Pubs CID

Bonjour,

Télécharge Lop S&D.exe sur ton Bureau.

Double-clique dessus pour lancer l'installation

Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau

Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)

Patiente jusqu'à la fin du scan

Poste le rapport généré (C:\lopR.txt)

(Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

Dabord merci de votre réponse qu'asi-instentanée! voila le rapport:


-----------------------------[ Lop S&D 2.3.3 ]---------------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : VITTOZ ] [ "C:\Program Files\Lop SD" ]
[ 12/02/2008 | 18:07:16,28 ] [ PC : VITOZ ]
[ MAJ : 12-02-2008 | 00:15 ]

-------------[ Listing des dossiers dans Application Data ]------------

[12/02/2008|10:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.
[12/02/2008|10:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..
[29/01/2008|19:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[29/01/2008|19:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[01/02/2008|18:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[12/02/2008|10:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Book Slow Axis Web
[29/01/2008|11:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ciel
[28/01/2008|22:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[28/01/2008|12:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[28/01/2008|22:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[12/02/2008|17:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
[05/02/2008|10:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[05/02/2008|10:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[28/01/2008|12:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.
[28/01/2008|12:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..
[28/01/2008|12:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[28/01/2008|11:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[28/01/2008|12:00] C:\DOCUME~1\LOCALS~1\APPLIC~1\.
[28/01/2008|12:00] C:\DOCUME~1\LOCALS~1\APPLIC~1\..
[28/01/2008|11:55] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[28/01/2008|11:59] C:\DOCUME~1\NETWOR~1\APPLIC~1\.
[28/01/2008|11:59] C:\DOCUME~1\NETWOR~1\APPLIC~1\..
[28/01/2008|11:55] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[12/02/2008|10:55] C:\DOCUME~1\VITTOZ\APPLIC~1\.
[12/02/2008|10:55] C:\DOCUME~1\VITTOZ\APPLIC~1\..
[28/01/2008|22:27] C:\DOCUME~1\VITTOZ\APPLIC~1\Adobe
[29/01/2008|19:39] C:\DOCUME~1\VITTOZ\APPLIC~1\Apple Computer
[09/02/2008|09:41] C:\DOCUME~1\VITTOZ\APPLIC~1\Azureus
[12/02/2008|10:53] C:\DOCUME~1\VITTOZ\APPLIC~1\bluelogo
[28/01/2008|22:44] C:\DOCUME~1\VITTOZ\APPLIC~1\CyberLink
[28/01/2008|12:39] C:\DOCUME~1\VITTOZ\APPLIC~1\desktop.ini
[31/01/2008|21:12] C:\DOCUME~1\VITTOZ\APPLIC~1\dvdcss
[28/01/2008|12:05] C:\DOCUME~1\VITTOZ\APPLIC~1\Identities
[29/01/2008|10:56] C:\DOCUME~1\VITTOZ\APPLIC~1\InterTrust
[12/02/2008|10:50] C:\DOCUME~1\VITTOZ\APPLIC~1\LimeWire
[28/01/2008|21:48] C:\DOCUME~1\VITTOZ\APPLIC~1\Macromedia
[04/02/2008|19:47] C:\DOCUME~1\VITTOZ\APPLIC~1\Microsoft
[28/01/2008|22:23] C:\DOCUME~1\VITTOZ\APPLIC~1\Mozilla
[12/02/2008|10:55] C:\DOCUME~1\VITTOZ\APPLIC~1\urlredir.cfg
[31/01/2008|20:01] C:\DOCUME~1\VITTOZ\APPLIC~1\vlc
[07/02/2008|17:20] C:\DOCUME~1\VITTOZ\APPLIC~1\WinRAR

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[12/02/2008 18:00][--ah-----] C:\WINDOWS\tasks\AD9EED3091F59F4C.job [--260--]
[29/01/2008 19:37][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job [--284--]
[12/02/2008 17:50][--ah-----] C:\WINDOWS\tasks\SA.DAT [--6--]
[02/03/2006 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini [--65--]

