système integrity wisard setup et autres conneries
Dernière réponse : dans Sécurité
J'ai un problème avec ma bécane , je viens de tout réinstaller et malheur a moi j ai ouvert un setup que j"ai DL qu'il ne fallait pas .
Du coup , jai des fenêtres intempestives qui s'ouvre toute les 6/10 minutes ( système integrity wisard setup et autres conneries qui me blablablatent des conneries d" erreur sur ma base de registre.
J'ai installer C-Cleaner, AVG anti spyware, Kaspersky, Spy Boot, cleaner .. mais rien n'y fait
J'ai regarder sur le forum et agit en conséquence par rapport a des post de meme genre mais j'y arrive pas !!
Quelqu''un peut il m'aider, voilà mon Hijack ou salut jacques en français.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:00:05, on 01/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\dwxcnwrq\pmtgbode.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\xgjkvatq.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\MOTU\Audio\MFWAKeys.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [bxcqdqru] C:\WINDOWS\system32\xgjkvatq.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [bfxztmxq] C:\WINDOWS\system32\orgnujcb.exe
O4 - HKLM\..\Policies\Explorer\Run: [XVyd0wrbFs] C:\Documents and Settings\All Users\Application Data\dwxcnwrq\pmtgbode.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: MOTU Pedal Handler.lnk = C:\Program Files\MOTU\Audio\MFWAKeys.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O21 - SSODL: zip - {6bdbae09-1ead-47bb-98f0-d423b15bf40a} - C:\WINDOWS\Installer\{6bdbae09-1ead-47bb-98f0-d423b15bf40a}\zip.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 4843 bytes
Du coup , jai des fenêtres intempestives qui s'ouvre toute les 6/10 minutes ( système integrity wisard setup et autres conneries qui me blablablatent des conneries d" erreur sur ma base de registre.
J'ai installer C-Cleaner, AVG anti spyware, Kaspersky, Spy Boot, cleaner .. mais rien n'y fait
J'ai regarder sur le forum et agit en conséquence par rapport a des post de meme genre mais j'y arrive pas !!
Quelqu''un peut il m'aider, voilà mon Hijack ou salut jacques en français.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:00:05, on 01/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\dwxcnwrq\pmtgbode.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\xgjkvatq.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\MOTU\Audio\MFWAKeys.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [bxcqdqru] C:\WINDOWS\system32\xgjkvatq.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [bfxztmxq] C:\WINDOWS\system32\orgnujcb.exe
O4 - HKLM\..\Policies\Explorer\Run: [XVyd0wrbFs] C:\Documents and Settings\All Users\Application Data\dwxcnwrq\pmtgbode.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: MOTU Pedal Handler.lnk = C:\Program Files\MOTU\Audio\MFWAKeys.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O21 - SSODL: zip - {6bdbae09-1ead-47bb-98f0-d423b15bf40a} - C:\WINDOWS\Installer\{6bdbae09-1ead-47bb-98f0-d423b15bf40a}\zip.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 4843 bytes
Autres pages sur : systeme integrity wisard setup conneries
Lassé par la pub ? Créez un compte
Un bonjour ?
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Salut, re , ça a mis 3 plombes le scan
Voilà , c'est terminer , wala mon hijcak !! et en bas mon rapport de malwaire
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:17:02, on 01/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\dwxcnwrq\pmtgbode.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\xgjkvatq.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MOTU\Audio\MFWAKeys.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [bxcqdqru] C:\WINDOWS\system32\xgjkvatq.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [bfxztmxq] C:\WINDOWS\system32\orgnujcb.exe
O4 - HKCU\..\Run: [csffnhau] C:\WINDOWS\system32\mfipmnib.exe
O4 - HKLM\..\Policies\Explorer\Run: [XVyd0wrbFs] C:\Documents and Settings\All Users\Application Data\dwxcnwrq\pmtgbode.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: MOTU Pedal Handler.lnk = C:\Program Files\MOTU\Audio\MFWAKeys.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 4764 bytes
Malwarebytes' Anti-Malware 1.09
Version de la base de données: 578
Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Eléments examinés: 377484
Temps écoulé: 1 hour(s), 32 minute(s), 17 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 9
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 15
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\Installer\{6bdbae09-1ead-47bb-98f0-d423b15bf40a}\zip.dll (Trojan.Alphabet) -> No action taken.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{6bdbae09-1ead-47bb-98f0-d423b15bf40a} (Trojan.Alphabet) -> No action taken.
HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\pcsd (Rogue.PC-Cleaner) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\pcsd (Rogue.PC-Cleaner) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\PC-Cleaner (Rogue.PC-Cleaner) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6d2e6362-10a1-4417-85ea-7d2b88435544} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a54e3cee-795f-45c4-a8b8-c4cf9d7d66d2} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{48f2e868-6d97-4b7a-bfed-e2ad898422de} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a775bff7-3aae-4444-b770-d4b80913c2aa} (Trojan.FakeAlert) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\zip (Trojan.Alphabet) -> No action taken.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\WINDOWS\Installer\{6bdbae09-1ead-47bb-98f0-d423b15bf40a} (Trojan.Alphabet) -> No action taken.
C:\Documents and Settings\fernandes\Application Data\PC-Cleaner (Rogue.PC-Cleaner) -> No action taken.
Fichier(s) infecté(s):
C:\WINDOWS\Installer\{6bdbae09-1ead-47bb-98f0-d423b15bf40a}\zip.dll (Trojan.Alphabet) -> No action taken.
C:\Documents and Settings\fernandes\Local Settings\Temp\aad44125.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{DEDCC4F9-C1C0-4003-84A5-946C931A2E8C}\RP56\A0018374.dll (Adware.WhenUSave) -> No action taken.
C:\System Volume Information\_restore{DEDCC4F9-C1C0-4003-84A5-946C931A2E8C}\RP56\A0018375.exe (Adware.WhenUSave) -> No action taken.
C:\System Volume Information\_restore{DEDCC4F9-C1C0-4003-84A5-946C931A2E8C}\RP62\A0018804.exe (Rogue.PC-Cleaner) -> No action taken.
C:\System Volume Information\_restore{DEDCC4F9-C1C0-4003-84A5-946C931A2E8C}\RP68\A0019335.dll (Rogue.Multiple) -> No action taken.
E:\Sa race\Program Files\EZX_Nashville\Sounds\SnareTop\SD13_01_DS_FH_L_S08.wav (Trojan.Clicker) -> No action taken.
C:\Documents and Settings\fernandes\Application Data\PC-Cleaner\log.dat (Rogue.PC-Cleaner) -> No action taken.
C:\Documents and Settings\fernandes\Application Data\PC-Cleaner\settings.dat (Rogue.PC-Cleaner) -> No action taken.
C:\WINDOWS\dwltqnmx.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\fkdnrwsv.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\stfngdvw.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\sxfnewqb.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\svpekgonlop.dll (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\fernandes\Local Settings\Temp\dllsvr32.exe (Trojan.Agent) -> No action taken.
