - C:\WINDOWS\
O20 - Winlogon Notify: wmndmlcq - C:\WINDOWS\
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 6343 bytes



et enfin le rapport qui est à la racine c:


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 17:48:39, on 21/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Serban\Bureau\Securite\HiJackThis_v2.exe

O2 - BHO: (no name) - {5C606903-F5FB-4ACF-AC3D-B243D7B5159C} - (no file)
O2 - BHO: (no name) - {6AA62B16-4F1B-429C-93FC-0AC003FD760E} - (no file)
O2 - BHO: (no name) - {7BCAB8B4-F48F-4472-8B4B-53CAF9BC372C} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9CAC449F-A741-467F-B528-81A426995175} - (no file)
O2 - BHO: (no name) - {BF3503D6-8FE4-4788-8464-F9F8304C30E7} - C:\WINDOWS\system32\ddccd.dll (file missing)
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\MSDXM.OCX
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BroadcomWireless] C:\Program Files\Broadcom\Wireless\Utility\WlanUtil.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\
O20 - Winlogon Notify: afekgvvb - C:\WINDOWS\
O20 - Winlogon Notify: esilchil - esilchil.dll (file missing)
O20 - Winlogon Notify: uyclfdho - C:\WINDOWS\
O20 - Winlogon Notify: wmndmlcq - C:\WINDOWS\
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 6343 bytes






bon c'est vrai que pour le moment j'ai l'imprsion que ca c'est arrangé... Mais j'attends une ou deux heure pour vous dire si ca a vraiment bien fonctionné

chercheur_
Profil : Helper
Plus d'informations
n°250774
21-10-2007 à 18:33:12

Re


Il en reste.


Copie (Ctrl+C) le texte ci-dessous :

File::
C:\WINDOWS\system32\cspmjm.exe
C:\WINDOWS\system32\ieqvpe.exe
C:\WINDOWS\Web\wcxnjhhj.exe
C:\WINDOWS\system32\anxqfjox.exe
C:\WINDOWS\system32\ssqpp.dll
C:\WINDOWS\System32\oqjcqwnm.dll
C:\WINDOWS\system32\ddccd.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C606903-F5FB-4ACF-AC3D-B243D7B5159C}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6AA62B16-4F1B-429C-93FC-0AC003FD760E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7BCAB8B4-F48F-4472-8B4B-53CAF9BC372C}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9CAC449F-A741-467F-B528-81A426995175}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACF4B600-548D-48D4-8B67-E9316E8F1685}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF3503D6-8FE4-4788-8464-F9F8304C30E7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchIndexer"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\afekgvvb]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\esilchil]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\uyclfdho]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wmndmlcq]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

Comme l'image le montre, fait glisser CFScript.txt sur Combofix.exe
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


---------------
Le meilleur antivirus, c'est vous
Vous avez un problème ? Créez votre propre post !
beaglecut
Vive l'open source
Profil : IDNaute
Plus d'informations
n°250832
21-10-2007 à 20:32:52

ok donc voila le rapport:

ComboFix 07-10-20.6 - Serban 2007-10-21 20:02:29.2 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.129 [GMT 2:00]
Running from: C:\Documents and Settings\Serban\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Serban\Bureau\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\anxqfjox.exe
C:\WINDOWS\system32\cspmjm.exe
C:\WINDOWS\system32\ddccd.dll
C:\WINDOWS\system32\ieqvpe.exe
C:\WINDOWS\System32\oqjcqwnm.dll
C:\WINDOWS\system32\ssqpp.dll
C:\WINDOWS\Web\wcxnjhhj.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\anxqfjox.exe
C:\WINDOWS\system32\cspmjm.exe
C:\WINDOWS\system32\ieqvpe.exe
C:\WINDOWS\Web\wcxnjhhj.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-21 to 2007-10-21 ))))))))))))))))))))))))))))))))))))
.

