Avast message de flood boite mail

Tom's Guide > Forum > Sécurité - Virus > Avast message de flood boite mail

Avast message de flood boite mail - Sécurité - Virus

TomsGuide.com : 800 000 inscrits répondent à toutes vos questions high-tech et informatique. Pour obtenir de l'aide, inscrivez-vous gratuitement !

Répondre

Page : Page Précédente 1 2 Page Suivante Bas de page Chercher dans ce sujet

Bonjour,
voila j'ai Avast qui me dit toute les 2 seconde que j'ai trode mail identiques envoyés dans un faible intervalle de temps
rapport hyjackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:17:32, on 17/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\visual-tooltip-crystalxp.net-fr-197\VisualToolTip.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\vsnpstd2.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\OLITEC - Moniteur réseau 802.11g\WlanUtil.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\cmd.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\visual-tooltip-crystalxp.net-fr-197\VisualToolTip.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Lancer l'utilitaire Olitec.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Ouvrir avec GetRight - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Télecharger avec GetRight - C:\Program Files\GetRight\GRdownload.htm
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/p [...] nicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driv [...] eqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driv [...] rtScan.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - (no file)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

--
End of file - 13546 bytes

Rapport smitfraudfix:

SmitFraudFix v2.305

Rapport fait à 21:14:21,92, 17/03/2008
Executé à partir de C:\Documents and Settings\Compaq_Propriétaire\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\visual-tooltip-crystalxp.net-fr-197\VisualToolTip.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\vsnpstd2.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\OLITEC - Moniteur réseau 802.11g\WlanUtil.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Propriétaire

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Propriétaire\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\COMPAQ~1\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\NetProject\ PRESENT !
C:\Program Files\Sotfone\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Hamachi Network Interface
DNS Server Search Order: 15.243.128.51
DNS Server Search Order: 15.243.160.51

Description: Bluetooth PAN Network Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.30.1
DNS Server Search Order: 0.0.0.0

Description: Stick USB 802.11g OLITEC #2 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.30.1
DNS Server Search Order: 0.0.0.0

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3CDA0133-B9D4-47D5-98C6-956C9BC3790E}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\..\{4A88FBE6-8BE0-4549-B885-40C9B3BA8B7D}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3CDA0133-B9D4-47D5-98C6-956C9BC3790E}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4A88FBE6-8BE0-4549-B885-40C9B3BA8B7D}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3CDA0133-B9D4-47D5-98C6-956C9BC3790E}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4A88FBE6-8BE0-4549-B885-40C9B3BA8B7D}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

Répondre

Inscrivez-vous ou connectez-vous pour masquer ceci.

:hello:

1) Redémarre en mode sans échec

Lance SmitfraudFix.exe et choisis cette fois l'Option 2 et réponds oui à la ou les questions.
Sauvegarde le rapport sur ton Bureau.

Redémarre normalement.

Poste le rapport généré par SmitfraudFix ainsi qu’un nouveau hijackthis.

2) Télécharge Deckard's System Scanner (DSS) (ou DSS) sur ton Bureau.
NB : Tu dois être connecté avec des droits d'Administrateur.

ferme toutes les applications et fenêtres
double-clique sur dss.exe pour le lancer et suis les instructions ci-dessous

Attention, il est conseillé de stopper temporairement les logiciels résidents de protection (pare-feu, antivirus, etc.)

s'il s'agit d'une première utilisation ou d'une nouvelle version de DSS :
tu devras cliquer 2 fois sur le OK des boîtes de dialogue

Attention, si tu tardes trop, la réponse Abandon sera automatiquement validée

quand le traitement est terminé (clique sur OK), deux fichiers texte s'affichent :

main.txt <- ouvert en premier plan et en plein écran
extra.txt <- ouvert en second plan et en fenêtré (regarde la barre des taches)
S'il s'agit d'une utilisation supplémentaire de DSS :

tu n'auras pas de boîte de dialogue (pas de OK)
quand le traitement est terminé, un fichier texte s'affiche :

main.txt <- ouvert en premier plan et en plein écran

copie (Ctrl+A puis Ctrl+C) et colle (Ctrl+V) le contenu de main.txt dans ton prochain post
copie de même le contenu de extra.txt dans ton prochain post, si tu as ce fichier (première utilisation)
n'oublie pas de réactiver les protections si elles ont été stoppées.

Ce que fait DSS :

crée un point de restauration dans Windows XP et Vista
nettoie les fichiers temporaires, DPF-Downloaded Program Files et le Cache Internet, vide la Corbeille de tous les lecteurs
vérifie quelques zones importantes de ton système et établit un rapport pour examen par ton conseiller en sécurité. DSS lance automatiquement HijackThis pour toi; il va aussi créer un raccourci HijackThis sur ton Bureau si tu n'as pas déjà HijackThis d'installé.

------------------------------ Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
Répondre à Egwene

voici les rapport :

hyjackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:23:36, on 18/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\visual-tooltip-crystalxp.net-fr-197\VisualToolTip.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\OLITEC - Moniteur réseau 802.11g\WlanUtil.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\visual-tooltip-crystalxp.net-fr-197\VisualToolTip.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Lancer l'utilitaire Olitec.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Ouvrir avec GetRight - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Télecharger avec GetRight - C:\Program Files\GetRight\GRdownload.htm
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/p [...] nicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driv [...] eqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driv [...] rtScan.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - (no file)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

--
End of file - 13457 bytes

smitfraudfix :

SmitFraudFix v2.305

Rapport fait à 7:23:54,28, 18/03/2008
Executé à partir de C:\Documents and Settings\Compaq_Propriétaire\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\visual-tooltip-crystalxp.net-fr-197\VisualToolTip.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\OLITEC - Moniteur réseau 802.11g\WlanUtil.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Propriétaire

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Propriétaire\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\COMPAQ~1\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Hamachi Network Interface
DNS Server Search Order: 15.243.128.51
DNS Server Search Order: 15.243.160.51

Description: Bluetooth PAN Network Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.30.1
DNS Server Search Order: 0.0.0.0

HKLM\SYSTEM\CCS\Services\Tcpip\..\{4A88FBE6-8BE0-4549-B885-40C9B3BA8B7D}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4A88FBE6-8BE0-4549-B885-40C9B3BA8B7D}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3CDA0133-B9D4-47D5-98C6-956C9BC3790E}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4A88FBE6-8BE0-4549-B885-40C9B3BA8B7D}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

extra.txt :

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Édition familiale (build 2600) SP 2.0
Architecture: X86; Language: French

CPU 0: AMD Athlon(tm) 64 Processor 3500+
Percentage of Memory in Use: 45%
Physical Memory (total/avail): 959.36 MiB / 523.34 MiB
Pagefile Memory (total/avail): 2313.75 MiB / 1834.89 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1934.75 MiB

C: is Fixed (NTFS) - 143.44 GiB total, 95.97 GiB free.
D: is Fixed (FAT32) - 5.6 GiB total, 0.69 GiB free.
E: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
L: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1600JS-60NCB1 - 149.05 GiB - 2 partitions
\PARTITION0 (bootable) - Système de fichiers installable - 143.44 GiB - C:
\PARTITION1 - Unknown - 5.61 GiB - D:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: avast! antivirus 4.7.1098 [VPS 080318-0] v4.7.1098 (ALWIL Software) [COLOR=RED]Disabled[/COLOR]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"="C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe:*:Enabled:CyberLink PowerCinema"
"C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"="C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\utorrent\\utorrent.exe"="C:\\Program Files\\utorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\\Program Files\\InstantTouch\\bin\\CmCenterV2.exe"="C:\\Program Files\\InstantTouch\\bin\\CmCenterV2.exe:*:Enabled:CmCenter Module"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix"
"C:\\Program Files\\Steam\\SteamApps\\aureliensld\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\aureliensld\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\SteamApps\\aureliensld\\condition zero\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\aureliensld\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\SteamApps\\aureliensld\\condition zero deleted scenes\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\aureliensld\\condition zero deleted scenes\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Metin2_France\\metin2.bin"="C:\\Program Files\\Metin2_France\\metin2.bin:*isabled:metin2"
"C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabledownload Accelerator Plus (DAP)"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\StreamMyGame\\streamer_server.exe"="C:\\Program Files\\StreamMyGame\\streamer_server.exe:*:Enabled:Streamer Server"
"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"="C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe:*:Enabled:Render Manager"
"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"="C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe:*:EnabledMSRegisterFile"
"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"="C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe:*:Enabled:umi"
"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"="C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe:*:Enabledinnacle VideoSpin"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"
"C:\\Program Files\\HLSW\\hlsw.exe"="C:\\Program Files\\HLSW\\hlsw.exe:*:Enabled:HLSW Application"
"C:\\Program Files\\css no-steam\\css_no-steam_by33.1\\hl2.exe"="C:\\Program Files\\css no-steam\\css_no-steam_by33.1\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\SteamApps\\aureliensld\\dedicated server\\hlds.exe"="C:\\Program Files\\Steam\\SteamApps\\aureliensld\\dedicated server\\hlds.exe:*:Enabled:HLDS Launcher"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"="C:\\Program Files\\Microsoft Games\\Halo\\halo.exe:*:Enabled:Halo"
"C:\\WINDOWS\\system32\\java.exe"="C:\\WINDOWS\\system32\\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"c:\\d.exe"="c:\\d.exe:*:Enabled:enable"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Compaq_Propriétaire\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=NOM-EB85C523610
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Compaq_Propriétaire
LANG=fr
LOGONSERVER=\\NOM-EB85C523610
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Program Files\Fichiers communs\GTK\2.0\bin;C:\Program Files\Pinnacle\Shared Files
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 79 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=c:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp
USERDOMAIN=NOM-EB85C523610
USERNAME=Compaq_Propriétaire
USERPROFILE=C:\Documents and Settings\Compaq_Propriétaire
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Compaq_Propriétaire [I](admin)[/I]
Administrateur [I](admin)[/I]

-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}
--> MsiExec.exe /X{69495273-FCDC-4A86-BCB7-49B504D3FB0E}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Fichiers communs\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash CS3 Professional --> C:\Program Files\Fichiers communs\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player 9 Plugin --> MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Reader 7.0.5 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70500000002}
Adobe Setup --> MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup --> MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
AGEIA PhysX v7.03.21 --> MsiExec.exe /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}
Amélioration de nos services --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1036
Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
µTorrent 1.6.1 (Build 490) --> C:\Program Files\utorrent\Uninstal.exe
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
Audiosurf Demo --> "C:\Program Files\Steam\steam.exe" steam://uninstall/12910
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Blender (remove only) --> "C:\Program Files\Blender Foundation\Blender\uninstall.exe"
BlueSoleil --> MsiExec.exe /X{996D8BB8-9B47-46C7-92DC-DCCE64467AB8}
BS Hacker Unlimited (remove only) --> "C:\Program Files\BS Hacker Unlimited\Uninstall.exe"
Cariboost 2.0 --> "C:\Program Files\Intuisphere\Cariboost 2.0\unins000.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Condition Zero --> "C:\Program Files\Steam\steam.exe" steam://uninstall/80
Condition Zero Deleted Scenes --> "C:\Program Files\Steam\steam.exe" steam://uninstall/100
ConnectionServices --> "C:\Program Files\ConnectionServices\Uninstall.exe"
Connexion Facile à Internet --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1036
Correctif pour Lecteur Windows Media 11 (KB939683) --> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB893357) --> "C:\WINDOWS\$NtUninstallKB893357$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB906569) --> "C:\WINDOWS\$NtUninstallKB906569$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB935448) --> "C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Correctif Windows XP - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Correctif Windows XP - KB883667 --> C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe
Correctif Windows XP - KB885250 --> C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Correctif Windows XP - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Correctif Windows XP - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Correctif Windows XP - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Correctif Windows XP - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Correctif Windows XP - KB887742 --> C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Correctif Windows XP - KB888113 --> C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Correctif Windows XP - KB888239 --> C:\WINDOWS\$NtUninstallKB888239$\spuninst\spuninst.exe
Correctif Windows XP - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Correctif Windows XP - KB890175 --> C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Correctif Windows XP - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Correctif Windows XP - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Correctif Windows XP - KB892050 --> "C:\WINDOWS\$NtUninstallKB892050$\spuninst\spuninst.exe"
Correctif Windows XP - KB893066 --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Dedicated Server --> "C:\Program Files\Steam\steam.exe" steam://uninstall/5
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Accelerator Plus (DAP) --> C:\PROGRA~1\DAP\DAPREMOVE.EXE
E-Anim 8.01 --> C:\Program Files\E-Anim801\Uninstal.exe
FileZilla Client 3.0.7 --> C:\Program Files\FileZilla Client\uninstall.exe
Galerie de photos Windows Live --> MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
GetTubeVideo 2.0 --> C:\Program Files\GetTubeVideo 2.0\uninst.exe
GIMP 2.4.1 --> "C:\Program Files\GIMP-2.0\setup\unins000.exe"
GOM Player --> "C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
GTK+ 2.10.13 runtime environment --> "C:\Program Files\Fichiers communs\GTK\2.0\setup\unins000.exe"
Half-Life Model Viewer 1.25 --> C:\Program Files\Half-Life Model Viewer\Uninstal.exe
Hamachi 1.0.2.5 --> C:\Program Files\Hamachi\uninstall.exe
High Definition Audio - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLSW v1.2.1 --> "C:\Program Files\HLSW\unins000.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Boot Optimizer --> MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP DVD Play 2.1 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
ICQ6 --> C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe -runfromtemp -l0x0009 -removeonly
J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Mega Codec Pack 1.32 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Lame ACM MP3 Codec --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\WINDOWS\INF\LameACM.inf
Lexmark X1100 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBKUN5C.EXE -dLexmark X1100 Series
LG GSM PC Components --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{09A2D5BB-8184-4F56-9667-6692CC513792}\setup.exe" -l0x40c
LG USB Modem Driver --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x40c -removeonly
LibUSB-Win32-0.1.10.1 --> "C:\Program Files\LibUSB-Win32-0.1.10.1\unins000.exe"
LimeWire PRO 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Macromedia Flash MX --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x40c UNINSTALL
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Halo --> "C:\Program Files\Microsoft Games\Halo\UNINSTAL.EXE" /runtemp /addremove
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{A059DE09-1B49-4450-B340-7AE097EC3F04}
Mise à jour de sécurité pour Lecteur Windows Media (KB911564) --> "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565) --> "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) --> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905915) --> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB912945) --> "C:\WINDOWS\$NtUninstallKB912945$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSNTweaker 1.0 --> "C:\Program Files\MSNTweaker\unins000.exe"
No-IP.com DUC (remove only) --> "C:\Program Files\No-IP\DUC20.exe" -uninstall
Notepad++ --> C:\Program Files\Notepad++\uninstall.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvunrm.exe UninstallGUI
OLITEC - Moniteur réseau 802.11g --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D526683-0E00-4EF9-9179-54B18C41C2AE}\setup.exe" -l0x40c -removeonly
OpenAL --> "C:\Program Files\OpenAL\OpenALwEAX.exe" /U
OpenOffice.org 2.3 --> MsiExec.exe /I{FADB55D0-403F-4413-A268-CF0A6F1185C2}
PC-Doctor 5 for Windows --> C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PhotoFiltre --> "C:\Program Files\PhotoFiltre\Uninst.exe"
Pinnacle VideoSpin --> MsiExec.exe /X{4EDB1CA5-983F-4FC3-A8E3-E34981E05A60}
PowerCinema --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" -uninstall
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
PremiumSoft Navicat MySQL 7.2 --> "C:\Program Files\PremiumSoft\Navicat MySQL\unins000.exe"
PS3.ProxyServer --> MsiExec.exe /I{FE4086E1-FA7F-4A7A-8FC5-061337B5787E}
PunkBuster Services --> C:\WINDOWS\system32\pbsvc.exe -u
Python 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quest3D Viewers 3.0e --> "C:\Program Files\Act-3D\Quest3D Viewers 3.0e\unins000.exe"
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Riva FLV Encoder 2.0 --> "C:\Program Files\Riva\Riva FLV Encoder 2.0\unins000.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic Express Labeler --> MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spyware Terminator --> "C:\Program Files\Spyware Terminator\unins000.exe"
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SteamKeyFr --> MsiExec.exe /I{AFBF6A33-DA20-4739-91D9-24EE1B2485C2}
StreamMyGame software --> "c:\Program Files\StreamMyGame\uninstall.exe"
SUPER © Version 2007.bld.23 (July 4, 2007) --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
Trust WB-3100P Portable Webcam --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EADAA6F7-991F-4CE9-B5CE-FCF3D81F7C7D}\Setup.exe" -l0x9
TVersity Media Server 0.9.10.7 (beta) --> C:\Program Files\TVersity\Media Server\uninst.exe
Valve Hammer Editor --> C:\WORLDC~1\UNWISE.EXE C:\WORLDC~1\INSTALL.LOG
VideoLAN VLC media player 0.8.6b --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Visionneuse Journal Windows Microsoft --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
VMN Toolbar --> C:\Program Files\vmntoolbar\uninstall.exe
WampServer 2.0 --> "c:\wamp\unins000.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Mail --> MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
Windows Live Messenger --> MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Writer --> MsiExec.exe /X{3DFF4274-EBB0-4356-9692-972965018954}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
World of Warcraft --> C:\Program Files\Fichiers communs\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar avec bloqueur de fenêtres pop-up --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
ZHLT Compile GUI v8 --> C:\Program Files\eddi's Tools\ZHLT Compile GUI\Uninstall.exe

-- Application Event Log -------------------------------------------------------

Event Record #/Type13791 / Error
Event Submitted/Written: 03/18/2008 07:22:36 AM
Event ID/Source: 8 / crypt32
Event Description:
Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : Cette connexion réseau n'existe pas.

Event Record #/Type13790 / Error
Event Submitted/Written: 03/18/2008 07:22:33 AM
Event ID/Source: 8 / crypt32
Event Description:
Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : The server name or address could not be resolved

Event Record #/Type13742 / Success
Event Submitted/Written: 03/17/2008 07:14:39 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type13708 / Success
Event Submitted/Written: 03/17/2008 05:17:03 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type13679 / Success
Event Submitted/Written: 03/16/2008 10:33:44 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type38185 / Warning
Event Submitted/Written: 03/18/2008 07:20:58 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.

Event Record #/Type38180 / Error
Event Submitted/Written: 03/18/2008 07:20:13 AM
Event ID/Source: 31008 / ipnathlp
Event Description:
L'agent proxy DNS n'a pas pu lire la liste locale des serveurs de résolution
de noms à partir du registre.
La donnée est le code de l'erreur.

Event Record #/Type38179 / Error
Event Submitted/Written: 03/18/2008 07:20:13 AM
Event ID/Source: 4311 / NetBT
Event Description:
L'initialisation a échoué car le pilote de périphérique n'a pas pu être créé.

Event Record #/Type38178 / Error
Event Submitted/Written: 03/18/2008 07:20:13 AM
Event ID/Source: 4311 / NetBT
Event Description:
L'initialisation a échoué car le pilote de périphérique n'a pas pu être créé.