Voilà , c'est terminer , wala mon hijcak !! et en bas mon rapport de malwaire
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:17:02, on 01/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\dwxcnwrq\pmtgbode.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\xgjkvatq.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MOTU\Audio\MFWAKeys.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [bxcqdqru] C:\WINDOWS\system32\xgjkvatq.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [bfxztmxq] C:\WINDOWS\system32\orgnujcb.exe
O4 - HKCU\..\Run: [csffnhau] C:\WINDOWS\system32\mfipmnib.exe
O4 - HKLM\..\Policies\Explorer\Run: [XVyd0wrbFs] C:\Documents and Settings\All Users\Application Data\dwxcnwrq\pmtgbode.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: MOTU Pedal Handler.lnk = C:\Program Files\MOTU\Audio\MFWAKeys.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 4764 bytes
Malwarebytes' Anti-Malware 1.09
Version de la base de données: 578
Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Eléments examinés: 377484
Temps écoulé: 1 hour(s), 32 minute(s), 17 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 9
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 15
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\Installer\{6bdbae09-1ead-47bb-98f0-d423b15bf40a}\zip.dll (Trojan.Alphabet) -> No action taken.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{6bdbae09-1ead-47bb-98f0-d423b15bf40a} (Trojan.Alphabet) -> No action taken.
HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\pcsd (Rogue.PC-Cleaner) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\pcsd (Rogue.PC-Cleaner) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\PC-Cleaner (Rogue.PC-Cleaner) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6d2e6362-10a1-4417-85ea-7d2b88435544} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a54e3cee-795f-45c4-a8b8-c4cf9d7d66d2} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{48f2e868-6d97-4b7a-bfed-e2ad898422de} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a775bff7-3aae-4444-b770-d4b80913c2aa} (Trojan.FakeAlert) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\zip (Trojan.Alphabet) -> No action taken.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\WINDOWS\Installer\{6bdbae09-1ead-47bb-98f0-d423b15bf40a} (Trojan.Alphabet) -> No action taken.
C:\Documents and Settings\fernandes\Application Data\PC-Cleaner (Rogue.PC-Cleaner) -> No action taken.
Fichier(s) infecté(s):
C:\WINDOWS\Installer\{6bdbae09-1ead-47bb-98f0-d423b15bf40a}\zip.dll (Trojan.Alphabet) -> No action taken.
C:\Documents and Settings\fernandes\Local Settings\Temp\aad44125.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{DEDCC4F9-C1C0-4003-84A5-946C931A2E8C}\RP56\A0018374.dll (Adware.WhenUSave) -> No action taken.
C:\System Volume Information\_restore{DEDCC4F9-C1C0-4003-84A5-946C931A2E8C}\RP56\A0018375.exe (Adware.WhenUSave) -> No action taken.
C:\System Volume Information\_restore{DEDCC4F9-C1C0-4003-84A5-946C931A2E8C}\RP62\A0018804.exe (Rogue.PC-Cleaner) -> No action taken.
C:\System Volume Information\_restore{DEDCC4F9-C1C0-4003-84A5-946C931A2E8C}\RP68\A0019335.dll (Rogue.Multiple) -> No action taken.
E:\Sa race\Program Files\EZX_Nashville\Sounds\SnareTop\SD13_01_DS_FH_L_S08.wav (Trojan.Clicker) -> No action taken.
C:\Documents and Settings\fernandes\Application Data\PC-Cleaner\log.dat (Rogue.PC-Cleaner) -> No action taken.
C:\Documents and Settings\fernandes\Application Data\PC-Cleaner\settings.dat (Rogue.PC-Cleaner) -> No action taken.
C:\WINDOWS\dwltqnmx.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\fkdnrwsv.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\stfngdvw.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\sxfnewqb.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\svpekgonlop.dll (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\fernandes\Local Settings\Temp\dllsvr32.exe (Trojan.Agent) -> No action taken.
voilà,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:15:22, on 02/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\dwxcnwrq\pmtgbode.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\xgjkvatq.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MOTU\Audio\MFWAKeys.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {3DBC4A12-25AB-481E-9346-04E86A7665E0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {94BC3D1D-22E9-4744-8ED1-3E08A3B74078} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [BM4b92a9a8] Rundll32.exe "C:\WINDOWS\system32\vhunflen.dll",s
O4 - HKLM\..\RunOnce: [SpybotDeletingA7228] command /c del "C:\WINDOWS\system32\pmclotuo.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7141] cmd /c del "C:\WINDOWS\system32\pmclotuo.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9027] command /c del "C:\WINDOWS\system32\vhunflen.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3442] cmd /c del "C:\WINDOWS\system32\vhunflen.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5439] command /c del "C:\WINDOWS\system32\wduhfomx.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8644] cmd /c del "C:\WINDOWS\system32\wduhfomx.dll_old"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [bxcqdqru] C:\WINDOWS\system32\xgjkvatq.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [bfxztmxq] C:\WINDOWS\system32\orgnujcb.exe
O4 - HKCU\..\Run: [csffnhau] C:\WINDOWS\system32\mfipmnib.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB5972] command /c del "C:\WINDOWS\system32\pmclotuo.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9191] cmd /c del "C:\WINDOWS\system32\pmclotuo.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7759] command /c del "C:\WINDOWS\system32\vhunflen.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9513] cmd /c del "C:\WINDOWS\system32\vhunflen.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3719] command /c del "C:\WINDOWS\system32\wduhfomx.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2061] cmd /c del "C:\WINDOWS\system32\wduhfomx.dll_old"
O4 - HKLM\..\Policies\Explorer\Run: [XVyd0wrbFs] C:\Documents and Settings\All Users\Application Data\dwxcnwrq\pmtgbode.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: MOTU Pedal Handler.lnk = C:\Program Files\MOTU\Audio\MFWAKeys.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: fccBuuTJ - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6286 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:15:22, on 02/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\dwxcnwrq\pmtgbode.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\xgjkvatq.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MOTU\Audio\MFWAKeys.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {3DBC4A12-25AB-481E-9346-04E86A7665E0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {94BC3D1D-22E9-4744-8ED1-3E08A3B74078} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [BM4b92a9a8] Rundll32.exe "C:\WINDOWS\system32\vhunflen.dll",s
O4 - HKLM\..\RunOnce: [SpybotDeletingA7228] command /c del "C:\WINDOWS\system32\pmclotuo.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7141] cmd /c del "C:\WINDOWS\system32\pmclotuo.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9027] command /c del "C:\WINDOWS\system32\vhunflen.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3442] cmd /c del "C:\WINDOWS\system32\vhunflen.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5439] command /c del "C:\WINDOWS\system32\wduhfomx.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8644] cmd /c del "C:\WINDOWS\system32\wduhfomx.dll_old"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [bxcqdqru] C:\WINDOWS\system32\xgjkvatq.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [bfxztmxq] C:\WINDOWS\system32\orgnujcb.exe
