question
Forum Sécurité - Virus : question
bonjour,
j'ai le même probleme que la personne sur ce sujet(http://www.infos-du-net.com/forum/275584-11-ordi-infecte-resolu)
et je voulait savoir si je peut suivre la meme procedure seul ou est ce que je doit etre assiter?(car vous demander les rapport a chaque fois)
Bonjour,
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Sécurité / Prévention
Répondre à Egwene
voila le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:38, on 10/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Fichiers communs\AOL\1178891134\ee\AOLSoftware.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\mrofinu1188.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\AOL 9.0 VR\waol.exe
C:\Program Files\Micro Application\Sécurité Internet\Anti-Hacker\KAVPF.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AOL 9.0 VR\shellmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: PimpFish - {D593DE91-7B41-45C2-830E-E9A99AB142AA} - C:\Program Files\PimpFish\PimpFish.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1178891134\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kav.exe" /minimize
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD325762EA4EBF968951185EFC412806867680AEDE604D64C2661373F819EBDCD66A47
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccf67066] rundll32.exe "C:\WINDOWS\system32\wormqbqf.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0 VR\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: desktop(2).ini
O4 - Startup: desktop(3)(2).ini
O4 - Startup: desktop(3).ini
O4 - Startup: desktop(4).ini
O4 - Global Startup: Anti-Hacker.lnk = ?
O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL 8.0b\aoltray.exe
O4 - Global Startup: desktop(2)(2)(2).ini
O4 - Global Startup: desktop(2)(2).ini
O4 - Global Startup: desktop(2)(3).ini
O4 - Global Startup: desktop(2).ini
O4 - Global Startup: desktop(3)(2).ini
O4 - Global Startup: desktop(3).ini
O4 - Global Startup: desktop(4).ini
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: PimpFish - Saisir cette image - C:\Program Files\PimpFish\GRABPIC.HTM
O8 - Extra context menu item: PimpFish - Saisir le fichier cible - C:\Program Files\PimpFish\GRABLINK.HTM
O8 - Extra context menu item: PimpFish - Saisir les images auxquelles cette page est reliée - C:\Program Files\PimpFish\GRABPAGELINKS.HTM
O8 - Extra context menu item: PimpFish - Saisir les images sur cette page - C:\Program Files\PimpFish\GRABPAGEPICS.HTM
O8 - Extra context menu item: PimpFish - Saisir les vidéos sur cette page - C:\Program Files\PimpFish\GRABPAGEMOVIES.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 8587 bytes
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
- Double-clique VundoFix.exe afin de le lancer
- Clique sur le bouton Scan for Vundo
- Lorsque le scan est complété, clique sur le bouton Remove Vundo
- Une invite te demandera si tu veux supprimer les fichiers, clique YES
- Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
- Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
- Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-dessus, à partir de "clique sur le bouton Scan for Vundo".
Sécurité / Prévention
Répondre à Egwene
voila le nouveau rapport HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:11, on 10/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\AOL\1178891134\ee\AOLSoftware.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\mrofinu1188.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Micro Application\Sécurité Internet\Anti-Hacker\KAVPF.exe
C:\Program Files\AOL 9.0 VR\waol.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\AOL 9.0 VR\shellmon.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: PimpFish - {D593DE91-7B41-45C2-830E-E9A99AB142AA} - C:\Program Files\PimpFish\PimpFish.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1178891134\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kav.exe" /minimize
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD325762EA4EBF968951185EFC412806867680AEDE604D64C2661373F819EBDCD66A47
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccf67066] rundll32.exe "C:\WINDOWS\system32\wormqbqf.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0 VR\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: desktop(2).ini
O4 - Startup: desktop(3)(2).ini
O4 - Startup: desktop(3).ini
O4 - Startup: desktop(4).ini
O4 - Global Startup: Anti-Hacker.lnk = ?
O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL 8.0b\aoltray.exe
O4 - Global Startup: desktop(2)(2)(2).ini
O4 - Global Startup: desktop(2)(2).ini
O4 - Global Startup: desktop(2)(3).ini
O4 - Global Startup: desktop(2).ini
O4 - Global Startup: desktop(3)(2).ini
O4 - Global Startup: desktop(3).ini
O4 - Global Startup: desktop(4).ini
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: PimpFish - Saisir cette image - C:\Program Files\PimpFish\GRABPIC.HTM
O8 - Extra context menu item: PimpFish - Saisir le fichier cible - C:\Program Files\PimpFish\GRABLINK.HTM
O8 - Extra context menu item: PimpFish - Saisir les images auxquelles cette page est reliée - C:\Program Files\PimpFish\GRABPAGELINKS.HTM
O8 - Extra context menu item: PimpFish - Saisir les images sur cette page - C:\Program Files\PimpFish\GRABPAGEPICS.HTM
O8 - Extra context menu item: PimpFish - Saisir les vidéos sur cette page - C:\Program Files\PimpFish\GRABPAGEMOVIES.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 8677 bytes
el le rapport vundofix
VundoFix V7.0.1
Scan started at 00:32:55 09/03/2008
Listing files found while scanning....
VundoFix V7.0.1
Scan started at 12:11:45 10/03/2008
Listing files found while scanning....
C:\WINDOWS\system32\bmaipdac.dll
C:\windows\system32\sdfqxlmy.dllbox
C:\WINDOWS\system32\uhpgoqpr.dll
C:\WINDOWS\system32\uzxtijmr.dll
C:\windows\system32\uzxtijmr.dllbox
C:\windows\system32\wqbfsccv.dllbox
Beginning removal...
Attempting to delete C:\WINDOWS\system32\bmaipdac.dll
C:\WINDOWS\system32\bmaipdac.dll Has been deleted!
Attempting to delete C:\windows\system32\sdfqxlmy.dllbox
C:\windows\system32\sdfqxlmy.dllbox Has been deleted!
Attempting to delete C:\WINDOWS\system32\uhpgoqpr.dll
C:\WINDOWS\system32\uhpgoqpr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\uzxtijmr.dll
C:\WINDOWS\system32\uzxtijmr.dll Has been deleted!
Attempting to delete C:\windows\system32\uzxtijmr.dllbox
C:\windows\system32\uzxtijmr.dllbox Has been deleted!
Attempting to delete C:\windows\system32\wqbfsccv.dllbox
C:\windows\system32\wqbfsccv.dllbox Has been deleted!
Performing Repairs to the registry.
Done!
1) Affiche les fichiers et dossiers cachés …
Pour ce faire, tu vas dans un dossier, par ex. "Mes Images".
Ensuite, clique sur > Outils > Options des dossiers ...
clique sur l' onglet « Affichage » et ...
coche ---> Afficher les fichiers et dossiers cachés
décoche > Masquer les extensions des fichiers dont le type est connu
décoche > Masquer les fichiers protégés du système d' exploitation (recommandé).
« Appliquer » et « OK ».
2) Désactive toute protection résidente ( antivirus…) !
Télécharge Combofix de sUBs :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Aide à l’utilisation de combofix ici: http://bibou0007.forumpro.fr/tutos [...] x-t121.htm
Redémarre en mode sans échecs : aide ici >>>
http://forum.telecharger.01net.com [...] ges-1.html
/!\ Ne jamais redémarrer en mode sans échec via msconfig ! /!\
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
3) Copie/colle un nouveau rapport HiJackThis avec.
Sécurité / Prévention
Répondre à Egwene
voila le rapport
ComboFix 08-03-10.1 - jérôme 2008-03-10 17:14:08.1 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.361 [GMT 1:00]
Endroit: C:\Documents and Settings\jérôme\Bureau\ComboFix.exe
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
ADS - svchost.exe: deleted 68 bytes in 1 streams.
ADS - ntoskrnl.exe: deleted 68 bytes in 1 streams.
ADS - explorer.exe: deleted 132 bytes in 1 streams.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Helper
C:\Program Files\inetget2
C:\Program Files\Outlook Express\redy777444.dll
C:\Program Files\Outlook Express\redy821058.dll
C:\Program Files\Video Add-on
C:\Program Files\Video Add-on\ot.ico
C:\Program Files\Video Add-on\ts.ico
C:\Program Files\Video Add-on\uninst.exe
C:\Temp\sanR24
C:\WINDOWS\BMcfc543fa.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\'
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bkleaaul.dll
C:\WINDOWS\system32\calhwocv.ini
C:\WINDOWS\system32\ffsmihic.dll
C:\WINDOWS\system32\hggedeb.dll
C:\WINDOWS\system32\hipevjev.dll
C:\WINDOWS\system32\ieaqakgo.dll
C:\WINDOWS\system32\jjcvcyuo.dll
C:\WINDOWS\system32\ljdgvncr.dll
C:\WINDOWS\system32\lokmcxnj.dll
C:\WINDOWS\system32\lqfsclmx.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdpbinjy.ini
C:\WINDOWS\system32\mggtdfav.dll
C:\WINDOWS\system32\mljhhgf.dll
C:\WINDOWS\system32\nmlkmluk.dll
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\opnopnk.dll
C:\WINDOWS\system32\otmdkbdh.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\prutv.ini
C:\WINDOWS\system32\prutv.ini2
C:\WINDOWS\system32\ptcbfirm.dll
C:\WINDOWS\system32\qndjvunv.dll
C:\WINDOWS\system32\rcnvgdjl.ini
C:\WINDOWS\system32\rqrqqoo.dll
C:\WINDOWS\system32\tarwufji.dll
C:\WINDOWS\system32\ugcwyvql.dll
C:\WINDOWS\system32\vcowhlac.dll
C:\WINDOWS\system32\vhqwhmho.dll
C:\WINDOWS\system32\vturp.dll
C:\WINDOWS\system32\wmymsnvm.dll
C:\WINDOWS\system32\wujtvjac.dll
C:\WINDOWS\system32\xlowhtjp.dll
C:\WINDOWS\system32\xxyxwxw.dll
C:\WINDOWS\system32\yjnibpdm.dll
C:\winlogon.exe
C:\x.dat
C:\z.dat
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-10 to 2008-03-10 ))))))))))))))))))))))))))))))))))))
.