2007-10-21 18:08 <REP> d-------- C:\WINDOWS\LastGood
2007-10-21 17:20 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-21 15:05 <REP> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-21 15:02 <REP> d-------- C:\Documents and Settings\Serban\Application Data\MSN6
2007-10-21 15:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2007-10-21 14:53 <REP> d-------- C:\VundoFix Backups
2007-10-21 13:23 <REP> d-------- C:\Temp
2007-10-21 00:36 <REP> d-------- C:\Documents and Settings\Serban\Application Data\vlc
2007-10-21 00:27 <REP> d-------- C:\Program Files\VideoLAN
2007-10-20 23:17 <REP> d-------- C:\Program Files\HarmoTab
2007-10-20 23:16 290,816 --------- C:\WINDOWS\Setup1.exe
2007-10-20 23:16 74,752 --a------ C:\WINDOWS\ST6UNST.EXE
2007-10-20 21:24 <REP> d-------- C:\Remote Programs
2007-10-20 21:24 <REP> d-------- C:\Program Files\Player Metaboli
2007-10-20 21:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Exetender
2007-10-20 21:24 53,314 --------- C:\WINDOWS\ExentInfo.exe
2007-10-20 21:24 68 --a------ C:\WINDOWS\GPlrLanc.dat
2007-10-20 21:14 <REP> d-------- C:\Games
2007-10-20 14:56 <REP> d---s---- C:\Documents and Settings\Serban\UserData
2007-10-18 16:51 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-10-18 16:51 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-10-18 16:47 <REP> d-------- C:\Program Files\Logon Loader
2007-10-16 20:12 <REP> d-------- C:\WINDOWS\system32\Lang
2007-10-16 20:06 135,168 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2007-10-16 20:06 48 --a------ C:\WINDOWS\system32\drivers\RtkHDAud.dat
2007-10-16 20:04 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-10-16 20:04 60,288 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys
2007-10-16 20:02 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2007-10-16 19:12 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-10-16 19:12 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-10-16 19:12 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-10-16 11:03 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-16 09:32 <REP> d--h----- C:\WINDOWS\$hf_mig$
2007-10-16 00:58 <REP> d-------- C:\Documents and Settings\LocalService\Menu D‚marrer
2007-10-16 00:18 <REP> d-------- C:\WINDOWS\ServicePackFiles
2007-10-15 23:09 <REP> d-------- C:\Program Files\Realtek
2007-10-15 22:42 <REP> d-------- C:\WINDOWS\provisioning
2007-10-15 22:42 <REP> d-------- C:\WINDOWS\peernet
2007-10-15 22:33 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-10-15 22:29 <REP> d-------- C:\WINDOWS\EHome
2007-10-15 22:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-10-15 21:18 3,328 --a------ C:\WINDOWS\system32\drivers\pciide.sys
2007-10-15 21:18 3,328 --a--c--- C:\WINDOWS\system32\dllcache\pciide.sys
2007-10-15 21:15 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2007-10-15 21:15 4,569 --------- C:\WINDOWS\system32\secupd.dat
2007-10-14 18:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-14 18:24 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-14 18:24 <REP> d-------- C:\Documents and Settings\Serban\Application Data\SUPERAntiSpyware.com
2007-10-14 18:19 <REP> d-------- C:\Program Files\a-squared Free
2007-10-14 13:14 <REP> d-------- C:\Program Files\Lavasoft
2007-10-14 13:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-14 13:12 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-10-14 13:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-12 19:26 <REP> d-------- C:\Program Files\Macromedia
2007-10-12 19:26 <REP> d-------- C:\Program Files\Fichiers communs\Macromedia
2007-10-12 19:25 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-10-12 18:55 <REP> d-------- C:\Program Files\FileZilla Client
2007-10-12 17:37 40,960 -----c--- C:\WINDOWS\system32\dllcache\evtgprov.dll
2007-10-12 17:28 <REP> d--h-c--- C:\WINDOWS\$xpsp1hfm$
2007-10-12 17:28 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-10-11 21:38 <REP> d-------- C:\Program Files\Realtek AC97
2007-10-09 21:05 <REP> d-------- C:\Program Files\Straighthold Trader
2007-10-09 18:19 <REP> d-------- C:\Program Files\fxsolutions
2007-10-09 17:36 <REP> d-------- C:\Program Files\AvaTrader
2007-10-09 15:17 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2007-10-09 15:15 <REP> d-------- C:\Program Files\Fichiers communs\Bcgsoft
2007-10-09 15:15 <REP> d-------- C:\Documents and Settings\Serban\Application Data\WH SELFINVEST
2007-10-09 15:14 <REP> d-------- C:\Program Files\WHS ProStation
2007-10-09 15:14 1,802,240 --a------ C:\WINDOWS\system32\BCGCBPRO670u.dll
2007-10-09 15:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-10-09 15:14 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-10-09 15:14 22,528 --a------ C:\WINDOWS\system32\borlndmm.dll
2007-10-09 12:23 46,592 --a------ C:\WINDOWS\system32\dxdllreg.exe
2007-10-09 12:22 <REP> d-------- C:\DirectX9
2007-10-09 12:21 <REP> d-------- C:\WINDOWS\system32\bits
2007-10-09 11:41 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2007-10-09 11:41 40,960 --a------ C:\WINDOWS\system32\ChCfg.exe
2007-10-07 18:17 <REP> d-------- C:\Program Files\ATI Technologies
2007-10-07 17:58 <REP> d-------- C:\Program Files\AMD
2007-10-07 17:58 <REP> d-------- C:\Documents and Settings\Serban\Application Data\InstallShield
2007-10-07 17:58 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-10-07 17:58 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-10-07 17:58 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-10-07 17:58 187,160 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-10-07 17:58 170,776 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-10-07 17:58 43,520 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2007-10-07 17:58 33,624 --a------ C:\WINDOWS\system32\wups.dll
2007-10-07 17:54 <REP> d-------- C:\Program Files\Lavalys
2007-10-07 17:47 <REP> d-------- C:\Program Files\Broadcom
2007-10-07 17:47 754,688 --a------ C:\WINDOWS\system32\drivers\bcmwl564.sys
2007-10-07 17:47 604,928 --a------ C:\WINDOWS\system32\drivers\bcmwl5.sys
2007-10-07 17:47 28,544 --a------ C:\WINDOWS\system32\drivers\callistx.sys
2007-10-07 14:39 <REP> d-------- C:\Program Files\Sunbelt Software
2007-10-06 12:03 <REP> d-------- C:\Documents and Settings\Serban\Application Data\Canon
2007-10-06 11:48 <REP> d-------- C:\Documents and Settings\Serban\Application Data\ZoomBrowser EX
2007-10-06 11:46 146,944 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-10-06 11:46 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-10-06 11:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2007-10-06 11:36 <REP> d-------- C:\Program Files\Fichiers communs\Canon
2007-10-06 11:36 <REP> d-------- C:\Program Files\Canon