O4 - HKCU\..\Run: [csffnhau] C:\WINDOWS\system32\mfipmnib.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB5972] command /c del "C:\WINDOWS\system32\pmclotuo.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9191] cmd /c del "C:\WINDOWS\system32\pmclotuo.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7759] command /c del "C:\WINDOWS\system32\vhunflen.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9513] cmd /c del "C:\WINDOWS\system32\vhunflen.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3719] command /c del "C:\WINDOWS\system32\wduhfomx.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2061] cmd /c del "C:\WINDOWS\system32\wduhfomx.dll_old"
O4 - HKLM\..\Policies\Explorer\Run: [XVyd0wrbFs] C:\Documents and Settings\All Users\Application Data\dwxcnwrq\pmtgbode.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: MOTU Pedal Handler.lnk = C:\Program Files\MOTU\Audio\MFWAKeys.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: fccBuuTJ - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6286 bytes
voilà,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:15:22, on 02/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\dwxcnwrq\pmtgbode.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\xgjkvatq.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MOTU\Audio\MFWAKeys.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {3DBC4A12-25AB-481E-9346-04E86A7665E0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {94BC3D1D-22E9-4744-8ED1-3E08A3B74078} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [BM4b92a9a8] Rundll32.exe "C:\WINDOWS\system32\vhunflen.dll",s
O4 - HKLM\..\RunOnce: [SpybotDeletingA7228] command /c del "C:\WINDOWS\system32\pmclotuo.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7141] cmd /c del "C:\WINDOWS\system32\pmclotuo.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9027] command /c del "C:\WINDOWS\system32\vhunflen.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3442] cmd /c del "C:\WINDOWS\system32\vhunflen.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5439] command /c del "C:\WINDOWS\system32\wduhfomx.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8644] cmd /c del "C:\WINDOWS\system32\wduhfomx.dll_old"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [bxcqdqru] C:\WINDOWS\system32\xgjkvatq.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [bfxztmxq] C:\WINDOWS\system32\orgnujcb.exe
O4 - HKCU\..\Run: [csffnhau] C:\WINDOWS\system32\mfipmnib.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB5972] command /c del "C:\WINDOWS\system32\pmclotuo.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9191] cmd /c del "C:\WINDOWS\system32\pmclotuo.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7759] command /c del "C:\WINDOWS\system32\vhunflen.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9513] cmd /c del "C:\WINDOWS\system32\vhunflen.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3719] command /c del "C:\WINDOWS\system32\wduhfomx.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2061] cmd /c del "C:\WINDOWS\system32\wduhfomx.dll_old"
O4 - HKLM\..\Policies\Explorer\Run: [XVyd0wrbFs] C:\Documents and Settings\All Users\Application Data\dwxcnwrq\pmtgbode.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: MOTU Pedal Handler.lnk = C:\Program Files\MOTU\Audio\MFWAKeys.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: fccBuuTJ - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6286 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:15:22, on 02/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\dwxcnwrq\pmtgbode.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\xgjkvatq.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MOTU\Audio\MFWAKeys.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {3DBC4A12-25AB-481E-9346-04E86A7665E0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {94BC3D1D-22E9-4744-8ED1-3E08A3B74078} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [BM4b92a9a8] Rundll32.exe "C:\WINDOWS\system32\vhunflen.dll",s
O4 - HKLM\..\RunOnce: [SpybotDeletingA7228] command /c del "C:\WINDOWS\system32\pmclotuo.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7141] cmd /c del "C:\WINDOWS\system32\pmclotuo.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9027] command /c del "C:\WINDOWS\system32\vhunflen.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3442] cmd /c del "C:\WINDOWS\system32\vhunflen.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5439] command /c del "C:\WINDOWS\system32\wduhfomx.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8644] cmd /c del "C:\WINDOWS\system32\wduhfomx.dll_old"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [bxcqdqru] C:\WINDOWS\system32\xgjkvatq.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [bfxztmxq] C:\WINDOWS\system32\orgnujcb.exe
O4 - HKCU\..\Run: [csffnhau] C:\WINDOWS\system32\mfipmnib.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB5972] command /c del "C:\WINDOWS\system32\pmclotuo.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9191] cmd /c del "C:\WINDOWS\system32\pmclotuo.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7759] command /c del "C:\WINDOWS\system32\vhunflen.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9513] cmd /c del "C:\WINDOWS\system32\vhunflen.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3719] command /c del "C:\WINDOWS\system32\wduhfomx.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2061] cmd /c del "C:\WINDOWS\system32\wduhfomx.dll_old"
O4 - HKLM\..\Policies\Explorer\Run: [XVyd0wrbFs] C:\Documents and Settings\All Users\Application Data\dwxcnwrq\pmtgbode.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: MOTU Pedal Handler.lnk = C:\Program Files\MOTU\Audio\MFWAKeys.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: fccBuuTJ - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6286 bytes
Re,
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]
Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double clique sur combofix.exe afin de le lancer.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]
Voilà, par contre ça deconne toujours .. Il y a toujours ces fenetres
ComboFix 08-04-01.2 - fernandes 2008-04-02 16:38:37.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1515 [GMT 2:00]
Endroit: C:\Documents and Settings\fernandes\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BM4b92a9a8.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\NPF
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-02 to 2008-04-02 ))))))))))))))))))))))))))))))))))))
.
2008-04-02 16:46 . 2008-04-02 16:46 102,400 --a------ C:\WINDOWS\system32\lohuvujo.exe
2008-04-02 16:09 . 2008-04-02 16:12 211 --a------ C:\WINDOWS\wininit.ini
2008-04-02 08:32 . 2008-04-02 16:12 354 ---hs---- C:\WINDOWS\system32\outolcmp.ini
2008-04-02 07:56 . 2008-04-02 07:56 94,208 --a------ C:\WINDOWS\system32\lgnwxmtk.exe
2008-04-02 03:00 . 2008-04-02 03:00 <REP> d-------- C:\Program Files\MSXML 4.0
2008-04-01 19:16 . 2008-04-01 19:16 90,112 --a------ C:\WINDOWS\system32\mfipmnib.exe
2008-04-01 17:38 . 2008-04-01 17:38 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-01 17:38 . 2008-04-01 17:38 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Malwarebytes
2008-04-01 17:38 . 2008-04-01 17:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-01 16:59 . 2008-04-01 16:59 <REP> d-------- C:\Program Files\Trend Micro
2008-04-01 16:58 . 2008-04-01 16:58 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Grisoft
2008-04-01 16:58 . 2008-04-01 16:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-01 16:58 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-01 14:48 . 2008-04-01 14:48 <REP> d-------- C:\Program Files\CleanUp!