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[12/02/2008|18:06] C:\Program Files\.
[12/02/2008|18:06] C:\Program Files\..
[28/01/2008|14:17] C:\Program Files\Adobe
[12/02/2008|10:53] C:\Program Files\Adssite Games Collection
[28/01/2008|14:12] C:\Program Files\Ahead
[28/01/2008|12:09] C:\Program Files\AMD
[29/01/2008|19:37] C:\Program Files\Apple Software Update
[02/02/2008|11:39] C:\Program Files\Azureus
[12/02/2008|10:52] C:\Program Files\BitDownload
[12/02/2008|10:52] C:\Program Files\bluelogo
[29/01/2008|19:38] C:\Program Files\Bonjour
[29/01/2008|10:59] C:\Program Files\Ciel
[28/01/2008|11:52] C:\Program Files\ComPlus Applications
[28/01/2008|14:10] C:\Program Files\CyberLink
[28/01/2008|14:10] C:\Program Files\CyberLink DVD Solution
[09/02/2008|20:56] C:\Program Files\DivX
[28/01/2008|22:41] C:\Program Files\Dofus
[05/02/2008|10:22] C:\Program Files\Fichiers communs
[28/01/2008|21:41] C:\Program Files\InstallShield Installation Information
[05/02/2008|14:31] C:\Program Files\InterActual
[30/01/2008|09:05] C:\Program Files\Internet Explorer
[29/01/2008|19:38] C:\Program Files\iPod
[29/01/2008|19:38] C:\Program Files\iTunes
[29/01/2008|19:14] C:\Program Files\Java
[28/01/2008|21:52] C:\Program Files\Kaspersky Lab
[28/01/2008|14:07] C:\Program Files\K-Lite Codec Pack
[29/01/2008|19:14] C:\Program Files\LimeWire
[12/02/2008|18:07] C:\Program Files\Lop SD
[30/01/2008|08:01] C:\Program Files\Messenger
[09/02/2008|14:28] C:\Program Files\MessengerPlus! 3
[28/01/2008|11:56] C:\Program Files\microsoft frontpage
[28/01/2008|12:29] C:\Program Files\Microsoft Office
[28/01/2008|12:29] C:\Program Files\Microsoft.NET
[28/01/2008|11:53] C:\Program Files\Movie Maker
[12/02/2008|17:56] C:\Program Files\Mozilla Firefox
[28/01/2008|11:51] C:\Program Files\MSN
[28/01/2008|11:52] C:\Program Files\MSN Gaming Zone
[28/01/2008|11:54] C:\Program Files\NetMeeting
[28/01/2008|11:52] C:\Program Files\Online Services
[30/01/2008|08:00] C:\Program Files\Outlook Express
[29/01/2008|19:38] C:\Program Files\QuickTime
[28/01/2008|12:14] C:\Program Files\Realtek
[28/01/2008|21:41] C:\Program Files\SAGEM
[28/01/2008|18:16] C:\Program Files\Securitoo
[28/01/2008|11:54] C:\Program Files\Services en ligne
[12/02/2008|11:31] C:\Program Files\Trend Micro
[28/01/2008|12:05] C:\Program Files\Uninstall Information
[01/10/2004|15:00] C:\Program Files\Uninstall_CDS.exe
[28/01/2008|12:10] C:\Program Files\VIA
[31/01/2008|20:01] C:\Program Files\VideoLAN
[12/02/2008|17:51] C:\Program Files\Wanadoo
[05/02/2008|10:37] C:\Program Files\Windows Live
[30/01/2008|08:00] C:\Program Files\Windows Media Player
[28/01/2008|11:52] C:\Program Files\Windows NT
[28/01/2008|11:54] C:\Program Files\WindowsUpdate
[07/02/2008|17:20] C:\Program Files\WinRAR
[28/01/2008|11:56] C:\Program Files\xerox

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[05/02/2008|10:22] C:\Program Files\Fichiers communs\.
[05/02/2008|10:22] C:\Program Files\Fichiers communs\..
[29/01/2008|10:56] C:\Program Files\Fichiers communs\Adobe
[28/01/2008|14:12] C:\Program Files\Fichiers communs\Ahead
[29/01/2008|19:36] C:\Program Files\Fichiers communs\Apple
[28/01/2008|12:29] C:\Program Files\Fichiers communs\DESIGNER
[28/01/2008|14:10] C:\Program Files\Fichiers communs\InstallShield
[29/01/2008|19:07] C:\Program Files\Fichiers communs\Java
[05/02/2008|10:39] C:\Program Files\Fichiers communs\Microsoft Shared
[28/01/2008|11:53] C:\Program Files\Fichiers communs\MSSoap
[28/01/2008|12:39] C:\Program Files\Fichiers communs\ODBC
[28/01/2008|11:54] C:\Program Files\Fichiers communs\Services
[28/01/2008|12:39] C:\Program Files\Fichiers communs\SpeechEngines
[30/01/2008|08:00] C:\Program Files\Fichiers communs\System
[05/02/2008|10:36] C:\Program Files\Fichiers communs\WindowsLiveInstaller

----------------------[ Recherche avec S_Lop ]---------------------

C:\DOCUME~1\VITTOZ\LOCALS~1\Temp\bis72.exe
C:\DOCUME~1\VITTOZ\APPLIC~1\bluelogo
C:\DOCUME~1\VITTOZ\APPLIC~1\bluelogo\dphvakxz.exe
C:\DOCUME~1\VITTOZ\APPLIC~1\bluelogo\mixnewregs.exe
C:\DOCUME~1\VITTOZ\APPLIC~1\bluelogo\send gram file.exe

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Book Slow Axis Web
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Book Slow Axis Web\corn media.exe
C:\Program Files\Bitdownload
C:\Program Files\Bitdownload\BitDownload Setup Components
C:\WINDOWS\Prefetch\BITDOWNLOAD SETUP.EXE-00358730.pf
C:\WINDOWS\Tasks\AD9EED3091F59F4C.job

----------------------[ Verification du Registre ]----------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\uninstall\rect wma base]
"DisplayName"="CiD Help"
"UninstallString"="C:\\DOCUME~1\\VITTOZ\\APPLIC~1\\bluelogo\\send gram file.exe -uninstall"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Store Default"="C:\\DOCUME~1\\VITTOZ\\APPLIC~1\\bluelogo\\send gram file.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"axis web cake second"="C:\\Documents and Settings\\All Users\\Application Data\\Book Slow Axis Web\\corn media.exe"

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts MODIFIE

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

-> 72 ( 70 ## added by CiD )

/!\ 1 Not 127.0.0.1 !!

----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-12 18:08:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden files ...
scan completed successfully
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

Aucune autre infection trouvée !