Event Record #/Type38154 / Error
Event Submitted/Written: 03/18/2008 07:15:50 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger :
IntelIde
ViaIde

-- End of Deckard's System Scanner: finished at 2008-03-18 07:23:04 ------------

main.txt :

Deckard's System Scanner v20071014.68
Run by Compaq_Propriétaire on 2008-03-18 07:21:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 4 Restore Point(s) --
4: 2008-03-18 06:21:13 UTC - RP264 - Deckard's System Scanner Restore Point
3: 2008-03-17 19:36:17 UTC - RP263 - Spyware Terminator - restore point
2: 2008-03-17 16:54:37 UTC - RP262 - ccm
1: 2008-03-17 16:47:58 UTC - RP261 - Point de vérification système

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Compaq_Propriétaire.exe) ---------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:22:25, on 18/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\visual-tooltip-crystalxp.net-fr-197\VisualToolTip.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\OLITEC - Moniteur réseau 802.11g\WlanUtil.exe
c:\windows\system\hpsysdrv.exe
C:\Documents and Settings\Compaq_Propriétaire\Bureau\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Compaq_Propriétaire.exe
C:\WINDOWS\system32\wscntfy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: e404 helper - {03B902B1-9B25-4173-9468-56775C85A8D4} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: (no name) - {70AB0A8B-8A8A-496F-A339-4CD2F3352991} - C:\WINDOWS\system32\opnnolj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {83D6FE82-1BCC-475E-B01C-D0B61F228C42} - C:\WINDOWS\system32\gebcy.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\visual-tooltip-crystalxp.net-fr-197\VisualToolTip.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [S

Répondre à aureliensld

:hello:

Rapport dss incomplet

------------------------------ Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
Répondre à Egwene

voici le nouveau rapport :

Deckard's System Scanner v20071014.68
Run by Compaq_Propriétaire on 2008-03-18 16:48:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Compaq_Propriétaire.exe) ---------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:48:43, on 18/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\visual-tooltip-crystalxp.net-fr-197\VisualToolTip.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\OLITEC - Moniteur réseau 802.11g\WlanUtil.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Compaq_Propriétaire\Bureau\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\COMPAQ~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: e404 helper - {03B902B1-9B25-4173-9468-56775C85A8D4} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: (no name) - {70AB0A8B-8A8A-496F-A339-4CD2F3352991} - C:\WINDOWS\system32\opnnolj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {D7E83927-B7F3-46B1-8BD8-8433ED0C03DA} - C:\WINDOWS\system32\gebcy.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\visual-tooltip-crystalxp.net-fr-197\VisualToolTip.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Lancer l'utilitaire Olitec.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Ouvrir avec GetRight - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Télecharger avec GetRight - C:\Program Files\GetRight\GRdownload.htm
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/p [...] nicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driv [...] eqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driv [...] rtScan.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: opnnolj - C:\WINDOWS\SYSTEM32\opnnolj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - (no file)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

--
End of file - 14677 bytes

-- Files created between 2008-02-18 and 2008-03-18 -----------------------------

2008-03-17 21:13:30 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-03-17 21:12:09 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-17 21:12:09 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-03-17 21:12:09 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-03-17 21:12:09 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-03-17 21:12:09 81920 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-03-17 21:12:09 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-17 20:47:57 0 d--hs---- C:\Documents and Settings\Compaq_Propriétaire\Recent
2008-03-17 20:15:15 87616 --a------ C:\WINDOWS\system32\mksxykmq.dll
2008-03-17 20:12:31 93760 --a------ C:\WINDOWS\system32\icfpgkck.dll
2008-03-17 19:27:17 0 d-------- C:\Program Files\Teamspeak2_RC2
2008-03-17 19:24:52 0 d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Grisoft
2008-03-16 22:22:40 0 d-------- C:\Program Files\CCleaner
2008-03-16 22:17:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-16 22:17:01 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-16 20:11:52 92224 --a------ C:\WINDOWS\system32\qjxstnvn.dll
2008-03-16 20:10:35 204915 --ahs---- C:\WINDOWS\system32\ycbeg.ini2
2008-03-16 20:10:34 63 --a------ C:\WINDOWS\system32\fc17b104
2008-03-16 20:10:33 290816 --a------ C:\WINDOWS\system32\gebcy.dll
2008-03-16 19:49:12 0 d-------- C:\Program Files\a-squared Free
2008-03-16 19:45:33 36864 --a------ C:\WINDOWS\system32\service.exe
2008-03-16 19:44:48 54882 --a------ C:\WINDOWS\kjo23bk.dll
2008-03-16 19:44:19 36864 --a------ C:\WINDOWS\system32\opnnolj.dll
2008-03-16 05:02:47 70656 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-03-16 05:02:47 394240 --a------ C:\WINDOWS\system32\Smab.dll
2008-03-16 05:02:47 719872 --a------ C:\WINDOWS\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
2008-03-16 05:02:47 27648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2008-03-16 05:02:47 318976 --a------ C:\WINDOWS\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
2008-03-16 05:02:47 66560 --a------ C:\WINDOWS\MOTA113.exe
2008-03-16 05:02:46 70656 --a------ C:\WINDOWS\system32\i420vfw.dll <Not Verified; www.helixcommunity.org; Helix I420 YUV Codec>
2008-03-16 05:02:46 217073 --a------ C:\WINDOWS\meta4.exe
2008-03-16 05:02:36 31232 -r-hs---- C:\WINDOWS\system32\msfDX.dll <Not Verified; Hans Mayerl; msfDX.dll>
2008-03-16 05:02:35 163328 -r-hs---- C:\WINDOWS\system32\flvDX.dll <Not Verified; Gabest; FLV Splitter>
2008-03-16 05:02:27 0 d-------- C:\Program Files\eRightSoft
2008-03-16 05:00:06 0 d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\GeoVid
2008-03-16 04:59:26 60416 --a------ C:\WINDOWS\system32\dsetup.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2008-03-16 04:59:26 0 d-------- C:\Program Files\Fichiers communs\GeoVid
2008-03-16 04:56:04 0 d-------- C:\3gptemp
2008-03-16 04:54:05 0 d-------- C:\Program Files\MIKSOFT
2008-03-16 04:52:07 0 d-------- C:\Program Files\Magicbit
2008-03-16 04:11:33 0 d-------- C:\Temp
2008-03-16 03:56:04 0 d-------- C:\Program Files\GetTubeVideo 2.0
2008-03-16 03:18:04 0 d-------- C:\Program Files\IntelliTamper
2008-03-15 17:59:57 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-15 17:55:27 0 d-------- C:\Program Files\QuickTime
2008-03-15 17:53:05 0 d-------- C:\Program Files\Bonjour
2008-03-15 17:44:08 0 d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-03-12 07:30:53 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-03-08 09:53:55 0 d-------- C:\Program Files\Act-3D
2008-03-07 07:10:26 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-03-07 07:10:19 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-03-07 07:10:04 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2008-03-07 07:09:42 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-03-07 07:09:04 0 d-------- C:\WINDOWS\Internet Logs
2008-03-06 20:51:18 138752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-03-06 20:51:17 0 d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Spyware Terminator
2008-03-06 20:51:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-03-06 20:51:14 0 d-------- C:\Program Files\Spyware Terminator
2008-03-06 20:36:03 0 d-------- C:\Program Files\Fichiers communs\Panda Software
2008-03-05 21:50:51 30615 --a------ C:\Documents and Settings\Compaq_Propriétaire\x.exe
2008-03-05 21:49:05 0 d-------- C:\Documents and Settings\Compaq_Propriétaire\vw
2008-03-05 21:48:52 0 d-------- C:\Program Files\VisualRoute Lite Edition
2008-03-04 17:51:50 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-04 17:51:50 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-04 17:51:50 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-04 17:51:50 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-04 17:44:37 0 d-------- C:\Program Files\Trend Micro
2008-03-02 21:32:26 0 d-------- C:\Program Files\E-Anim801
2008-03-02 01:53:11 0 d-------- C:\Program Files\Microsoft Games
2008-03-02 00:37:25 0 d-------- C:\Program Files\NeoTrace Express
2008-03-01 19:40:16 0 d-------- C:\Program Files\Steam
2008-02-28 23:23:41 0 d-------- C:\Documents and Settings\All Users\Application Data\eGames
2008-02-28 23:23:25 0 d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\eGames
2008-02-28 13:33:51 0 d-------- C:\Program Files\BS Hacker Unlimited
2008-02-28 13:18:55 2904 --a------ C:\WINDOWS\system32\dsoudd.dll
2008-02-25 21:30:35 0 d-------- C:\Program Files\Half-Life Model Viewer
2008-02-24 23:20:21 0 d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Hamachi
2008-02-24 23:20:07 0 d-------- C:\Program Files\Hamachi
2008-02-24 00:15:36 0 d-------- C:\Program Files\css no-steam
2008-02-23 13:38:31 0 d-------- C:\pacsteam
2008-02-23 02:49:26 0 d---s---- C:\Program Files\HLSW
2008-02-23 02:49:26 0 d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\HLSW
2008-02-22 20:26:49 21344 -ra------ C:\WINDOWS\system32\drivers\fbxusb32.sys <Not Verified; FreeBox SA; Carte réseau virtuelle FreeBox USB pour Windows 2000/XP>
2008-02-22 20:15:52 0 d-------- C:\Program Files\Free
2008-02-21 19:52:24 0 d-------- C:\Program Files\Fichiers communs\logishrd
2008-02-21 10:53:46 0 d-------- C:\Program Files\SteamKeyFr
2008-02-20 19:23:00 57344 --a------ C:\WINDOWS\system32\rsnpstd2.dll <Not Verified; ; ResourceDLL>
2008-02-20 19:22:58 0 d-------- C:\Program Files\Trust
2008-02-19 11:02:26 18944 --a------ C:\WINDOWS\system32\libusbd-nt.exe <Not Verified; http://libusb-win32.sourceforge.net; LibUsb-Win32>
2008-02-19 11:02:26 19456 --a------ C:\WINDOWS\system32\libusbd-9x.exe <Not Verified; http://libusb-win32.sourceforge.net; LibUsb-Win32>
2008-02-19 10:39:29 0 d-------- C:\Program Files\Sega

-- Find3M Report ---------------------------------------------------------------

2008-03-18 16:47:27 0 d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Skype
2008-03-18 16:43:22 0 d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\skypePM
2008-03-18 07:23:57 4140 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-18 03:42:44 0 d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\vmntoolbar
2008-03-17 20:14:06 0 d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\FileZilla
2008-03-17 19:10:47 12 --a------ C:\WINDOWS\bthservsdp.dat
2008-03-16 20:03:00 0 d-------- C:\Program Files\Fichiers communs
2008-03-16 01:10:36 0 d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Adobe
2008-03-15 17:53:02 0 d-------- C:\Program Files\Fichiers communs\Adobe
2008-03-15 13:03:15 0 d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\utorrent
2008-03-13 17:03:36 0 d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\teamspeak2
2008-03-12 20:55:03 0 d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\LimeWire
2008-03-08 20:42:59 0 d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\gtk-2.0
2008-03-07 18:38:40 0 d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Screenshot Sender
2008-03-06 20:33:16 0 d-------- C:\Program Files\ConnectionServices
2008-03-05 13:10:48 0 d-------- C:\Program Files\Java
2008-03-02 01:53:15 13312 --a-s---- C:\WINDOWS\system32\xskmoqx.dll
2008-03-01 21:42:20 0 d-------- C:\Program Files\StreamMyGame
2008-03-01 20:11:35 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-01 19:39:09 0 d-------- C:\Program Files\BoontyGames
2008-03-01 00:14:09 0 d-------- C:\Program Files\LimeWire
2008-02-29 17:10:19 0 d-------- C:\Program Files\Windows Live Safety Center
2008-02-28 01:17:43 0 d-------- C:\Program Files\Windows Live
2008-02-27 17:10:22 0 d-------- C:\Program Files\World of Warcraft
2008-02-24 22:45:49 506368 --a------ C:\WINDOWS\system32\winlogon.exe <Not Verified; Microsoft Corporation; Système d'exploitation Microsoft® Windows®>
2008-02-22 22:15:35 0 d-------- C:\Program Files\eddi's Tools
2008-02-21 16:10:14 0 d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\OpenOffice.org2
2008-02-20 18:05:17 0 d-------- C:\Program Files\Movie Maker
2008-02-19 17:07:11 0 d-------- C:\Program Files\FileZilla Client
2008-02-19 11:02:26 0 d-------- C:\Program Files\LibUSB-Win32-0.1.10.1
2008-02-19 07:23:31 0 d-------- C:\Program Files\Vista Drive Icon
2008-02-03 17:54:16 0 d-------- C:\Program Files\Pinnacle
2008-02-03 17:54:16 0 d-------- C:\Program Files\Fichiers communs\Yahoo!
2008-02-03 14:06:24 0 d-------- C:\Program Files\Riva
2008-02-03 13:01:08 0 d-------- C:\Program Files\Ripp-it_AM
2008-02-02 15:15:52 0 d-------- C:\Program Files\Audacity
2008-02-02 11:48:08 0 d-------- C:\Program Files\No-IP
2008-02-01 11:17:40 587264 --a------ C:\WINDOWS\WLXPGSS.SCR <Not Verified; Microsoft Corporation; Galerie de photos Windows Live>
2008-01-28 21:55:08 0 d-------- C:\Program Files\AviSynth 2.5
2008-01-28 16:44:25 0 d-------- C:\Program Files\PowerISO
2008-01-18 18:40:45 470040 --a------ C:\WINDOWS\system32\perfh00C.dat
2008-01-18 18:40:45 76376 --a------ C:\WINDOWS\system32\perfc00C.dat
2007-12-21 18:25:03 1290 --a------ C:\WINDOWS\mozver.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03B902B1-9B25-4173-9468-56775C85A8D4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70AB0A8B-8A8A-496F-A339-4CD2F3352991}]
16/03/2008 19:44 36864 --a------ C:\WINDOWS\system32\opnnolj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D7E83927-B7F3-46B1-8BD8-8433ED0C03DA}]
16/03/2008 20:10 290816 --a------ C:\WINDOWS\system32\gebcy.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [08/03/2006 12:54 C:\WINDOWS\RTHDCPL.EXE]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [25/02/2006 02:46]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [22/07/2005 22:14]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [15/02/2006 22:34]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [17/02/2005 06:11]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [19/08/2003 09:48]
"BluetoothAuthenticationAgent"="bthprops.cpl" [05/08/2004 12:00 C:\WINDOWS\system32\bthprops.cpl]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"VisualTooltip"="C:\Program Files\visual-tooltip-crystalxp.net-fr-197\VisualToolTip.exe" [25/04/2007 09:45]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [04/10/2007 17:14]
"nwiz"="nwiz.exe" [25/01/2006 03:15 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [04/10/2007 17:14]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [04/12/2007 14:00]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [12/03/2007 10:22]
"SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [30/08/2004 16:37]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [06/03/2008 20:51]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [05/08/2004 12:00]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [01/02/2008 17:22]
"Steam"="C:\Program Files\Steam\Steam.exe" [01/03/2008 19:40]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"=0 (0x0)
"NoFind"=0 (0x0)
"NoRun"=0 (0x0)
"NoDesktop"=0 (0x0)
"NoClose"=0 (0x0)
"StartMenuLogOff"=0 (0x0)
"HideClock"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{70AB0A8B-8A8A-496F-A339-4CD2F3352991}"= C:\WINDOWS\system32\opnnolj.dll [16/03/2008 19:44 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnolj]
opnnolj.dll 16/03/2008 19:44 36864 C:\WINDOWS\system32\opnnolj.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\gebcy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa82d6f5-892b-11dc-a92c-000a78852e2a}]
AutoRun\command- K:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa82d702-892b-11dc-a92c-000a78852e2a}]
AutoRun\command- K:\Autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{42CE4021-DE03-E3CC-EA32-40BB12E6015D}]
C:\WINDOWS\system32\msbifx.com

-- End of Deckard's System Scanner: finished at 2008-03-18 16:49:02 ------------

Répondre à aureliensld

Re,

Tu es infecté(e) par "Vundo". Supprime tous les cracks de ton PC s'ils sont présents car sinon ils relanceront l'infection.

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

http://www.atribune.org/ccount/click.php?id=4

Double-clique VundoFix.exe afin de le lancer
Clique sur le bouton Scan for Vundo
Lorsque le scan est complété, clique sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-dessus, à partir de "clique sur le bouton Scan for Vundo".

------------------------------ Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
Répondre à Egwene

voila le rapoort hijackthis (le virus est toujours présent) :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:53:23, on 18/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\visual-tooltip-crystalxp.net-fr-197\VisualToolTip.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\OLITEC - Moniteur réseau 802.11g\WlanUtil.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: e404 helper - {03B902B1-9B25-4173-9468-56775C85A8D4} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: (no name) - {70AB0A8B-8A8A-496F-A339-4CD2F3352991} - C:\WINDOWS\system32\opnnolj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9BD3E296-38E3-4D33-9B84-C81397AD6962} - C:\WINDOWS\system32\gebcy.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\visual-tooltip-crystalxp.net-fr-197\VisualToolTip.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Lancer l'utilitaire Olitec.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Ouvrir avec GetRight - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Télecharger avec GetRight - C:\Program Files\GetRight\GRdownload.htm
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/p [...] nicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driv [...] eqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - http://www.nvidia.com/content/Driv [...] rtScan.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: opnnolj - C:\WINDOWS\SYSTEM32\opnnolj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - (no file)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

--
End of file - 14225 bytes

Répondre à aureliensld

Re,

1) Affiche les fichiers et dossiers cachés …
Pour ce faire, tu vas dans un dossier, par ex. "Mes Images".
Ensuite, clique sur > Outils > Options des dossiers ...
clique sur l' onglet « Affichage » et ...
coche ---> Afficher les fichiers et dossiers cachés
décoche > Masquer les extensions des fichiers dont le type est connu
décoche > Masquer les fichiers protégés du système d' exploitation (recommandé).
« Appliquer » et « OK ».

2) Désactive toute protection résidente ( antivirus…) !

Télécharge Combofix de sUBs :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Redémarre en mode sans échecs : aide ici >>>
http://forum.telecharger.01net.com [...] ges-1.html
/!\ Ne jamais redémarrer en mode sans échec via msconfig ! /!\

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

3) Copie/colle un nouveau rapport HiJackThis avec.

------------------------------ Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
Répondre à Egwene

voila fini et le virus est toujours la :'( :

log.txt :

ComboFix 08-03-17.1 - Compaq_Propriétaire 2008-03-18 18:32:54.2 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.764 [GMT 1:00]
Endroit: C:\Documents and Settings\Compaq_Propriétaire\Bureau\ComboFix.exe
.
TimeOut - progfile.dat

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\icfpgkck.dll
C:\WINDOWS\system32\nvntsxjq.ini
C:\WINDOWS\system32\opnnolj.dll
C:\WINDOWS\system32\qjxstnvn.dll
C:\WINDOWS\system32\service.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{FBE1D620-5418-4AAE-A0F0-316D590663A1}
-------\Service_{FBE1D620-5418-4aae-A0F0-316D590663A1}

((((((((((((((((((((((((((((( Fichiers créés 2008-02-18 to 2008-03-18 ))))))))))))))))))))))))))))))))))))
.