2008-04-01 14:18 . 2008-04-01 14:18 106,496 --a------ C:\WINDOWS\system32\orgnujcb.exe
2008-04-01 03:18 . 2008-04-01 03:18 94,208 --a------ C:\WINDOWS\system32\mxankvgt.exe
2008-03-31 18:23 . 2008-03-31 18:23 <REP> d-------- C:\Program Files\Toontrack
2008-03-31 18:15 . 2008-03-31 18:15 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-31 18:15 . 2008-03-31 18:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-31 16:55 . 2008-03-31 16:56 26 --a------ C:\WINDOWS\system32\satsukidecodersettings.ini
2008-03-31 16:40 . 2002-01-05 14:48 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2008-03-31 16:40 . 2002-03-20 22:22 905,290 --a------ C:\WINDOWS\system32\libmmd.dll
2008-03-31 16:37 . 2008-03-31 16:37 <REP> d-------- C:\Program Files\Sony
2008-03-31 16:03 . 2008-03-31 16:03 <REP> d-------- C:\Program Files\Lavasoft
2008-03-31 16:03 . 2008-03-31 16:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-31 15:42 . 2008-03-31 15:42 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-03-31 15:42 . 2008-03-31 15:42 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-03-31 15:41 . 2008-03-31 15:41 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-03-31 15:41 . 2008-04-02 16:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-31 15:41 . 2008-04-02 16:41 4,397,088 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-31 15:41 . 2008-04-02 16:46 270,112 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-31 15:41 . 2008-04-02 16:41 66,104 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-31 15:41 . 2008-04-02 16:41 30,500 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-31 15:28 . 2008-03-31 16:03 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-31 14:25 . 2008-03-31 14:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-03-31 14:11 . 2008-03-31 14:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\dwxcnwrq
2008-03-31 14:11 . 2008-03-31 14:11 90,112 --a------ C:\WINDOWS\system32\xgjkvatq.exe
2008-03-31 13:57 . 2008-03-31 15:48 <REP> d-------- C:\Program Files\Spectrasonics
2008-03-31 13:23 . 2008-04-01 12:23 <REP> d-------- C:\Program Files\DAEMON Tools Pro
2008-03-31 13:15 . 2008-03-31 13:15 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\DAEMON Tools Pro
2008-03-31 12:29 . 2008-03-31 12:29 <REP> d-------- C:\Presets
2008-03-31 12:29 . 2008-03-31 12:29 <REP> d-------- C:\Default
2008-03-31 12:29 . 2006-06-26 12:44 2,020,522 --a------ C:\AkoustikPiano_info.nkx
2008-03-31 12:26 . 2006-09-11 13:43 393,216 --a------ C:\WINDOWS\system32\NI_IRC_1_1.dll
2008-03-31 12:26 . 2006-09-11 13:43 61,440 --a------ C:\WINDOWS\system32\NI_DFD_1_4.dll
2008-03-31 12:25 . 2006-11-09 02:09 1,895,936 --a------ C:\WINDOWS\system32\kconvert.dll
2008-03-31 12:25 . 2006-10-04 14:13 1,870,336 --a------ C:\WINDOWS\system32\bconvert.dll
2008-03-31 12:25 . 2006-10-04 14:13 393,216 --a------ C:\WINDOWS\system32\NI_IRC_1_2.dll
2008-03-31 12:25 . 2006-09-05 12:41 393,216 --a------ C:\WINDOWS\system32\NI_IRC_1_0_3.dll
2008-03-31 12:25 . 2006-09-04 17:41 233,472 --a------ C:\WINDOWS\system32\REX Shared Library.dll
2008-03-31 12:25 . 2006-09-05 12:41 69,632 --a------ C:\WINDOWS\system32\NI_DFD_1_2_9.dll
2008-03-31 12:25 . 2006-09-05 12:41 65,536 --a------ C:\WINDOWS\system32\NI_DFD_1_3_0.dll
2008-03-31 12:25 . 2006-10-04 14:13 61,440 --a------ C:\WINDOWS\system32\NI_DFD_1_5.dll
2008-03-30 23:35 . 2008-03-30 23:35 <REP> d-------- C:\WINDOWS\MOTU
2008-03-30 23:35 . 2008-03-30 23:35 <REP> d-------- C:\Program Files\MOTU
2008-03-30 23:17 . 2008-03-30 23:17 87 --a------ C:\WINDOWS\MOTU FW CueMix Prefs.prefs
2008-03-30 22:10 . 2008-03-30 22:10 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Sony
2008-03-30 20:49 . 2008-03-30 20:50 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Waves Preferences
2008-03-30 20:49 . 2008-03-30 20:49 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Waves
2008-03-30 20:44 . 2008-03-30 20:44 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Audio Ease
2008-03-30 17:31 . 2008-03-30 17:31 <REP> d-------- C:\Program Files\Digidesign
2008-03-30 17:30 . 2004-03-17 19:54 163,840 --a------ C:\WINDOWS\system32\ArtFfct.dll
2008-03-30 17:24 . 2008-03-30 17:24 <REP> d-------- C:\Program Files\Fichiers communs\iZotope
2008-03-30 17:21 . 2001-10-19 15:40 1,683,792 --a------ C:\WINDOWS\system32\wmvcore2.dll
2008-03-30 17:21 . 2001-10-19 15:40 665,424 --a------ C:\WINDOWS\system32\wmv8dmoe.dll
2008-03-30 17:21 . 2002-10-09 13:21 566,272 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2008-03-30 17:21 . 2001-10-19 15:40 438,608 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-03-30 17:21 . 2001-10-19 03:05 285,184 --a------ C:\WINDOWS\system32\wmidx2.ocx
2008-03-30 17:21 . 2008-03-30 17:21 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-03-30 17:18 . 2008-03-30 17:18 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Waves Audio
2008-03-30 17:16 . 2008-03-30 17:18 <REP> d-------- C:\Program Files\Waves
2008-03-30 17:15 . 2008-03-30 23:20 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Ableton
2008-03-30 17:15 . 2003-03-18 20:20 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-03-30 17:15 . 2003-03-18 20:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-03-30 17:15 . 2007-02-12 16:58 368,640 --a------ C:\WINDOWS\system32\ReWire.dll
2008-03-30 17:14 . 2008-03-31 14:35 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-30 17:14 . 2003-06-20 12:28 1,777,664 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-03-30 17:11 . 2008-03-31 16:48 16 --a------ C:\WINDOWS\system32\w3data.vss
2008-03-30 17:11 . 2008-03-31 16:48 16 --a------ C:\WINDOWS\system32\msvcsv60.dll
2008-03-30 17:11 . 2008-03-31 16:48 16 --a------ C:\WINDOWS\msocreg32.dat
2008-03-30 17:08 . 2008-03-30 17:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Audio Ease
2008-03-30 17:08 . 2006-11-02 23:18 54,156 --a------ C:\WINDOWS\QTFont.qfn
2008-03-30 17:08 . 2006-11-02 23:18 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-30 17:07 . 2008-03-30 17:07 <REP> d-------- C:\Program Files\Audio Ease
2008-03-30 17:04 . 2008-03-30 17:04 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-03-30 16:57 . 2008-03-30 16:57 <REP> d-------- C:\Program Files\Sierra
2008-03-30 16:23 . 2008-03-31 16:40 <REP> d-------- C:\Program Files\Steinberg
2008-03-30 15:54 . 2008-03-30 15:54 <REP> d-------- C:\Program Files\Native Instruments
2008-03-30 15:03 . 2008-03-30 15:03 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\InstallShield
2008-03-30 14:35 . 2007-01-29 21:15 185,344 --a------ C:\WINDOWS\system32\drivers\RTL8187.sys
2008-03-30 14:28 . 2008-03-30 14:28 <REP> d-------- C:\WINDOWS\nvidia icons
2008-03-30 14:28 . 2008-03-30 14:31 <REP> d-------- C:\WINDOWS\NV31163136.TMP
2008-03-29 21:54 . 2008-03-30 15:03 <REP> d-------- C:\Program Files\Intel
2008-03-29 21:54 . 2008-03-29 21:54 <REP> d-------- C:\Intel
2008-03-28 20:01 . 2008-03-31 15:16 <REP> d-------- C:\Program Files\Yahoo!