/!\ [Fich:521][Doss:30] C:\DOCUME~1\VITTOZ\LOCALS~1\Temp
/!\ [Fich:161][Doss:0] C:\DOCUME~1\VITTOZ\Cookies
/!\ [Fich:12170][Doss:16] C:\DOCUME~1\VITTOZ\LOCALS~1\TEMPOR~1\content.IE5

--------------------[ Fin du rapport a 18:09:11,53 ]----------------------

Merci de l'attention qui serat porté a ce sujet

Re,

Relance Lop S&D

Choisis cette fois ci l'Option 2 (Suppression)

Ne ferme pas la fenêtre lors de la suppression !

Poste le rapport généré (C:\lopR.txt)

(Si le Bureau ne réapparît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

Deuxieme rapport Lop S&D




-----------------------------[ Lop S&D 2.3.3 ]---------------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : VITTOZ ] [ "C:\Program Files\Lop SD" ]
[ 12/02/2008 | 18:32:11,39 ] [ PC : VITOZ ]
[ MAJ : 12-02-2008 | 00:15 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Book Slow Axis Web\corn media.exe
Supprimé! - C:\Program Files\Bitdownload\BitDownload Setup Components
Supprimé! - C:\WINDOWS\Prefetch\BITDOWNLOAD SETUP.EXE-00358730.pf
Supprimé! - C:\WINDOWS\Tasks\AD9EED3091F59F4C.job
Supprimé! - C:\DOCUME~1\VITTOZ\LOCALS~1\Temp\bis72.exe
Supprimé! - C:\DOCUME~1\VITTOZ\APPLIC~1\bluelogo\dphvakxz.exe
Supprimé! - C:\DOCUME~1\VITTOZ\APPLIC~1\bluelogo\mixnewregs.exe
Supprimé! - C:\DOCUME~1\VITTOZ\APPLIC~1\bluelogo\send gram file.exe
Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Book Slow Axis Web
Supprimé! - C:\Program Files\Bitdownload
Supprimé! - C:\DOCUME~1\VITTOZ\APPLIC~1\bluelogo
Supprimé! - C:\Program Files\bluelogo
Restauré! - Fichier Hosts

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


-------------[ Listing des dossiers dans Application Data ]------------

[12/02/2008|18:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.
[12/02/2008|18:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..
[29/01/2008|19:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[29/01/2008|19:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[01/02/2008|18:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[29/01/2008|11:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ciel
[28/01/2008|22:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[28/01/2008|12:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[28/01/2008|22:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[12/02/2008|17:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
[05/02/2008|10:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[05/02/2008|10:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[28/01/2008|12:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.
[28/01/2008|12:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..
[28/01/2008|12:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[28/01/2008|11:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[28/01/2008|12:00] C:\DOCUME~1\LOCALS~1\APPLIC~1\.
[28/01/2008|12:00] C:\DOCUME~1\LOCALS~1\APPLIC~1\..
[28/01/2008|11:55] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[28/01/2008|11:59] C:\DOCUME~1\NETWOR~1\APPLIC~1\.
[28/01/2008|11:59] C:\DOCUME~1\NETWOR~1\APPLIC~1\..
[28/01/2008|11:55] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[12/02/2008|18:32] C:\DOCUME~1\VITTOZ\APPLIC~1\.
[12/02/2008|18:32] C:\DOCUME~1\VITTOZ\APPLIC~1\..
[28/01/2008|22:27] C:\DOCUME~1\VITTOZ\APPLIC~1\Adobe
[29/01/2008|19:39] C:\DOCUME~1\VITTOZ\APPLIC~1\Apple Computer
[09/02/2008|09:41] C:\DOCUME~1\VITTOZ\APPLIC~1\Azureus
[28/01/2008|22:44] C:\DOCUME~1\VITTOZ\APPLIC~1\CyberLink
[28/01/2008|12:39] C:\DOCUME~1\VITTOZ\APPLIC~1\desktop.ini
[31/01/2008|21:12] C:\DOCUME~1\VITTOZ\APPLIC~1\dvdcss
[28/01/2008|12:05] C:\DOCUME~1\VITTOZ\APPLIC~1\Identities
[29/01/2008|10:56] C:\DOCUME~1\VITTOZ\APPLIC~1\InterTrust
[12/02/2008|10:50] C:\DOCUME~1\VITTOZ\APPLIC~1\LimeWire
[28/01/2008|21:48] C:\DOCUME~1\VITTOZ\APPLIC~1\Macromedia
[04/02/2008|19:47] C:\DOCUME~1\VITTOZ\APPLIC~1\Microsoft
[28/01/2008|22:23] C:\DOCUME~1\VITTOZ\APPLIC~1\Mozilla
[12/02/2008|10:55] C:\DOCUME~1\VITTOZ\APPLIC~1\urlredir.cfg
[31/01/2008|20:01] C:\DOCUME~1\VITTOZ\APPLIC~1\vlc
[07/02/2008|17:20] C:\DOCUME~1\VITTOZ\APPLIC~1\WinRAR

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[29/01/2008 19:37][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job [--284--]
[12/02/2008 17:50][--ah-----] C:\WINDOWS\tasks\SA.DAT [--6--]
[02/03/2006 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini [--65--]