2008-03-18 17:24 . 2008-03-18 17:43 <REP> d-------- C:\VundoFix Backups
2008-03-18 07:21 . 2008-03-18 07:21 <REP> d-------- C:\Deckard
2008-03-17 21:13 . 2008-03-14 09:09 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-17 21:12 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-17 21:12 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-17 21:12 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-17 21:12 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-17 21:12 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-17 21:12 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-17 19:27 . 2008-03-17 19:27 <REP> d-------- C:\Program Files\Teamspeak2_RC2
2008-03-16 22:22 . 2008-03-16 22:22 <REP> d-------- C:\Program Files\CCleaner
2008-03-16 22:17 . 2008-03-16 22:17 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-16 22:17 . 2008-03-16 22:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-16 20:10 . 2008-03-16 20:10 63 --a------ C:\WINDOWS\system32\fc17b104
2008-03-16 19:49 . 2008-03-16 22:31 <REP> d-------- C:\Program Files\a-squared Free
2008-03-16 19:45 . 2008-03-16 19:45 29 --a------ C:\WINDOWS\system32\eudtodug.tmp
2008-03-16 19:44 . 2008-03-16 19:44 54,882 --a------ C:\WINDOWS\kjo23bk.dll
2008-03-16 05:02 . 2008-03-16 05:02 <REP> d-------- C:\Program Files\eRightSoft
2008-03-16 04:59 . 2008-03-16 04:59 <REP> d-------- C:\Program Files\Fichiers communs\GeoVid
2008-03-16 04:59 . 2005-06-07 15:11 60,416 --a------ C:\WINDOWS\system32\dsetup.dll
2008-03-16 04:54 . 2008-03-16 04:54 <REP> d-------- C:\Program Files\MIKSOFT
2008-03-16 04:52 . 2008-03-16 04:52 <REP> d-------- C:\Program Files\Magicbit
2008-03-16 04:44 . 2004-01-10 17:02 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax
2008-03-16 04:11 . 2008-03-16 04:43 <REP> d-------- C:\Temp
2008-03-16 03:56 . 2008-03-16 03:56 <REP> d-------- C:\Program Files\GetTubeVideo 2.0
2008-03-16 03:18 . 2008-03-16 03:18 <REP> d-------- C:\Program Files\IntelliTamper
2008-03-16 01:20 . 2008-03-16 01:20 58 --a------ C:\WINDOWS\yesmessenger.ini
2008-03-15 17:59 . 2008-03-16 19:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-15 17:55 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-03-15 17:55 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-03-08 17:30 . 2008-03-08 17:36 551 --a------ C:\WINDOWS\settings.cfg
2008-03-08 09:53 . 2008-03-08 09:53 <REP> d-------- C:\Program Files\Act-3D
2008-03-07 07:10 . 2008-03-07 07:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-03-07 07:10 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-03-07 07:10 . 2008-03-07 07:12 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-03-07 07:09 . 2008-03-07 23:05 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-03-07 07:09 . 2008-03-07 23:03 <REP> d-------- C:\WINDOWS\Internet Logs
2008-03-06 20:51 . 2008-03-18 16:47 <REP> d-------- C:\Program Files\Spyware Terminator
2008-03-06 20:51 . 2008-03-18 16:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-03-06 20:51 . 2008-03-06 20:51 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-03-06 20:36 . 2008-03-06 20:36 <REP> d-------- C:\Program Files\Fichiers communs\Panda Software
2008-03-05 21:48 . 2008-03-05 21:50 <REP> d-------- C:\Program Files\VisualRoute Lite Edition
2008-03-04 17:44 . 2008-03-04 17:44 <REP> d-------- C:\Program Files\Trend Micro
2008-03-02 21:32 . 2008-03-03 17:37 <REP> d-------- C:\Program Files\E-Anim801
2008-03-02 00:37 . 2008-03-02 01:49 <REP> d-------- C:\Program Files\NeoTrace Express
2008-03-01 19:40 . 2008-03-18 18:40 <REP> d-------- C:\Program Files\Steam
2008-02-28 23:23 . 2008-02-28 23:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\eGames
2008-02-28 13:33 . 2008-02-28 13:34 <REP> d-------- C:\Program Files\BS Hacker Unlimited
2008-02-28 13:18 . 2008-02-28 13:18 2,904 --a------ C:\WINDOWS\system32\dsoudd.dll
2008-02-25 21:30 . 2008-02-25 21:30 <REP> d-------- C:\Program Files\Half-Life Model Viewer
2008-02-24 23:20 . 2008-02-24 23:20 <REP> d-------- C:\Program Files\Hamachi
2008-02-24 23:20 . 2008-02-24 23:20 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-02-24 00:15 . 2008-02-24 22:32 <REP> d-------- C:\Program Files\css no-steam
2008-02-23 13:38 . 2008-02-26 21:56 <REP> d-------- C:\pacsteam
2008-02-23 02:49 . 2008-03-15 13:45 <REP> d---s---- C:\Program Files\HLSW
2008-02-22 20:26 . 2004-10-20 16:23 21,344 -ra------ C:\WINDOWS\system32\drivers\fbxusb32.sys
2008-02-22 20:15 . 2008-02-22 20:15 <REP> d-------- C:\Program Files\Free
2008-02-21 19:52 . 2008-02-21 19:52 <REP> d-------- C:\Program Files\Fichiers communs\logishrd
2008-02-21 10:53 . 2008-02-21 10:53 <REP> d-------- C:\Program Files\SteamKeyFr
2008-02-20 19:23 . 2004-10-14 17:12 347,264 --a------ C:\WINDOWS\system32\drivers\snpstd2.sys
2008-02-20 19:23 . 2004-08-30 16:37 286,720 --a------ C:\WINDOWS\vsnpstd2.exe
2008-02-20 19:23 . 2004-02-16 13:59 61,440 --a------ C:\WINDOWS\system32\csnpstd2.dll
2008-02-20 19:23 . 2004-09-24 16:24 57,344 --a------ C:\WINDOWS\system32\rsnpstd2.dll
2008-02-20 19:23 . 2004-06-08 18:25 53,248 --a------ C:\WINDOWS\system32\dsnpstd2.dll
2008-02-20 19:23 . 2004-09-24 13:52 36,864 --a------ C:\WINDOWS\system32\vsnpstd2.dll
2008-02-20 19:23 . 2003-01-17 17:34 15,541 --a------ C:\WINDOWS\snpstd2.ini
2008-02-20 19:23 . 2003-01-17 17:35 13,023 --a------ C:\WINDOWS\snpstd2.src
2008-02-20 19:22 . 2008-02-20 19:22 <REP> d-------- C:\Program Files\Trust
2008-02-20 19:22 . 2004-06-09 16:00 20,480 --a------ C:\WINDOWS\usnpstd2.exe
2008-02-19 11:02 . 2005-03-09 20:50 19,456 --a------ C:\WINDOWS\system32\libusbd-9x.exe
2008-02-19 11:02 . 2005-03-09 20:50 18,944 --a------ C:\WINDOWS\system32\libusbd-nt.exe
2008-02-19 10:39 . 2008-02-19 22:47 <REP> d-------- C:\Program Files\Sega

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-18 17:28 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-18 16:36 --------- d-----w C:\Program Files\PowerISO
2008-03-17 15:50 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-06 19:33 --------- d-----w C:\Program Files\ConnectionServices
2008-03-05 12:10 --------- d-----w C:\Program Files\Java
2008-03-01 20:42 --------- d-----w C:\Program Files\StreamMyGame
2008-03-01 19:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-01 18:39 --------- d-----w C:\Program Files\BoontyGames
2008-02-29 23:14 --------- d-----w C:\Program Files\LimeWire
2008-02-29 16:10 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-02-28 00:17 --------- d-----w C:\Program Files\Windows Live
2008-02-27 16:10 --------- d-----w C:\Program Files\World of Warcraft
2008-02-22 21:15 --------- d-----w C:\Program Files\eddi's Tools
2008-02-19 16:07 --------- d-----w C:\Program Files\FileZilla Client
2008-02-19 10:02 --------- d-----w C:\Program Files\LibUSB-Win32-0.1.10.1
2008-02-19 06:23 --------- d-----w C:\Program Files\Vista Drive Icon
2008-02-03 16:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle VideoSpin
2008-02-03 16:54 --------- d-----w C:\Program Files\Pinnacle
2008-02-03 16:54 --------- d-----w C:\Program Files\Fichiers communs\Yahoo!
2008-02-03 16:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\VideoSpin
2008-02-03 16:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-02-03 13:06 --------- d-----w C:\Program Files\Riva
2008-02-03 12:01 --------- d-----w C:\Program Files\Ripp-it_AM
2008-02-02 14:15 --------- d-----w C:\Program Files\Audacity
2008-02-02 10:48 --------- d-----w C:\Program Files\No-IP
2008-02-01 16:13 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-28 20:55 --------- d-----w C:\Program Files\AviSynth 2.5
2008-01-20 07:07 33,292 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2008-01-03 10:30 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-03 17:38 4,608 --sha-w C:\Program Files\Thumbs.db
2007-09-08 10:11 9,851 ----a-w C:\Program Files\.jpg
2004-07-22 08:51 3,432,656 ----a-w C:\Program Files\ManagedDX.CAB
2004-07-19 20:58 1,156,363 ----a-w C:\Program Files\BDANT.cab
2004-07-19 20:53 976,020 ----a-w C:\Program Files\BDAXP.cab
2004-07-09 12:17 13,265,040 ----a-w C:\Program Files\dxnt.cab
2004-07-09 07:13 703,080 ----a-w C:\Program Files\BDA.cab
2004-07-09 07:13 15,493,481 ----a-w C:\Program Files\DirectX.cab
2004-07-09 02:08 472,576 ----a-w C:\Program Files\dxsetup.exe
2004-07-09 02:08 2,242,560 ----a-w C:\Program Files\dsetup32.dll
2004-07-09 01:03 62,976 ----a-w C:\Program Files\DSETUP.dll
2007-11-29 19:22 1,282,560 --sh--w C:\WINDOWS\system32\anti_stress.exe
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.
[color=red]Files Infected - Win32.Agent.zb[/color]
.

------- Sigcheck -------

2008-02-24 22:45 506368 86db0fdaf2591c86389d36cf44658cfe C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-03-01 19:40 1266936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 12:54 16010240 C:\WINDOWS\RTHDCPL.EXE]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 02:46 147456]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 22:14 237568]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 22:34 249856]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 06:11 49152]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 09:48 57344]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 12:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"VisualTooltip"="C:\Program Files\visual-tooltip-crystalxp.net-fr-197\VisualToolTip.exe" [2007-04-25 09:45 956928]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"nwiz"="nwiz.exe" [2006-01-25 03:15 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]
"SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-08-30 16:37 286720]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-06 20:51 2957824]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoRun"= 0 (0x0)
"NoDesktop"= 0 (0x0)
"NoClose"= 0 (0x0)
"StartMenuLogOff"= 0 (0x0)
"HideClock"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnolj]
opnnolj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\utorrent\\utorrent.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\InstantTouch\\bin\\CmCenterV2.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"C:\\Program Files\\Steam\\SteamApps\\aureliensld\\counter-strike\\hl.exe"=
"C:\\Program Files\\Steam\\SteamApps\\aureliensld\\condition zero\\hl.exe"=
"C:\\Program Files\\Steam\\SteamApps\\aureliensld\\condition zero deleted scenes\\hl.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Metin2_France\\metin2.bin"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\StreamMyGame\\streamer_server.exe"=
"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\HLSW\\hlsw.exe"=
"C:\\Program Files\\css no-steam\\css_no-steam_by33.1\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\aureliensld\\dedicated server\\hlds.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"41952:TCP"= 41952:TCP:MediaServer.exe
"80:TCP"= 80:TCP:Serveur WOW
"80:UDP"= 80:UDP:Serveur W0W
"3427:TCP"= 3427:TCP:Serveur WOW
"3427:UDP"= 3427:UDP:Serveur WOW
"8085:TCP"= 8085:TCP:Serveur wow
"8085:UDP"= 8085:UDP:Serveur wow
"3724:UDP"= 3724:UDP:Serveur wow
"2443:TCP"= 2443:TCP:Serveur wow
"2443:UDP"= 2443:UDP:Serveur wow
"8080:TCP"= 8080:TCP:Serveur wow
"8080:UDP"= 8080:UDP:Serveur wow
"3306:TCP"= 3306:TCP:Serveur wow
"3306:UDP"= 3306:UDP:Serveur wow
"3724:TCP"= 3724:TCP:serveur wow
"8129:TCP"= 8129:TCP:serveur wow
"8129:UDP"= 8129:UDP:serveur wow
"8093:TCP"= 8093:TCP:serveur wow
"8093:UDP"= 8093:UDP:serveur wow
"27015:UDP"= 27015:UDP:test

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-06 20:51]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 20:50]
R3 snpstd2;Trust WB-3100P Portable Webcam;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-10-14 17:12]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 06:08]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 16:23]
S3 OLITEC(OLITEC);Stick USB 802.11g OLITEC Driver(OLITEC);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-09-29 10:00]
S3 service.sys;service.sys;C:\WINDOWS\system32\service.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice []
S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld []
S3 XPADFL02;XPAD Filter Service 02;C:\WINDOWS\system32\DRIVERS\xpadfl02.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa82d6f5-892b-11dc-a92c-000a78852e2a}]
\Shell\AutoRun\command - K:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa82d702-892b-11dc-a92c-000a78852e2a}]
\Shell\AutoRun\command - K:\Autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{42CE4021-DE03-E3CC-EA32-40BB12E6015D}]
C:\WINDOWS\system32\msbifx.com
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-18 18:40:34
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

C:\WINDOWS\system32\drivers\riode32.sys 167936 bytes executable
C:\WINDOWS\system32\drivers\Wkdu43.sys 167936 bytes executable

Scan terminé avec succès
Les fichiers cachés: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wkdu43]

.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\OLITEC - Moniteur réseau 802.11g\WlanUtil.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-18 18:50:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-18 17:50:56
.
2008-03-12 06:30:54 --- E O F ---

rapport hyjackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:51:24, on 18/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\visual-tooltip-crystalxp.net-fr-197\VisualToolTip.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\OLITEC - Moniteur réseau 802.11g\WlanUtil.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\visual-tooltip-crystalxp.net-fr-197\VisualToolTip.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Lancer l'utilitaire Olitec.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Ouvrir avec GetRight - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Télecharger avec GetRight - C:\Program Files\GetRight\GRdownload.htm
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/p [...] nicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driv [...] eqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - http://www.nvidia.com/content/Driv [...] rtScan.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: opnnolj - opnnolj.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - (no file)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

--
End of file - 13690 bytes

Répondre à aureliensld

Re,

Oui c'est normal, ne t'inquiète

Je me renseigne sur quelque chose et je te poste une procédure dès que possible

:super:

------------------------------ Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
Répondre à Egwene

merci

Répondre à aureliensld

Re,

Désactive toute protection résidente ( antivirus…) !

Copie le texte se situant dans le cadre ci-dessous, sans le mot citation :

Citation :

Driver::
Wkdu43

File::
C:\WINDOWS\system32\eudtodug.tmp
C:\WINDOWS\kjo23bk.dll
C:\WINDOWS\system32\dsoudd.dll
C:\WINDOWS\system32\drivers\Wkdu43.sys
C:\WINDOWS\system32\drivers\riode32.sys

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :

Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un nouveau rapport Hijackthis.
S'il n'y a pas de redémarrage, poste quand même les rapports.

Bonne nuit, à demain :hello:

------------------------------ Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
Répondre à Egwene

voila le virus est toujours la et voici les rapport

Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:26:48, on 19/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLITEC - Moniteur réseau 802.11g\WlanUtil.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Lancer l'utilitaire Olitec.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Ouvrir avec GetRight - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Télecharger avec GetRight - C:\Program Files\GetRight\GRdownload.htm
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/p [...] nicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driv [...] eqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - http://www.nvidia.com/content/Driv [...] rtScan.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: opnnolj - opnnolj.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - (no file)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

--
End of file - 11365 bytes

Log.txt :

ComboFix 08-03-17.1 - Compaq_Propriétaire 2008-03-19 7:17:00.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.545 [GMT 1:00]
Endroit: C:\Documents and Settings\Compaq_Propriétaire\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Compaq_PropriÚtaire\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
.
TimeOut - progfile.dat

((((((((((((((((((((((((((((( Fichiers créés 2008-02-19 to 2008-03-19 ))))))))))))))))))))))))))))))))))))
.