2008-03-10 12:30 . 2008-03-10 12:30 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-03-09 18:34 . 2008-03-09 18:34 91,200 --a------ C:\WINDOWS\system32\mlquvnvx.dll
2008-03-09 18:31 . 2008-03-10 05:27 1,308,581 ---hs---- C:\WINDOWS\system32\fqbqmrow.ini
2008-03-09 18:31 . 2008-03-09 18:31 89,664 --a------ C:\WINDOWS\system32\wnlpgoml.dll
2008-03-09 18:31 . 2008-03-09 18:31 86,592 --a------ C:\WINDOWS\system32\wormqbqf.dll
2008-03-09 12:48 . 2008-03-09 12:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-09 12:48 . 2008-03-09 12:48 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-09 00:32 . 2008-03-10 12:30 <REP> d-------- C:\VundoFix Backups
2008-03-09 00:14 . 2008-03-09 00:14 <REP> d-------- C:\Program Files\Trend Micro
2008-03-08 23:19 . 2008-03-08 23:19 <REP> d-------- C:\Program Files\RegCleaner
2008-03-08 21:00 . 2008-03-08 21:00 136,627 --a------ C:\WINDOWS\POTA777444.exe
2008-03-08 18:33 . 2008-03-09 16:03 1,308,401 ---hs---- C:\WINDOWS\system32\yratvfev.ini
2008-03-07 18:35 . 2008-03-08 09:31 2,209,032 ---hs---- C:\WINDOWS\system32\nlouikau.ini
2008-03-07 18:35 . 2008-03-07 18:35 87,104 --a------ C:\WINDOWS\system32\uakiuoln.dll
2008-03-07 18:32 . 2008-03-07 18:32 90,688 --a------ C:\WINDOWS\system32\ujamaykd.dll
2008-03-07 18:28 . 2008-03-07 18:28 88,640 --a------ C:\WINDOWS\system32\dvucfpya.dll
2008-03-06 17:07 . 2008-03-07 18:31 2,345,403 ---hs---- C:\WINDOWS\system32\sgnbnqpb.ini
2008-03-05 23:45 . 2008-03-05 23:45 37,376 -ra------ C:\WINDOWS\mrofinu1188.exe
2008-03-05 17:07 . 2008-03-06 16:54 1,307,614 ---hs---- C:\WINDOWS\system32\sfvfhgck.ini
2008-03-05 17:05 . 2008-03-05 17:05 52,800 --a------ C:\WINDOWS\system32\vqetmhdq.dll
2008-03-05 16:59 . 2008-03-05 16:59 134 --a------ C:\n.bat
2008-03-05 16:58 . 2008-03-05 16:58 40,960 --a------ C:\Documents and Settings\sylvain\f.exe
2008-03-05 16:58 . 2008-03-05 16:58 300 --a------ C:\2488.bat
2008-03-04 21:26 . 2008-03-04 21:26 52,800 --a------ C:\WINDOWS\system32\jutskicc.dll
2008-03-04 20:51 . 2008-03-04 20:51 <REP> d-------- C:\Program Files\Fichiers communs\Stardock
2008-03-04 20:51 . 2008-03-04 20:51 <REP> d-------- C:\Program Files\CONEXANT
2008-03-04 20:51 . 2008-03-04 21:26 <REP> d-------- C:\Program Files\Alcohol Toolbar
2008-03-04 20:50 . 2008-03-04 20:50 <REP> d-------- C:\Program Files\jv16 PowerTools 2008
2008-03-04 20:50 . 2008-03-04 20:50 <REP> d-------- C:\Program Files\DisqudurProtection
2008-03-04 20:09 . 2008-03-04 20:50 <REP> d-------- C:\Program Files\Fichiers communs\DisqudurProtection
2008-03-04 20:09 . 2008-03-04 20:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\disqudurprotection
2008-03-04 20:09 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-03-04 16:56 . 2008-03-04 16:56 52,800 --------- C:\WINDOWS\system32\wdlrobpr.dll
2008-03-04 16:49 . 2008-03-04 16:49 52,800 --------- C:\WINDOWS\system32\wfftemir.dll
2008-03-03 15:54 . 2008-03-04 20:53 <REP> d-------- C:\Program Files\nvcoi
2008-03-02 15:48 . 2008-03-02 15:48 89,664 --------- C:\WINDOWS\system32\ywrekoks.dll
2008-03-02 15:46 . 2008-03-02 15:46 91,712 --------- C:\WINDOWS\system32\afdakebq.dll
2008-03-02 15:45 . 2008-03-04 20:46 276,123 --ahs---- C:\WINDOWS\system32\qtstv.ini2
2008-03-02 10:26 . 2008-03-02 10:26 300 --a------ C:\9807.bat
2008-03-02 07:55 . 2008-03-02 07:55 85,568 --a------ C:\WINDOWS\system32\luesctkm.dll
2008-03-02 07:55 . 2008-03-02 07:55 74 ---hs---- C:\WINDOWS\system32\mktcseul.ini
2008-03-02 07:52 . 2008-03-02 07:52 89,664 --------- C:\WINDOWS\system32\vugvfago.dll
2008-03-02 07:49 . 2008-03-02 07:49 163,904 --------- C:\WINDOWS\system32\cqluamqe.dll
2008-03-02 07:45 . 2008-03-02 07:45 91,712 --a------ C:\WINDOWS\system32\ebpegmgm.dll
2008-03-01 10:51 . 2008-03-08 14:34 <REP> d-------- C:\WINDOWS\system32\iDlo18
2008-03-01 10:51 . 2008-03-10 17:15 <REP> d-------- C:\Temp
2008-03-01 10:51 . 2008-03-01 10:51 300 --a------ C:\8116.bat
2008-03-01 09:39 . 2008-03-01 09:39 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-02-29 15:24 . 2008-02-29 15:24 <REP> d-------- C:\Program Files\Neuf
2008-02-25 15:19 . 2008-02-25 13:19 140,800 --a------ C:\WINDOWS\b149.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-10 14:46 --------- d-----w C:\Documents and Settings\sylvain\Application Data\OpenOffice.org2
2008-03-10 11:08 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2008-03-08 17:14 --------- d-----w C:\Program Files\Image-Line
2008-03-08 15:24 --------- d-----w C:\Program Files\VirtualDJ
2008-03-08 15:20 --------- d-----w C:\Program Files\Java
2008-03-08 13:52 --------- d-----w C:\Program Files\NetBattle
2008-03-04 19:51 --------- d-----w C:\Program Files\AlienGUIse
2008-03-04 17:55 --------- d-----w C:\Program Files\UBISOFT
2008-03-01 08:44 --------- d-----w C:\Program Files\LimeWire
2008-02-24 08:50 --------- d-----w C:\Program Files\Bodom-Child - RaBBi
2008-02-24 08:49 --------- d-----w C:\Program Files\Starcraft
2008-02-21 07:40 --------- d-----w C:\Documents and Settings\monika.CARON-93FE8C8F3\Application Data\AOL
2008-02-10 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-01-28 06:44 --------- d-----w C:\Program Files\Datel
2008-01-25 18:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 12:47 286,720 ----a-w C:\WINDOWS\iun507.exe
2007-10-01 11:15 282,628 ----a-w C:\WINDOWS\Fonts\Setup.exe
2007-08-07 10:13 150,966 --sh--w C:\WINDOWS\Resources\Themes\DameK UltraBlue\irunin.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60e4a2c1-b949-416f-a338-6fe5860c3113}]
2008-03-09 18:34 91200 --a------ C:\WINDOWS\system32\mlquvnvx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 14:32 700416]
"WINSOS VERIFY"="C:\Program Files\Winsos\WINSOS.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 14:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-11-02 14:53 77824 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-12-10 15:38 2749440 C:\WINDOWS\ALCWZRD.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-20 13:09 4583424]
"nwiz"="nwiz.exe" [2004-09-20 13:09 921600 C:\WINDOWS\system32\nwiz.exe]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 05:59 878080]
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2007-06-21 11:01 70952]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
"HostManager"="C:\Program Files\Fichiers communs\AOL\1178891134\ee\AOLSoftware.exe" [2006-11-17 14:16 50736]
"EPSON Stylus Photo RX520 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.exe" [2005-04-07 05:00 98304]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [ ]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-01-05 14:24 26112]
"KAVPersonal50"="C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kav.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"ccf67066"="C:\WINDOWS\system32\wormqbqf.dll" [2008-03-09 18:31 86592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggedeb]
hggedeb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-08-15 19:15 271672 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-01-05 14:24 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 15:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Games\\DUKE3D\\eduke32.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\BitZip\\bitzip.exe"=
"C:\\Program Files\\ZyDAS Technology Corporation\\ZyDAS_802.11g_Utility\\ZDWlan.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\1178891134\\ee\\aolsoftware.exe"=
"C:\\Program Files\\AOL 9.0 VR\\waol.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\System Information\\sinf.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 Klick;Klick;C:\WINDOWS\system32\drivers\klick.sys [2004-11-19 11:11]
R0 Klin;Klin;C:\WINDOWS\system32\drivers\klin.sys [2004-11-19 11:11]
R0 Klpf;Klpf;C:\WINDOWS\system32\drivers\Klpf.sys [2004-11-23 16:38]
R0 Klpid;Klpid;C:\WINDOWS\system32\drivers\Klpid.sys [2004-11-23 16:38]
R1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys [2004-11-26 13:38]
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2004-09-20 06:59]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2004-09-20 06:59]
S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2003-09-05 05:58]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 18:44]
S3 ids0018a;ids0018a;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0018a.sys []
S3 ids00196;ids00196;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00196.sys []
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fbus.sys [2006-11-10 08:55]
S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Fmdfl.sys [2006-11-10 08:55]
S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Fmdm.sys [2006-11-10 08:55]
S3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fmgmt.sys [2006-11-10 08:55]
S3 se2Fnd5;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (NDIS);C:\WINDOWS\system32\DRIVERS\se2Fnd5.sys [2006-11-10 08:55]
S3 SE2Fobex;Sony Ericsson Device 047 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Fobex.sys [2006-11-10 08:55]
S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);C:\WINDOWS\system32\DRIVERS\se2Funic.sys [2006-11-10 08:55]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-08-17 14:43]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 17:35:03
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 4231
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Micro Application\Sécurité Internet\Anti-Hacker\KAVPF.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-10 17:40:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-10 16:40:15
.
2008-02-17 19:27:43 --- E O F ---
et le nouveau HiJackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:41:41, on 10/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Fichiers communs\AOL\1178891134\ee\AOLSoftware.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Micro Application\Sécurité Internet\Anti-Hacker\KAVPF.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PimpFish Toolbar Opcode Handler - {29C88E20-4234-41B9-A9DB-982958C95FB1} - C:\Program Files\PimpFish\PimpFish.dll
O2 - BHO: {3113c068-5ef6-833a-f614-949b1c2a4e06} - {60e4a2c1-b949-416f-a338-6fe5860c3113} - C:\WINDOWS\system32\mlquvnvx.dll
O2 - BHO: FloatBar Class - {75B1A646-CDCE-4C06-B52F-84F4463B4FC8} - C:\Program Files\PimpFish\FloatBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: PimpFish - {D593DE91-7B41-45C2-830E-E9A99AB142AA} - C:\Program Files\PimpFish\PimpFish.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1178891134\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kav.exe" /minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccf67066] rundll32.exe "C:\WINDOWS\system32\wormqbqf.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: desktop(2).ini
O4 - Startup: desktop(3)(2).ini
O4 - Startup: desktop(3).ini
O4 - Startup: desktop(4).ini
O4 - Global Startup: Anti-Hacker.lnk = ?
O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL 8.0b\aoltray.exe
O4 - Global Startup: desktop(2)(2)(2).ini
O4 - Global Startup: desktop(2)(2).ini
O4 - Global Startup: desktop(2)(3).ini
O4 - Global Startup: desktop(2).ini
O4 - Global Startup: desktop(3)(2).ini
O4 - Global Startup: desktop(3).ini
O4 - Global Startup: desktop(4).ini
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: PimpFish - Saisir cette image - C:\Program Files\PimpFish\GRABPIC.HTM
O8 - Extra context menu item: PimpFish - Saisir le fichier cible - C:\Program Files\PimpFish\GRABLINK.HTM
O8 - Extra context menu item: PimpFish - Saisir les images auxquelles cette page est reliée - C:\Program Files\PimpFish\GRABPAGELINKS.HTM
O8 - Extra context menu item: PimpFish - Saisir les images sur cette page - C:\Program Files\PimpFish\GRABPAGEPICS.HTM
O8 - Extra context menu item: PimpFish - Saisir les vidéos sur cette page - C:\Program Files\PimpFish\GRABPAGEMOVIES.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O20 - Winlogon Notify: hggedeb - hggedeb.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 9547 bytes
Copie le texte se situant dans le cadre ci-dessous, sans le mot citation :
| Citation : File::
|
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un nouveau rapport Hijackthis.
S'il n'y a pas de redémarrage, poste quand même les rapports.
Sécurité / Prévention
Répondre à Egwene
le rapport
ComboFix 08-03-10.1 - jérôme 2008-03-10 18:01:33.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.105 [GMT 1:00]
Endroit: C:\Documents and Settings\jérôme\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\jÚr¶me\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\sylvain\Local Settings\Application Data\vyjikqxdb.dat
C:\Documents and Settings\sylvain\Local Settings\Application Data\vyjikqxdb.exe
C:\Documents and Settings\sylvain\Local Settings\Application Data\vyjikqxdb_nav.dat
C:\Documents and Settings\sylvain\Local Settings\Application Data\vyjikqxdb_navps.dat
C:\WINDOWS\b149.exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\qtstv.ini2
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-10 to 2008-03-10 ))))))))))))))))))))))))))))))))))))
.