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[12/02/2008|18:32] C:\Program Files\.
[12/02/2008|18:32] C:\Program Files\..
[28/01/2008|14:17] C:\Program Files\Adobe
[12/02/2008|10:53] C:\Program Files\Adssite Games Collection
[28/01/2008|14:12] C:\Program Files\Ahead
[28/01/2008|12:09] C:\Program Files\AMD
[29/01/2008|19:37] C:\Program Files\Apple Software Update
[02/02/2008|11:39] C:\Program Files\Azureus
[29/01/2008|19:38] C:\Program Files\Bonjour
[29/01/2008|10:59] C:\Program Files\Ciel
[28/01/2008|11:52] C:\Program Files\ComPlus Applications
[28/01/2008|14:10] C:\Program Files\CyberLink
[28/01/2008|14:10] C:\Program Files\CyberLink DVD Solution
[09/02/2008|20:56] C:\Program Files\DivX
[28/01/2008|22:41] C:\Program Files\Dofus
[05/02/2008|10:22] C:\Program Files\Fichiers communs
[28/01/2008|21:41] C:\Program Files\InstallShield Installation Information
[05/02/2008|14:31] C:\Program Files\InterActual
[30/01/2008|09:05] C:\Program Files\Internet Explorer
[29/01/2008|19:38] C:\Program Files\iPod
[29/01/2008|19:38] C:\Program Files\iTunes
[29/01/2008|19:14] C:\Program Files\Java
[28/01/2008|21:52] C:\Program Files\Kaspersky Lab
[28/01/2008|14:07] C:\Program Files\K-Lite Codec Pack
[29/01/2008|19:14] C:\Program Files\LimeWire
[12/02/2008|18:32] C:\Program Files\Lop SD
[30/01/2008|08:01] C:\Program Files\Messenger
[09/02/2008|14:28] C:\Program Files\MessengerPlus! 3
[28/01/2008|11:56] C:\Program Files\microsoft frontpage
[28/01/2008|12:29] C:\Program Files\Microsoft Office
[28/01/2008|12:29] C:\Program Files\Microsoft.NET
[28/01/2008|11:53] C:\Program Files\Movie Maker
[12/02/2008|17:56] C:\Program Files\Mozilla Firefox
[28/01/2008|11:51] C:\Program Files\MSN
[28/01/2008|11:52] C:\Program Files\MSN Gaming Zone
[28/01/2008|11:54] C:\Program Files\NetMeeting
[28/01/2008|11:52] C:\Program Files\Online Services
[30/01/2008|08:00] C:\Program Files\Outlook Express
[29/01/2008|19:38] C:\Program Files\QuickTime
[28/01/2008|12:14] C:\Program Files\Realtek
[28/01/2008|21:41] C:\Program Files\SAGEM
[28/01/2008|18:16] C:\Program Files\Securitoo
[28/01/2008|11:54] C:\Program Files\Services en ligne
[12/02/2008|11:31] C:\Program Files\Trend Micro
[28/01/2008|12:05] C:\Program Files\Uninstall Information
[01/10/2004|15:00] C:\Program Files\Uninstall_CDS.exe
[28/01/2008|12:10] C:\Program Files\VIA
[31/01/2008|20:01] C:\Program Files\VideoLAN
[12/02/2008|17:51] C:\Program Files\Wanadoo
[05/02/2008|10:37] C:\Program Files\Windows Live
[30/01/2008|08:00] C:\Program Files\Windows Media Player
[28/01/2008|11:52] C:\Program Files\Windows NT
[28/01/2008|11:54] C:\Program Files\WindowsUpdate
[07/02/2008|17:20] C:\Program Files\WinRAR
[28/01/2008|11:56] C:\Program Files\xerox

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[05/02/2008|10:22] C:\Program Files\Fichiers communs\.
[05/02/2008|10:22] C:\Program Files\Fichiers communs\..
[29/01/2008|10:56] C:\Program Files\Fichiers communs\Adobe
[28/01/2008|14:12] C:\Program Files\Fichiers communs\Ahead
[29/01/2008|19:36] C:\Program Files\Fichiers communs\Apple
[28/01/2008|12:29] C:\Program Files\Fichiers communs\DESIGNER
[28/01/2008|14:10] C:\Program Files\Fichiers communs\InstallShield
[29/01/2008|19:07] C:\Program Files\Fichiers communs\Java
[05/02/2008|10:39] C:\Program Files\Fichiers communs\Microsoft Shared
[28/01/2008|11:53] C:\Program Files\Fichiers communs\MSSoap
[28/01/2008|12:39] C:\Program Files\Fichiers communs\ODBC
[28/01/2008|11:54] C:\Program Files\Fichiers communs\Services
[28/01/2008|12:39] C:\Program Files\Fichiers communs\SpeechEngines
[30/01/2008|08:00] C:\Program Files\Fichiers communs\System
[05/02/2008|10:36] C:\Program Files\Fichiers communs\WindowsLiveInstaller

----------------------[ Recherche avec S_Lop ]---------------------

Aucun fichier / dossier Lop trouvé !

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

Aucun fichier / dossier Lop trouvé !

----------------------[ Verification du Registre ]----------------------

..... OK !

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE


----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-12 18:33:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden files ...
scan completed successfully
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

Aucune autre infection trouvée !