2008-03-28 20:01 . 2008-04-01 12:32 <REP> d-------- C:\Program Files\CCleaner
2008-03-28 18:00 . 2008-03-28 18:00 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Uniblue
2008-03-28 17:52 . 2008-03-28 17:52 <REP> d-------- C:\Program Files\uTorrent
2008-03-28 17:52 . 2008-04-02 15:40 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\uTorrent
2008-03-28 17:35 . 2008-03-31 12:23 <REP> d-------- C:\Program Files\Fichiers communs\Native Instruments
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-27 19:07 --------- d-----w C:\Program Files\Marvell
2008-03-27 18:57 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-27 18:56 --------- d-----w C:\Program Files\Services en ligne
2008-02-14 16:14 25,648 ----a-w C:\WINDOWS\system32\drivers\mfwamidi.sys
2008-02-14 16:14 23,600 ----a-w C:\WINDOWS\system32\drivers\motubus.sys
2008-02-14 16:14 22,064 ----a-w C:\WINDOWS\system32\drivers\mfwagsif.sys
2008-02-14 16:13 60,976 ----a-w C:\WINDOWS\system32\drivers\mfwawave.sys
2008-02-14 16:13 378,416 ----a-w C:\WINDOWS\system32\drivers\motufwa.sys
2008-02-08 16:35 23,604 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3DBC4A12-25AB-481E-9346-04E86A7665E0}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{94BC3D1D-22E9-4744-8ED1-3E08A3B74078}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"bxcqdqru"="C:\WINDOWS\system32\xgjkvatq.exe" [2008-03-31 14:11 90112]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"bfxztmxq"="C:\WINDOWS\system32\orgnujcb.exe" [2008-04-01 14:18 106496]
"csffnhau"="C:\WINDOWS\system32\mfipmnib.exe" [2008-04-01 19:16 90112]
"vkhyykcw"="C:\WINDOWS\system32\lohuvujo.exe" [2008-04-02 16:46 102400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-11 00:03 8429568]
"nwiz"="nwiz.exe" [2008-03-04 11:02 1626112 C:\WINDOWS\system32\nwiz.exe]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 01:00 385024]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-05-11 00:03 81920]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"BM4b92a9a8"="C:\WINDOWS\system32\vhunflen.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"XVyd0wrbFs"= C:\Documents and Settings\All Users\Application Data\dwxcnwrq\pmtgbode.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccBuuTJ]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Sierra\\FEAR\\fpupdate.exe"=
"C:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"C:\\Program Files\\Sierra\\FEAR\\FEARMP.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
"D:\\Emule\\emule.exe"=
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 21:08]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 mfwagsif;MOTU Audio GSIF;C:\WINDOWS\system32\drivers\mfwagsif.sys [2008-02-14 18:14]
R3 mfwamidi;MOTU Audio MIDI;C:\WINDOWS\system32\drivers\mfwamidi.sys [2008-02-14 18:14]
R3 mfwawave;MOTU Audio Wave;C:\WINDOWS\system32\drivers\mfwawave.sys [2008-02-14 18:13]
R3 motubus;MOTU Audio MIDI Extension;C:\WINDOWS\system32\drivers\MotuBus.sys [2008-02-14 18:14]
R3 MotuFWA;MotuFWA;C:\WINDOWS\system32\drivers\motufwa.sys [2008-02-14 18:13]
S3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-05-31 15:29]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2007-01-29 21:15]
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\AutoRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-02 16:46:47
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MOTU\Audio\MFWAKeys.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-02 16:50:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-02 14:50:02
Pre-Run: 26,718,494,720 octets libres
Post-Run: 26,653,503,488 octets libres
.
2008-04-02 01:00:46 --- E O F ---
En plus j'allume de mes disuqes dur externes qui est brancher sur un port USB de l'ordinateur celui ci plante ..
je joue actuellement à fear , et le jeux plante au bout d'un certains temps ..
Et dernier probleme , j'ai pété le CD d'install de ma carte mere et j'ai des drivers que j'arrive pas a installer:
-PCI device
-peripherique inconnu
Si tu peux m'aider aussi pour ça , je t'allumerais un cierge dans une eglise pour le reste de ma vie !!
Merci
je joue actuellement à fear , et le jeux plante au bout d'un certains temps ..
Et dernier probleme , j'ai pété le CD d'install de ma carte mere et j'ai des drivers que j'arrive pas a installer:
-PCI device
-peripherique inconnu
Si tu peux m'aider aussi pour ça , je t'allumerais un cierge dans une eglise pour le reste de ma vie !!
Merci
Re,
[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
![]()
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
File::
C:\WINDOWS\system32\lohuvujo.exe
C:\WINDOWS\system32\outolcmp.ini
C:\WINDOWS\system32\lgnwxmtk.exe
C:\WINDOWS\system32\mfipmnib.exe
C:\WINDOWS\system32\orgnujcb.exe
C:\WINDOWS\system32\mxankvgt.exe
C:\WINDOWS\system32\xgjkvatq.exe
C:\WINDOWS\system32\vhunflen.dll
Folder::
C:\Documents and Settings\All Users\Application Data\dwxcnwrq
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3DBC4A12-25AB-481E-9346-04E86A7665E0}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{94BC3D1D-22E9-4744-8ED1-3E08A3B74078}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bxcqdqru"-
"SpybotSD TeaTimer"=-
"bfxztmxq"=-
"csffnhau"=-
"vkhyykcw"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM4b92a9a8"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"XVyd0wrbFs"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccBuuTJ]
C:\WINDOWS\system32\lohuvujo.exe
C:\WINDOWS\system32\outolcmp.ini
C:\WINDOWS\system32\lgnwxmtk.exe
C:\WINDOWS\system32\mfipmnib.exe
C:\WINDOWS\system32\orgnujcb.exe
C:\WINDOWS\system32\mxankvgt.exe
C:\WINDOWS\system32\xgjkvatq.exe
C:\WINDOWS\system32\vhunflen.dll
Folder::
C:\Documents and Settings\All Users\Application Data\dwxcnwrq
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3DBC4A12-25AB-481E-9346-04E86A7665E0}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{94BC3D1D-22E9-4744-8ED1-3E08A3B74078}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bxcqdqru"-
"SpybotSD TeaTimer"=-
"bfxztmxq"=-
"csffnhau"=-
"vkhyykcw"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM4b92a9a8"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"XVyd0wrbFs"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccBuuTJ]
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
YES MERCI LE VOILa !!!