2008-03-10 17:25 . 2008-03-10 17:25 318,025 --a------ C:\catchme2008-03-10_180131,06.zip
2008-03-10 12:30 . 2008-03-10 12:30 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-03-09 18:34 . 2008-03-09 18:34 91,200 --a------ C:\WINDOWS\system32\mlquvnvx.dll
2008-03-09 18:31 . 2008-03-10 05:27 1,308,581 ---hs---- C:\WINDOWS\system32\fqbqmrow.ini
2008-03-09 18:31 . 2008-03-09 18:31 89,664 --a------ C:\WINDOWS\system32\wnlpgoml.dll
2008-03-09 18:31 . 2008-03-09 18:31 86,592 --a------ C:\WINDOWS\system32\wormqbqf.dll
2008-03-09 12:48 . 2008-03-09 12:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-09 12:48 . 2008-03-09 12:48 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-09 00:32 . 2008-03-10 12:30 <REP> d-------- C:\VundoFix Backups
2008-03-09 00:14 . 2008-03-09 00:14 <REP> d-------- C:\Program Files\Trend Micro
2008-03-08 23:19 . 2008-03-08 23:19 <REP> d-------- C:\Program Files\RegCleaner
2008-03-08 21:00 . 2008-03-08 21:00 136,627 --a------ C:\WINDOWS\POTA777444.exe
2008-03-08 18:33 . 2008-03-09 16:03 1,308,401 ---hs---- C:\WINDOWS\system32\yratvfev.ini
2008-03-07 18:35 . 2008-03-08 09:31 2,209,032 ---hs---- C:\WINDOWS\system32\nlouikau.ini
2008-03-07 18:35 . 2008-03-07 18:35 87,104 --a------ C:\WINDOWS\system32\uakiuoln.dll
2008-03-07 18:32 . 2008-03-07 18:32 90,688 --a------ C:\WINDOWS\system32\ujamaykd.dll
2008-03-07 18:28 . 2008-03-07 18:28 88,640 --a------ C:\WINDOWS\system32\dvucfpya.dll
2008-03-06 17:07 . 2008-03-07 18:31 2,345,403 ---hs---- C:\WINDOWS\system32\sgnbnqpb.ini
2008-03-05 17:07 . 2008-03-06 16:54 1,307,614 ---hs---- C:\WINDOWS\system32\sfvfhgck.ini
2008-03-05 17:05 . 2008-03-05 17:05 52,800 --a------ C:\WINDOWS\system32\vqetmhdq.dll
2008-03-05 16:59 . 2008-03-05 16:59 134 --a------ C:\n.bat
2008-03-05 16:58 . 2008-03-05 16:58 40,960 --a------ C:\Documents and Settings\sylvain\f.exe
2008-03-05 16:58 . 2008-03-05 16:58 300 --a------ C:\2488.bat
2008-03-04 21:26 . 2008-03-04 21:26 52,800 --a------ C:\WINDOWS\system32\jutskicc.dll
2008-03-04 20:51 . 2008-03-04 20:51 <REP> d-------- C:\Program Files\Fichiers communs\Stardock
2008-03-04 20:51 . 2008-03-04 20:51 <REP> d-------- C:\Program Files\CONEXANT
2008-03-04 20:51 . 2008-03-04 21:26 <REP> d-------- C:\Program Files\Alcohol Toolbar
2008-03-04 20:50 . 2008-03-04 20:50 <REP> d-------- C:\Program Files\jv16 PowerTools 2008
2008-03-04 20:50 . 2008-03-04 20:50 <REP> d-------- C:\Program Files\DisqudurProtection
2008-03-04 20:09 . 2008-03-04 20:50 <REP> d-------- C:\Program Files\Fichiers communs\DisqudurProtection
2008-03-04 20:09 . 2008-03-04 20:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\disqudurprotection
2008-03-04 20:09 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-03-04 16:56 . 2008-03-04 16:56 52,800 --------- C:\WINDOWS\system32\wdlrobpr.dll
2008-03-04 16:49 . 2008-03-04 16:49 52,800 --------- C:\WINDOWS\system32\wfftemir.dll
2008-03-03 15:54 . 2008-03-04 20:53 <REP> d-------- C:\Program Files\nvcoi
2008-03-02 15:48 . 2008-03-02 15:48 89,664 --------- C:\WINDOWS\system32\ywrekoks.dll
2008-03-02 15:46 . 2008-03-02 15:46 91,712 --------- C:\WINDOWS\system32\afdakebq.dll
2008-03-02 10:26 . 2008-03-02 10:26 300 --a------ C:\9807.bat
2008-03-02 07:55 . 2008-03-02 07:55 85,568 --a------ C:\WINDOWS\system32\luesctkm.dll
2008-03-02 07:55 . 2008-03-02 07:55 74 ---hs---- C:\WINDOWS\system32\mktcseul.ini
2008-03-02 07:52 . 2008-03-02 07:52 89,664 --------- C:\WINDOWS\system32\vugvfago.dll
2008-03-02 07:49 . 2008-03-02 07:49 163,904 --------- C:\WINDOWS\system32\cqluamqe.dll
2008-03-02 07:45 . 2008-03-02 07:45 91,712 --a------ C:\WINDOWS\system32\ebpegmgm.dll
2008-03-01 10:52 . 2008-03-01 10:52 40,960 --a------ C:\Documents and Settings\jérôme\f.exe
2008-03-01 10:52 . 2008-03-01 10:52 40,960 --a------ C:\Documents and Settings\jérôme\f.exe
2008-03-01 10:51 . 2008-03-08 14:34 <REP> d-------- C:\WINDOWS\system32\iDlo18
2008-03-01 10:51 . 2008-03-10 17:15 <REP> d-------- C:\Temp
2008-03-01 10:51 . 2008-03-01 10:51 300 --a------ C:\8116.bat
2008-03-01 09:39 . 2008-03-01 09:39 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-02-29 15:24 . 2008-02-29 15:24 <REP> d-------- C:\Program Files\Neuf
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-10 14:46 --------- d-----w C:\Documents and Settings\sylvain\Application Data\OpenOffice.org2
2008-03-10 11:08 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2008-03-08 17:14 --------- d-----w C:\Program Files\Image-Line
2008-03-08 15:24 --------- d-----w C:\Program Files\VirtualDJ
2008-03-08 15:20 --------- d-----w C:\Program Files\Java
2008-03-08 13:52 --------- d-----w C:\Program Files\NetBattle
2008-03-06 19:19 --------- d-----w C:\Documents and Settings\jérôme\Application Data\Azureus
2008-03-04 19:51 --------- d-----w C:\Program Files\AlienGUIse
2008-03-04 17:55 --------- d-----w C:\Program Files\UBISOFT
2008-03-01 08:44 --------- d-----w C:\Program Files\LimeWire
2008-02-25 09:11 --------- d-----w C:\Documents and Settings\jérôme\Application Data\Apple Computer
2008-02-24 08:50 --------- d-----w C:\Program Files\Bodom-Child - RaBBi
2008-02-24 08:49 --------- d-----w C:\Program Files\Starcraft
2008-02-21 07:40 --------- d-----w C:\Documents and Settings\monika.CARON-93FE8C8F3\Application Data\AOL
2008-02-10 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-01-28 06:44 --------- d-----w C:\Program Files\Datel
2008-01-25 18:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-20 00:45 --------- d-----w C:\Documents and Settings\jérôme\Application Data\OpenOffice.org2
2007-12-27 12:47 286,720 ----a-w C:\WINDOWS\iun507.exe
2007-10-01 11:15 282,628 ----a-w C:\WINDOWS\Fonts\Setup.exe
2007-08-07 10:13 150,966 --sh--w C:\WINDOWS\Resources\Themes\DameK UltraBlue\irunin.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60e4a2c1-b949-416f-a338-6fe5860c3113}]
2008-03-09 18:34 91200 --a------ C:\WINDOWS\system32\mlquvnvx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 14:32 700416]
"WINSOS VERIFY"="C:\Program Files\Winsos\WINSOS.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 14:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-11-02 14:53 77824 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-12-10 15:38 2749440 C:\WINDOWS\ALCWZRD.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-20 13:09 4583424]
"nwiz"="nwiz.exe" [2004-09-20 13:09 921600 C:\WINDOWS\system32\nwiz.exe]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 05:59 878080]
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2007-06-21 11:01 70952]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
"HostManager"="C:\Program Files\Fichiers communs\AOL\1178891134\ee\AOLSoftware.exe" [2006-11-17 14:16 50736]
"EPSON Stylus Photo RX520 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.exe" [2005-04-07 05:00 98304]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 20:33 57344]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-01-05 14:24 26112]
"KAVPersonal50"="C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kav.exe" [2004-11-26 13:32 155751]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"ccf67066"="C:\WINDOWS\system32\wormqbqf.dll" [2008-03-09 18:31 86592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
C:\Documents and Settings\sylvain\Menu D‚marrer\Programmes\D‚marrage\
desktop(2)(2)(2).ini [2007-05-11 13:13:17 84]
desktop(2)(2).ini [2007-05-11 13:13:17 84]
desktop(2)(3).ini [2007-05-11 13:13:17 84]
desktop(2).ini [2007-05-11 13:13:17 84]
desktop(3)(2).ini [2007-05-11 13:13:17 84]
desktop(3).ini [2007-05-11 13:13:17 84]
OpenOffice.org 2.2(2).lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 15:54:56 393216]
OpenOffice.org 2.2(3).lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 15:54:56 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggedeb]
hggedeb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-08-15 19:15 271672 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-01-05 14:24 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 15:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Games\\DUKE3D\\eduke32.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\BitZip\\bitzip.exe"=
"C:\\Program Files\\ZyDAS Technology Corporation\\ZyDAS_802.11g_Utility\\ZDWlan.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\1178891134\\ee\\aolsoftware.exe"=
"C:\\Program Files\\AOL 9.0 VR\\waol.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\System Information\\sinf.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 Klick;Klick;C:\WINDOWS\system32\drivers\klick.sys [2004-11-19 11:11]
R0 Klin;Klin;C:\WINDOWS\system32\drivers\klin.sys [2004-11-19 11:11]
R0 Klpf;Klpf;C:\WINDOWS\system32\drivers\Klpf.sys [2004-11-23 16:38]
R0 Klpid;Klpid;C:\WINDOWS\system32\drivers\Klpid.sys [2004-11-23 16:38]
R1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys [2004-11-26 13:38]
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2004-09-20 06:59]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2004-09-20 06:59]
S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2003-09-05 05:58]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 18:44]
S3 ids0018a;ids0018a;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0018a.sys []
S3 ids00196;ids00196;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00196.sys []
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fbus.sys [2006-11-10 08:55]
S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Fmdfl.sys [2006-11-10 08:55]
S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Fmdm.sys [2006-11-10 08:55]
S3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fmgmt.sys [2006-11-10 08:55]
S3 se2Fnd5;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (NDIS);C:\WINDOWS\system32\DRIVERS\se2Fnd5.sys [2006-11-10 08:55]
S3 SE2Fobex;Sony Ericsson Device 047 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Fobex.sys [2006-11-10 08:55]
S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);C:\WINDOWS\system32\DRIVERS\se2Funic.sys [2006-11-10 08:55]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-08-17 14:43]
*Newly Created Service* - KLSTM
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 18:04:42
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 4228
**************************************************************************
.
Temps d'accomplissement: 2008-03-10 18:07:43
ComboFix-quarantined-files.txt 2008-03-10 17:07:29
ComboFix2.txt 2008-03-10 16:40:20
.
2008-02-17 19:27:43 --- E O F ---
el le nouveau Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:09:59, on 10/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Fichiers communs\AOL\1178891134\ee\AOLSoftware.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Micro Application\Sécurité Internet\Anti-Hacker\KAVPF.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PimpFish Toolbar Opcode Handler - {29C88E20-4234-41B9-A9DB-982958C95FB1} - C:\Program Files\PimpFish\PimpFish.dll
O2 - BHO: {3113c068-5ef6-833a-f614-949b1c2a4e06} - {60e4a2c1-b949-416f-a338-6fe5860c3113} - C:\WINDOWS\system32\mlquvnvx.dll
O2 - BHO: FloatBar Class - {75B1A646-CDCE-4C06-B52F-84F4463B4FC8} - C:\Program Files\PimpFish\FloatBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: PimpFish - {D593DE91-7B41-45C2-830E-E9A99AB142AA} - C:\Program Files\PimpFish\PimpFish.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1178891134\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kav.exe" /minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccf67066] rundll32.exe "C:\WINDOWS\system32\wormqbqf.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: desktop(2).ini
O4 - Startup: desktop(3)(2).ini
O4 - Startup: desktop(3).ini
O4 - Startup: desktop(4).ini
O4 - Global Startup: Anti-Hacker.lnk = ?