/!\ [Fich:520][Doss:30] C:\DOCUME~1\VITTOZ\LOCALS~1\Temp
/!\ [Fich:162][Doss:0] C:\DOCUME~1\VITTOZ\Cookies
/!\ [Fich:12229][Doss:16] C:\DOCUME~1\VITTOZ\LOCALS~1\TEMPOR~1\content.IE5

--------------------[ Fin du rapport a 18:33:47,67 ]----------------------

Reposte un rapport Hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:47:54, on 12/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Dofus\Dofus_client.exe
C:\Program Files\Dofus\dofus.dll
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iesearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: rightonads optimizer - {7D9362F8-77D8-4b29-97B5-621D550890C0} - C:\WINDOWS\system32\gzmrt.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsq9E.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [postSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrt.dll" DllStart
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7455 bytes

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.

Double clique sur combofix.exe afin de le lancer.

Tape sur la touche 1 (Yes) pour démarrer le scan.

Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Rapport de combofix :

ComboFix 08-02-13.1 - VITTOZ 2008-02-12 20:36:59.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.563 [GMT 1:00]
Endroit: C:\Documents and Settings\VITTOZ\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\gzmrt.dll
C:\WINDOWS\system32\nsq9E.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-13 to 2008-02-13 ))))))))))))))))))))))))))))))))))))
.