ComboFix 08-04-01.2 - fernandes 2008-04-02 19:48:39.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1573 [GMT 2:00]
Endroit: C:\Documents and Settings\fernandes\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\fernandes\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
FILE ::
C:\WINDOWS\system32\lgnwxmtk.exe
C:\WINDOWS\system32\lohuvujo.exe
C:\WINDOWS\system32\mfipmnib.exe
C:\WINDOWS\system32\mxankvgt.exe
C:\WINDOWS\system32\orgnujcb.exe
C:\WINDOWS\system32\outolcmp.ini
C:\WINDOWS\system32\vhunflen.dll
C:\WINDOWS\system32\xgjkvatq.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\dwxcnwrq
C:\Documents and Settings\All Users\Application Data\dwxcnwrq\pmtgbode.exe
C:\WINDOWS\system32\lgnwxmtk.exe
C:\WINDOWS\system32\lohuvujo.exe
C:\WINDOWS\system32\mfipmnib.exe
C:\WINDOWS\system32\msvcsv60.dll
C:\WINDOWS\system32\mxankvgt.exe
C:\WINDOWS\system32\orgnujcb.exe
C:\WINDOWS\system32\outolcmp.ini
C:\WINDOWS\system32\xgjkvatq.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-02 to 2008-04-02 ))))))))))))))))))))))))))))))))))))
.
2008-04-02 17:53 . 2008-04-02 17:53 <REP> d--h----- C:\WINDOWS\PIF
2008-04-02 17:29 . 2008-04-02 17:29 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Nero
2008-04-02 17:27 . 2008-04-02 17:27 <REP> d-------- C:\Program Files\Nero
2008-04-02 17:27 . 2008-04-02 17:28 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-04-02 17:27 . 2008-04-02 17:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-04-02 17:15 . 2008-04-02 17:15 102,400 --a------ C:\WINDOWS\system32\axqxytuz.exe
2008-04-02 17:11 . 2008-04-02 17:11 <REP> d-------- C:\Program Files\PowerISO
2008-04-02 16:09 . 2008-04-02 16:12 211 --a------ C:\WINDOWS\wininit.ini
2008-04-02 03:00 . 2008-04-02 03:00 <REP> d-------- C:\Program Files\MSXML 4.0
2008-04-01 17:38 . 2008-04-01 17:38 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-01 17:38 . 2008-04-01 17:38 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Malwarebytes
2008-04-01 17:38 . 2008-04-01 17:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-01 16:59 . 2008-04-01 16:59 <REP> d-------- C:\Program Files\Trend Micro
2008-04-01 16:58 . 2008-04-01 16:58 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Grisoft
2008-04-01 16:58 . 2008-04-01 16:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-01 16:58 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-01 14:48 . 2008-04-01 14:48 <REP> d-------- C:\Program Files\CleanUp!
2008-03-31 18:23 . 2008-03-31 18:23 <REP> d-------- C:\Program Files\Toontrack
2008-03-31 18:15 . 2008-03-31 18:15 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-31 18:15 . 2008-03-31 18:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-31 16:55 . 2008-03-31 16:56 26 --a------ C:\WINDOWS\system32\satsukidecodersettings.ini
2008-03-31 16:40 . 2002-01-05 14:48 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2008-03-31 16:40 . 2002-03-20 22:22 905,290 --a------ C:\WINDOWS\system32\libmmd.dll
2008-03-31 16:37 . 2008-03-31 16:37 <REP> d-------- C:\Program Files\Sony
2008-03-31 16:03 . 2008-03-31 16:03 <REP> d-------- C:\Program Files\Lavasoft
2008-03-31 16:03 . 2008-03-31 16:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-31 15:42 . 2008-03-31 15:42 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-03-31 15:42 . 2008-03-31 15:42 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-03-31 15:41 . 2008-03-31 15:41 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-03-31 15:41 . 2008-04-02 17:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-31 15:41 . 2008-04-02 17:31 4,397,088 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-31 15:41 . 2008-04-02 19:51 295,712 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-31 15:41 . 2008-04-02 17:31 66,104 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-31 15:41 . 2008-04-02 17:31 32,468 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-31 15:28 . 2008-03-31 16:03 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-31 14:25 . 2008-03-31 14:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-03-31 13:57 . 2008-03-31 15:48 <REP> d-------- C:\Program Files\Spectrasonics
2008-03-31 13:23 . 2008-04-01 12:23 <REP> d-------- C:\Program Files\DAEMON Tools Pro
2008-03-31 13:15 . 2008-03-31 13:15 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\DAEMON Tools Pro
2008-03-31 12:29 . 2008-03-31 12:29 <REP> d-------- C:\Presets
2008-03-31 12:29 . 2008-03-31 12:29 <REP> d-------- C:\Default
2008-03-31 12:29 . 2006-06-26 12:44 2,020,522 --a------ C:\AkoustikPiano_info.nkx
2008-03-31 12:26 . 2006-09-11 13:43 393,216 --a------ C:\WINDOWS\system32\NI_IRC_1_1.dll
2008-03-31 12:26 . 2006-09-11 13:43 61,440 --a------ C:\WINDOWS\system32\NI_DFD_1_4.dll
2008-03-31 12:25 . 2006-11-09 02:09 1,895,936 --a------ C:\WINDOWS\system32\kconvert.dll
2008-03-31 12:25 . 2006-10-04 14:13 1,870,336 --a------ C:\WINDOWS\system32\bconvert.dll
2008-03-31 12:25 . 2006-10-04 14:13 393,216 --a------ C:\WINDOWS\system32\NI_IRC_1_2.dll
2008-03-31 12:25 . 2006-09-05 12:41 393,216 --a------ C:\WINDOWS\system32\NI_IRC_1_0_3.dll
2008-03-31 12:25 . 2006-09-04 17:41 233,472 --a------ C:\WINDOWS\system32\REX Shared Library.dll
2008-03-31 12:25 . 2006-09-05 12:41 69,632 --a------ C:\WINDOWS\system32\NI_DFD_1_2_9.dll
2008-03-31 12:25 . 2006-09-05 12:41 65,536 --a------ C:\WINDOWS\system32\NI_DFD_1_3_0.dll
2008-03-31 12:25 . 2006-10-04 14:13 61,440 --a------ C:\WINDOWS\system32\NI_DFD_1_5.dll
2008-03-30 23:35 . 2008-03-30 23:35 <REP> d-------- C:\WINDOWS\MOTU
2008-03-30 23:35 . 2008-03-30 23:35 <REP> d-------- C:\Program Files\MOTU
2008-03-30 23:17 . 2008-03-30 23:17 87 --a------ C:\WINDOWS\MOTU FW CueMix Prefs.prefs
2008-03-30 22:10 . 2008-03-30 22:10 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Sony
2008-03-30 20:49 . 2008-03-30 20:50 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Waves Preferences
2008-03-30 20:49 . 2008-03-30 20:49 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Waves
2008-03-30 20:44 . 2008-03-30 20:44 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Audio Ease
2008-03-30 17:31 . 2008-03-30 17:31 <REP> d-------- C:\Program Files\Digidesign
2008-03-30 17:30 . 2004-03-17 19:54 163,840 --a------ C:\WINDOWS\system32\ArtFfct.dll
2008-03-30 17:24 . 2008-03-30 17:24 <REP> d-------- C:\Program Files\Fichiers communs\iZotope
2008-03-30 17:21 . 2001-10-19 15:40 1,683,792 --a------ C:\WINDOWS\system32\wmvcore2.dll
2008-03-30 17:21 . 2001-10-19 15:40 665,424 --a------ C:\WINDOWS\system32\wmv8dmoe.dll
2008-03-30 17:21 . 2002-10-09 13:21 566,272 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2008-03-30 17:21 . 2001-10-19 15:40 438,608 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-03-30 17:21 . 2001-10-19 03:05 285,184 --a------ C:\WINDOWS\system32\wmidx2.ocx