2008-03-18 17:24 . 2008-03-18 17:43 <REP> d-------- C:\VundoFix Backups
2008-03-18 07:21 . 2008-03-18 07:21 <REP> d-------- C:\Deckard
2008-03-17 21:13 . 2008-03-14 09:09 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-17 21:12 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-17 21:12 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-17 21:12 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-17 21:12 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-17 21:12 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-17 21:12 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-17 19:27 . 2008-03-17 19:27 <REP> d-------- C:\Program Files\Teamspeak2_RC2
2008-03-16 22:22 . 2008-03-16 22:22 <REP> d-------- C:\Program Files\CCleaner
2008-03-16 22:17 . 2008-03-16 22:17 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-16 22:17 . 2008-03-16 22:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-16 20:10 . 2008-03-16 20:10 63 --a------ C:\WINDOWS\system32\fc17b104
2008-03-16 19:49 . 2008-03-16 22:31 <REP> d-------- C:\Program Files\a-squared Free
2008-03-16 19:45 . 2008-03-16 19:45 29 --a------ C:\WINDOWS\system32\eudtodug.tmp
2008-03-16 19:44 . 2008-03-16 19:44 54,882 --a------ C:\WINDOWS\kjo23bk.dll
2008-03-16 05:02 . 2008-03-16 05:02 <REP> d-------- C:\Program Files\eRightSoft
2008-03-16 05:00 . 2008-03-16 05:00 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\GeoVid
2008-03-16 04:59 . 2008-03-16 04:59 <REP> d-------- C:\Program Files\Fichiers communs\GeoVid
2008-03-16 04:59 . 2005-06-07 15:11 60,416 --a------ C:\WINDOWS\system32\dsetup.dll
2008-03-16 04:54 . 2008-03-16 04:54 <REP> d-------- C:\Program Files\MIKSOFT
2008-03-16 04:52 . 2008-03-16 04:52 <REP> d-------- C:\Program Files\Magicbit
2008-03-16 04:44 . 2004-01-10 17:02 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax
2008-03-16 04:11 . 2008-03-16 04:43 <REP> d-------- C:\Temp
2008-03-16 03:56 . 2008-03-16 03:56 <REP> d-------- C:\Program Files\GetTubeVideo 2.0
2008-03-16 03:18 . 2008-03-16 03:18 <REP> d-------- C:\Program Files\IntelliTamper
2008-03-16 01:20 . 2008-03-16 01:20 58 --a------ C:\WINDOWS\yesmessenger.ini
2008-03-15 17:59 . 2008-03-16 19:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-15 17:55 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-03-15 17:55 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-03-08 17:30 . 2008-03-08 17:36 551 --a------ C:\WINDOWS\settings.cfg
2008-03-08 09:53 . 2008-03-08 09:53 <REP> d-------- C:\Program Files\Act-3D
2008-03-07 07:10 . 2008-03-07 07:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-03-07 07:10 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-03-07 07:10 . 2008-03-07 07:12 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-03-07 07:09 . 2008-03-07 23:05 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-03-07 07:09 . 2008-03-07 23:03 <REP> d-------- C:\WINDOWS\Internet Logs
2008-03-06 20:51 . 2008-03-18 16:47 <REP> d-------- C:\Program Files\Spyware Terminator
2008-03-06 20:51 . 2008-03-18 16:43 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Spyware Terminator
2008-03-06 20:51 . 2008-03-18 16:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-03-06 20:51 . 2008-03-06 20:51 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-03-06 20:36 . 2008-03-06 20:36 <REP> d-------- C:\Program Files\Fichiers communs\Panda Software
2008-03-05 21:50 . 2008-03-05 21:50 30,615 --a------ C:\Documents and Settings\Compaq_Propriétaire\x.exe
2008-03-05 21:50 . 2008-03-05 21:50 30,615 --a------ C:\Documents and Settings\Compaq_Propriétaire\x.exe
2008-03-05 21:49 . 2008-03-05 21:49 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\vw
2008-03-05 21:49 . 2008-03-05 21:49 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\vw
2008-03-05 21:48 . 2008-03-05 21:50 <REP> d-------- C:\Program Files\VisualRoute Lite Edition
2008-03-04 17:44 . 2008-03-04 17:44 <REP> d-------- C:\Program Files\Trend Micro
2008-03-02 21:32 . 2008-03-03 17:37 <REP> d-------- C:\Program Files\E-Anim801
2008-03-02 00:37 . 2008-03-02 01:49 <REP> d-------- C:\Program Files\NeoTrace Express
2008-03-01 19:40 . 2008-03-19 07:12 <REP> d-------- C:\Program Files\Steam
2008-02-28 23:23 . 2008-02-28 23:23 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\eGames
2008-02-28 23:23 . 2008-02-28 23:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\eGames
2008-02-28 13:33 . 2008-02-28 13:34 <REP> d-------- C:\Program Files\BS Hacker Unlimited
2008-02-28 13:18 . 2008-02-28 13:18 2,904 --a------ C:\WINDOWS\system32\dsoudd.dll
2008-02-25 21:30 . 2008-02-25 21:30 <REP> d-------- C:\Program Files\Half-Life Model Viewer
2008-02-24 23:20 . 2008-02-24 23:20 <REP> d-------- C:\Program Files\Hamachi
2008-02-24 23:20 . 2008-03-01 20:37 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Hamachi
2008-02-24 23:20 . 2008-02-24 23:20 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-02-24 00:15 . 2008-02-24 22:32 <REP> d-------- C:\Program Files\css no-steam
2008-02-23 13:38 . 2008-02-26 21:56 <REP> d-------- C:\pacsteam
2008-02-23 02:49 . 2008-03-15 13:45 <REP> d---s---- C:\Program Files\HLSW
2008-02-23 02:49 . 2008-03-17 17:58 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\HLSW
2008-02-22 20:26 . 2004-10-20 16:23 21,344 -ra------ C:\WINDOWS\system32\drivers\fbxusb32.sys
2008-02-22 20:15 . 2008-02-22 20:15 <REP> d-------- C:\Program Files\Free
2008-02-21 19:52 . 2008-02-21 19:52 <REP> d-------- C:\Program Files\Fichiers communs\logishrd
2008-02-21 10:53 . 2008-02-21 10:53 <REP> d-------- C:\Program Files\SteamKeyFr
2008-02-20 19:23 . 2004-10-14 17:12 347,264 --a------ C:\WINDOWS\system32\drivers\snpstd2.sys
2008-02-20 19:23 . 2004-08-30 16:37 286,720 --a------ C:\WINDOWS\vsnpstd2.exe
2008-02-20 19:23 . 2004-02-16 13:59 61,440 --a------ C:\WINDOWS\system32\csnpstd2.dll
2008-02-20 19:23 . 2004-09-24 16:24 57,344 --a------ C:\WINDOWS\system32\rsnpstd2.dll
2008-02-20 19:23 . 2004-06-08 18:25 53,248 --a------ C:\WINDOWS\system32\dsnpstd2.dll
2008-02-20 19:23 . 2004-09-24 13:52 36,864 --a------ C:\WINDOWS\system32\vsnpstd2.dll
2008-02-20 19:23 . 2003-01-17 17:34 15,541 --a------ C:\WINDOWS\snpstd2.ini
2008-02-20 19:23 . 2003-01-17 17:35 13,023 --a------ C:\WINDOWS\snpstd2.src
2008-02-20 19:22 . 2008-02-20 19:22 <REP> d-------- C:\Program Files\Trust
2008-02-20 19:22 . 2004-06-09 16:00 20,480 --a------ C:\WINDOWS\usnpstd2.exe
2008-02-19 11:02 . 2005-03-09 20:50 19,456 --a------ C:\WINDOWS\system32\libusbd-9x.exe
2008-02-19 11:02 . 2005-03-09 20:50 18,944 --a------ C:\WINDOWS\system32\libusbd-nt.exe
2008-02-19 10:39 . 2008-02-19 22:47 <REP> d-------- C:\Program Files\Sega

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-19 06:13 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Skype
2008-03-19 06:12 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\skypePM
2008-03-18 17:28 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-18 16:36 --------- d-----w C:\Program Files\PowerISO
2008-03-18 06:23 4,140 ----a-w C:\WINDOWS\system32\tmp.reg
2008-03-18 02:42 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\vmntoolbar
2008-03-17 19:14 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\FileZilla
2008-03-17 15:50 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-15 12:03 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\utorrent
2008-03-13 16:03 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\teamspeak2
2008-03-12 19:55 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\LimeWire
2008-03-08 19:42 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\gtk-2.0
2008-03-07 17:38 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Screenshot Sender
2008-03-06 19:33 --------- d-----w C:\Program Files\ConnectionServices
2008-03-05 12:10 --------- d-----w C:\Program Files\Java
2008-03-02 00:53 13,312 --s-a-w C:\WINDOWS\system32\xskmoqx.dll
2008-03-01 20:42 --------- d-----w C:\Program Files\StreamMyGame
2008-03-01 19:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-01 18:39 --------- d-----w C:\Program Files\BoontyGames
2008-02-29 23:14 --------- d-----w C:\Program Files\LimeWire
2008-02-29 16:10 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-02-28 00:17 --------- d-----w C:\Program Files\Windows Live
2008-02-27 16:10 --------- d-----w C:\Program Files\World of Warcraft
2008-02-24 21:45 506,368 ----a-w C:\WINDOWS\system32\winlogon.exe
2008-02-22 21:15 --------- d-----w C:\Program Files\eddi's Tools
2008-02-21 15:10 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\OpenOffice.org2
2008-02-19 16:07 --------- d-----w C:\Program Files\FileZilla Client
2008-02-19 10:02 --------- d-----w C:\Program Files\LibUSB-Win32-0.1.10.1
2008-02-19 06:23 --------- d-----w C:\Program Files\Vista Drive Icon
2008-02-03 16:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle VideoSpin
2008-02-03 16:54 --------- d-----w C:\Program Files\Pinnacle
2008-02-03 16:54 --------- d-----w C:\Program Files\Fichiers communs\Yahoo!
2008-02-03 16:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\VideoSpin
2008-02-03 16:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-02-03 13:06 --------- d-----w C:\Program Files\Riva
2008-02-03 12:01 --------- d-----w C:\Program Files\Ripp-it_AM
2008-02-02 14:15 --------- d-----w C:\Program Files\Audacity
2008-02-02 10:48 --------- d-----w C:\Program Files\No-IP
2008-02-01 16:13 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-01 16:13 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-28 20:55 --------- d-----w C:\Program Files\AviSynth 2.5
2008-01-20 07:07 33,292 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-03 10:30 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-11-20 16:41 22,328 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\PnkBstrK.sys
2007-11-03 17:38 4,608 --sha-w C:\Program Files\Thumbs.db
2007-09-13 16:37 334 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\wklnhst.dat
2007-09-08 10:11 9,851 ----a-w C:\Program Files\.jpg
2006-02-19 09:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2004-07-22 08:51 3,432,656 ----a-w C:\Program Files\ManagedDX.CAB
2004-07-19 20:58 1,156,363 ----a-w C:\Program Files\BDANT.cab
2004-07-19 20:53 976,020 ----a-w C:\Program Files\BDAXP.cab
2004-07-09 12:17 13,265,040 ----a-w C:\Program Files\dxnt.cab
2004-07-09 07:13 703,080 ----a-w C:\Program Files\BDA.cab
2004-07-09 07:13 15,493,481 ----a-w C:\Program Files\DirectX.cab
2004-07-09 02:08 472,576 ----a-w C:\Program Files\dxsetup.exe
2004-07-09 02:08 2,242,560 ----a-w C:\Program Files\dsetup32.dll
2004-07-09 01:03 62,976 ----a-w C:\Program Files\DSETUP.dll
2007-11-29 19:22 1,282,560 --sh--w C:\WINDOWS\system32\anti_stress.exe
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.
[color=red]Files Infected - Win32.Agent.zb[/color]
.

------- Sigcheck -------

2008-02-24 22:45 506368 86db0fdaf2591c86389d36cf44658cfe C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-03-18_18.50.45.78 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-20 15:52:00 2,884,992 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
- 2007-02-20 15:04:04 190,696 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2007-11-20 15:52:00 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-03-19 06:11:26 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_30c.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-03-01 19:40 1266936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]

C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-01-03 01:05:38 27136]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-07-16 17:33:36 626176]
Lancer l'utilitaire Olitec.lnk - C:\Program Files\OLITEC - Moniteur r‚seau 802.11g\WlanUtil.exe [2007-06-05 17:22:30 413696]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoRun"= 0 (0x0)
"NoDesktop"= 0 (0x0)
"NoClose"= 0 (0x0)
"StartMenuLogOff"= 0 (0x0)
"HideClock"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnolj]
opnnolj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\utorrent\\utorrent.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\InstantTouch\\bin\\CmCenterV2.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"C:\\Program Files\\Steam\\SteamApps\\aureliensld\\counter-strike\\hl.exe"=
"C:\\Program Files\\Steam\\SteamApps\\aureliensld\\condition zero\\hl.exe"=
"C:\\Program Files\\Steam\\SteamApps\\aureliensld\\condition zero deleted scenes\\hl.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Metin2_France\\metin2.bin"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\StreamMyGame\\streamer_server.exe"=
"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\HLSW\\hlsw.exe"=
"C:\\Program Files\\css no-steam\\css_no-steam_by33.1\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\aureliensld\\dedicated server\\hlds.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"41952:TCP"= 41952:TCP:MediaServer.exe
"80:TCP"= 80:TCP:Serveur WOW
"80:UDP"= 80:UDP:Serveur W0W
"3427:TCP"= 3427:TCP:Serveur WOW
"3427:UDP"= 3427:UDP:Serveur WOW
"8085:TCP"= 8085:TCP:Serveur wow
"8085:UDP"= 8085:UDP:Serveur wow
"3724:UDP"= 3724:UDP:Serveur wow
"2443:TCP"= 2443:TCP:Serveur wow
"2443:UDP"= 2443:UDP:Serveur wow
"8080:TCP"= 8080:TCP:Serveur wow
"8080:UDP"= 8080:UDP:Serveur wow
"3306:TCP"= 3306:TCP:Serveur wow
"3306:UDP"= 3306:UDP:Serveur wow
"3724:TCP"= 3724:TCP:serveur wow
"8129:TCP"= 8129:TCP:serveur wow
"8129:UDP"= 8129:UDP:serveur wow
"8093:TCP"= 8093:TCP:serveur wow
"8093:UDP"= 8093:UDP:serveur wow
"27015:UDP"= 27015:UDP:test

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-06 20:51]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 20:50]
R3 OLITEC(OLITEC);Stick USB 802.11g OLITEC Driver(OLITEC);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-09-29 10:00]
R3 snpstd2;Trust WB-3100P Portable Webcam;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-10-14 17:12]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 06:08]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 16:23]
S3 service.sys;service.sys;C:\WINDOWS\system32\service.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 XPADFL02;XPAD Filter Service 02;C:\WINDOWS\system32\DRIVERS\xpadfl02.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa82d6f5-892b-11dc-a92c-000a78852e2a}]
\Shell\AutoRun\command - K:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa82d702-892b-11dc-a92c-000a78852e2a}]
\Shell\AutoRun\command - K:\Autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{42CE4021-DE03-E3CC-EA32-40BB12E6015D}]
C:\WINDOWS\system32\msbifx.com
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 07:22:29
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

C:\WINDOWS\system32\drivers\riode32.sys 167936 bytes executable
C:\WINDOWS\system32\drivers\Wkdu43.sys 167936 bytes executable

Scan terminé avec succès
Les fichiers cachés: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wkdu43]

.
Temps d'accomplissement: 2008-03-19 7:24:05
ComboFix-quarantined-files.txt 2008-03-19 06:23:50
ComboFix2.txt 2008-03-18 17:51:00
.
2008-03-12 06:30:54 --- E O F ---

Répondre à aureliensld

:hello:

La manip' avec combofix n'a pas marché.

Peux-tu la refaire ?

------------------------------ Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
Répondre à Egwene

j'ai reussi a bloquer ce virus avec un parfeux ashampoo mais j'ai toujours pas réussi a le supprimer je voudrai bien que tu me conseil un parfeux sinon

Répondre à aureliensld

pour ce qui est de la manip j'ai rééseiller 8 fois a chaque fois je crois qu'il me dit que les fichier sont introuvable

Répondre à aureliensld

nouveau rapport :

ComboFix 08-03-18.1 - Compaq_Propriétaire 2008-03-19 18:43:21.7 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.552 [GMT 1:00]
Endroit: C:\Documents and Settings\Compaq_Propriétaire\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Compaq_PropriÚtaire\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
.

((((((((((((((((((((((((((((( Fichiers créés 2008-02-19 to 2008-03-19 ))))))))))))))))))))))))))))))))))))
.

2008-03-19 16:48 . 2008-03-19 16:48 <REP> d-------- C:\Program Files\Ashampoo
2008-03-19 16:05 . 2008-03-19 16:05 <REP> d-------- C:\Program Files\Sunbelt Software
2008-03-19 14:47 . 2008-03-19 14:51 <REP> d-------- C:\Lop SD
2008-03-19 14:13 . 2008-03-19 14:14 <REP> d-------- C:\WINDOWS\ERUNT
2008-03-19 13:28 . 2008-03-19 13:28 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Uniblue
2008-03-19 12:57 . 2008-03-19 12:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-19 12:57 . 2008-03-19 12:57 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-18 07:21 . 2008-03-18 07:21 <REP> d-------- C:\Deckard
2008-03-17 21:13 . 2008-03-14 09:09 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-17 21:12 . 2007-09-05 22:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-17 21:12 . 2006-04-27 15:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-17 21:12 . 2008-03-15 17:16 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-17 21:12 . 2003-06-05 19:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-17 21:12 . 2004-07-31 16:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-17 21:12 . 2007-10-03 22:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-17 19:27 . 2008-03-17 19:27 <REP> d-------- C:\Program Files\Teamspeak2_RC2
2008-03-16 22:22 . 2008-03-16 22:22 <REP> d-------- C:\Program Files\CCleaner
2008-03-16 22:17 . 2008-03-16 22:17 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-16 22:17 . 2008-03-16 22:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-16 20:10 . 2008-03-16 20:10 63 --a------ C:\WINDOWS\system32\fc17b104
2008-03-16 19:49 . 2008-03-16 22:31 <REP> d-------- C:\Program Files\a-squared Free
2008-03-16 19:45 . 2008-03-16 19:45 29 --a------ C:\WINDOWS\system32\eudtodug.tmp
2008-03-16 19:44 . 2008-03-16 19:44 54,882 --a------ C:\WINDOWS\kjo23bk.dll
2008-03-16 05:02 . 2008-03-16 05:02 <REP> d-------- C:\Program Files\eRightSoft
2008-03-16 05:00 . 2008-03-16 05:00 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\GeoVid
2008-03-16 04:59 . 2008-03-16 04:59 <REP> d-------- C:\Program Files\Fichiers communs\GeoVid
2008-03-16 04:59 . 2005-06-07 15:11 60,416 --a------ C:\WINDOWS\system32\dsetup.dll
2008-03-16 04:54 . 2008-03-16 04:54 <REP> d-------- C:\Program Files\MIKSOFT
2008-03-16 04:52 . 2008-03-16 04:52 <REP> d-------- C:\Program Files\Magicbit
2008-03-16 04:44 . 2004-01-10 17:02 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax
2008-03-16 03:56 . 2008-03-16 03:56 <REP> d-------- C:\Program Files\GetTubeVideo 2.0
2008-03-16 03:18 . 2008-03-16 03:18 <REP> d-------- C:\Program Files\IntelliTamper
2008-03-16 01:20 . 2008-03-16 01:20 58 --a------ C:\WINDOWS\yesmessenger.ini
2008-03-15 17:59 . 2008-03-16 19:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-15 17:55 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-03-15 17:55 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-03-08 17:30 . 2008-03-08 17:36 551 --a------ C:\WINDOWS\settings.cfg
2008-03-08 09:53 . 2008-03-08 09:53 <REP> d-------- C:\Program Files\Act-3D
2008-03-07 07:10 . 2008-03-07 07:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-03-07 07:10 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-03-07 07:10 . 2008-03-07 07:12 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-03-07 07:09 . 2008-03-07 23:05 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-03-07 07:09 . 2008-03-07 23:03 <REP> d-------- C:\WINDOWS\Internet Logs
2008-03-06 20:51 . 2008-03-19 12:54 <REP> d-------- C:\Program Files\Spyware Terminator
2008-03-06 20:51 . 2008-03-19 15:56 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Spyware Terminator
2008-03-06 20:51 . 2008-03-18 16:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-03-06 20:51 . 2008-03-06 20:51 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-03-06 20:36 . 2008-03-06 20:36 <REP> d-------- C:\Program Files\Fichiers communs\Panda Software
2008-03-05 21:50 . 2008-03-05 21:50 30,615 --a------ C:\Documents and Settings\Compaq_Propriétaire\x.exe
2008-03-05 21:50 . 2008-03-05 21:50 30,615 --a------ C:\Documents and Settings\Compaq_Propriétaire\x.exe
2008-03-05 21:49 . 2008-03-05 21:49 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\vw
2008-03-05 21:49 . 2008-03-05 21:49 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\vw
2008-03-05 21:48 . 2008-03-05 21:50 <REP> d-------- C:\Program Files\VisualRoute Lite Edition
2008-03-04 17:44 . 2008-03-04 17:44 <REP> d-------- C:\Program Files\Trend Micro
2008-03-02 21:32 . 2008-03-03 17:37 <REP> d-------- C:\Program Files\E-Anim801
2008-03-02 00:37 . 2008-03-02 01:49 <REP> d-------- C:\Program Files\NeoTrace Express
2008-03-01 19:40 . 2008-03-19 17:03 <REP> d-------- C:\Program Files\Steam
2008-02-28 23:23 . 2008-02-28 23:23 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\eGames
2008-02-28 23:23 . 2008-02-28 23:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\eGames
2008-02-28 13:33 . 2008-02-28 13:34 <REP> d-------- C:\Program Files\BS Hacker Unlimited
2008-02-28 13:18 . 2008-02-28 13:18 2,904 --a------ C:\WINDOWS\system32\dsoudd.dll
2008-02-25 21:30 . 2008-02-25 21:30 <REP> d-------- C:\Program Files\Half-Life Model Viewer
2008-02-24 23:20 . 2008-02-24 23:20 <REP> d-------- C:\Program Files\Hamachi
2008-02-24 23:20 . 2008-03-01 20:37 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Hamachi
2008-02-24 23:20 . 2008-02-24 23:20 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-02-24 00:15 . 2008-02-24 22:32 <REP> d-------- C:\Program Files\css no-steam
2008-02-23 13:38 . 2008-02-26 21:56 <REP> d-------- C:\pacsteam
2008-02-23 02:49 . 2008-03-15 13:45 <REP> d---s---- C:\Program Files\HLSW
2008-02-23 02:49 . 2008-03-17 17:58 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\HLSW
2008-02-22 20:26 . 2004-10-20 16:23 21,344 -ra------ C:\WINDOWS\system32\drivers\fbxusb32.sys
2008-02-22 20:15 . 2008-02-22 20:15 <REP> d-------- C:\Program Files\Free
2008-02-21 19:52 . 2008-02-21 19:52 <REP> d-------- C:\Program Files\Fichiers communs\logishrd
2008-02-21 10:53 . 2008-02-21 10:53 <REP> d-------- C:\Program Files\SteamKeyFr
2008-02-20 19:23 . 2004-10-14 17:12 347,264 --a------ C:\WINDOWS\system32\drivers\snpstd2.sys
2008-02-20 19:23 . 2004-08-30 16:37 286,720 --a------ C:\WINDOWS\vsnpstd2.exe
2008-02-20 19:23 . 2004-02-16 13:59 61,440 --a------ C:\WINDOWS\system32\csnpstd2.dll
2008-02-20 19:23 . 2004-09-24 16:24 57,344 --a------ C:\WINDOWS\system32\rsnpstd2.dll
2008-02-20 19:23 . 2004-06-08 18:25 53,248 --a------ C:\WINDOWS\system32\dsnpstd2.dll
2008-02-20 19:23 . 2004-09-24 13:52 36,864 --a------ C:\WINDOWS\system32\vsnpstd2.dll
2008-02-20 19:23 . 2003-01-17 17:34 15,541 --a------ C:\WINDOWS\snpstd2.ini
2008-02-20 19:23 . 2003-01-17 17:35 13,023 --a------ C:\WINDOWS\snpstd2.src
2008-02-20 19:22 . 2008-02-20 19:22 <REP> d-------- C:\Program Files\Trust
2008-02-20 19:22 . 2004-06-09 16:00 20,480 --a------ C:\WINDOWS\usnpstd2.exe
2008-02-19 11:02 . 2005-03-09 20:50 19,456 --a------ C:\WINDOWS\system32\libusbd-9x.exe
2008-02-19 11:02 . 2005-03-09 20:50 18,944 --a------ C:\WINDOWS\system32\libusbd-nt.exe
2008-02-19 10:39 . 2008-02-19 22:47 <REP> d-------- C:\Program Files\Sega