2008-02-12 18:06 . 2008-02-12 18:33 <REP> d-------- C:\Program Files\Lop SD
2008-02-12 11:31 . 2008-02-12 11:31 <REP> d-------- C:\Program Files\Trend Micro
2008-02-12 10:54 . 2008-02-12 10:54 46,300 --a------ C:\WINDOWS\system32\AdssiteSocial-uninstall.exe
2008-02-12 10:53 . 2008-02-12 10:53 <REP> d-------- C:\Program Files\Adssite Games Collection
2008-02-12 10:53 . 2008-02-12 10:58 80,090 --a------ C:\WINDOWS\system32\adssite-remove.exe
2008-02-12 10:53 . 2008-02-12 10:58 77,353 --a------ C:\WINDOWS\system32\adssite_sidebar_uninstall.exe
2008-02-12 10:53 . 2008-02-12 10:58 40,724 --a------ C:\WINDOWS\system32\rightonadz-uninst.exe
2008-02-09 20:56 . 2008-02-09 20:56 684 --a------ C:\WINDOWS\mozver.dat
2008-02-09 14:27 . 2008-02-09 14:28 <REP> d-------- C:\Program Files\MessengerPlus! 3
2008-02-06 06:50 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-06 06:50 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-06 06:50 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-05 14:35 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-02-05 14:35 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-02-05 10:22 . 2008-02-05 10:37 <REP> d-------- C:\Program Files\Windows Live
2008-02-05 10:22 . 2008-02-05 10:36 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-05 10:22 . 2008-02-05 10:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-01 18:38 . 2008-02-09 09:41 <REP> d-------- C:\Documents and Settings\VITTOZ\Application Data\Azureus
2008-02-01 18:38 . 2008-02-01 18:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-02-01 18:37 . 2008-02-02 11:39 <REP> d-------- C:\Program Files\Azureus
2008-01-31 21:12 . 2008-01-31 21:12 <REP> d-------- C:\Documents and Settings\VITTOZ\Application Data\dvdcss
2008-01-31 20:01 . 2008-01-31 20:01 <REP> d-------- C:\Program Files\VideoLAN
2008-01-31 20:01 . 2008-01-31 20:01 <REP> d-------- C:\Documents and Settings\VITTOZ\Application Data\vlc
2008-01-31 19:58 . 2008-01-31 19:58 0 --a------ C:\WINDOWS\iPlayer.INI
2008-01-31 19:57 . 2008-02-09 22:31 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-01-31 19:56 . 2008-02-05 14:31 <REP> d-------- C:\Program Files\InterActual
2008-01-30 09:02 . 2007-10-11 00:49 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-01-30 09:02 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-01-30 09:02 . 2007-07-01 04:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-01-30 09:02 . 2007-10-11 00:49 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-01-30 09:02 . 2007-10-11 00:49 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-01-30 09:02 . 2007-10-11 00:49 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-01-30 09:02 . 2007-10-11 00:49 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-01-30 09:02 . 2007-10-11 00:49 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-01-30 09:02 . 2007-10-10 11:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-01-30 09:01 . 2008-01-30 09:02 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-01-30 08:00 . 2006-03-02 13:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-01-29 19:40 . 2008-02-13 20:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-29 19:40 . 2008-01-29 19:40 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-29 19:39 . 2008-01-29 19:39 <REP> d-------- C:\Documents and Settings\VITTOZ\Application Data\Apple Computer
2008-01-29 19:38 . 2008-01-29 19:38 <REP> d-------- C:\Program Files\iTunes
2008-01-29 19:38 . 2008-01-29 19:38 <REP> d-------- C:\Program Files\iPod
2008-01-29 19:38 . 2008-01-29 19:38 <REP> d-------- C:\Program Files\Bonjour
2008-01-29 19:37 . 2008-01-29 19:38 <REP> d-------- C:\Program Files\QuickTime
2008-01-29 19:37 . 2008-01-29 19:37 <REP> d-------- C:\Program Files\Apple Software Update
2008-01-29 19:37 . 2008-01-29 19:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-29 19:36 . 2008-01-29 19:36 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-01-29 19:36 . 2008-01-29 19:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-29 19:33 . 2008-02-12 10:50 <REP> d-------- C:\Documents and Settings\VITTOZ\Application Data\LimeWire
2008-01-29 19:14 . 2008-01-29 19:14 <REP> d-------- C:\Program Files\Java
2008-01-29 19:14 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-29 19:07 . 2008-01-29 19:07 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-01-29 19:06 . 2008-01-29 19:14 <REP> d-------- C:\Program Files\LimeWire
2008-01-29 11:03 . 2008-01-29 11:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ciel
2008-01-29 10:59 . 2008-01-29 10:59 <REP> d-------- C:\WINDOWS\Downloaded Installations
2008-01-29 10:59 . 2008-01-29 10:59 <REP> d-------- C:\Program Files\Ciel
2008-01-29 10:56 . 2008-01-29 10:56 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-01-29 10:56 . 2008-01-29 10:56 <REP> d-------- C:\WINDOWS\Profiles
2008-01-29 10:56 . 2008-01-29 10:56 <REP> d-------- C:\Documents and Settings\VITTOZ\Application Data\InterTrust
2008-01-29 10:56 . 1998-11-13 12:16 308,224 --a------ C:\WINDOWS\IsUn040c.exe
2008-01-29 08:34 . 2008-01-29 08:34 <REP> d--hs---- C:\Documents and Settings\VITTOZ\UserData
2008-01-28 22:44 . 2008-01-28 22:44 <REP> d-------- C:\Documents and Settings\VITTOZ\Application Data\CyberLink
2008-01-28 22:43 . 2008-01-28 22:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-01-28 22:38 . 2008-01-28 22:41 <REP> d-------- C:\Program Files\Dofus
2008-01-28 22:19 . 2008-01-29 08:33 <REP> d-------- C:\Documents and Settings\VITTOZ\Contacts
2008-01-28 22:18 . 2008-02-05 10:37 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-28 21:53 . 2008-01-31 20:04 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-01-28 21:53 . 2008-01-28 22:00 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-01-28 21:52 . 2008-01-28 21:52 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-01-28 21:52 . 2008-02-13 20:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-28 21:52 . 2008-02-13 20:39 4,351,008 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-28 21:52 . 2008-02-13 20:41 274,464 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-28 21:52 . 2008-02-13 20:39 59,324 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-28 21:52 . 2008-02-13 20:39 26,780 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-28 21:44 . 2008-01-28 21:44 <REP> d-------- C:\WINDOWS\system32\AlertModule
2008-01-28 21:44 . 2003-08-04 14:22 94,208 --a------ C:\WINDOWS\system32\W32n50.dll
2008-01-28 21:44 . 2004-08-23 14:49 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2008-01-28 21:44 . 2005-10-06 14:55 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
2008-01-28 21:44 . 2004-08-23 14:50 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
2008-01-28 21:44 . 2003-08-04 14:22 16,128 --------- C:\WINDOWS\system32\PCANDIS5.SYS
2008-01-28 21:43 . 2008-02-13 20:40 <REP> d-------- C:\Program Files\Wanadoo
2008-01-28 21:41 . 2008-01-28 21:41 <REP> d-------- C:\Program Files\SAGEM
2008-01-28 18:16 . 2008-01-28 18:16 <REP> d-------- C:\Program Files\Securitoo
2008-01-28 18:14 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-28 18:14 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-01-28 18:14 . 2004-08-19 16:09 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-01-28 18:14 . 2004-08-19 16:09 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-01-28 18:14 . 2004-08-19 16:00 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-01-28 18:14 . 2004-08-19 16:00 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-01-28 18:14 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-01-28 18:14 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-01-28 14:37 . 2008-01-28 14:37 13,646 --a------ C:\WINDOWS\system32\wpa.bak
2008-01-28 14:17 . 2008-01-29 10:56 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-01-28 14:14 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-01-28 14:12 . 2008-01-28 14:12 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2008-01-28 14:12 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-01-28 14:12 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-01-28 14:12 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-01-28 14:12 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-01-28 14:12 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-12 09:58 319,488 ----a-w C:\WINDOWS\system32\adssite_sidebar.dll
2008-01-28 20:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-28 13:10 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-01-28 11:39 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2008-01-28 11:39 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2008-01-28 11:29 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-28 11:14 --------- d-----w C:\Program Files\Realtek
2008-01-28 11:10 --------- d-----w C:\Program Files\VIA
2008-01-28 11:09 --------- d-----w C:\Program Files\AMD
2008-01-28 10:56 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-28 10:54 --------- d-----w C:\Program Files\Services en ligne
2008-01-28 10:53 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-12-21 14:39 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
"WOOKIT"="C:\Program Files\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-02-09 14:27 190024]
"msnmsgr"="C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-04 15:44 16006656 C:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-09 16:29 7561216]
"nwiz"="nwiz.exe" [2006-03-09 16:29 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-09 16:29 86016]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-05-19 22:36 218640]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-02-09 14:27 190024]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S3 Asushwio;Asushwio;C:\WINDOWS\system32\drivers\Asushwio.sys [2004-04-28 00:26]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-29 18:37:30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 20:40:33
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-13 20:43:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-13 19:42:56
.
2008-02-06 06:55:47 --- E O F ---


Je tient quand meme a preciser que les CID n'apparaissent plus.