2008-03-30 17:21 . 2008-03-30 17:21 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-03-30 17:18 . 2008-03-30 17:18 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Waves Audio
2008-03-30 17:16 . 2008-03-30 17:18 <REP> d-------- C:\Program Files\Waves
2008-03-30 17:15 . 2008-03-30 23:20 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Ableton
2008-03-30 17:15 . 2003-03-18 20:20 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-03-30 17:15 . 2003-03-18 20:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-03-30 17:15 . 2007-02-12 16:58 368,640 --a------ C:\WINDOWS\system32\ReWire.dll
2008-03-30 17:14 . 2008-03-31 14:35 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-30 17:14 . 2003-06-20 12:28 1,777,664 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-03-30 17:11 . 2008-03-31 16:48 16 --a------ C:\WINDOWS\system32\w3data.vss
2008-03-30 17:11 . 2008-03-31 16:48 16 --a------ C:\WINDOWS\msocreg32.dat
2008-03-30 17:08 . 2008-03-30 17:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Audio Ease
2008-03-30 17:08 . 2006-11-02 23:18 54,156 --a------ C:\WINDOWS\QTFont.qfn
2008-03-30 17:08 . 2006-11-02 23:18 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-30 17:07 . 2008-03-30 17:07 <REP> d-------- C:\Program Files\Audio Ease
2008-03-30 17:04 . 2008-03-30 17:04 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-03-30 16:57 . 2008-03-30 16:57 <REP> d-------- C:\Program Files\Sierra
2008-03-30 16:23 . 2008-03-31 16:40 <REP> d-------- C:\Program Files\Steinberg
2008-03-30 15:54 . 2008-03-30 15:54 <REP> d-------- C:\Program Files\Native Instruments
2008-03-30 15:03 . 2008-03-30 15:03 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\InstallShield
2008-03-30 14:35 . 2007-01-29 21:15 185,344 --a------ C:\WINDOWS\system32\drivers\RTL8187.sys
2008-03-30 14:28 . 2008-03-30 14:28 <REP> d-------- C:\WINDOWS\nvidia icons
2008-03-30 14:28 . 2008-03-30 14:31 <REP> d-------- C:\WINDOWS\NV31163136.TMP
2008-03-29 21:54 . 2008-03-30 15:03 <REP> d-------- C:\Program Files\Intel
2008-03-29 21:54 . 2008-03-29 21:54 <REP> d-------- C:\Intel
2008-03-28 20:01 . 2008-03-31 15:16 <REP> d-------- C:\Program Files\Yahoo!
2008-03-28 20:01 . 2008-04-01 12:32 <REP> d-------- C:\Program Files\CCleaner
2008-03-28 18:00 . 2008-03-28 18:00 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Uniblue
2008-03-28 17:52 . 2008-03-28 17:52 <REP> d-------- C:\Program Files\uTorrent
2008-03-28 17:52 . 2008-04-02 19:48 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\uTorrent
2008-03-28 17:35 . 2008-03-31 12:23 <REP> d-------- C:\Program Files\Fichiers communs\Native Instruments
2008-03-28 17:31 . 2008-03-30 23:05 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Steinberg
2008-03-28 17:24 . 2008-03-28 17:24 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-27 19:07 --------- d-----w C:\Program Files\Marvell
2008-03-27 18:57 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-27 18:56 --------- d-----w C:\Program Files\Services en ligne
2008-03-06 15:23 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-02-14 16:14 25,648 ----a-w C:\WINDOWS\system32\drivers\mfwamidi.sys
2008-02-14 16:14 23,600 ----a-w C:\WINDOWS\system32\drivers\motubus.sys
2008-02-14 16:14 22,064 ----a-w C:\WINDOWS\system32\drivers\mfwagsif.sys
2008-02-14 16:13 60,976 ----a-w C:\WINDOWS\system32\drivers\mfwawave.sys
2008-02-14 16:13 378,416 ----a-w C:\WINDOWS\system32\drivers\motufwa.sys
2008-02-14 15:56 184,320 ----a-w C:\WINDOWS\system32\mfwaasio.drv
2008-02-08 16:37 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
2008-02-08 16:35 23,604 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
.
((((((((((((((((((((((((((((( snapshot@2008-04-02_16.48.18.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-21 15:31:48 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
+ 2007-11-21 15:31:48 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
+ 2008-03-14 06:04:29 46,652 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
+ 2006-03-17 09:45:52 1,757,184 ----a-w C:\WINDOWS\system32\imagX7.dll
+ 2006-03-17 09:45:54 497,296 ----a-w C:\WINDOWS\system32\imagXpr7.dll
+ 2006-03-17 09:45:54 258,048 ----a-w C:\WINDOWS\system32\imagXR7.dll
+ 2006-03-17 09:45:54 802,816 ----a-w C:\WINDOWS\system32\imagXRA7.dll
+ 2007-12-03 16:04:12 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
+ 2006-03-17 12:49:46 368,640 ----a-w C:\WINDOWS\system32\TwnLib4.dll
+ 2007-03-20 18:22:04 972,336 ----a-w C:\WINDOWS\UNNeroBackItUp.exe
+ 2007-12-13 17:09:06 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
+ 2007-02-28 13:41:02 972,336 ----a-w C:\WINDOWS\UNNeroShowTime.exe
+ 2007-03-21 18:02:12 972,336 ----a-w C:\WINDOWS\UNNeroVision.exe
+ 2007-12-04 07:59:22 972,072 ----a-w C:\WINDOWS\UNRecode.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"bxcqdqru"="C:\WINDOWS\system32\xgjkvatq.exe" [ ]
"ldxhwoub"="C:\WINDOWS\system32\axqxytuz.exe" [2008-04-02 17:15 102400]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-11 00:03 8429568]
"nwiz"="nwiz.exe" [2008-03-04 11:02 1626112 C:\WINDOWS\system32\nwiz.exe]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 01:00 385024]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-05-11 00:03 81920]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-15 01:50 233472]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
MOTU Pedal Handler.lnk - C:\Program Files\MOTU\Audio\MFWAKeys.exe [2008-02-14 18:13:30 202024]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Sierra\\FEAR\\fpupdate.exe"=
"C:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"C:\\Program Files\\Sierra\\FEAR\\FEARMP.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
"D:\\Emule\\emule.exe"=
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 21:08]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 mfwagsif;MOTU Audio GSIF;C:\WINDOWS\system32\drivers\mfwagsif.sys [2008-02-14 18:14]
R3 mfwamidi;MOTU Audio MIDI;C:\WINDOWS\system32\drivers\mfwamidi.sys [2008-02-14 18:14]
R3 mfwawave;MOTU Audio Wave;C:\WINDOWS\system32\drivers\mfwawave.sys [2008-02-14 18:13]
R3 motubus;MOTU Audio MIDI Extension;C:\WINDOWS\system32\drivers\MotuBus.sys [2008-02-14 18:14]
R3 MotuFWA;MotuFWA;C:\WINDOWS\system32\drivers\motufwa.sys [2008-02-14 18:13]
S3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-05-31 15:29]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2007-01-29 21:15]
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\AutoRun.exe
*Newly Created Service* - NERO_BACKITUP_SCHEDULER_3
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-02 19:52:13
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-04-02 19:54:57
ComboFix-quarantined-files.txt 2008-04-02 17:54:55
ComboFix2.txt 2008-04-02 14:50:09
Pre-Run: 26,041,241,600 octets libres
Post-Run: 26,031,484,928 octets libres
.