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-19 11:50 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Skype
2008-03-19 06:12 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\skypePM
2008-03-18 17:28 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-18 16:36 --------- d-----w C:\Program Files\PowerISO
2008-03-18 02:42 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\vmntoolbar
2008-03-17 19:14 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\FileZilla
2008-03-17 15:50 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-15 12:03 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\utorrent
2008-03-13 16:03 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\teamspeak2
2008-03-12 19:55 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\LimeWire
2008-03-08 19:42 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\gtk-2.0
2008-03-07 17:38 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Screenshot Sender
2008-03-06 19:33 --------- d-----w C:\Program Files\ConnectionServices
2008-03-05 12:10 --------- d-----w C:\Program Files\Java
2008-03-02 00:53 13,312 --s-a-w C:\WINDOWS\system32\xskmoqx.dll
2008-03-01 20:42 --------- d-----w C:\Program Files\StreamMyGame
2008-03-01 19:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-29 23:14 --------- d-----w C:\Program Files\LimeWire
2008-02-29 16:10 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-02-28 00:17 --------- d-----w C:\Program Files\Windows Live
2008-02-27 16:10 --------- d-----w C:\Program Files\World of Warcraft
2008-02-24 21:45 506,368 ----a-w C:\WINDOWS\system32\winlogon.exe
2008-02-22 21:15 --------- d-----w C:\Program Files\eddi's Tools
2008-02-21 15:10 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\OpenOffice.org2
2008-02-19 16:07 --------- d-----w C:\Program Files\FileZilla Client
2008-02-19 10:02 --------- d-----w C:\Program Files\LibUSB-Win32-0.1.10.1
2008-02-03 16:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle VideoSpin
2008-02-03 16:54 --------- d-----w C:\Program Files\Pinnacle
2008-02-03 16:54 --------- d-----w C:\Program Files\Fichiers communs\Yahoo!
2008-02-03 16:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\VideoSpin
2008-02-03 16:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-02-03 13:06 --------- d-----w C:\Program Files\Riva
2008-02-03 12:01 --------- d-----w C:\Program Files\Ripp-it_AM
2008-02-02 14:15 --------- d-----w C:\Program Files\Audacity
2008-02-02 10:48 --------- d-----w C:\Program Files\No-IP
2008-02-01 16:13 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-01 16:13 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-28 20:55 --------- d-----w C:\Program Files\AviSynth 2.5
2008-01-20 07:07 33,292 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-03 10:30 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-11-20 16:41 22,328 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\PnkBstrK.sys
2007-11-03 17:38 4,608 --sha-w C:\Program Files\Thumbs.db
2007-09-13 16:37 334 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\wklnhst.dat
2007-09-08 10:11 9,851 ----a-w C:\Program Files\.jpg
2006-02-19 09:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2004-07-22 08:51 3,432,656 ----a-w C:\Program Files\ManagedDX.CAB
2004-07-19 20:58 1,156,363 ----a-w C:\Program Files\BDANT.cab
2004-07-19 20:53 976,020 ----a-w C:\Program Files\BDAXP.cab
2004-07-09 12:17 13,265,040 ----a-w C:\Program Files\dxnt.cab
2004-07-09 07:13 703,080 ----a-w C:\Program Files\BDA.cab
2004-07-09 07:13 15,493,481 ----a-w C:\Program Files\DirectX.cab
2004-07-09 02:08 472,576 ----a-w C:\Program Files\dxsetup.exe
2004-07-09 02:08 2,242,560 ----a-w C:\Program Files\dsetup32.dll
2004-07-09 01:03 62,976 ----a-w C:\Program Files\DSETUP.dll
2007-11-29 19:22 1,282,560 --sh--w C:\WINDOWS\system32\anti_stress.exe
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

------- Sigcheck -------

2008-02-24 22:45 506368 86db0fdaf2591c86389d36cf44658cfe C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-03-19_13.22.22,04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-19 01:48:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-03-19 13:29:50 10,629,120 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-03-19 13:29:50 225,280 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-03-19 01:48:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-03-19 13:14:01 10,629,120 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-03-19 13:14:01 225,280 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2007-11-20 15:52:00 2,884,992 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2007-11-21 00:52:38 2,884,992 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
- 2007-11-20 15:52:00 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2007-11-21 00:52:40 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2008-02-05 19:42:03 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
+ 2008-03-19 14:02:05 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
+ 2008-03-19 13:38:37 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_2d4.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 12:45 36040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-06 20:51 2957824]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\AshDisp.exe" [2007-12-04 14:00 79224]
"Ashampoo FireWall"="C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" [2007-04-05 14:57 3251800]

C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-01-03 01:05:38 27136]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancer l'utilitaire Olitec.lnk - C:\Program Files\OLITEC - Moniteur r‚seau 802.11g\WlanUtil.exe [2007-06-05 17:22:30 413696]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoRun"= 0 (0x0)
"NoDesktop"= 0 (0x0)
"NoClose"= 0 (0x0)
"StartMenuLogOff"= 0 (0x0)
"HideClock"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnolj]
opnnolj.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-01 17:22 21898024 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-03-01 19:40 1266936 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\utorrent\\utorrent.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\InstantTouch\\bin\\CmCenterV2.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"C:\\Program Files\\Steam\\SteamApps\\aureliensld\\counter-strike\\hl.exe"=
"C:\\Program Files\\Steam\\SteamApps\\aureliensld\\condition zero\\hl.exe"=
"C:\\Program Files\\Steam\\SteamApps\\aureliensld\\condition zero deleted scenes\\hl.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\StreamMyGame\\streamer_server.exe"=
"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\HLSW\\hlsw.exe"=
"C:\\Program Files\\css no-steam\\css_no-steam_by33.1\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\aureliensld\\dedicated server\\hlds.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"41952:TCP"= 41952:TCP:MediaServer.exe

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-06 20:51]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 20:50]
R3 OLITEC(OLITEC);Stick USB 802.11g OLITEC Driver(OLITEC);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-09-29 10:00]
R3 snpstd2;Trust WB-3100P Portable Webcam;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-10-14 17:12]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 06:08]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 16:23]
S3 service.sys;service.sys;C:\WINDOWS\system32\service.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice []
S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld []
S3 XPADFL02;XPAD Filter Service 02;C:\WINDOWS\system32\DRIVERS\xpadfl02.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa82d6f5-892b-11dc-a92c-000a78852e2a}]
\Shell\AutoRun\command - K:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa82d702-892b-11dc-a92c-000a78852e2a}]
\Shell\AutoRun\command - K:\Autorun.exe

*Newly Created Service* - ASFWHIDE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{42CE4021-DE03-E3CC-EA32-40BB12E6015D}]
C:\WINDOWS\system32\msbifx.com
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 18:49:17
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

C:\WINDOWS\system32\drivers\riode32.sys 167936 bytes executable
C:\WINDOWS\system32\drivers\Wkdu43.sys 167936 bytes executable

Scan terminé avec succès
Les fichiers cachés: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wkdu43]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\ASFWHide"
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll
.
Temps d'accomplissement: 2008-03-19 18:50:04
ComboFix2.txt 2008-03-19 12:54:08
ComboFix3.txt 2008-03-19 12:42:37
ComboFix4.txt 2008-03-19 12:22:35
ComboFix5.txt 2008-03-19 06:24:06
.
2008-03-12 06:30:54 --- E O F ---

Répondre à aureliensld

:hello:

Désinstalle avast, redémarre et supprime ~~>C:\Program Files\Alwil Software

Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.

Télécharge et installe Antivir. (tuto)
Pourquoi changer ? Avast vs Antivir
Vérifie qu’il soit bien à jour ! Fais une analyse complète en mode sans échec, sauvegarde le rapport et poste le moi.

------------------------------ Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
Répondre à Egwene

voila tout est fait je peut pas te dire si le virus est encor la vu qu'il est bloquer par mon parefeux mais tout les fichier que tu voulais me faire détruire avec combofix sont détruit

resultat de l'analyse (tout les fichier on été supprimer) :

AntiVir PersonalEdition Classic
Report file date: mercredi 19 mars 2008 19:36

Scanning for 1159073 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Compaq_Propriétaire
Computer name: NOM-EB85C523610

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 18:30:21
ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07/03/2008 18:30:21
ANTIVIR3.VDF : 7.0.3.55 314368 Bytes 19/03/2008 18:30:21
AVEWIN32.DLL : 7.6.0.75 3334656 Bytes 19/03/2008 18:30:21
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 19/03/2008 18:30:21
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: L:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercredi 19 mars 2008 19:36

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'G:\'
[NOTE] In the drive 'G:\' no data medium is inserted!
Boot sector 'H:\'
[NOTE] In the drive 'H:\' no data medium is inserted!
Boot sector 'I:\'
[NOTE] In the drive 'I:\' no data medium is inserted!
Boot sector 'J:\'
[NOTE] In the drive 'J:\' no data medium is inserted!

Starting to scan the registry.
The registry was scanned ( '25' files ).

Starting the file scan:

Begin scan in 'C:\' <PRESARIO>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Deckard\System Scanner\20080318164837\backup\WINDOWS\temp\_avast4_\unp126091881.tmp
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sinowal.AO Backdoor server programs
[INFO] The file was moved to '48515dae.qua'!
C:\Deckard\System Scanner\20080318164837\backup\WINDOWS\temp\_avast4_\unp134445978.tmp
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sinowal.AO Backdoor server programs
[INFO] The file was moved to '49d0211f.qua'!
C:\Deckard\System Scanner\20080318164837\backup\WINDOWS\temp\_avast4_\unp252932795.tmp
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '48515daf.qua'!
C:\Deckard\System Scanner\20080318164837\backup\WINDOWS\temp\_avast4_\unp256714222.tmp
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sinowal.AO Backdoor server programs
[INFO] The file was moved to '49d02100.qua'!
C:\Deckard\System Scanner\20080318164837\backup\WINDOWS\temp\_avast4_\unp265519302.tmp
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sinowal.AO Backdoor server programs
[INFO] The file was moved to '48515db1.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\opejvqs.exe.ren
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '48465e8f.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Mes documents\My Completed Downloads\tro\UKSplitterv1.2.zip
[0] Archive type: ZIP
--> UKSplitterv12.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Teqila.1.2 Backdoor server programs
[INFO] The file was moved to '48345f81.qua'!
C:\Program Files\css no-steam\css_no-steam_by33.1\crack.exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was moved to '4842618c.qua'!
C:\Program Files\PremiumSoft\Navicat MySQL\navicat.exe
[DETECTION] Is the Trojan horse TR/Drop.Delf.any
[INFO] The file was moved to '48576699.qua'!
C:\Program Files\PremiumSoft\Navicat MySQL\navicat.exe.BAK
[DETECTION] Is the Trojan horse TR/Drop.Delf.any
[INFO] The file was moved to '4857669b.qua'!
C:\WINDOWS\kjo23bk.dll
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '48506791.qua'!
C:\WINDOWS\system32\xskmoqx.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agent.kdp.1
[INFO] The file was moved to '484c69b3.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <PRESARIO_RP>
Begin scan in 'G:\'
Search path G:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'H:\'
Search path H:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'I:\'
Search path I:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'J:\'
Search path J:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'E:\'
Search path E:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'L:\'
Search path L:\ could not be opened!
Le périphérique n'est pas prêt.

End of the scan: mercredi 19 mars 2008 20:38
Used time: 1:02:37 min

The scan has been done completely.

12766 Scanning directories
650672 Files were scanned
12 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
12 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
650660 Files not concerned
16904 Archives were scanned
2 Warnings
6 Notes

Répondre à aureliensld

Re,

Tu peux me refaire un combofix en mode normal ? Sans script, juste un combofix normal

------------------------------ Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
Répondre à Egwene

voila ^^ :

ComboFix 08-03-18.1 - Compaq_Propriétaire 2008-03-20 16:45:07.8 - NTFSx86 MINIMAL
Endroit: C:\Documents and Settings\Compaq_Propriétaire\Bureau\ComboFix.exe
.
TimedOut: progfile.dat

((((((((((((((((((((((((((((( Fichiers créés 2008-02-20 to 2008-03-20 ))))))))))))))))))))))))))))))))))))
.