Re,

[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]

Rapport combotfix : ComboFix 08-02-13.1 - VITTOZ 2008-02-13 21:22:44.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.557 [GMT 1:00]
Endroit: C:\Documents and Settings\VITTOZ\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\VITTOZ\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE
C:\WINDOWS\mozver.dat
C:\WINDOWS\system32\adssite-remove.exe
C:\WINDOWS\system32\adssite_sidebar.dll
C:\WINDOWS\system32\adssite_sidebar_uninstall.exe
C:\WINDOWS\system32\AdssiteSocial-uninstall.exe
C:\WINDOWS\system32\rightonadz-uninst.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Adssite Games Collection
C:\Program Files\Adssite Games Collection\BattlesOfHelicopters.exe
C:\Program Files\Adssite Games Collection\BobAndBill.exe
C:\Program Files\Adssite Games Collection\CrazyBlocks.exe
C:\Program Files\Adssite Games Collection\Lines.exe
C:\Program Files\Adssite Games Collection\uninstall.exe
C:\Program Files\Adssite Games Collection\VideoPool.exe
C:\WINDOWS\mozver.dat
C:\WINDOWS\system32\adssite-remove.exe
C:\WINDOWS\system32\adssite_sidebar.dll
C:\WINDOWS\system32\adssite_sidebar_uninstall.exe
C:\WINDOWS\system32\AdssiteSocial-uninstall.exe
C:\WINDOWS\system32\rightonadz-uninst.exe

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-13 to 2008-02-13 ))))))))))))))))))))))))))))))))))))
.