O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL 8.0b\aoltray.exe
O4 - Global Startup: desktop(2)(2)(2).ini
O4 - Global Startup: desktop(2)(2).ini
O4 - Global Startup: desktop(2)(3).ini
O4 - Global Startup: desktop(2).ini
O4 - Global Startup: desktop(3)(2).ini
O4 - Global Startup: desktop(3).ini
O4 - Global Startup: desktop(4).ini
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: PimpFish - Saisir cette image - C:\Program Files\PimpFish\GRABPIC.HTM
O8 - Extra context menu item: PimpFish - Saisir le fichier cible - C:\Program Files\PimpFish\GRABLINK.HTM
O8 - Extra context menu item: PimpFish - Saisir les images auxquelles cette page est reliée - C:\Program Files\PimpFish\GRABPAGELINKS.HTM
O8 - Extra context menu item: PimpFish - Saisir les images sur cette page - C:\Program Files\PimpFish\GRABPAGEPICS.HTM
O8 - Extra context menu item: PimpFish - Saisir les vidéos sur cette page - C:\Program Files\PimpFish\GRABPAGEMOVIES.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O20 - Winlogon Notify: hggedeb - hggedeb.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 9459 bytes
Re,
Refais la manipulation que je t'ai donnée ci-dessus, elle n'a pas marché !
Il faut faire avec le script !
Sécurité / Prévention
Répondre à Egwene
ComboFix 08-03-10.1 - jérôme 2008-03-10 18:17:13.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.109 [GMT 1:00]
Endroit: C:\Documents and Settings\jérôme\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\jÚr¶me\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-10 to 2008-03-10 ))))))))))))))))))))))))))))))))))))
.
2008-03-10 17:25 . 2008-03-10 17:25 318,025 --a------ C:\catchme2008-03-10_180131,06.zip
2008-03-10 12:30 . 2008-03-10 12:30 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-03-09 18:34 . 2008-03-09 18:34 91,200 --a------ C:\WINDOWS\system32\mlquvnvx.dll
2008-03-09 18:31 . 2008-03-10 05:27 1,308,581 ---hs---- C:\WINDOWS\system32\fqbqmrow.ini
2008-03-09 18:31 . 2008-03-09 18:31 89,664 --a------ C:\WINDOWS\system32\wnlpgoml.dll
2008-03-09 18:31 . 2008-03-09 18:31 86,592 --a------ C:\WINDOWS\system32\wormqbqf.dll
2008-03-09 12:48 . 2008-03-09 12:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-09 12:48 . 2008-03-09 12:48 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-09 00:32 . 2008-03-10 12:30 <REP> d-------- C:\VundoFix Backups
2008-03-09 00:14 . 2008-03-09 00:14 <REP> d-------- C:\Program Files\Trend Micro
2008-03-08 23:19 . 2008-03-08 23:19 <REP> d-------- C:\Program Files\RegCleaner
2008-03-08 21:00 . 2008-03-08 21:00 136,627 --a------ C:\WINDOWS\POTA777444.exe
2008-03-08 18:33 . 2008-03-09 16:03 1,308,401 ---hs---- C:\WINDOWS\system32\yratvfev.ini
2008-03-07 18:35 . 2008-03-08 09:31 2,209,032 ---hs---- C:\WINDOWS\system32\nlouikau.ini
2008-03-07 18:35 . 2008-03-07 18:35 87,104 --a------ C:\WINDOWS\system32\uakiuoln.dll
2008-03-07 18:32 . 2008-03-07 18:32 90,688 --a------ C:\WINDOWS\system32\ujamaykd.dll
2008-03-07 18:28 . 2008-03-07 18:28 88,640 --a------ C:\WINDOWS\system32\dvucfpya.dll
2008-03-06 17:07 . 2008-03-07 18:31 2,345,403 ---hs---- C:\WINDOWS\system32\sgnbnqpb.ini
2008-03-05 17:07 . 2008-03-06 16:54 1,307,614 ---hs---- C:\WINDOWS\system32\sfvfhgck.ini
2008-03-05 17:05 . 2008-03-05 17:05 52,800 --a------ C:\WINDOWS\system32\vqetmhdq.dll
2008-03-05 16:59 . 2008-03-05 16:59 134 --a------ C:\n.bat
2008-03-05 16:58 . 2008-03-05 16:58 40,960 --a------ C:\Documents and Settings\sylvain\f.exe
2008-03-05 16:58 . 2008-03-05 16:58 300 --a------ C:\2488.bat
2008-03-04 21:26 . 2008-03-04 21:26 52,800 --a------ C:\WINDOWS\system32\jutskicc.dll
2008-03-04 20:51 . 2008-03-04 20:51 <REP> d-------- C:\Program Files\Fichiers communs\Stardock
2008-03-04 20:51 . 2008-03-04 20:51 <REP> d-------- C:\Program Files\CONEXANT
2008-03-04 20:51 . 2008-03-04 21:26 <REP> d-------- C:\Program Files\Alcohol Toolbar
2008-03-04 20:50 . 2008-03-04 20:50 <REP> d-------- C:\Program Files\jv16 PowerTools 2008
2008-03-04 20:50 . 2008-03-04 20:50 <REP> d-------- C:\Program Files\DisqudurProtection
2008-03-04 20:09 . 2008-03-04 20:50 <REP> d-------- C:\Program Files\Fichiers communs\DisqudurProtection
2008-03-04 20:09 . 2008-03-04 20:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\disqudurprotection
2008-03-04 20:09 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-03-04 16:56 . 2008-03-04 16:56 52,800 --------- C:\WINDOWS\system32\wdlrobpr.dll
2008-03-04 16:49 . 2008-03-04 16:49 52,800 --------- C:\WINDOWS\system32\wfftemir.dll
2008-03-03 15:54 . 2008-03-04 20:53 <REP> d-------- C:\Program Files\nvcoi
2008-03-02 15:48 . 2008-03-02 15:48 89,664 --------- C:\WINDOWS\system32\ywrekoks.dll
2008-03-02 15:46 . 2008-03-02 15:46 91,712 --------- C:\WINDOWS\system32\afdakebq.dll
2008-03-02 10:26 . 2008-03-02 10:26 300 --a------ C:\9807.bat
2008-03-02 07:55 . 2008-03-02 07:55 85,568 --a------ C:\WINDOWS\system32\luesctkm.dll
2008-03-02 07:55 . 2008-03-02 07:55 74 ---hs---- C:\WINDOWS\system32\mktcseul.ini
2008-03-02 07:52 . 2008-03-02 07:52 89,664 --------- C:\WINDOWS\system32\vugvfago.dll
2008-03-02 07:49 . 2008-03-02 07:49 163,904 --------- C:\WINDOWS\system32\cqluamqe.dll
2008-03-02 07:45 . 2008-03-02 07:45 91,712 --a------ C:\WINDOWS\system32\ebpegmgm.dll
2008-03-01 10:52 . 2008-03-01 10:52 40,960 --a------ C:\Documents and Settings\jérôme\f.exe
2008-03-01 10:52 . 2008-03-01 10:52 40,960 --a------ C:\Documents and Settings\jérôme\f.exe
2008-03-01 10:51 . 2008-03-08 14:34 <REP> d-------- C:\WINDOWS\system32\iDlo18
2008-03-01 10:51 . 2008-03-10 17:15 <REP> d-------- C:\Temp
2008-03-01 10:51 . 2008-03-01 10:51 300 --a------ C:\8116.bat
2008-03-01 09:39 . 2008-03-01 09:39 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-02-29 15:24 . 2008-02-29 15:24 <REP> d-------- C:\Program Files\Neuf
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-10 14:46 --------- d-----w C:\Documents and Settings\sylvain\Application Data\OpenOffice.org2
2008-03-10 11:08 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2008-03-08 17:14 --------- d-----w C:\Program Files\Image-Line
2008-03-08 15:24 --------- d-----w C:\Program Files\VirtualDJ
2008-03-08 15:20 --------- d-----w C:\Program Files\Java
2008-03-08 13:52 --------- d-----w C:\Program Files\NetBattle
2008-03-06 19:19 --------- d-----w C:\Documents and Settings\jérôme\Application Data\Azureus
2008-03-04 19:51 --------- d-----w C:\Program Files\AlienGUIse
2008-03-04 17:55 --------- d-----w C:\Program Files\UBISOFT
2008-03-01 08:44 --------- d-----w C:\Program Files\LimeWire
2008-02-25 09:11 --------- d-----w C:\Documents and Settings\jérôme\Application Data\Apple Computer
2008-02-24 08:50 --------- d-----w C:\Program Files\Bodom-Child - RaBBi
2008-02-24 08:49 --------- d-----w C:\Program Files\Starcraft
2008-02-21 07:40 --------- d-----w C:\Documents and Settings\monika.CARON-93FE8C8F3\Application Data\AOL
2008-02-10 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-01-28 06:44 --------- d-----w C:\Program Files\Datel
2008-01-25 18:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-20 00:45 --------- d-----w C:\Documents and Settings\jérôme\Application Data\OpenOffice.org2
2007-12-27 12:47 286,720 ----a-w C:\WINDOWS\iun507.exe
2007-10-01 11:15 282,628 ----a-w C:\WINDOWS\Fonts\Setup.exe
2007-08-07 10:13 150,966 --sh--w C:\WINDOWS\Resources\Themes\DameK UltraBlue\irunin.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60e4a2c1-b949-416f-a338-6fe5860c3113}]
2008-03-09 18:34 91200 --a------ C:\WINDOWS\system32\mlquvnvx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 14:32 700416]
"WINSOS VERIFY"="C:\Program Files\Winsos\WINSOS.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 14:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-11-02 14:53 77824 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-12-10 15:38 2749440 C:\WINDOWS\ALCWZRD.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-20 13:09 4583424]
"nwiz"="nwiz.exe" [2004-09-20 13:09 921600 C:\WINDOWS\system32\nwiz.exe]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 05:59 878080]
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2007-06-21 11:01 70952]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
"HostManager"="C:\Program Files\Fichiers communs\AOL\1178891134\ee\AOLSoftware.exe" [2006-11-17 14:16 50736]
"EPSON Stylus Photo RX520 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.exe" [2005-04-07 05:00 98304]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 20:33 57344]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-01-05 14:24 26112]
"KAVPersonal50"="C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kav.exe" [2004-11-26 13:32 155751]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"ccf67066"="C:\WINDOWS\system32\wormqbqf.dll" [2008-03-09 18:31 86592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
C:\Documents and Settings\sylvain\Menu D‚marrer\Programmes\D‚marrage\
desktop(2)(2)(2).ini [2007-05-11 13:13:17 84]
desktop(2)(2).ini [2007-05-11 13:13:17 84]
desktop(2)(3).ini [2007-05-11 13:13:17 84]
desktop(2).ini [2007-05-11 13:13:17 84]
desktop(3)(2).ini [2007-05-11 13:13:17 84]
desktop(3).ini [2007-05-11 13:13:17 84]
OpenOffice.org 2.2(2).lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 15:54:56 393216]
OpenOffice.org 2.2(3).lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 15:54:56 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggedeb]
hggedeb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-08-15 19:15 271672 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-01-05 14:24 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 15:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Games\\DUKE3D\\eduke32.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\BitZip\\bitzip.exe"=
"C:\\Program Files\\ZyDAS Technology Corporation\\ZyDAS_802.11g_Utility\\ZDWlan.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\1178891134\\ee\\aolsoftware.exe"=
"C:\\Program Files\\AOL 9.0 VR\\waol.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\System Information\\sinf.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 Klick;Klick;C:\WINDOWS\system32\drivers\klick.sys [2004-11-19 11:11]
R0 Klin;Klin;C:\WINDOWS\system32\drivers\klin.sys [2004-11-19 11:11]
R0 Klpf;Klpf;C:\WINDOWS\system32\drivers\Klpf.sys [2004-11-23 16:38]
R0 Klpid;Klpid;C:\WINDOWS\system32\drivers\Klpid.sys [2004-11-23 16:38]
R1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys [2004-11-26 13:38]
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2004-09-20 06:59]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2004-09-20 06:59]
R3 ids00026;ids00026;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys [2004-11-19 13:10]
R3 klstm;klstm;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\klstm.sys [2004-11-19 13:12]
S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2003-09-05 05:58]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 18:44]
S3 ids0018a;ids0018a;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0018a.sys []
S3 ids00196;ids00196;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00196.sys []
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fbus.sys [2006-11-10 08:55]
S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Fmdfl.sys [2006-11-10 08:55]
S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Fmdm.sys [2006-11-10 08:55]
S3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fmgmt.sys [2006-11-10 08:55]
S3 se2Fnd5;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (NDIS);C:\WINDOWS\system32\DRIVERS\se2Fnd5.sys [2006-11-10 08:55]
S3 SE2Fobex;Sony Ericsson Device 047 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Fobex.sys [2006-11-10 08:55]
S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);C:\WINDOWS\system32\DRIVERS\se2Funic.sys [2006-11-10 08:55]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-08-17 14:43]
*Newly Created Service* - IDS00026
*Newly Created Service* - KLSTM
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 18:20:41
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
**************************************************************************
.