2008-03-19 21:32 . 2008-03-19 21:32 <REP> d-------- C:\Program Files\Guitar Pro 4
2008-03-19 21:18 . 2008-03-19 21:18 <REP> d-------- C:\Program Files\QuickTime
2008-03-19 21:16 . 2008-03-19 21:16 <REP> d-------- C:\Program Files\Bonjour
2008-03-19 21:09 . 2008-03-19 21:09 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-03-19 19:27 . 2008-03-19 19:27 <REP> d-------- C:\Program Files\Avira
2008-03-19 19:27 . 2008-03-19 19:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-19 16:48 . 2008-03-19 16:48 <REP> d-------- C:\Program Files\Ashampoo
2008-03-19 16:05 . 2008-03-19 16:05 <REP> d-------- C:\Program Files\Sunbelt Software
2008-03-19 14:13 . 2008-03-19 14:14 <REP> d-------- C:\WINDOWS\ERUNT
2008-03-19 13:28 . 2008-03-19 13:28 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Uniblue
2008-03-19 12:57 . 2008-03-19 12:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-19 12:57 . 2008-03-19 12:57 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-18 07:21 . 2008-03-18 07:21 <REP> d-------- C:\Deckard
2008-03-17 21:13 . 2008-03-14 09:09 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-17 21:12 . 2007-09-05 22:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-17 21:12 . 2006-04-27 15:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-17 21:12 . 2008-03-15 17:16 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-17 21:12 . 2003-06-05 19:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-17 21:12 . 2004-07-31 16:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-17 21:12 . 2007-10-03 22:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-17 19:27 . 2008-03-17 19:27 <REP> d-------- C:\Program Files\Teamspeak2_RC2
2008-03-16 22:22 . 2008-03-16 22:22 <REP> d-------- C:\Program Files\CCleaner
2008-03-16 22:17 . 2008-03-16 22:17 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-16 22:17 . 2008-03-16 22:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-16 20:10 . 2008-03-16 20:10 63 --a------ C:\WINDOWS\system32\fc17b104
2008-03-16 19:49 . 2008-03-16 22:31 <REP> d-------- C:\Program Files\a-squared Free
2008-03-16 19:45 . 2008-03-16 19:45 29 --a------ C:\WINDOWS\system32\eudtodug.tmp
2008-03-16 05:02 . 2008-03-16 05:02 <REP> d-------- C:\Program Files\eRightSoft
2008-03-16 05:00 . 2008-03-16 05:00 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\GeoVid
2008-03-16 04:59 . 2008-03-16 04:59 <REP> d-------- C:\Program Files\Fichiers communs\GeoVid
2008-03-16 04:59 . 2005-06-07 15:11 60,416 --a------ C:\WINDOWS\system32\dsetup.dll
2008-03-16 04:54 . 2008-03-16 04:54 <REP> d-------- C:\Program Files\MIKSOFT
2008-03-16 04:52 . 2008-03-16 04:52 <REP> d-------- C:\Program Files\Magicbit
2008-03-16 04:44 . 2004-01-10 17:02 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax
2008-03-16 03:56 . 2008-03-16 03:56 <REP> d-------- C:\Program Files\GetTubeVideo 2.0
2008-03-16 03:18 . 2008-03-16 03:18 <REP> d-------- C:\Program Files\IntelliTamper
2008-03-16 01:20 . 2008-03-16 01:20 58 --a------ C:\WINDOWS\yesmessenger.ini
2008-03-15 17:59 . 2008-03-16 19:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-15 17:55 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-03-15 17:55 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-03-08 17:30 . 2008-03-08 17:36 551 --a------ C:\WINDOWS\settings.cfg
2008-03-08 09:53 . 2008-03-08 09:53 <REP> d-------- C:\Program Files\Act-3D
2008-03-07 07:10 . 2008-03-07 07:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-03-07 07:10 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-03-07 07:10 . 2008-03-07 07:12 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-03-07 07:09 . 2008-03-07 23:05 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-03-07 07:09 . 2008-03-07 23:03 <REP> d-------- C:\WINDOWS\Internet Logs
2008-03-06 20:51 . 2008-03-20 16:38 <REP> d-------- C:\Program Files\Spyware Terminator
2008-03-06 20:51 . 2008-03-20 16:38 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Spyware Terminator
2008-03-06 20:51 . 2008-03-20 16:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-03-06 20:51 . 2008-03-06 20:51 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-03-06 20:36 . 2008-03-06 20:36 <REP> d-------- C:\Program Files\Fichiers communs\Panda Software
2008-03-05 21:50 . 2008-03-05 21:50 30,615 --a------ C:\Documents and Settings\Compaq_Propriétaire\x.exe
2008-03-05 21:50 . 2008-03-05 21:50 30,615 --a------ C:\Documents and Settings\Compaq_Propriétaire\x.exe
2008-03-05 21:49 . 2008-03-05 21:49 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\vw
2008-03-05 21:49 . 2008-03-05 21:49 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\vw
2008-03-05 21:48 . 2008-03-05 21:50 <REP> d-------- C:\Program Files\VisualRoute Lite Edition
2008-03-04 17:44 . 2008-03-04 17:44 <REP> d-------- C:\Program Files\Trend Micro
2008-03-02 21:32 . 2008-03-03 17:37 <REP> d-------- C:\Program Files\E-Anim801
2008-03-02 00:37 . 2008-03-02 01:49 <REP> d-------- C:\Program Files\NeoTrace Express
2008-03-01 19:40 . 2008-03-19 17:03 <REP> d-------- C:\Program Files\Steam
2008-02-28 23:23 . 2008-02-28 23:23 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\eGames
2008-02-28 23:23 . 2008-02-28 23:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\eGames
2008-02-28 13:33 . 2008-02-28 13:34 <REP> d-------- C:\Program Files\BS Hacker Unlimited
2008-02-28 13:18 . 2008-02-28 13:18 2,904 --a------ C:\WINDOWS\system32\dsoudd.dll
2008-02-25 21:30 . 2008-02-25 21:30 <REP> d-------- C:\Program Files\Half-Life Model Viewer
2008-02-24 23:20 . 2008-02-24 23:20 <REP> d-------- C:\Program Files\Hamachi
2008-02-24 23:20 . 2008-03-01 20:37 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Hamachi
2008-02-24 23:20 . 2008-02-24 23:20 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-02-24 00:15 . 2008-02-24 22:32 <REP> d-------- C:\Program Files\css no-steam
2008-02-23 13:38 . 2008-02-26 21:56 <REP> d-------- C:\pacsteam
2008-02-23 02:49 . 2008-03-15 13:45 <REP> d---s---- C:\Program Files\HLSW
2008-02-23 02:49 . 2008-03-17 17:58 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\HLSW
2008-02-22 20:26 . 2004-10-20 16:23 21,344 -ra------ C:\WINDOWS\system32\drivers\fbxusb32.sys
2008-02-22 20:15 . 2008-02-22 20:15 <REP> d-------- C:\Program Files\Free
2008-02-21 19:52 . 2008-02-21 19:52 <REP> d-------- C:\Program Files\Fichiers communs\logishrd
2008-02-21 10:53 . 2008-02-21 10:53 <REP> d-------- C:\Program Files\SteamKeyFr
2008-02-20 19:23 . 2004-10-14 17:12 347,264 --a------ C:\WINDOWS\system32\drivers\snpstd2.sys
2008-02-20 19:23 . 2004-08-30 16:37 286,720 --a------ C:\WINDOWS\vsnpstd2.exe
2008-02-20 19:23 . 2004-02-16 13:59 61,440 --a------ C:\WINDOWS\system32\csnpstd2.dll
2008-02-20 19:23 . 2004-09-24 16:24 57,344 --a------ C:\WINDOWS\system32\rsnpstd2.dll
2008-02-20 19:23 . 2004-06-08 18:25 53,248 --a------ C:\WINDOWS\system32\dsnpstd2.dll
2008-02-20 19:23 . 2004-09-24 13:52 36,864 --a------ C:\WINDOWS\system32\vsnpstd2.dll
2008-02-20 19:23 . 2003-01-17 17:34 15,541 --a------ C:\WINDOWS\snpstd2.ini
2008-02-20 19:23 . 2003-01-17 17:35 13,023 --a------ C:\WINDOWS\snpstd2.src
2008-02-20 19:22 . 2008-02-20 19:22 <REP> d-------- C:\Program Files\Trust
2008-02-20 19:22 . 2004-06-09 16:00 20,480 --a------ C:\WINDOWS\usnpstd2.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-19 20:16 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-19 11:50 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Skype
2008-03-19 06:12 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\skypePM
2008-03-18 16:36 --------- d-----w C:\Program Files\PowerISO
2008-03-18 02:42 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\vmntoolbar
2008-03-17 19:14 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\FileZilla
2008-03-17 15:50 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-15 12:03 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\utorrent
2008-03-13 16:03 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\teamspeak2
2008-03-12 19:55 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\LimeWire
2008-03-08 19:42 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\gtk-2.0
2008-03-07 17:38 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Screenshot Sender
2008-03-06 19:33 --------- d-----w C:\Program Files\ConnectionServices
2008-03-05 12:10 --------- d-----w C:\Program Files\Java
2008-03-01 20:42 --------- d-----w C:\Program Files\StreamMyGame
2008-03-01 19:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-29 23:14 --------- d-----w C:\Program Files\LimeWire
2008-02-29 16:10 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-02-28 00:17 --------- d-----w C:\Program Files\Windows Live
2008-02-27 16:10 --------- d-----w C:\Program Files\World of Warcraft
2008-02-24 21:45 506,368 ----a-w C:\WINDOWS\system32\winlogon.exe
2008-02-22 21:15 --------- d-----w C:\Program Files\eddi's Tools
2008-02-21 15:10 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\OpenOffice.org2
2008-02-19 21:47 --------- d-----w C:\Program Files\Sega
2008-02-19 16:07 --------- d-----w C:\Program Files\FileZilla Client
2008-02-19 10:02 --------- d-----w C:\Program Files\LibUSB-Win32-0.1.10.1
2008-02-03 16:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle VideoSpin
2008-02-03 16:54 --------- d-----w C:\Program Files\Pinnacle
2008-02-03 16:54 --------- d-----w C:\Program Files\Fichiers communs\Yahoo!
2008-02-03 16:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\VideoSpin
2008-02-03 16:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-02-03 13:06 --------- d-----w C:\Program Files\Riva
2008-02-03 12:01 --------- d-----w C:\Program Files\Ripp-it_AM
2008-02-02 14:15 --------- d-----w C:\Program Files\Audacity
2008-02-02 10:48 --------- d-----w C:\Program Files\No-IP
2008-02-01 16:13 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-01 16:13 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-28 20:55 --------- d-----w C:\Program Files\AviSynth 2.5
2008-01-20 07:07 33,292 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-03 10:30 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-20 16:41 22,328 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\PnkBstrK.sys
2007-11-03 17:38 4,608 --sha-w C:\Program Files\Thumbs.db
2007-09-13 16:37 334 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\wklnhst.dat
2007-09-08 10:11 9,851 ----a-w C:\Program Files\.jpg
2006-02-19 09:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2004-07-22 08:51 3,432,656 ----a-w C:\Program Files\ManagedDX.CAB
2004-07-19 20:58 1,156,363 ----a-w C:\Program Files\BDANT.cab
2004-07-19 20:53 976,020 ----a-w C:\Program Files\BDAXP.cab
2004-07-09 12:17 13,265,040 ----a-w C:\Program Files\dxnt.cab
2004-07-09 07:13 703,080 ----a-w C:\Program Files\BDA.cab
2004-07-09 07:13 15,493,481 ----a-w C:\Program Files\DirectX.cab
2004-07-09 02:08 472,576 ----a-w C:\Program Files\dxsetup.exe
2004-07-09 02:08 2,242,560 ----a-w C:\Program Files\dsetup32.dll
2004-07-09 01:03 62,976 ----a-w C:\Program Files\DSETUP.dll
2007-11-29 19:22 1,282,560 --sh--w C:\WINDOWS\system32\anti_stress.exe
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

------- Sigcheck -------

2008-02-24 22:45 506368 86db0fdaf2591c86389d36cf44658cfe C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-06 20:51 2957824]
"Ashampoo FireWall"="C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" [2007-04-05 14:57 3251800]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-19 19:30 249896]

C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-01-03 01:05:38 27136]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancer l'utilitaire Olitec.lnk - C:\Program Files\OLITEC - Moniteur r‚seau 802.11g\WlanUtil.exe [2007-06-05 17:22:30 413696]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoRun"= 0 (0x0)
"NoDesktop"= 0 (0x0)
"NoClose"= 0 (0x0)
"StartMenuLogOff"= 0 (0x0)
"HideClock"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnolj]
opnnolj.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-01 17:22 21898024 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-03-01 19:40 1266936 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\utorrent\\utorrent.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\InstantTouch\\bin\\CmCenterV2.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"C:\\Program Files\\Steam\\SteamApps\\aureliensld\\counter-strike\\hl.exe"=
"C:\\Program Files\\Steam\\SteamApps\\aureliensld\\condition zero\\hl.exe"=
"C:\\Program Files\\Steam\\SteamApps\\aureliensld\\condition zero deleted scenes\\hl.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\StreamMyGame\\streamer_server.exe"=
"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\HLSW\\hlsw.exe"=
"C:\\Program Files\\css no-steam\\css_no-steam_by33.1\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\aureliensld\\dedicated server\\hlds.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"41952:TCP"= 41952:TCP:MediaServer.exe

R0 Wkdu43;Wkdu43;C:\WINDOWS\system32\drivers\Wkdu43.sys [2008-03-16 19:45]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 20:50]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 06:08]
S1 kjo23bk;kjo23bk;C:\WINDOWS\kjo23bk.dll []
S1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-06 20:51]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 16:23]
S3 OLITEC(OLITEC);Stick USB 802.11g OLITEC Driver(OLITEC);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-09-29 10:00]
S3 service.sys;service.sys;C:\WINDOWS\system32\service.sys []
S3 snpstd2;Trust WB-3100P Portable Webcam;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-10-14 17:12]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice []
S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld []
S3 XPADFL02;XPAD Filter Service 02;C:\WINDOWS\system32\DRIVERS\xpadfl02.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa82d6f5-892b-11dc-a92c-000a78852e2a}]
\Shell\AutoRun\command - K:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa82d702-892b-11dc-a92c-000a78852e2a}]
\Shell\AutoRun\command - K:\Autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{42CE4021-DE03-E3CC-EA32-40BB12E6015D}]
C:\WINDOWS\system32\msbifx.com
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-20 16:52:17
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

C:\WINDOWS\system32\drivers\riode32.sys 167936 bytes executable
C:\WINDOWS\system32\drivers\Wkdu43.sys 167936 bytes executable

Scan terminé avec succès
Les fichiers cachés: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\ASFWHide"
.
Temps d'accomplissement: 2008-03-20 16:56:31
.
2008-03-12 06:30:54 --- E O F ---

Répondre à aureliensld

:hello:

Tu as deux rootkits qui sont toujours présents sur ton PC

1) Poste un nouveau hijackthis.

2) Télécharge OAD (de !aur3n7)
http://sosvirus.changelog.fr/OAD.exe

Enregistre le sur ton Bureau
Double clique sur le OAD pour le lancer
Nom de fichier à rechercher tape ou fais un copier coller de : Wkdu43.sys
Type de recherche : sélectionne l’option 6 puis valide [entrée]
OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il ait terminé.

Le rapport de recherche s'affichera automatiquement dès qu'il aura terminé.
Fais un copier / coller de ce rapport dans ton prochain post.

Note importante : Suivant la taille des disques dur cette recherche peut prendre plusieurs minutes. Sois patient.

Ensuite fais de même pour : riode32.sys

------------------------------ Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
Répondre à Egwene

voila le rapport, sinon c'est possible que ce virus est affecter le fonctionnement de certain de mes logicielle parce que depuis que j'ai ce virus mon micro ne marche plus sur Team Speak alors qu'il marche sur tout les autre logicielle de communication ?

rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:19:59, on 20/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLITEC - Moniteur réseau 802.11g\WlanUtil.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Lancer l'utilitaire Olitec.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Ouvrir avec GetRight - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Télecharger avec GetRight - C:\Program Files\GetRight\GRdownload.htm
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/p [...] nicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driv [...] eqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - http://www.nvidia.com/content/Driv [...] rtScan.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: opnnolj - opnnolj.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - (no file)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

--
End of file - 11650 bytes

Répondre à aureliensld

Re,

Oui c'est possible, tu n'auras qu'à désinstaller et réinstaller TeamSpeak une fois la désinfection finie

Fais la manip' numéro deux demandée

------------------------------ Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
Répondre à Egwene

manip faite :

resultat :

20/03/2008 ---- 17:26:52,09

----------------------------------
§§§§§§ [Wkdu43.sys] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete

********************
[Registre]
********************

Aucune entrée détectée

*******************
[Fichier]
*******************

*********************
[Même date]
*********************

Aucun fichier créé à la même date détecté

Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------

resultat 2 :

20/03/2008 ---- 17:29:27,09

----------------------------------
§§§§§§ [riode32.sys] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete

********************
[Registre]
********************

Aucune entrée détectée

*******************
[Fichier]
*******************

*********************
[Même date]
*********************

Aucun fichier créé à la même date détecté

Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------

Répondre à aureliensld

Re,

1) Vas dans le menu démarrer -> exécuter et tu tapes : services.msc

Cherche le service suivant : ASFWHide
Double clic dessus : dans le champ "Status du service" mets-le sur "arrêté".
Dans le champ "Type de démarrage" mets-le sur "désactivé" puis "Appliquer" puis "ok".
Quitte les services.
Passe par hijackthis :" Misc Tools Section"=> "Delete an NT service" et tu rentre le nom du service dans la case: ASFWHide et tu cliques sur "ok".

2) Supprime toutes traces de combofix sur ton PC. Retélécharge-le et installe-le ici : C:\ , c'est-à-dire à la racine du disque dur.

Ensuite, scan avec combofix normalement et poste-moi le rapport.

------------------------------ Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
Répondre à Egwene

j'ai pas ASFWhide :s

Répondre à aureliensld

Oki,

Fais la suite

------------------------------ Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
Répondre à Egwene

mais c'est pas grave si j'ai pas ASFWHide ?

Répondre à aureliensld

voila le rapport :

ComboFix 08-03-18.1 - Compaq_Propriétaire 2008-03-20 18:15:54.9 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.604 [GMT 1:00]
Endroit: C:\ComboFix.exe
.
TimedOut: progfile.dat

((((((((((((((((((((((((((((( Fichiers créés 2008-02-20 to 2008-03-20 ))))))))))))))))))))))))))))))))))))
.