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-17 20:32 136 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-10-05 21:20 --------- d-----w C:\Program Files\Alwil Software
2007-10-05 19:36 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-05 19:35 --------- d-----w C:\Program Files\Services en ligne
2007-10-05 19:33 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-22 02:33 46,432 ----a-w C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-08-22 02:09 352,256 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-08-22 02:07 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-08-22 02:07 268,800 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-08-22 02:07 2,417,664 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-08-22 01:59 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-08-22 01:59 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-08-22 01:58 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-08-22 01:58 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-08-22 01:57 487,424 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-08-22 01:56 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-08-22 01:48 8,306,688 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-08-22 01:47 3,091,392 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-08-22 01:35 1,586,816 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-08-22 01:21 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-08-22 01:19 266,240 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-08-22 01:17 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-08-22 01:15 172,032 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-08-22 01:13 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-08-22 01:11 450,560 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"BroadcomWireless"="C:\Program Files\Broadcom\Wireless\Utility\WlanUtil.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"DependencyCheck"=Performed

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
R2 X4HSX32;X4HSX32;\??\C:\Program Files\Player Metaboli\X4HSX32.Sys
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-16 18:25:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-21 20:28:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-21 20:30:39
C:\ComboFix2.txt ... 2007-10-21 17:45
.
--- E O F ---

chercheur_
Profil : Helper
Plus d'informations