Temps d'accomplissement: 2008-03-10 18:24:02
ComboFix-quarantined-files.txt 2008-03-10 17:23:06
ComboFix2.txt 2008-03-10 17:07:44
ComboFix3.txt 2008-03-10 16:40:20
.
2008-02-17 19:27:43 --- E O F ---
si elle a de nouveau pas marche dit moi ce que tu entend exactement par script
Re,
Elle n'a pas marché, on va procéder autrement
1) Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
Ou si le lien ne marche pas ici : http://up.sur-la-toile.com/iadW
- Double-clique sur OTMoveIt.exe pour le lancer.
- Assure toi que la case "Unregister Dll's and Ocx's" soit bien cochée !!!
- Copie le texte qui se trouve dans l'encadré ci-dessous, sans le mot citation, et colle le dans le cadre de gauche de OTMoveIt nommé Paste List of Files/Folders to be moved.
| Citation :
|
- Clique sur MoveIt! pour lancer la suppression.
- Si OTMoveIt propose de redémarrer ton PC, accepte.
- Lorsque un résultat apparaît dans le cadre Results, clique sur Exit.
- Dans ta future réponse, envoie le rapport de OTMoveIt situé sur C:\_OTMoveIt\MovedFiles.
2) Refais un combofix normal ( donc sans script, comme le tout premier que tu as fait ).
Si ces deux manip' ne portent pas leur fruit, c'est qu'il y a un fichier qui relance l'infection donc pas de souci, on va s'en sortir 
Sécurité / Prévention
Répondre à Egwene
OTMoveIt
LoadLibrary failed for C:\WINDOWS\system32\mlquvnvx.dll
C:\WINDOWS\system32\mlquvnvx.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\mlquvnvx.dll scheduled to be moved on reboot.
C:\WINDOWS\system32\fqbqmrow.ini moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\wnlpgoml.dll
C:\WINDOWS\system32\wnlpgoml.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\wnlpgoml.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\wormqbqf.dll
C:\WINDOWS\system32\wormqbqf.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\wormqbqf.dll scheduled to be moved on reboot.
C:\WINDOWS\system32\yratvfev.ini moved successfully.
C:\WINDOWS\system32\nlouikau.ini moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\uakiuoln.dll
C:\WINDOWS\system32\uakiuoln.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\uakiuoln.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\ujamaykd.dll
C:\WINDOWS\system32\ujamaykd.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\ujamaykd.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\dvucfpya.dll
C:\WINDOWS\system32\dvucfpya.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\dvucfpya.dll scheduled to be moved on reboot.
C:\WINDOWS\system32\sgnbnqpb.ini moved successfully.
File/Folder C:\WINDOWS\mrofinu1188.exe not found.
C:\WINDOWS\system32\sfvfhgck.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\vqetmhdq.dll
C:\WINDOWS\system32\vqetmhdq.dll NOT unregistered.
C:\WINDOWS\system32\vqetmhdq.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\jutskicc.dll
C:\WINDOWS\system32\jutskicc.dll NOT unregistered.
C:\WINDOWS\system32\jutskicc.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\ywrekoks.dll
C:\WINDOWS\system32\ywrekoks.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\ywrekoks.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\afdakebq.dll
C:\WINDOWS\system32\afdakebq.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\afdakebq.dll scheduled to be moved on reboot.
File/Folder C:\WINDOWS\system32\qtstv.ini2 not found.
C:\Documents and Settings\sylvain\f.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wdlrobpr.dll
C:\WINDOWS\system32\wdlrobpr.dll NOT unregistered.
C:\WINDOWS\system32\wdlrobpr.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wfftemir.dll
C:\WINDOWS\system32\wfftemir.dll NOT unregistered.
C:\WINDOWS\system32\wfftemir.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\luesctkm.dll
C:\WINDOWS\system32\luesctkm.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\luesctkm.dll scheduled to be moved on reboot.
C:\WINDOWS\system32\mktcseul.ini moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\vugvfago.dll
C:\WINDOWS\system32\vugvfago.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\vugvfago.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\cqluamqe.dll
C:\WINDOWS\system32\cqluamqe.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\cqluamqe.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\ebpegmgm.dll
C:\WINDOWS\system32\ebpegmgm.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\ebpegmgm.dll scheduled to be moved on reboot.
File/Folder C:\WINDOWS\b149.exe not found.
Created on 03/12/2008 07:43:59
combofix
ComboFix 08-03-10.1 - jérôme 2008-03-12 7:47:02.4 - NTFSx86
Endroit: C:\Documents and Settings\jérôme\Bureau\ComboFix.exe
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-12 to 2008-03-12 ))))))))))))))))))))))))))))))))))))
.
2008-03-12 07:43 . 2008-03-12 07:43 <REP> d-------- C:\_OTMoveIt
2008-03-10 17:25 . 2008-03-10 17:25 318,025 --a------ C:\catchme2008-03-10_180131,06.zip
2008-03-10 12:30 . 2008-03-10 12:30 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-03-09 18:34 . 2008-03-09 18:34 91,200 --a------ C:\WINDOWS\system32\mlquvnvx.dll
2008-03-09 18:31 . 2008-03-09 18:31 89,664 --a------ C:\WINDOWS\system32\wnlpgoml.dll
2008-03-09 18:31 . 2008-03-09 18:31 86,592 --a------ C:\WINDOWS\system32\wormqbqf.dll
2008-03-09 12:48 . 2008-03-09 12:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-09 12:48 . 2008-03-09 12:48 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-09 00:32 . 2008-03-10 12:30 <REP> d-------- C:\VundoFix Backups
2008-03-09 00:14 . 2008-03-09 00:14 <REP> d-------- C:\Program Files\Trend Micro
2008-03-08 23:19 . 2008-03-08 23:19 <REP> d-------- C:\Program Files\RegCleaner
2008-03-08 21:00 . 2008-03-08 21:00 136,627 --a------ C:\WINDOWS\POTA777444.exe
2008-03-07 18:35 . 2008-03-07 18:35 87,104 --a------ C:\WINDOWS\system32\uakiuoln.dll
2008-03-07 18:32 . 2008-03-07 18:32 90,688 --a------ C:\WINDOWS\system32\ujamaykd.dll
2008-03-07 18:28 . 2008-03-07 18:28 88,640 --a------ C:\WINDOWS\system32\dvucfpya.dll
2008-03-05 16:59 . 2008-03-05 16:59 134 --a------ C:\n.bat
2008-03-05 16:58 . 2008-03-05 16:58 300 --a------ C:\2488.bat
2008-03-04 20:51 . 2008-03-04 20:51 <REP> d-------- C:\Program Files\Fichiers communs\Stardock
2008-03-04 20:51 . 2008-03-04 20:51 <REP> d-------- C:\Program Files\CONEXANT
2008-03-04 20:51 . 2008-03-04 21:26 <REP> d-------- C:\Program Files\Alcohol Toolbar
2008-03-04 20:50 . 2008-03-04 20:50 <REP> d-------- C:\Program Files\jv16 PowerTools 2008
2008-03-04 20:50 . 2008-03-04 20:50 <REP> d-------- C:\Program Files\DisqudurProtection
2008-03-04 20:09 . 2008-03-04 20:50 <REP> d-------- C:\Program Files\Fichiers communs\DisqudurProtection
2008-03-04 20:09 . 2008-03-04 20:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\disqudurprotection
2008-03-04 20:09 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-03-03 15:54 . 2008-03-04 20:53 <REP> d-------- C:\Program Files\nvcoi
2008-03-02 15:48 . 2008-03-02 15:48 89,664 --------- C:\WINDOWS\system32\ywrekoks.dll
2008-03-02 15:46 . 2008-03-02 15:46 91,712 --------- C:\WINDOWS\system32\afdakebq.dll
2008-03-02 10:26 . 2008-03-02 10:26 300 --a------ C:\9807.bat
2008-03-02 07:55 . 2008-03-02 07:55 85,568 --a------ C:\WINDOWS\system32\luesctkm.dll
2008-03-02 07:52 . 2008-03-02 07:52 89,664 --------- C:\WINDOWS\system32\vugvfago.dll
2008-03-02 07:49 . 2008-03-02 07:49 163,904 --------- C:\WINDOWS\system32\cqluamqe.dll
2008-03-02 07:45 . 2008-03-02 07:45 91,712 --a------ C:\WINDOWS\system32\ebpegmgm.dll
2008-03-01 10:52 . 2008-03-01 10:52 40,960 --a------ C:\Documents and Settings\jérôme\f.exe
2008-03-01 10:52 . 2008-03-01 10:52 40,960 --a------ C:\Documents and Settings\jérôme\f.exe
2008-03-01 10:51 . 2008-03-08 14:34 <REP> d-------- C:\WINDOWS\system32\iDlo18
2008-03-01 10:51 . 2008-03-10 17:15 <REP> d-------- C:\Temp
2008-03-01 10:51 . 2008-03-01 10:51 300 --a------ C:\8116.bat
2008-03-01 09:39 . 2008-03-01 09:39 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-02-29 15:24 . 2008-02-29 15:24 <REP> d-------- C:\Program Files\Neuf
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-12 06:42 --------- d-----w C:\Documents and Settings\jérôme\Application Data\Azureus
2008-03-12 03:37 --------- d-----w C:\Documents and Settings\sylvain\Application Data\OpenOffice.org2
2008-03-10 11:08 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2008-03-08 17:14 --------- d-----w C:\Program Files\Image-Line
2008-03-08 15:24 --------- d-----w C:\Program Files\VirtualDJ
2008-03-08 15:20 --------- d-----w C:\Program Files\Java
2008-03-08 13:52 --------- d-----w C:\Program Files\NetBattle
2008-03-04 19:51 --------- d-----w C:\Program Files\AlienGUIse
2008-03-04 17:55 --------- d-----w C:\Program Files\UBISOFT
2008-03-01 08:44 --------- d-----w C:\Program Files\LimeWire
2008-02-25 09:11 --------- d-----w C:\Documents and Settings\jérôme\Application Data\Apple Computer
2008-02-24 08:50 --------- d-----w C:\Program Files\Bodom-Child - RaBBi
2008-02-24 08:49 --------- d-----w C:\Program Files\Starcraft
2008-02-21 07:40 --------- d-----w C:\Documents and Settings\monika.CARON-93FE8C8F3\Application Data\AOL
2008-02-10 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-01-28 06:44 --------- d-----w C:\Program Files\Datel
2008-01-25 18:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-20 00:45 --------- d-----w C:\Documents and Settings\jérôme\Application Data\OpenOffice.org2
2007-12-27 12:47 286,720 ----a-w C:\WINDOWS\iun507.exe
2007-10-01 11:15 282,628 ----a-w C:\WINDOWS\Fonts\Setup.exe
2007-08-07 10:13 150,966 --sh--w C:\WINDOWS\Resources\Themes\DameK UltraBlue\irunin.dat
.