2008-03-20 18:14 . 2008-03-20 18:13 1,599,141 --a------ C:\ComboFix.exe
2008-03-19 21:32 . 2008-03-19 21:32 <REP> d-------- C:\Program Files\Guitar Pro 4
2008-03-19 21:18 . 2008-03-19 21:18 <REP> d-------- C:\Program Files\QuickTime
2008-03-19 21:16 . 2008-03-19 21:16 <REP> d-------- C:\Program Files\Bonjour
2008-03-19 21:09 . 2008-03-19 21:09 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-03-19 19:27 . 2008-03-19 19:27 <REP> d-------- C:\Program Files\Avira
2008-03-19 19:27 . 2008-03-19 19:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-19 16:48 . 2008-03-19 16:48 <REP> d-------- C:\Program Files\Ashampoo
2008-03-19 16:05 . 2008-03-19 16:05 <REP> d-------- C:\Program Files\Sunbelt Software
2008-03-19 14:13 . 2008-03-19 14:14 <REP> d-------- C:\WINDOWS\ERUNT
2008-03-19 13:28 . 2008-03-19 13:28 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Uniblue
2008-03-19 12:57 . 2008-03-19 12:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-19 12:57 . 2008-03-19 12:57 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-18 07:21 . 2008-03-18 07:21 <REP> d-------- C:\Deckard
2008-03-17 21:13 . 2008-03-14 09:09 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-17 21:12 . 2007-09-05 22:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-17 21:12 . 2006-04-27 15:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-17 21:12 . 2008-03-15 17:16 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-17 21:12 . 2003-06-05 19:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-17 21:12 . 2004-07-31 16:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-17 21:12 . 2007-10-03 22:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-17 19:27 . 2008-03-17 19:27 <REP> d-------- C:\Program Files\Teamspeak2_RC2
2008-03-16 22:22 . 2008-03-16 22:22 <REP> d-------- C:\Program Files\CCleaner
2008-03-16 22:17 . 2008-03-16 22:17 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-16 22:17 . 2008-03-16 22:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-16 20:10 . 2008-03-16 20:10 63 --a------ C:\WINDOWS\system32\fc17b104
2008-03-16 19:49 . 2008-03-16 22:31 <REP> d-------- C:\Program Files\a-squared Free
2008-03-16 19:45 . 2008-03-16 19:45 29 --a------ C:\WINDOWS\system32\eudtodug.tmp
2008-03-16 05:02 . 2008-03-16 05:02 <REP> d-------- C:\Program Files\eRightSoft
2008-03-16 05:00 . 2008-03-16 05:00 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\GeoVid
2008-03-16 04:59 . 2008-03-16 04:59 <REP> d-------- C:\Program Files\Fichiers communs\GeoVid
2008-03-16 04:59 . 2005-06-07 15:11 60,416 --a------ C:\WINDOWS\system32\dsetup.dll
2008-03-16 04:54 . 2008-03-16 04:54 <REP> d-------- C:\Program Files\MIKSOFT
2008-03-16 04:52 . 2008-03-16 04:52 <REP> d-------- C:\Program Files\Magicbit
2008-03-16 04:44 . 2004-01-10 17:02 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax
2008-03-16 03:56 . 2008-03-16 03:56 <REP> d-------- C:\Program Files\GetTubeVideo 2.0
2008-03-16 03:18 . 2008-03-16 03:18 <REP> d-------- C:\Program Files\IntelliTamper
2008-03-16 01:20 . 2008-03-16 01:20 58 --a------ C:\WINDOWS\yesmessenger.ini
2008-03-15 17:59 . 2008-03-16 19:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-15 17:55 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-03-15 17:55 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-03-08 17:30 . 2008-03-08 17:36 551 --a------ C:\WINDOWS\settings.cfg
2008-03-08 09:53 . 2008-03-08 09:53 <REP> d-------- C:\Program Files\Act-3D
2008-03-07 07:10 . 2008-03-07 07:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-03-07 07:10 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-03-07 07:10 . 2008-03-07 07:12 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-03-07 07:09 . 2008-03-07 23:05 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-03-07 07:09 . 2008-03-07 23:03 <REP> d-------- C:\WINDOWS\Internet Logs
2008-03-06 20:51 . 2008-03-20 16:38 <REP> d-------- C:\Program Files\Spyware Terminator
2008-03-06 20:51 . 2008-03-20 16:38 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Spyware Terminator
2008-03-06 20:51 . 2008-03-20 16:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-03-06 20:51 . 2008-03-06 20:51 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-03-06 20:36 . 2008-03-06 20:36 <REP> d-------- C:\Program Files\Fichiers communs\Panda Software
2008-03-05 21:50 . 2008-03-05 21:50 30,615 --a------ C:\Documents and Settings\Compaq_Propriétaire\x.exe
2008-03-05 21:50 . 2008-03-05 21:50 30,615 --a------ C:\Documents and Settings\Compaq_Propriétaire\x.exe
2008-03-05 21:49 . 2008-03-05 21:49 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\vw
2008-03-05 21:49 . 2008-03-05 21:49 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\vw
2008-03-05 21:48 . 2008-03-05 21:50 <REP> d-------- C:\Program Files\VisualRoute Lite Edition
2008-03-04 17:44 . 2008-03-04 17:44 <REP> d-------- C:\Program Files\Trend Micro
2008-03-02 21:32 . 2008-03-03 17:37 <REP> d-------- C:\Program Files\E-Anim801
2008-03-02 00:37 . 2008-03-02 01:49 <REP> d-------- C:\Program Files\NeoTrace Express
2008-03-01 19:40 . 2008-03-19 17:03 <REP> d-------- C:\Program Files\Steam
2008-02-28 23:23 . 2008-02-28 23:23 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\eGames
2008-02-28 23:23 . 2008-02-28 23:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\eGames
2008-02-28 13:33 . 2008-02-28 13:34 <REP> d-------- C:\Program Files\BS Hacker Unlimited
2008-02-28 13:18 . 2008-02-28 13:18 2,904 --a------ C:\WINDOWS\system32\dsoudd.dll
2008-02-25 21:30 . 2008-02-25 21:30 <REP> d-------- C:\Program Files\Half-Life Model Viewer
2008-02-24 23:20 . 2008-02-24 23:20 <REP> d-------- C:\Program Files\Hamachi
2008-02-24 23:20 . 2008-03-01 20:37 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Hamachi
2008-02-24 23:20 . 2008-02-24 23:20 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-02-24 00:15 . 2008-02-24 22:32 <REP> d-------- C:\Program Files\css no-steam
2008-02-23 13:38 . 2008-02-26 21:56 <REP> d-------- C:\pacsteam
2008-02-23 02:49 . 2008-03-15 13:45 <REP> d---s---- C:\Program Files\HLSW
2008-02-23 02:49 . 2008-03-17 17:58 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\HLSW
2008-02-22 20:26 . 2004-10-20 16:23 21,344 -ra------ C:\WINDOWS\system32\drivers\fbxusb32.sys
2008-02-22 20:15 . 2008-02-22 20:15 <REP> d-------- C:\Program Files\Free
2008-02-21 19:52 . 2008-02-21 19:52 <REP> d-------- C:\Program Files\Fichiers communs\logishrd
2008-02-21 10:53 . 2008-02-21 10:53 <REP> d-------- C:\Program Files\SteamKeyFr
2008-02-20 19:23 . 2004-10-14 17:12 347,264 --a------ C:\WINDOWS\system32\drivers\snpstd2.sys
2008-02-20 19:23 . 2004-08-30 16:37 286,720 --a------ C:\WINDOWS\vsnpstd2.exe
2008-02-20 19:23 . 2004-02-16 13:59 61,440 --a------ C:\WINDOWS\system32\csnpstd2.dll
2008-02-20 19:23 . 2004-09-24 16:24 57,344 --a------ C:\WINDOWS\system32\rsnpstd2.dll
2008-02-20 19:23 . 2004-06-08 18:25 53,248 --a------ C:\WINDOWS\system32\dsnpstd2.dll
2008-02-20 19:23 . 2004-09-24 13:52 36,864 --a------ C:\WINDOWS\system32\vsnpstd2.dll
2008-02-20 19:23 . 2003-01-17 17:34 15,541 --a------ C:\WINDOWS\snpstd2.ini
2008-02-20 19:23 . 2003-01-17 17:35 13,023 --a------ C:\WINDOWS\snpstd2.src
2008-02-20 19:22 . 2008-02-20 19:22 <REP> d-------- C:\Program Files\Trust
2008-02-20 19:22 . 2004-06-09 16:00 20,480 --a------ C:\WINDOWS\usnpstd2.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-20 16:43 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Skype
2008-03-20 16:39 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\skypePM
2008-03-19 20:16 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-18 16:36 --------- d-----w C:\Program Files\PowerISO
2008-03-18 02:42 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\vmntoolbar
2008-03-17 19:14 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\FileZilla
2008-03-17 15:50 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-15 12:03 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\utorrent
2008-03-13 16:03 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\teamspeak2
2008-03-12 19:55 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\LimeWire
2008-03-08 19:42 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\gtk-2.0
2008-03-07 17:38 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Screenshot Sender
2008-03-06 19:33 --------- d-----w C:\Program Files\ConnectionServices
2008-03-05 12:10 --------- d-----w C:\Program Files\Java
2008-03-01 20:42 --------- d-----w C:\Program Files\StreamMyGame
2008-03-01 19:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-29 23:14 --------- d-----w C:\Program Files\LimeWire
2008-02-29 16:10 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-02-28 00:17 --------- d-----w C:\Program Files\Windows Live
2008-02-27 16:10 --------- d-----w C:\Program Files\World of Warcraft
2008-02-24 21:45 506,368 ----a-w C:\WINDOWS\system32\winlogon.exe
2008-02-22 21:15 --------- d-----w C:\Program Files\eddi's Tools
2008-02-21 15:10 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\OpenOffice.org2
2008-02-19 21:47 --------- d-----w C:\Program Files\Sega
2008-02-19 16:07 --------- d-----w C:\Program Files\FileZilla Client
2008-02-19 10:02 --------- d-----w C:\Program Files\LibUSB-Win32-0.1.10.1
2008-02-03 16:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle VideoSpin
2008-02-03 16:54 --------- d-----w C:\Program Files\Pinnacle
2008-02-03 16:54 --------- d-----w C:\Program Files\Fichiers communs\Yahoo!
2008-02-03 16:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\VideoSpin
2008-02-03 16:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-02-03 13:06 --------- d-----w C:\Program Files\Riva
2008-02-03 12:01 --------- d-----w C:\Program Files\Ripp-it_AM
2008-02-02 14:15 --------- d-----w C:\Program Files\Audacity
2008-02-02 10:48 --------- d-----w C:\Program Files\No-IP
2008-02-01 16:13 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-01 16:13 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-28 20:55 --------- d-----w C:\Program Files\AviSynth 2.5
2008-01-20 07:07 33,292 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-03 10:30 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-20 16:41 22,328 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\PnkBstrK.sys
2007-11-03 17:38 4,608 --sha-w C:\Program Files\Thumbs.db
2007-09-13 16:37 334 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\wklnhst.dat
2007-09-08 10:11 9,851 ----a-w C:\Program Files\.jpg
2006-02-19 09:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2004-07-22 08:51 3,432,656 ----a-w C:\Program Files\ManagedDX.CAB
2004-07-19 20:58 1,156,363 ----a-w C:\Program Files\BDANT.cab
2004-07-19 20:53 976,020 ----a-w C:\Program Files\BDAXP.cab
2004-07-09 12:17 13,265,040 ----a-w C:\Program Files\dxnt.cab
2004-07-09 07:13 703,080 ----a-w C:\Program Files\BDA.cab
2004-07-09 07:13 15,493,481 ----a-w C:\Program Files\DirectX.cab
2004-07-09 02:08 472,576 ----a-w C:\Program Files\dxsetup.exe
2004-07-09 02:08 2,242,560 ----a-w C:\Program Files\dsetup32.dll
2004-07-09 01:03 62,976 ----a-w C:\Program Files\DSETUP.dll
2007-11-29 19:22 1,282,560 --sh--w C:\WINDOWS\system32\anti_stress.exe
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

------- Sigcheck -------

2008-02-24 22:45 506368 86db0fdaf2591c86389d36cf44658cfe C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-06 20:51 2957824]
"Ashampoo FireWall"="C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" [2007-04-05 14:57 3251800]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-19 19:30 249896]

C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-01-03 01:05:38 27136]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancer l'utilitaire Olitec.lnk - C:\Program Files\OLITEC - Moniteur r‚seau 802.11g\WlanUtil.exe [2007-06-05 17:22:30 413696]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoRun"= 0 (0x0)
"NoDesktop"= 0 (0x0)
"NoClose"= 0 (0x0)
"StartMenuLogOff"= 0 (0x0)
"HideClock"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnolj]
opnnolj.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-01 17:22 21898024 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-03-01 19:40 1266936 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\utorrent\\utorrent.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\InstantTouch\\bin\\CmCenterV2.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"C:\\Program Files\\Steam\\SteamApps\\aureliensld\\counter-strike\\hl.exe"=
"C:\\Program Files\\Steam\\SteamApps\\aureliensld\\condition zero\\hl.exe"=
"C:\\Program Files\\Steam\\SteamApps\\aureliensld\\condition zero deleted scenes\\hl.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\StreamMyGame\\streamer_server.exe"=
"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\HLSW\\hlsw.exe"=
"C:\\Program Files\\css no-steam\\css_no-steam_by33.1\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\aureliensld\\dedicated server\\hlds.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"41952:TCP"= 41952:TCP:MediaServer.exe

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-06 20:51]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 20:50]
R3 OLITEC(OLITEC);Stick USB 802.11g OLITEC Driver(OLITEC);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-09-29 10:00]
R3 snpstd2;Trust WB-3100P Portable Webcam;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-10-14 17:12]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 06:08]
S1 kjo23bk;kjo23bk;C:\WINDOWS\kjo23bk.dll []
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 16:23]
S3 service.sys;service.sys;C:\WINDOWS\system32\service.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 XPADFL02;XPAD Filter Service 02;C:\WINDOWS\system32\DRIVERS\xpadfl02.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa82d6f5-892b-11dc-a92c-000a78852e2a}]
\Shell\AutoRun\command - K:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa82d702-892b-11dc-a92c-000a78852e2a}]
\Shell\AutoRun\command - K:\Autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{42CE4021-DE03-E3CC-EA32-40BB12E6015D}]
C:\WINDOWS\system32\msbifx.com
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-20 18:22:31
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

C:\WINDOWS\system32\drivers\riode32.sys 167936 bytes executable
C:\WINDOWS\system32\drivers\Wkdu43.sys 167936 bytes executable

Scan terminé avec succès
Les fichiers cachés: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wkdu43]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\ASFWHide"
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll
.
Temps d'accomplissement: 2008-03-20 18:26:38
ComboFix2.txt 2008-03-20 15:56:32
.
2008-03-12 06:30:54 --- E O F ---

Répondre à aureliensld

Re,

Non non t'inquiète pas

Désactive toute protection résidente ( antivirus…) !

Copie le texte se situant dans le cadre ci-dessous, sans le mot citation :

Citation :

File::
C:\WINDOWS\system32\eudtodug.tmp
C:\WINDOWS\system32\dsoudd.dll
C:\WINDOWS\system32\drivers\riode32.sys
C:\WINDOWS\system32\drivers\Wkdu43.sys

Driver::
Wkdu43

------------------------------ Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
Répondre à Egwene

voici les rapport :

hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:04:12, on 20/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLITEC - Moniteur réseau 802.11g\WlanUtil.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Lancer l'utilitaire Olitec.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Ouvrir avec GetRight - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Télecharger avec GetRight - C:\Program Files\GetRight\GRdownload.htm
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/p [...] nicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driv [...] eqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - http://www.nvidia.com/content/Driv [...] rtScan.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: opnnolj - opnnolj.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - (no file)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

--
End of file - 11736 bytes

log.txt :

ComboFix 08-03-18.1 - Compaq_Propriétaire 2008-03-20 19:52:48.10 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.460 [GMT 1:00]
Endroit: C:\Documents and Settings\Compaq_Propriétaire\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Compaq_PropriÚtaire\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
.
TimedOut: progfile.dat

((((((((((((((((((((((((((((( Fichiers créés 2008-02-20 to 2008-03-20 ))))))))))))))))))))))))))))))))))))
.