2008-02-12 18:06 . 2008-02-12 18:33 <REP> d-------- C:\Program Files\Lop SD
2008-02-12 11:31 . 2008-02-12 11:31 <REP> d-------- C:\Program Files\Trend Micro
2008-02-09 14:27 . 2008-02-09 14:28 <REP> d-------- C:\Program Files\MessengerPlus! 3
2008-02-06 06:50 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-06 06:50 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-06 06:50 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-05 14:35 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-02-05 14:35 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-02-05 10:22 . 2008-02-05 10:37 <REP> d-------- C:\Program Files\Windows Live
2008-02-05 10:22 . 2008-02-05 10:36 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-05 10:22 . 2008-02-05 10:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-01 18:38 . 2008-02-09 09:41 <REP> d-------- C:\Documents and Settings\VITTOZ\Application Data\Azureus
2008-02-01 18:38 . 2008-02-01 18:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-02-01 18:37 . 2008-02-02 11:39 <REP> d-------- C:\Program Files\Azureus
2008-01-31 21:12 . 2008-01-31 21:12 <REP> d-------- C:\Documents and Settings\VITTOZ\Application Data\dvdcss
2008-01-31 20:01 . 2008-01-31 20:01 <REP> d-------- C:\Program Files\VideoLAN
2008-01-31 20:01 . 2008-01-31 20:01 <REP> d-------- C:\Documents and Settings\VITTOZ\Application Data\vlc
2008-01-31 19:58 . 2008-01-31 19:58 0 --a------ C:\WINDOWS\iPlayer.INI
2008-01-31 19:57 . 2008-02-09 22:31 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-01-31 19:56 . 2008-02-05 14:31 <REP> d-------- C:\Program Files\InterActual
2008-01-30 09:02 . 2007-10-11 00:49 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-01-30 09:02 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-01-30 09:02 . 2007-07-01 04:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-01-30 09:02 . 2007-10-11 00:49 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-01-30 09:02 . 2007-10-11 00:49 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-01-30 09:02 . 2007-10-11 00:49 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-01-30 09:02 . 2007-10-11 00:49 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-01-30 09:02 . 2007-10-11 00:49 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-01-30 09:02 . 2007-10-10 11:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-01-30 09:01 . 2008-01-30 09:02 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-01-30 08:00 . 2006-03-02 13:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-01-29 19:40 . 2008-02-13 21:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-29 19:40 . 2008-01-29 19:40 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-29 19:39 . 2008-01-29 19:39 <REP> d-------- C:\Documents and Settings\VITTOZ\Application Data\Apple Computer
2008-01-29 19:38 . 2008-01-29 19:38 <REP> d-------- C:\Program Files\iTunes
2008-01-29 19:38 . 2008-01-29 19:38 <REP> d-------- C:\Program Files\iPod
2008-01-29 19:38 . 2008-01-29 19:38 <REP> d-------- C:\Program Files\Bonjour
2008-01-29 19:37 . 2008-01-29 19:38 <REP> d-------- C:\Program Files\QuickTime
2008-01-29 19:37 . 2008-01-29 19:37 <REP> d-------- C:\Program Files\Apple Software Update
2008-01-29 19:37 . 2008-01-29 19:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-29 19:36 . 2008-01-29 19:36 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-01-29 19:36 . 2008-01-29 19:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-29 19:33 . 2008-02-12 10:50 <REP> d-------- C:\Documents and Settings\VITTOZ\Application Data\LimeWire
2008-01-29 19:14 . 2008-01-29 19:14 <REP> d-------- C:\Program Files\Java
2008-01-29 19:14 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-29 19:07 . 2008-01-29 19:07 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-01-29 19:06 . 2008-01-29 19:14 <REP> d-------- C:\Program Files\LimeWire
2008-01-29 11:03 . 2008-01-29 11:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ciel
2008-01-29 10:59 . 2008-01-29 10:59 <REP> d-------- C:\WINDOWS\Downloaded Installations
2008-01-29 10:59 . 2008-01-29 10:59 <REP> d-------- C:\Program Files\Ciel
2008-01-29 10:56 . 2008-01-29 10:56 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-01-29 10:56 . 2008-01-29 10:56 <REP> d-------- C:\WINDOWS\Profiles
2008-01-29 10:56 . 2008-01-29 10:56 <REP> d-------- C:\Documents and Settings\VITTOZ\Application Data\InterTrust
2008-01-29 10:56 . 1998-11-13 12:16 308,224 --a------ C:\WINDOWS\IsUn040c.exe
2008-01-29 08:34 . 2008-01-29 08:34 <REP> d--hs---- C:\Documents and Settings\VITTOZ\UserData
2008-01-28 22:44 . 2008-01-28 22:44 <REP> d-------- C:\Documents and Settings\VITTOZ\Application Data\CyberLink
2008-01-28 22:43 . 2008-01-28 22:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-01-28 22:38 . 2008-01-28 22:41 <REP> d-------- C:\Program Files\Dofus
2008-01-28 22:19 . 2008-01-29 08:33 <REP> d-------- C:\Documents and Settings\VITTOZ\Contacts
2008-01-28 22:18 . 2008-02-05 10:37 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-28 21:53 . 2008-01-31 20:04 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-01-28 21:53 . 2008-01-28 22:00 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-01-28 21:52 . 2008-01-28 21:52 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-01-28 21:52 . 2008-02-13 21:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-28 21:52 . 2008-02-13 21:24 4,404,768 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-28 21:52 . 2008-02-13 21:25 277,280 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-28 21:52 . 2008-02-13 21:24 60,044 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-28 21:52 . 2008-02-13 21:24 27,044 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-28 21:44 . 2008-01-28 21:44 <REP> d-------- C:\WINDOWS\system32\AlertModule
2008-01-28 21:44 . 2003-08-04 14:22 94,208 --a------ C:\WINDOWS\system32\W32n50.dll
2008-01-28 21:44 . 2004-08-23 14:49 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2008-01-28 21:44 . 2005-10-06 14:55 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
2008-01-28 21:44 . 2004-08-23 14:50 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
2008-01-28 21:44 . 2003-08-04 14:22 16,128 --------- C:\WINDOWS\system32\PCANDIS5.SYS
2008-01-28 21:43 . 2008-02-13 21:26 <REP> d-------- C:\Program Files\Wanadoo
2008-01-28 21:41 . 2008-01-28 21:41 <REP> d-------- C:\Program Files\SAGEM
2008-01-28 18:16 . 2008-01-28 18:16 <REP> d-------- C:\Program Files\Securitoo
2008-01-28 18:14 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-28 18:14 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-01-28 18:14 . 2004-08-19 16:09 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-01-28 18:14 . 2004-08-19 16:09 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-01-28 18:14 . 2004-08-19 16:00 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-01-28 18:14 . 2004-08-19 16:00 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-01-28 18:14 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-01-28 18:14 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-01-28 14:37 . 2008-01-28 14:37 13,646 --a------ C:\WINDOWS\system32\wpa.bak
2008-01-28 14:17 . 2008-01-29 10:56 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-01-28 14:14 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-01-28 14:12 . 2008-01-28 14:12 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2008-01-28 14:12 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-01-28 14:12 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-01-28 14:12 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-01-28 14:12 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-01-28 14:12 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-01-28 14:12 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-01-28 14:12 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-01-28 14:11 . 2008-01-28 14:12 <REP> d-------- C:\Program Files\Ahead
2008-01-28 14:10 . 2008-01-28 14:10 <REP> d-------- C:\Program Files\CyberLink DVD Solution
2008-01-28 14:10 . 2008-01-28 14:10 <REP> d-------- C:\Program Files\CyberLink
2008-01-28 14:10 . 2004-10-01 15:00 40,960 --a------ C:\Program Files\Uninstall_CDS.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-28 20:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-28 13:10 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-01-28 11:39 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2008-01-28 11:39 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2008-01-28 11:29 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-28 11:14 --------- d-----w C:\Program Files\Realtek
2008-01-28 11:10 --------- d-----w C:\Program Files\VIA
2008-01-28 11:09 --------- d-----w C:\Program Files\AMD
2008-01-28 10:56 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-28 10:54 --------- d-----w C:\Program Files\Services en ligne
2008-01-28 10:53 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-12-21 14:39 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
"WOOKIT"="C:\Program Files\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-02-09 14:27 190024]
"msnmsgr"="C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-04 15:44 16006656 C:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-09 16:29 7561216]
"nwiz"="nwiz.exe" [2006-03-09 16:29 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-09 16:29 86016]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-05-19 22:36 218640]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-02-09 14:27 190024]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S3 Asushwio;Asushwio;C:\WINDOWS\system32\drivers\Asushwio.sys [2004-04-28 00:26]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-29 18:37:30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 21:26:24
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-13 21:28:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-13 20:28:10
ComboFix2.txt 2008-02-13 19:43:00
.
2008-02-06 06:55:47 --- E O F ---

Rapport Hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:30:04, on 13/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iesearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6945 bytes

C'est mieux ?

Oui je ne reçoit plus de CID   Angeldark ,je te remercie! Tu as été un super conseillé   puis-je encore te demander quelque chose?

Oui bien sûr.