((((((((((((((((((((((((((((( snapshot@2008-03-10_17.40.01.28 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-02-04 23:09:46 18,214,008 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60e4a2c1-b949-416f-a338-6fe5860c3113}]
2008-03-09 18:34 91200 --a------ C:\WINDOWS\system32\mlquvnvx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 14:32 700416]
"WINSOS VERIFY"="C:\Program Files\Winsos\WINSOS.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 14:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-11-02 14:53 77824 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-12-10 15:38 2749440 C:\WINDOWS\ALCWZRD.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-20 13:09 4583424]
"nwiz"="nwiz.exe" [2004-09-20 13:09 921600 C:\WINDOWS\system32\nwiz.exe]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 05:59 878080]
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2007-06-21 11:01 70952]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
"HostManager"="C:\Program Files\Fichiers communs\AOL\1178891134\ee\AOLSoftware.exe" [2006-11-17 14:16 50736]
"EPSON Stylus Photo RX520 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.exe" [2005-04-07 05:00 98304]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 20:33 57344]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-01-05 14:24 26112]
"KAVPersonal50"="C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kav.exe" [2004-11-26 13:32 155751]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"ccf67066"="C:\WINDOWS\system32\wormqbqf.dll" [2008-03-09 18:31 86592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
C:\Documents and Settings\sylvain\Menu D‚marrer\Programmes\D‚marrage\
desktop(2)(2)(2).ini [2007-05-11 13:13:17 84]
desktop(2)(2).ini [2007-05-11 13:13:17 84]
desktop(2)(3).ini [2007-05-11 13:13:17 84]
desktop(2).ini [2007-05-11 13:13:17 84]
desktop(3)(2).ini [2007-05-11 13:13:17 84]
desktop(3).ini [2007-05-11 13:13:17 84]
OpenOffice.org 2.2(2).lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 15:54:56 393216]
OpenOffice.org 2.2(3).lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 15:54:56 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggedeb]
hggedeb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-08-15 19:15 271672 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-01-05 14:24 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 15:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Games\\DUKE3D\\eduke32.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\BitZip\\bitzip.exe"=
"C:\\Program Files\\ZyDAS Technology Corporation\\ZyDAS_802.11g_Utility\\ZDWlan.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\1178891134\\ee\\aolsoftware.exe"=
"C:\\Program Files\\AOL 9.0 VR\\waol.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\System Information\\sinf.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 Klick;Klick;C:\WINDOWS\system32\drivers\klick.sys [2004-11-19 11:11]
R0 Klin;Klin;C:\WINDOWS\system32\drivers\klin.sys [2004-11-19 11:11]
R0 Klpf;Klpf;C:\WINDOWS\system32\drivers\Klpf.sys [2004-11-23 16:38]
R0 Klpid;Klpid;C:\WINDOWS\system32\drivers\Klpid.sys [2004-11-23 16:38]
R1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys [2004-11-26 13:38]
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2004-09-20 06:59]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2004-09-20 06:59]
R3 ids00026;ids00026;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys [2004-11-19 13:10]
R3 klstm;klstm;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\klstm.sys [2004-11-19 13:12]
S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2003-09-05 05:58]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 18:44]
S3 ids0018a;ids0018a;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0018a.sys []
S3 ids00196;ids00196;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00196.sys []
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fbus.sys [2006-11-10 08:55]
S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Fmdfl.sys [2006-11-10 08:55]
S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Fmdm.sys [2006-11-10 08:55]
S3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fmgmt.sys [2006-11-10 08:55]
S3 se2Fnd5;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (NDIS);C:\WINDOWS\system32\DRIVERS\se2Fnd5.sys [2006-11-10 08:55]
S3 SE2Fobex;Sony Ericsson Device 047 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Fobex.sys [2006-11-10 08:55]
S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);C:\WINDOWS\system32\DRIVERS\se2Funic.sys [2006-11-10 08:55]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-08-17 14:43]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-12 07:51:45
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
**************************************************************************
.
Temps d'accomplissement: 2008-03-12 7:53:53
ComboFix-quarantined-files.txt 2008-03-12 06:52:56
ComboFix2.txt 2008-03-10 17:24:03
ComboFix3.txt 2008-03-10 17:07:44
ComboFix4.txt 2008-03-10 16:40:20
.
2008-03-12 03:38:43 --- E O F ---
ps: je suis en nuit donc je me connecte seulement le matin jusqu'a 10h environ
Message édité par link1985 le 12-03-2008 à 07:55:13
1) Relance Vundofix
* Ne clique pas sur Scan for a vundo"
* Clique droit au milieux de la fenêtre
* Clique sur Add more files ?
* Copie/colle les fichiers ci-dessous ( un par case) :
| Citation : C:\WINDOWS\system32\mlquvnvx.dll
|
* Clique sur "Add files"
* Ensuite clique sur Close Windows
* Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
* Si l'outils demande un redémarrage, accepte
* Poste le rapport Vundofix
2) Télécharge sur ton bureau : Clean (de Malekal) >Tuto<
Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
Double-clic sur clean.cmd. (L%u2019extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé.
Poste le rapport se trouve ici : C:\rapport_clean.txt
Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.
3) Télécharge Deckard's System Scanner (DSS) (ou DSS) sur ton Bureau.
NB : Tu dois être connecté avec des droits d'Administrateur.
- ferme toutes les applications et fenêtres
- double-clique sur dss.exe pour le lancer et suis les instructions ci-dessous
Attention, il est conseillé de stopper temporairement les logiciels résidents de protection (pare-feu, antivirus, etc.)
- s'il s'agit d'une première utilisation ou d'une nouvelle version de DSS :
- tu devras cliquer 2 fois sur le OK des boîtes de dialogue
Attention, si tu tardes trop, la réponse Abandon sera automatiquement validée
- quand le traitement est terminé (clique sur OK), deux fichiers texte s'affichent :
main.txt <- ouvert en premier plan et en plein écran
extra.txt <- ouvert en second plan et en fenêtré (regarde la barre des taches)
S'il s'agit d'une utilisation supplémentaire de DSS :
- tu n'auras pas de boîte de dialogue (pas de OK)
- quand le traitement est terminé, un fichier texte s'affiche :
main.txt <- ouvert en premier plan et en plein écran
- copie (Ctrl+A puis Ctrl+C) et colle (Ctrl+V) le contenu de main.txt dans ton prochain post
- copie de même le contenu de extra.txt dans ton prochain post, si tu as ce fichier (première utilisation)
- n'oublie pas de réactiver les protections si elles ont été stoppées.
Ce que fait DSS :
- crée un point de restauration dans Windows XP et Vista
- nettoie les fichiers temporaires, DPF-Downloaded Program Files et le Cache Internet, vide la Corbeille de tous les lecteurs
- vérifie quelques zones importantes de ton système et établit un rapport pour examen par ton conseiller en sécurité. DSS lance automatiquement HijackThis pour toi; il va aussi créer un raccourci HijackThis sur ton Bureau si tu n'as pas déjà HijackThis d'installé.
Message édité par Egwene le 12-03-2008 à 22:09:30
Sécurité / Prévention
Répondre à Egwene
1) Relance Vundofix
* Ne clique pas sur Scan for a vundo"
* Clique droit au milieux de la fenêtre
* Clique sur Add more files ?
* Copie/colle les fichiers ci-dessous ( un par case) :
Citation :
C:\WINDOWS\system32\mlquvnvx.dll
C:\WINDOWS\system32\wnlpgoml.dll
C:\WINDOWS\system32\wormqbqf.dll
C:\WINDOWS\system32\uakiuoln.dll
C:\WINDOWS\system32\ujamaykd.dll
C:\WINDOWS\system32\dvucfpya.dll
C:\WINDOWS\system32\ywrekoks.dll
C:\WINDOWS\system32\afdakebq.dll
C:\WINDOWS\system32\luesctkm.dll
C:\WINDOWS\system32\vugvfago.dll
C:\WINDOWS\system32\cqluamqe.dll
C:\WINDOWS\system32\ebpegmgm.dll
çà je comprend
Clique sur "Add files"
* Ensuite clique sur Close Windows
* Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
* Si l'outils demande un redémarrage, accepte
* Poste le rapport Vundofix
ja pas de add file ou remove vundo juste scan et fix
Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
Remove vundo est devenu fixvundo
Tu cliques sur "fixvundo" en veillant à ce que les fichiers que je t'ai demandé d'ajouter soient bien cochés
Sécurité / Prévention
Répondre à Egwene
rapport vundofix
VundoFix V7.0.1
Scan started at 09:49:41 14/03/2008
Listing files found while scanning....
No infected files were found.
rapport clean
14/03/2008 a 10:02:19,09
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\Fichiers communs\Totem Shared\" FOUND
"C:\Program Files\vg\" FOUND
"C:\Program Files\Viewpoint\" FOUND
voila les rapport dss
le main.txt
Deckard's System Scanner v20071014.68
Run by jérôme on 2008-03-14 10:08:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
25: 2008-03-14 09:09:02 UTC - RP277 - Deckard's System Scanner Restore Point
24: 2008-03-12 03:37:19 UTC - RP276 - Software Distribution Service 3.0
23: 2008-03-11 17:26:12 UTC - RP275 - Point de vérification système
22: 2008-03-10 17:16:58 UTC - RP274 - ComboFix created restore point
21: 2008-03-10 17:01:19 UTC - RP273 - ComboFix created restore point
-- First Restore Point --
1: 2008-03-04 20:01:19 UTC - RP253 - Point de vérification système
Backed up registry hives.
Performed disk cleanup.
[color=red]Percentage of Memory in Use: 77% (more than 75%).[/color]
-- HijackThis (run as jérôme.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:09:55, on 14/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Fichiers communs\AOL\1178891134\ee\AOLSoftware.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\AOL 9.0 VR\waol.exe
C:\Program Files\Micro Application\Sécurité Internet\Anti-Hacker\KAVPF.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AOL 9.0 VR\shellmon.exe
C:\Documents and Settings\jérôme\Mes documents\dss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\jérôme.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PimpFish Toolbar Opcode Handler - {29C88E20-4234-41B9-A9DB-982958C95FB1} - C:\Program Files\PimpFish\PimpFish.dll
O2 - BHO: {3113c068-5ef6-833a-f614-949b1c2a4e06} - {60e4a2c1-b949-416f-a338-6fe5860c3113} - C:\WINDOWS\system32\mlquvnvx.dll (file missing)
O2 - BHO: FloatBar Class - {75B1A646-CDCE-4C06-B52F-84F4463B4FC8} - C:\Program Files\PimpFish\FloatBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: PimpFish - {D593DE91-7B41-45C2-830E-E9A99AB142AA} - C:\Program Files\PimpFish\PimpFish.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1178891134\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kav.exe" /minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccf67066] rundll32.exe "C:\WINDOWS\system32\wormqbqf.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0 VR\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: desktop(2).ini
O4 - Startup: desktop(3)(2).ini
O4 - Startup: desktop(3).ini
O4 - Startup: desktop(4).ini
O4 - Global Startup: Anti-Hacker.lnk = ?