2008-03-19 21:32 . 2008-03-19 21:32 <REP> d-------- C:\Program Files\Guitar Pro 4
2008-03-19 21:18 . 2008-03-19 21:18 <REP> d-------- C:\Program Files\QuickTime
2008-03-19 21:16 . 2008-03-19 21:16 <REP> d-------- C:\Program Files\Bonjour
2008-03-19 21:09 . 2008-03-19 21:09 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-03-19 19:27 . 2008-03-19 19:27 <REP> d-------- C:\Program Files\Avira
2008-03-19 19:27 . 2008-03-19 19:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-19 16:48 . 2008-03-19 16:48 <REP> d-------- C:\Program Files\Ashampoo
2008-03-19 16:05 . 2008-03-19 16:05 <REP> d-------- C:\Program Files\Sunbelt Software
2008-03-19 14:13 . 2008-03-19 14:14 <REP> d-------- C:\WINDOWS\ERUNT
2008-03-19 13:28 . 2008-03-19 13:28 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Uniblue
2008-03-19 12:57 . 2008-03-19 12:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-19 12:57 . 2008-03-19 12:57 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-18 07:21 . 2008-03-18 07:21 <REP> d-------- C:\Deckard
2008-03-17 21:13 . 2008-03-14 09:09 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-17 21:12 . 2007-09-05 22:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-17 21:12 . 2006-04-27 15:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-17 21:12 . 2008-03-15 17:16 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-17 21:12 . 2003-06-05 19:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-17 21:12 . 2004-07-31 16:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-17 21:12 . 2007-10-03 22:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-17 19:27 . 2008-03-17 19:27 <REP> d-------- C:\Program Files\Teamspeak2_RC2
2008-03-16 22:22 . 2008-03-16 22:22 <REP> d-------- C:\Program Files\CCleaner
2008-03-16 22:17 . 2008-03-16 22:17 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-16 22:17 . 2008-03-16 22:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-16 20:10 . 2008-03-16 20:10 63 --a------ C:\WINDOWS\system32\fc17b104
2008-03-16 19:49 . 2008-03-16 22:31 <REP> d-------- C:\Program Files\a-squared Free
2008-03-16 19:45 . 2008-03-16 19:45 29 --a------ C:\WINDOWS\system32\eudtodug.tmp
2008-03-16 05:02 . 2008-03-16 05:02 <REP> d-------- C:\Program Files\eRightSoft
2008-03-16 05:00 . 2008-03-16 05:00 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\GeoVid
2008-03-16 04:59 . 2008-03-16 04:59 <REP> d-------- C:\Program Files\Fichiers communs\GeoVid
2008-03-16 04:59 . 2005-06-07 15:11 60,416 --a------ C:\WINDOWS\system32\dsetup.dll
2008-03-16 04:54 . 2008-03-16 04:54 <REP> d-------- C:\Program Files\MIKSOFT
2008-03-16 04:52 . 2008-03-16 04:52 <REP> d-------- C:\Program Files\Magicbit
2008-03-16 04:44 . 2004-01-10 17:02 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax
2008-03-16 03:56 . 2008-03-16 03:56 <REP> d-------- C:\Program Files\GetTubeVideo 2.0
2008-03-16 03:18 . 2008-03-16 03:18 <REP> d-------- C:\Program Files\IntelliTamper
2008-03-16 01:20 . 2008-03-16 01:20 58 --a------ C:\WINDOWS\yesmessenger.ini
2008-03-15 17:59 . 2008-03-16 19:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-15 17:55 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-03-15 17:55 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-03-08 17:30 . 2008-03-08 17:36 551 --a------ C:\WINDOWS\settings.cfg
2008-03-08 09:53 . 2008-03-08 09:53 <REP> d-------- C:\Program Files\Act-3D
2008-03-07 07:10 . 2008-03-07 07:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-03-07 07:10 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-03-07 07:10 . 2008-03-07 07:12 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-03-07 07:09 . 2008-03-07 23:05 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-03-07 07:09 . 2008-03-07 23:03 <REP> d-------- C:\WINDOWS\Internet Logs
2008-03-06 20:51 . 2008-03-20 16:38 <REP> d-------- C:\Program Files\Spyware Terminator
2008-03-06 20:51 . 2008-03-20 16:38 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Spyware Terminator
2008-03-06 20:51 . 2008-03-20 16:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-03-06 20:51 . 2008-03-06 20:51 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-03-06 20:36 . 2008-03-06 20:36 <REP> d-------- C:\Program Files\Fichiers communs\Panda Software
2008-03-05 21:50 . 2008-03-05 21:50 30,615 --a------ C:\Documents and Settings\Compaq_Propriétaire\x.exe
2008-03-05 21:50 . 2008-03-05 21:50 30,615 --a------ C:\Documents and Settings\Compaq_Propriétaire\x.exe
2008-03-05 21:49 . 2008-03-05 21:49 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\vw
2008-03-05 21:49 . 2008-03-05 21:49 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\vw
2008-03-05 21:48 . 2008-03-05 21:50 <REP> d-------- C:\Program Files\VisualRoute Lite Edition
2008-03-04 17:44 . 2008-03-04 17:44 <REP> d-------- C:\Program Files\Trend Micro
2008-03-02 21:32 . 2008-03-03 17:37 <REP> d-------- C:\Program Files\E-Anim801
2008-03-02 00:37 . 2008-03-02 01:49 <REP> d-------- C:\Program Files\NeoTrace Express
2008-03-01 19:40 . 2008-03-20 18:48 <REP> d-------- C:\Program Files\Steam
2008-02-28 23:23 . 2008-02-28 23:23 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\eGames
2008-02-28 23:23 . 2008-02-28 23:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\eGames
2008-02-28 13:33 . 2008-02-28 13:34 <REP> d-------- C:\Program Files\BS Hacker Unlimited
2008-02-28 13:18 . 2008-02-28 13:18 2,904 --a------ C:\WINDOWS\system32\dsoudd.dll
2008-02-25 21:30 . 2008-02-25 21:30 <REP> d-------- C:\Program Files\Half-Life Model Viewer
2008-02-24 23:20 . 2008-02-24 23:20 <REP> d-------- C:\Program Files\Hamachi
2008-02-24 23:20 . 2008-03-01 20:37 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Hamachi
2008-02-24 23:20 . 2008-02-24 23:20 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-02-24 00:15 . 2008-02-24 22:32 <REP> d-------- C:\Program Files\css no-steam
2008-02-23 13:38 . 2008-02-26 21:56 <REP> d-------- C:\pacsteam
2008-02-23 02:49 . 2008-03-15 13:45 <REP> d---s---- C:\Program Files\HLSW
2008-02-23 02:49 . 2008-03-17 17:58 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\HLSW
2008-02-22 20:26 . 2004-10-20 16:23 21,344 -ra------ C:\WINDOWS\system32\drivers\fbxusb32.sys
2008-02-22 20:15 . 2008-02-22 20:15 <REP> d-------- C:\Program Files\Free
2008-02-21 19:52 . 2008-02-21 19:52 <REP> d-------- C:\Program Files\Fichiers communs\logishrd
2008-02-21 10:53 . 2008-02-21 10:53 <REP> d-------- C:\Program Files\SteamKeyFr
2008-02-20 19:23 . 2004-10-14 17:12 347,264 --a------ C:\WINDOWS\system32\drivers\snpstd2.sys
2008-02-20 19:23 . 2004-08-30 16:37 286,720 --a------ C:\WINDOWS\vsnpstd2.exe
2008-02-20 19:23 . 2004-02-16 13:59 61,440 --a------ C:\WINDOWS\system32\csnpstd2.dll
2008-02-20 19:23 . 2004-09-24 16:24 57,344 --a------ C:\WINDOWS\system32\rsnpstd2.dll
2008-02-20 19:23 . 2004-06-08 18:25 53,248 --a------ C:\WINDOWS\system32\dsnpstd2.dll
2008-02-20 19:23 . 2004-09-24 13:52 36,864 --a------ C:\WINDOWS\system32\vsnpstd2.dll
2008-02-20 19:23 . 2003-01-17 17:34 15,541 --a------ C:\WINDOWS\snpstd2.ini
2008-02-20 19:23 . 2003-01-17 17:35 13,023 --a------ C:\WINDOWS\snpstd2.src
2008-02-20 19:22 . 2008-02-20 19:22 <REP> d-------- C:\Program Files\Trust
2008-02-20 19:22 . 2004-06-09 16:00 20,480 --a------ C:\WINDOWS\usnpstd2.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-20 16:43 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Skype
2008-03-20 16:39 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\skypePM
2008-03-19 20:16 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-18 16:36 --------- d-----w C:\Program Files\PowerISO
2008-03-18 02:42 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\vmntoolbar
2008-03-17 19:14 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\FileZilla
2008-03-17 15:50 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-15 12:03 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\utorrent
2008-03-13 16:03 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\teamspeak2
2008-03-12 19:55 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\LimeWire
2008-03-08 19:42 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\gtk-2.0
2008-03-07 17:38 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Screenshot Sender
2008-03-06 19:33 --------- d-----w C:\Program Files\ConnectionServices
2008-03-05 12:10 --------- d-----w C:\Program Files\Java
2008-03-01 20:42 --------- d-----w C:\Program Files\StreamMyGame
2008-03-01 19:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-29 23:14 --------- d-----w C:\Program Files\LimeWire
2008-02-29 16:10 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-02-28 00:17 --------- d-----w C:\Program Files\Windows Live
2008-02-27 16:10 --------- d-----w C:\Program Files\World of Warcraft
2008-02-22 21:15 --------- d-----w C:\Program Files\eddi's Tools
2008-02-21 15:10 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\OpenOffice.org2
2008-02-19 21:47 --------- d-----w C:\Program Files\Sega
2008-02-19 16:07 --------- d-----w C:\Program Files\FileZilla Client
2008-02-19 10:02 --------- d-----w C:\Program Files\LibUSB-Win32-0.1.10.1
2008-02-03 16:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle VideoSpin
2008-02-03 16:54 --------- d-----w C:\Program Files\Pinnacle
2008-02-03 16:54 --------- d-----w C:\Program Files\Fichiers communs\Yahoo!
2008-02-03 16:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\VideoSpin
2008-02-03 16:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-02-03 13:06 --------- d-----w C:\Program Files\Riva
2008-02-03 12:01 --------- d-----w C:\Program Files\Ripp-it_AM
2008-02-02 14:15 --------- d-----w C:\Program Files\Audacity
2008-02-02 10:48 --------- d-----w C:\Program Files\No-IP
2008-02-01 16:13 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-28 20:55 --------- d-----w C:\Program Files\AviSynth 2.5
2008-01-20 07:07 33,292 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2008-01-03 10:30 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-20 16:41 22,328 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\PnkBstrK.sys
2007-11-03 17:38 4,608 --sha-w C:\Program Files\Thumbs.db
2007-09-13 16:37 334 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\wklnhst.dat
2007-09-08 10:11 9,851 ----a-w C:\Program Files\.jpg
2006-02-19 09:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2004-07-22 08:51 3,432,656 ----a-w C:\Program Files\ManagedDX.CAB
2004-07-19 20:58 1,156,363 ----a-w C:\Program Files\BDANT.cab
2004-07-19 20:53 976,020 ----a-w C:\Program Files\BDAXP.cab
2004-07-09 12:17 13,265,040 ----a-w C:\Program Files\dxnt.cab
2004-07-09 07:13 703,080 ----a-w C:\Program Files\BDA.cab
2004-07-09 07:13 15,493,481 ----a-w C:\Program Files\DirectX.cab
2004-07-09 02:08 472,576 ----a-w C:\Program Files\dxsetup.exe
2004-07-09 02:08 2,242,560 ----a-w C:\Program Files\dsetup32.dll
2004-07-09 01:03 62,976 ----a-w C:\Program Files\DSETUP.dll
2007-11-29 19:22 1,282,560 --sh--w C:\WINDOWS\system32\anti_stress.exe
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

------- Sigcheck -------

2008-02-24 22:45 506368 86db0fdaf2591c86389d36cf44658cfe C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-06 20:51 2957824]
"Ashampoo FireWall"="C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" [2007-04-05 14:57 3251800]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-19 19:30 249896]

C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-01-03 01:05:38 27136]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancer l'utilitaire Olitec.lnk - C:\Program Files\OLITEC - Moniteur r‚seau 802.11g\WlanUtil.exe [2007-06-05 17:22:30 413696]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoRun"= 0 (0x0)
"NoDesktop"= 0 (0x0)
"NoClose"= 0 (0x0)
"StartMenuLogOff"= 0 (0x0)
"HideClock"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnolj]
opnnolj.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-01 17:22 21898024 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-03-01 19:40 1266936 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\utorrent\\utorrent.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\InstantTouch\\bin\\CmCenterV2.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"C:\\Program Files\\Steam\\SteamApps\\aureliensld\\counter-strike\\hl.exe"=
"C:\\Program Files\\Steam\\SteamApps\\aureliensld\\condition zero\\hl.exe"=
"C:\\Program Files\\Steam\\SteamApps\\aureliensld\\condition zero deleted scenes\\hl.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\StreamMyGame\\streamer_server.exe"=
"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\HLSW\\hlsw.exe"=
"C:\\Program Files\\css no-steam\\css_no-steam_by33.1\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\aureliensld\\dedicated server\\hlds.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"41952:TCP"= 41952:TCP:MediaServer.exe

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-06 20:51]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 20:50]
R3 OLITEC(OLITEC);Stick USB 802.11g OLITEC Driver(OLITEC);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-09-29 10:00]
R3 snpstd2;Trust WB-3100P Portable Webcam;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-10-14 17:12]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 06:08]
S1 kjo23bk;kjo23bk;C:\WINDOWS\kjo23bk.dll []
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 16:23]
S3 service.sys;service.sys;C:\WINDOWS\system32\service.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice []
S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld []
S3 XPADFL02;XPAD Filter Service 02;C:\WINDOWS\system32\DRIVERS\xpadfl02.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa82d6f5-892b-11dc-a92c-000a78852e2a}]
\Shell\AutoRun\command - K:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa82d702-892b-11dc-a92c-000a78852e2a}]
\Shell\AutoRun\command - K:\Autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{42CE4021-DE03-E3CC-EA32-40BB12E6015D}]
C:\WINDOWS\system32\msbifx.com
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-20 19:59:25
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

C:\WINDOWS\system32\drivers\riode32.sys 167936 bytes executable
C:\WINDOWS\system32\drivers\Wkdu43.sys 167936 bytes executable

Scan terminé avec succès
Les fichiers cachés: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wkdu43]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\ASFWHide"
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll
.
Temps d'accomplissement: 2008-03-20 20:03:28
ComboFix2.txt 2008-03-20 17:26:39
ComboFix3.txt 2008-03-20 15:56:32
.
2008-03-12 06:30:54 --- E O F ---

Répondre à aureliensld

Re,

Télécharger OTMoveIt2. ( de OldTimer)

Enregistrece fichier sur le Bureau.
Fais un double clic sur OTMoveIt2.exe pour lancer l'exécution de l'outil. (Note: Si tu utilises Vista, fais un clic droit sur le fichier puis choisissez Exécuter en tant qu'administrateur).
Copie les lignes de la zone "Code" ci-dessous en les sélectionnant TOUTES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):

C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\*.* /s

Retourne dans la fenêtre de OTMoveIt2, faire un clic droit dans la zone "Paste Custom List Of Files/Patterns To Move" (sous la barre jaune) puis choisis Coller.

Clique sur le bouton rouge Moveit!.
Copie tout ce qui se trouve dans la zone Results (sous la barre verte) en sélectionnant TOUTES LES LIGNES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier), et coller ces résulats en réponse sur le forum.
Ferme OTMoveIt2

Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire afin de terminer le processus de déplacement. Si le redémarrage de la machine t'est demandé, choisis Oui/Yes. Dans ce cas, après le redémarrage, ouvre le Bloc-notes (Démarrer->Tous les programmes->Accessoires->Bloc-notes), clique sur Fichier->Ouvrir, dans la zone "Nom du fichier" taper *.log et appuie sur la touche Entrée, navigue jusqu'au dossier C:\_OTMoveIt\MovedFiles, puis ouvre le fichier .log le plus récent; ensuite fais un copier/coller du contenu de ce document en réponse sur le forum.

Si tu obtiens un message comme quoi le rapport ne peut pas être créé, copie/colle ce qui apparaît dans la colonne droite de l'outil.

------------------------------ Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
Répondre à Egwene

voici le rapport :

[Custom Input]
< C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\*.* /s >
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\alm.log moved successfully.
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\amt.log moved successfully.
File move failed. C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_1ef0.dat scheduled to be moved on reboot.
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Sans nom-1.swf moved successfully.
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Sans nom-2.swf moved successfully.
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Sans nom-3.swf moved successfully.
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Sans nom-4.swf moved successfully.
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\wmplog00.sqm moved successfully.
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\wmplog01.sqm moved successfully.
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\wmplog02.sqm moved successfully.
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MessengerCache\HaUX8VwL2F1qcRSjBH8Ga+DoquDY= moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03212008_070554

Répondre à aureliensld

:hello:

Je te réponds en fin de soirée

N.B : Ne te fais pas de souci, après être passé entre mes mains, tu retrouveras un PC tout propre

------------------------------ Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
Répondre à Egwene

lol ^^ j'ai toute confiance en toi

Répondre à aureliensld

Re,

REDEMARRE EN MODE SANS ECHEC ! ( si la manipulation ne marche pas en mode sans échec, fais la en mode normal )
Aide ici : http://www.infos-du-net.com/forum/ [...] mode-echec
/!\ Ne jamais redémarrer en mode sans échec via msconfig /!\

Clique sur démarrer --> exécuter, tape CMD puis valide par ok.
Colle ligne par ligne en validant entre deux (par entrée) les lignes suivantes dans la fenêtre noire qui apparaît. Ne pas s'inquiéter si message d'erreur indiquant le que le service n'existe pas, mais continuer

sc config Wkdu43 start=disabled
sc stop Wkdu43
sc delete Wkdu43
sc config ASFWHide start=disabled
sc stop ASFWHide
sc delete ASFWHide

Redémarre en mode normal, fais un nouveau rapport combofix en mode normal et poste-moi son rapport ainsi qu'un nouveau rapport hijackthis :super:

------------------------------ Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
Répondre à Egwene

voila les rapport :

hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:19:33, on 22/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\OLITEC - Moniteur réseau 802.11g\WlanUtil.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Lancer l'utilitaire Olitec.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Ouvrir avec GetRight - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Télecharger avec GetRight - C:\Program Files\GetRight\GRdownload.htm
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/p [...] nicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driv [...] eqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - http://www.nvidia.com/content/Driv [...] rtScan.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: opnnolj - opnnolj.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - (no file)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

--
End of file - 12240 bytes

log.txt :

ComboFix 08-03-18.1 - Compaq_Propriétaire 2008-03-22 10:07:38.11 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.571 [GMT 1:00]
Endroit: C:\Documents and Settings\Compaq_Propriétaire\Bureau\ComboFix.exe
.
TimedOut: progfile.dat

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\Wkdu43.sys

.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-22 to 2008-03-22 ))))))))))))))))))))))))))))))))))))
.

2008-03-21 23:17 . 2008-03-21 23:17 <REP> d-------- C:\Program Files\Winamp Toolbar
2008-03-21 23:17 . 2008-03-21 23:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-03-21 23:15 . 2008-03-21 23:17 <REP> d-------- C:\Program Files\Winamp
2008-03-21 23:15 . 2008-03-21 23:48 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Winamp
2008-03-21 07:05 . 2008-03-21 07:05 <REP> d-------- C:\_OTMoveIt
2008-03-19 21:32 . 2008-03-19 21:32 <REP> d-------- C:\Program Files\Guitar Pro 4
2008-03-19 21:18 . 2008-03-19 21:18 <REP> d-------- C:\Program Files\QuickTime
2008-03-19 21:16 . 2008-03-19 21:16 <REP> d-------- C:\Program Files\Bonjour
2008-03-19 21:09 . 2008-03-19 21:09 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-03-19 19:27 . 2008-03-19 19:27 <REP> d-------- C:\Program Files\Avira
2008-03-19 19:27 . 2008-03-19 19:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-19 16:48 . 2008-03-19 16:48 <REP> d-------- C:\Program Files\Ashampoo
2008-03-19 16:05 . 2008-03-19 16:05 <REP> d-------- C:\Program Files\Sunbelt Software
2008-03-19 14:13 . 2008-03-19 14:14 <REP> d-------- C:\WINDOWS\ERUNT
2008-03-19 13:28 . 2008-03-19 13:28 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Uniblue
2008-03-18 07:21 . 2008-03-18 07:21 <REP> d-------- C:\Deckard
2008-03-17 21:13 . 2008-03-14 09:09 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-17 21:12 . 2007-09-05 22:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-17 21:12 . 2006-04-27 15:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-17 21:12 . 2008-03-15 17:16 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-17 21:12 . 2003-06-05 19:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-17 21:12 . 2004-07-31 16:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-17 21:12 . 2007-10-03 22:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-17 19:27 . 2008-03-17 19:27 <REP> d-------- C:\Program Files\Teamspeak2_RC2
2008-03-16 22:22 . 2008-03-16 22:22 <REP> d-------- C:\Program Files\CCleaner
2008-03-16 22:17 . 2008-03-16 22:17 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-16 22:17 . 2008-03-16 22:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-16 20:10 . 2008-03-16 20:10 63 --a------ C:\WINDOWS\system32\fc17b104
2008-03-16 19:49 . 2008-03-16 22:31 <REP> d-------- C:\Program Files\a-squared Free
2008-03-16 19:45 . 2008-03-16 19:45 167,936 --a------ C:\WINDOWS\system32\drivers\riode32.sys
2008-03-16 19:45 . 2008-03-16 19:45 29 --a------ C:\WINDOWS\system32\eudtodug.tmp
2008-03-16 05:02 . 2008-03-16 05:02 <REP> d-------- C:\Program Files\eRightSoft
2008-03-16 05:00 . 2008-03-16 05:00 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\GeoVid
2008-03-16 04:59 . 2008-03-16 04:59 <REP> d-------- C:\Program Files\Fichiers communs\GeoVid
2008-03-16 04:59 . 2005-06-07 15:11 60,416 --a------ C:\WINDOWS\system32\dsetup.dll
2008-03-16 04:54 . 2008-03-16 04:54 <REP> d-------- C:\Program Files\MIKSOFT
2008-03-16 04:52 . 2008-03-16 04:52 <REP> d-------- C:\Program Files\Magicbit
2008-03-16 04:44 . 2004-01-10 17:02 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax
2008-03-16 03:56 . 2008-03-16 03:56 <REP> d-------- C:\Program Files\GetTubeVideo 2.0
2008-03-16 03:18 . 2008-03-16 03:18 <REP> d-------- C:\Program Files\IntelliTamper
2008-03-16 01:20 . 2008-03-16 01:20 58 --a------ C:\WINDOWS\yesmessenger.ini
2008-03-15 17:59 . 2008-03-16 19:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-15 17:55 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-03-15 17:55 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-03-08 17:30 . 2008-03-08 17:36 551 --a------ C:\WINDOWS\settings.cfg
2008-03-08 09:53 . 2008-03-08 09:53 <REP> d-------- C:\Program Files\Act-3D
2008-03-07 07:10 . 2008-03-07 07:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-03-07 07:10 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-03-07 07:10 . 2008-03-07 07:12 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-03-07 07:09 . 2008-03-07 23:05 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-03-07 07:09 . 2008-03-07 23:03 <REP> d-------- C:\WINDOWS\Internet Logs
2008-03-06 20:51 . 2008-03-20 16:38 <REP> d-------- C:\Program Files\Spyware Terminator
2008-03-06 20:51 . 2008-03-20 16:38 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Spyware Terminator
2008-03-06 20:51 . 2008-03-20 16:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-03-06 20:51 . 2008-03-06 20:51 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-03-06 20:36 . 2008-03-06 20:36 <REP> d-------- C:\Program Files\Fichiers communs\Panda Software
2008-03-05 21:50 . 2008-03-05 21:50 30,615 --a------ C:\Documents and Settings\Compaq_Propriétaire\x.exe
2008-03-05 21:50 . 2008-03-05

Donne ton avis en vidéo

Messages similaires

Les téléchargements

Albums

Les derniers dossiers

Test : Nokia N97, un vrai clavier, du Wi-Fi, un grand écran tactile...

Les bonnes raisons pour ne pas passer à l'iPhone 3G S

Faut-il craquer pour une TV à Led ?

Clés USB : capacité ou vitesse, le comparatif

Téléchargement

Liens commerciaux