O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL 8.0b\aoltray.exe
O4 - Global Startup: desktop(2)(2)(2).ini
O4 - Global Startup: desktop(2)(2).ini
O4 - Global Startup: desktop(2)(3).ini
O4 - Global Startup: desktop(2).ini
O4 - Global Startup: desktop(3)(2).ini
O4 - Global Startup: desktop(3).ini
O4 - Global Startup: desktop(4).ini
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
O8 - Extra context menu item: PimpFish - Saisir cette image - C:\Program Files\PimpFish\GRABPIC.HTM
O8 - Extra context menu item: PimpFish - Saisir le fichier cible - C:\Program Files\PimpFish\GRABLINK.HTM
O8 - Extra context menu item: PimpFish - Saisir les images auxquelles cette page est reliée - C:\Program Files\PimpFish\GRABPAGELINKS.HTM
O8 - Extra context menu item: PimpFish - Saisir les images sur cette page - C:\Program Files\PimpFish\GRABPAGEPICS.HTM
O8 - Extra context menu item: PimpFish - Saisir les vidéos sur cette page - C:\Program Files\PimpFish\GRABPAGEMOVIES.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.updatesgate.com/redirect.php (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O20 - Winlogon Notify: hggedeb - hggedeb.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 9631 bytes
-- File Associations -----------------------------------------------------------
[COLOR=red].bat - batfile - DefaultIcon - C:\Program Files\AlienGUIse\Themes\ALXMorph\ALXMorph.icl,65[/COLOR]
[COLOR=red].inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69[/COLOR]
[COLOR=red].ini - inifile - DefaultIcon - C:\Program Files\AlienGUIse\Themes\ALXMorph\ALXMorph.icl,55[/COLOR]
[COLOR=red].txt - txtfile - DefaultIcon - C:\Program Files\AlienGUIse\Themes\ALXMorph\ALXMorph.icl,57[/COLOR]
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 Klick - c:\windows\system32\drivers\klick.sys <Not Verified; Kaspersky Labs; Kaspersky Anti-Virus>
R0 Klin - c:\windows\system32\drivers\klin.sys <Not Verified; Kaspersky Labs; Kaspersky Anti-Virus>
R0 Klpf - c:\windows\system32\drivers\klpf.sys <Not Verified; KL; KL klpf>
R0 Klpid - c:\windows\system32\drivers\klpid.sys <Not Verified; KL; KL klpid>
R1 Klmc - c:\windows\system32\drivers\klmc.sys <Not Verified; Kaspersky Lab; Kaspersky Anti-Virus Personal>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft(R) ASPI Shell>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
S3 BRGSp50 (BRGSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\brgsp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 ids0018a - c:\documents and settings\all users\application data\kaspersky anti-virus personal\5.0\bases\ids0018a.sys (file missing)
S3 ids00196 - c:\documents and settings\all users\application data\kaspersky anti-virus personal\5.0\bases\ids00196.sys (file missing)
S3 USBIO (USBIO Driver (usbio.sys)) - c:\windows\system32\drivers\usbio.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver>
S3 ZD1211BU(ZyDAS) (ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)) - c:\windows\system32\drivers\zd1211bu.sys <Not Verified; ZyDAS Technology Corporation; ZD1211B 802.11 b+g USB LAN Adapter>
S3 ZDPSp50 (ZDPSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\zdpsp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\fichiers communs\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 kavsvc - "c:\program files\micro application\sécurité internet\anti-virus\kavsvc.exe" <Not Verified; Kaspersky Lab; Kaspersky Anti-Virus Personal>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Files created between 2008-02-14 and 2008-03-14 -----------------------------
2008-03-14 10:08:11 0 d-------- C:\upload_moi_CARON-93FE8C8F3
2008-03-10 17:11:46 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-10 17:11:46 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-10 17:11:46 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-10 17:11:46 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-09 00:32:55 0 d-------- C:\VundoFix Backups
2008-03-09 00:14:22 0 d-------- C:\Program Files\Trend Micro
2008-03-08 23:19:55 0 d-------- C:\Program Files\RegCleaner
2008-03-08 21:00:34 136627 --a------ C:\WINDOWS\POTA777444.exe
2008-03-05 16:59:20 134 --a------ C:\n.bat
2008-03-05 16:58:31 300 --a------ C:\2488.bat
2008-03-04 20:51:49 0 d-------- C:\Program Files\CONEXANT
2008-03-04 20:51:42 0 d-------- C:\Program Files\Alcohol Toolbar
2008-03-04 20:51:04 0 d-------- C:\Program Files\Fichiers communs\Stardock
2008-03-04 20:50:25 0 d-------- C:\Program Files\DisqudurProtection
2008-03-04 20:50:02 0 d-------- C:\Program Files\jv16 PowerTools 2008
2008-03-04 20:09:44 0 d-------- C:\Documents and Settings\All Users\Application Data\disqudurprotection
2008-03-04 20:09:32 0 d-------- C:\Program Files\Fichiers communs\DisqudurProtection
2008-03-03 15:54:39 0 d-------- C:\Program Files\nvcoi
2008-03-02 10:33:37 8650752 --a------ C:\Documents and Settings\jérôme\ntuser.dat
2008-03-02 10:26:11 300 --a------ C:\9807.bat
2008-03-01 10:52:11 40960 --a------ C:\Documents and Settings\jérôme\f.exe
2008-03-01 10:51:59 300 --a------ C:\8116.bat
2008-03-01 10:51:47 0 d-------- C:\WINDOWS\system32\iDlo18
2008-03-01 10:51:47 0 d-------- C:\Temp
2008-03-01 09:39:55 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2008-02-29 15:24:58 0 d-------- C:\Program Files\Neuf
2008-02-21 08:41:43 0 d-------- C:\Documents and Settings\monika.CARON-93FE8C8F3\Application Data\Mozilla
2008-02-21 08:41:13 0 d-------- C:\Documents and Settings\monika.CARON-93FE8C8F3\Application Data\Adobe
2008-02-21 08:40:34 0 d-------- C:\Documents and Settings\monika.CARON-93FE8C8F3\Application Data\Macromedia
-- Find3M Report ---------------------------------------------------------------
2008-03-14 09:44:23 0 d-------- C:\Documents and Settings\jérôme\Application Data\Azureus
2008-03-10 12:08:09 0 d-------- C:\Program Files\Fichiers communs\Teleca Shared
2008-03-08 21:01:44 0 d-------- C:\Program Files\Windows NT
2008-03-08 18:14:19 0 d-------- C:\Program Files\Image-Line
2008-03-08 16:24:14 0 d-------- C:\Program Files\VirtualDJ
2008-03-08 16:20:13 0 d-------- C:\Program Files\Java
2008-03-08 14:52:44 0 d-------- C:\Program Files\NetBattle
2008-03-04 20:51:25 0 d-------- C:\Program Files\AlienGUIse
2008-03-04 20:09:32 0 d-------- C:\Program Files\Fichiers communs
2008-03-04 18:55:59 0 d-------- C:\Program Files\UBISOFT
2008-03-01 09:44:36 0 d-------- C:\Program Files\LimeWire
2008-02-29 22:31:04 468072 --a------ C:\WINDOWS\system32\perfh00C.dat
2008-02-29 22:31:04 75266 --a------ C:\WINDOWS\system32\perfc00C.dat
2008-02-25 10:11:15 0 d-------- C:\Documents and Settings\jérôme\Application Data\Apple Computer
2008-02-24 09:50:40 0 d-------- C:\Program Files\Bodom-Child - RaBBi
2008-02-24 09:49:39 0 d-------- C:\Program Files\Starcraft
2008-01-28 07:44:01 0 d-------- C:\Program Files\Datel
2008-01-25 19:30:19 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-20 01:45:47 0 d-------- C:\Documents and Settings\jérôme\Application Data\OpenOffice.org2
2007-12-27 13:47:09 286720 --a------ C:\WINDOWS\iun507.exe <Not Verified; Indigo Rose Corporation; Setup Factory 5.0 Uninstaller>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60e4a2c1-b949-416f-a338-6fe5860c3113}]
C:\WINDOWS\system32\mlquvnvx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [27/10/2004 14:21 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMan"="SOUNDMAN.EXE" [02/11/2004 14:53 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [10/12/2004 15:38 C:\WINDOWS\ALCWZRD.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [20/09/2004 13:09]
"nwiz"="nwiz.exe" [20/09/2004 13:09 C:\WINDOWS\system32\nwiz.exe]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [05/09/2003 05:59]
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [21/06/2007 11:01]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [29/06/2007 05:24]
"HostManager"="C:\Program Files\Fichiers communs\AOL\1178891134\ee\AOLSoftware.exe" [17/11/2006 14:16]
"EPSON Stylus Photo RX520 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.exe" [07/04/2005 05:00]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 11:50]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [23/06/2005 20:33]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [05/01/2008 14:24]
"KAVPersonal50"="C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\kav.exe" [26/11/2004 13:32]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]
"ccf67066"="C:\WINDOWS\system32\wormqbqf.dll" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [05/08/2004 13:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 17:24]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [12/06/2006 14:32]
"WINSOS VERIFY"="C:\Program Files\Winsos\WINSOS.exe" []
"AOL Fast Start"="C:\Program Files\AOL 9.0 VR\AOL.exe" [21/06/2007 12:44]
C:\Documents and Settings\j‚r“me\Menu D‚marrer\Programmes\D‚marrage\
desktop(2).ini [11/05/2007 13:13:17]
desktop(3)(2).ini [11/05/2007 13:13:17]
desktop(3).ini [11/05/2007 13:13:17]
desktop(4).ini [11/05/2007 13:13:17]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Anti-Hacker.lnk - C:\Program Files\Micro Application\S‚curit‚ Internet\Anti-Hacker\KAVPF.exe [22/04/2005 13:22:07]
AOL 8.0 Ic“ne AOL.lnk - C:\Program Files\AOL 8.0b\aoltray.exe [05/01/2008 14:23:28]
desktop(2)(2)(2).ini [11/05/2007 13:13:17]
desktop(2)(2).ini [11/05/2007 13:13:17]
desktop(2)(3).ini [11/05/2007 13:13:17]
desktop(2).ini [11/05/2007 13:13:17]
desktop(3)(2).ini [11/05/2007 13:13:17]
desktop(3).ini [11/05/2007 13:13:17]
desktop(4).ini [11/05/2007 13:13:17]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggedeb]
hggedeb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 20/12/2001 22:34 24576 C:\Program Files\AlienGUIse\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
-- End of Deckard's System Scanner: finished at 2008-03-14 10:10:52 ------------
et le extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Édition familiale (build 2600) SP 2.0
Architecture: X86; Language: French
CPU 0: Intel(R) Pentium(R) 4 CPU 3.40GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 3.40GHz
Percentage of Memory in Use: 78%
Physical Memory (total/avail): 511.29 MiB / 109.7 MiB
Pagefile Memory (total/avail): 1249.37 MiB / 900.57 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1937.88 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 186.3 GiB total, 47.55 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
L: is Removable (No Media)
\\.\PHYSICALDRIVE0 - WDC WD2000JD-00HBB0 - 186.31 GiB - 1 partition
\PARTITION0 (bootable) - Système de fichiers installable - 186.3 GiB - C:
\\.\PHYSICALDRIVE1 - Generic STORAGE DEVICE USB Device
\\.\PHYSICALDRIVE2 - Generic STORAGE DEVICE USB Device
\\.\PHYSICALDRIVE3 - Generic STORAGE DEVICE USB Device
\\.\PHYSICALDRIVE4 - Generic STORAGE DEVICE USB Device
\\.\PHYSICALDRIVE5 - Generic STORAGE DEVICE USB Device
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
FW: Anti-Hacker v1.7.0.130 (Micro Application)
AV: Anti-Virus v5.0.227 (Kaspersky Labs) [COLOR=RED]Disabled[/COLOR]
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Games\\DUKE3D\\eduke32.exe"="C:\\Program Files\\Games\\DUKE3D\\eduke32.exe:*:Enabled:eduke32"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\BitZip\\bitzip.exe"="C:\\Program Files\\BitZip\\bitzip.exe:*:Enabled:bitzip"
"C:\\Program Files\\ZyDAS Technology Corporation\\ZyDAS_802.11g_Utility\\ZDWlan.exe"="C:\\Program Files\\ZyDAS Technology Corporation\\ZyDAS_802.11g_Utility\\ZDWlan.exe:*:Enabled:ZDWLan Utility"
"C:\\Program Files\\Fichiers communs\\AOL\\1178891134\\ee\\aolsoftware.exe"="C:\\Program Files\\Fichiers communs\\AOL\\1178891134\\ee\\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\\Program Files\\AOL 9.0 VR\\waol.exe"="C:\\Program Files\\AOL 9.0 VR\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Fichiers communs\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"="C:\\Program Files\\Fichiers communs\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Fichiers communs\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Fichiers communs\\AOL\\System Information\\sinf.exe:*:Enabled:AOL System Information"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\jérôme\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=CARON-93FE8C8F3
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\jérôme
LOGONSERVER=\\CARON-93FE8C8F3
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Fichiers communs\Teleca Shared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JRME~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\JRME~1\LOCALS~1\Temp
USERDOMAIN=CARON-93FE8C8F3
USERNAME=jérôme
USERPROFILE=C:\Documents and Settings\jérôme
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
sylvain [I](admin)[/I]
jérôme [I](admin)[/I]
fabrice [I](admin)[/I]
monika.CARON-93FE8C8F3 [I](admin)[/I]
-- Add/Remove Programs ---------------------------------------------------------
--> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x040c
--> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x040c
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x040c
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MTP_U\Setup.exe" /remove /l0x040c
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_NOMADJUKEBOXTYPE2_U\Setup.exe" /remove /l0x040c
--> "C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x040c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DF9BF77-7E10-4973-965E-3B7013ABEA6D}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DF9BF77-7E10-4973-965E-3B7013ABEA6D}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x40c
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Action Replay Code Manager --> "C:\Program Files\Datel\Action Replay Code Manager\unins000.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.1 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Edition Découverte 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Alcohol Toolbar --> "C:\WINDOWS\Alcohol_Toolbar_Uninstaller_7937.exe" _?=C:\Program Files\Alcohol Toolbar
AlienGUIse Theme Manager --> C:\PROGRA~1\ALIENG~1\thememgr.exe /uninstallwise
Anti-Hacker --> "C:\Program Files\Micro Application\Sécurité Internet\Anti-Hacker\uninstall.exe"
Anti-Virus --> "C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus\uninstall.exe"
AOL - Assistant de désinstallation --> C:\Program Files\Fichiers communs\AOL\uninstaller.exe
AOL France --> C:\Program Files\Fichiers communs\aolshare\Aolunins_fr.exe
AOL Toolbar 5.0 --> "C:\Program Files\AOL\AOL Toolbar 5.0\uninstall.exe"
Apple Mobile Device Support --> MsiExec.exe /I{763E8D6C-0098-4FF4-801A-3F311D2D9D80}
Apple Software Update --> MsiExec.exe /I{492724FC-3B26-46B4-824F-3CE2722D9AA0}
Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe
ArcSoft PhotoImpression 6 --> C:\Program Files\InstallShield Installation Information\{E7E01744-E50E-4B93-AD73-AEF0AC65BD88}\setup.exe -runfromtemp -l0x0009 -removeonly
ASIO4ALL --> C:\Program Files\ASIO4ALL v2\uninstall.exe
AudibleManager --> C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
Audio Conversion Wizard 2.0 --> "C:\Program Files\LitexMedia\Audio Conversion Wizard\unins000.exe"
Azureus --> C:\Program Files\Azureus\Uninstall.exe
battlestarTheme --> C:\Documents and Settings\fabrice\Mes documents\UninstTheme.exe "C:\Documents and Settings\fabrice\Mes documents\battlestar.theme"
Command & Conquer Die ersten 10 Jahre --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66D6F3BD-CA23-41A4-9FA3-96B26B32528D}\setup.exe" -l0x7 -removeonly
Correctif Lecteur Windows Media 10 - KB895316 --> "C:\WINDOWS\$NtUninstallKB895316$\spuninst\spuninst.exe"
Correctif pour Lecteur Windows Media 11 (KB939683) --> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif Windows XP - KB834707 -->
Correctif Windows XP - KB873339 -->
Correctif Windows XP - KB883517 --> C:\WINDOWS\$NtUninstallKB883517$\spuninst\spuninst.exe
Correctif Windows XP - KB883529 --> C:\WINDOWS\$NtUninstallKB883529$\spuninst\spuninst.exe
Correctif Windows XP - KB883667 -->
Correctif Windows XP - KB884020 --> C:\WINDOWS\$NtUninstallKB884020$\spuninst\spuninst.exe
Correctif Windows XP - KB884575 --> C:\WINDOWS\$NtUninstallKB884575$\spuninst\spuninst.exe
Correctif Windows XP - KB885222 --> C:\WINDOWS\$NtUninstallKB885222$\spuninst\spuninst.exe
Correctif Windows XP - KB885295 --> C:\WINDOWS\$NtUninstallKB885295$\spuninst\spuninst.exe
Correctif Windows XP - KB885523 --> C:\WINDOWS\$NtUninstallKB885523$\spuninst\spuninst.exe
Correctif Windows XP - KB885835 -->
Correctif Windows XP - KB885836 -->
Correctif Windows XP - KB885894 --> C:\WINDOWS\$NtUninstallKB885894$\spuninst\spuninst.exe
Correctif Windows XP - KB886185 -->
Correctif Windows XP - KB886677 --> C:\WINDOWS\$NtUninstallKB886677$\spuninst\spuninst.exe
Correctif Windows XP - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Correctif Windows XP - KB887742 --> C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Correctif Windows XP - KB887797 --> C:\WINDOWS\$NtUninstallKB887797$\spuninst\spuninst.exe
Correctif Windows XP - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Correctif Windows XP - KB890175 --> C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Correctif Windows XP - KB890831 --> C:\WINDOWS\$NtUninstallKB890831$\spuninst\spuninst.exe
Correctif Windows XP - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Correctif Windows XP - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x40c /remove
Creative System Information --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c /remove
Creative ZEN Vision M Series --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31C44235-A613-4E95-B297-207BF6C6A8C1}\SETUP.EXE" -l0x40c /remove
DameK UltraBlue --> C:\WINDOWS\iun6002.exe "C:\WINDOWS\Resources\Themes\DameK UltraBlue\irunin.ini"
Disc2Phone --> MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
Ecran de veille AOL Photos --> C:\Program Files\Fichiers communs\AOL\Screensaver\uninst_ygpss.exe
EDuke32 1.4.0 beta 2 --> C:\Program Files\Games\DUKE3D\uninst.exe
Empereur : L'Empire du Milieu 1.0.1.0 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{821DABD6-26F2-49E5-AE55-40A589ADBE6D}\Setup.exe" -l0x40c
EPSON Attach To Email --> C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x40c -UnInstall
EPSON Easy Photo Print --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27F650A9-6FAB-41C8-8621-92FF0118B0C4}\SETUP.EXE" -l0x40c UNINST
EPSON File Manager --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x40c UNINST
EPSON Image Clip Palette --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{314F6D08-A8B7-11D8-8446-0050BA1D384D}\Setup.exe" -l0x40c -u
EPSON Logiciel imprimante --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Scan Assistant --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x40c -u
EPSON Web-To-Page --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x40c -anything
ESPRX520 Guide d'utilisation --> C:\Program Files\EPSON\TPMANUAL\ESPRX520\USE_G\DOCUNINS.EXE
FL Studio 7 --> C:\Program Files\Image-Line\FL Studio 7\uninstall.exe
Fx Audio Converter --> C:\PROGRA~1\FXAUDI~1\UNWISE.EXE C:\PROGRA~1\FXAUDI~1\INSTALL.LOG
Gestionnaire de disques amovible Creative --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x40c /remove
Haali Media Splitter --> "C:\Program Files\Matroska Pack\haali\uninstall.exe"
High Definition Audio Driver Package - KB888111 -->
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IL Download Manager --> C:\Program Files\Image-Line\Downloader\uninstall.exe
iTunes --> MsiExec.exe /I{974C05A0-C76C-4724-A9A2-11D5D1355729}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Matroska Pack --> C:\Program Files\Matroska Pack\uninstall.exe
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office PowerPoint Viewer 2007 (French) --> MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour de sécurité pour Lecteur Windows Media (KB911564) --> "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) --> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB929969) --> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB931768) --> "C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB933566) --> "C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB937143) --> "C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB942615) --> "C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB944533) --> "C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB942840) --> "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB946627) --> "C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MultiMedia Software --> C:\Program Files\Video Add-on\uninst.exe
Myst IV - Revelation --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{96F702F3-7CA4-41B5-A70A-4F348DF99A9A}\setup.exe" -l0x40c
Myst V End Of Ages --> C:\Program Files\Ubisoft\Cyan Worlds\Myst V End Of Ages\_uninst\uninstaller.exe
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 2 SE --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Neuf - Kit de connexion --> C:\Program Files\Neuf\Kit\uninstall.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenAL --> "C:\Program Files\OpenAL\oalinst.exe" /U
OpenOffice.org 2.2 --> MsiExec.exe /I{3B7E7EF8-1680-4894-9D35-86BAB9EEB6AC}
PIF DESIGNER --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B90450DF-E781-46FD-B1F1-0C86DA40E443}\SETUP.EXE" -l0x40c anything
PimpFish --> "C:\Program Files\PimpFish\Uninstall.exe" "C:\Program Files\PimpFish\install.log"
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Ramdam Classique --> "C:\WINDOWS\gotouninstall.exe" "C:\Program Files\GOTO.games\Ramdam Classique\GOTOUNINSTALL.INI"
RealPlayer Basic --> C:\Program Files\Fichiers communs\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
RGSS-RTP Standard --> MsiExec.exe /I{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}
Riven --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA52E3D6-E486-4628-9C40-54E1F7583B53}\setup.exe" -l0x7
Réussir son Code de la Route --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6183FB3A-9BF2-405C-B3CD-86154BE2BC95}\SETUP.EXE" -l0x40c -removeonly
Réussir son Code de la Route - 10 Examens Blancs --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F2AF5639-7316-449D-A9F3-E54C11FEF915}\SETUP.EXE" -l0x40c -removeonly
SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F20&SUBSYS_200014F1
Sony Ericsson PC Suite --> MsiExec.exe /I{B56B1487-9A26-4AFD-A1FD-949C40F5F2BC}
SpeedTouch USB Software --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\setup.exe" /l040c -Control_Panel
Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Strip Kittens - Club Alex --> C:\WINDOWS\iun507.exe C:\Documents and Settings\jérôme\Mes documents\Azureus Downloads\Strip Kittens - Sexy Virtuels Girls 3D\Strip Kittens\alex-strip-irunin.ini
UxTheme Multipatcher Fr --> C:\Program Files\UxTheme Multipatcher Fr\uninstall.exe
VideoLAN VLC media player 0.8.6b --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Warzone 2100 --> C:\Program Files\Warzone 2100\uninstall.exe
Windows Live Messenger --> MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinHTTrack Website Copier 3.41-3 --> "C:\Program Files\WinHTTrack\unins000.exe"
ZENcast Organizer --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x40c /remove
-- Application Event Log -------------------------------------------------------
Event Record #/Type2348 / Error
Event Submitted/Written: 03/13/2008 04:47:00 AM
Event ID/Source: 1001 / Application Hang
Event Description:
Détecteur d'erreurs 157118984.
Event Record #/Type2347 / Error
Event Submitted/Written: 03/13/2008 04:46:47 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Application bloquée KAVPF.exe, version 1.7.0.130, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
Event Record #/Type2346 / Error
Event Submitted/Written: 03/13/2008 04:46:37 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Application bloquée KAVPF.exe, version 1.7.0.130, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
Event Record #/Type2332 / Error
Event Submitted/Written: 03/11/2008 07:34:44 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Application bloquée explorer.exe, version 6.0.2900.3156, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
Event Record #/Type2331 / Error
Event Submitted/Written: 03/11/2008 07:34:42 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Application bloquée explorer.exe, version 6.0.2900.3156, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type2446 / Warning
Event Submitted/Written: 03/14/2008 09:45:52 AM
Event ID/Source: 15208 / WPDMTPDriver
Event Description:
MTP Protocol Driver has detected that the device 'Creative Technology Ltd, Creative Zen Vision:M, 1.40.02_0.00.22' cannot accept read-only properties when creating new objects ((27)).
Event Record #/Type2438 / Warning
Event Submitted/Written: 03/14/2008 09:40:42 AM
Event ID/Source: 15208 / WPDMTPDriver
Event Description:
MTP Protocol Driver has detected that the device 'Creative Technology Ltd, Creative Zen Vision:M, 1.40.02_0.00.22' cannot accept read-only properties when creating new objects ((27)).
Event Record #/Type2436 / Warning
Event Submitted/Written: 03/14/2008 09:34:36 AM
Event ID/Source: 15208 / WPDMTPDriver
Event Description:
MTP Protocol Driver has detected that the device 'Creative Technology Ltd, Creative Zen Vision:M, 1.40.02_0.00.22' cannot accept read-only properties when creating new objects ((27)).
Event Record #/Type2379 / Warning
Event Submitted/Written: 03/13/2008 07:13:53 AM
Event ID/Source: 15208 / WPDMTPDriver
Event Description:
MTP Protocol Driver has detected that the device 'Creative Technology Ltd, Creative Zen Vision:M, 1.40.02_0.00.22' cannot accept read-only properties when creating new objects ((27)).
Event Record #/Type2378 / Error
Event Submitted/Written: 03/13/2008 07:13:43 AM
Event ID/Source: 15300 / WPDMTPDriver
Event Description:
MTP WPD Driver has failed to start. Error 0x8007001f.
-- End of Deckard's System Scanner: finished at 2008-03-14 10:10:52 ------------
On avance bien mais ce n'est pas encore fini, tu étais plutôt bien infecté(e)
1) As-tu ton CD de windows ?
2) ~Redémarre l'ordinateur en mode sans échec (F8 au démarrage de l'ordinateur)
Aide
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 2 puis patiente.
~Redémarre normalement
Poste le rapport clean qui se trouve en C:\rapport_clean.txt
Message édité par Egwene le 14-03-2008 à 12:28:07
Sécurité / Prévention
Répondre à Egwene
Il y a 1923 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