2008-04-02 01:00:46 --- E O F ---
ComboFix 08-04-01.2 - fernandes 2008-04-02 19:48:39.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1573 [GMT 2:00]
Endroit: C:\Documents and Settings\fernandes\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\fernandes\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
FILE ::
C:\WINDOWS\system32\lgnwxmtk.exe
C:\WINDOWS\system32\lohuvujo.exe
C:\WINDOWS\system32\mfipmnib.exe
C:\WINDOWS\system32\mxankvgt.exe
C:\WINDOWS\system32\orgnujcb.exe
C:\WINDOWS\system32\outolcmp.ini
C:\WINDOWS\system32\vhunflen.dll
C:\WINDOWS\system32\xgjkvatq.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\dwxcnwrq
C:\Documents and Settings\All Users\Application Data\dwxcnwrq\pmtgbode.exe
C:\WINDOWS\system32\lgnwxmtk.exe
C:\WINDOWS\system32\lohuvujo.exe
C:\WINDOWS\system32\mfipmnib.exe
C:\WINDOWS\system32\msvcsv60.dll
C:\WINDOWS\system32\mxankvgt.exe
C:\WINDOWS\system32\orgnujcb.exe
C:\WINDOWS\system32\outolcmp.ini
C:\WINDOWS\system32\xgjkvatq.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-02 to 2008-04-02 ))))))))))))))))))))))))))))))))))))
.
2008-04-02 17:53 . 2008-04-02 17:53 <REP> d--h----- C:\WINDOWS\PIF
2008-04-02 17:29 . 2008-04-02 17:29 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Nero
2008-04-02 17:27 . 2008-04-02 17:27 <REP> d-------- C:\Program Files\Nero
2008-04-02 17:27 . 2008-04-02 17:28 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-04-02 17:27 . 2008-04-02 17:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-04-02 17:15 . 2008-04-02 17:15 102,400 --a------ C:\WINDOWS\system32\axqxytuz.exe
2008-04-02 17:11 . 2008-04-02 17:11 <REP> d-------- C:\Program Files\PowerISO
2008-04-02 16:09 . 2008-04-02 16:12 211 --a------ C:\WINDOWS\wininit.ini
2008-04-02 03:00 . 2008-04-02 03:00 <REP> d-------- C:\Program Files\MSXML 4.0
2008-04-01 17:38 . 2008-04-01 17:38 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-01 17:38 . 2008-04-01 17:38 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Malwarebytes
2008-04-01 17:38 . 2008-04-01 17:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-01 16:59 . 2008-04-01 16:59 <REP> d-------- C:\Program Files\Trend Micro
2008-04-01 16:58 . 2008-04-01 16:58 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Grisoft
2008-04-01 16:58 . 2008-04-01 16:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-01 16:58 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-01 14:48 . 2008-04-01 14:48 <REP> d-------- C:\Program Files\CleanUp!
2008-03-31 18:23 . 2008-03-31 18:23 <REP> d-------- C:\Program Files\Toontrack
2008-03-31 18:15 . 2008-03-31 18:15 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-31 18:15 . 2008-03-31 18:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-31 16:55 . 2008-03-31 16:56 26 --a------ C:\WINDOWS\system32\satsukidecodersettings.ini
2008-03-31 16:40 . 2002-01-05 14:48 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2008-03-31 16:40 . 2002-03-20 22:22 905,290 --a------ C:\WINDOWS\system32\libmmd.dll
2008-03-31 16:37 . 2008-03-31 16:37 <REP> d-------- C:\Program Files\Sony
2008-03-31 16:03 . 2008-03-31 16:03 <REP> d-------- C:\Program Files\Lavasoft
2008-03-31 16:03 . 2008-03-31 16:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-31 15:42 . 2008-03-31 15:42 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-03-31 15:42 . 2008-03-31 15:42 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-03-31 15:41 . 2008-03-31 15:41 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-03-31 15:41 . 2008-04-02 17:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-31 15:41 . 2008-04-02 17:31 4,397,088 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-31 15:41 . 2008-04-02 19:51 295,712 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-31 15:41 . 2008-04-02 17:31 66,104 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-31 15:41 . 2008-04-02 17:31 32,468 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-31 15:28 . 2008-03-31 16:03 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-31 14:25 . 2008-03-31 14:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-03-31 13:57 . 2008-03-31 15:48 <REP> d-------- C:\Program Files\Spectrasonics
2008-03-31 13:23 . 2008-04-01 12:23 <REP> d-------- C:\Program Files\DAEMON Tools Pro
2008-03-31 13:15 . 2008-03-31 13:15 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\DAEMON Tools Pro
2008-03-31 12:29 . 2008-03-31 12:29 <REP> d-------- C:\Presets
2008-03-31 12:29 . 2008-03-31 12:29 <REP> d-------- C:\Default
2008-03-31 12:29 . 2006-06-26 12:44 2,020,522 --a------ C:\AkoustikPiano_info.nkx
2008-03-31 12:26 . 2006-09-11 13:43 393,216 --a------ C:\WINDOWS\system32\NI_IRC_1_1.dll
2008-03-31 12:26 . 2006-09-11 13:43 61,440 --a------ C:\WINDOWS\system32\NI_DFD_1_4.dll
2008-03-31 12:25 . 2006-11-09 02:09 1,895,936 --a------ C:\WINDOWS\system32\kconvert.dll
2008-03-31 12:25 . 2006-10-04 14:13 1,870,336 --a------ C:\WINDOWS\system32\bconvert.dll
2008-03-31 12:25 . 2006-10-04 14:13 393,216 --a------ C:\WINDOWS\system32\NI_IRC_1_2.dll
2008-03-31 12:25 . 2006-09-05 12:41 393,216 --a------ C:\WINDOWS\system32\NI_IRC_1_0_3.dll
2008-03-31 12:25 . 2006-09-04 17:41 233,472 --a------ C:\WINDOWS\system32\REX Shared Library.dll
2008-03-31 12:25 . 2006-09-05 12:41 69,632 --a------ C:\WINDOWS\system32\NI_DFD_1_2_9.dll
2008-03-31 12:25 . 2006-09-05 12:41 65,536 --a------ C:\WINDOWS\system32\NI_DFD_1_3_0.dll
2008-03-31 12:25 . 2006-10-04 14:13 61,440 --a------ C:\WINDOWS\system32\NI_DFD_1_5.dll
2008-03-30 23:35 . 2008-03-30 23:35 <REP> d-------- C:\WINDOWS\MOTU
2008-03-30 23:35 . 2008-03-30 23:35 <REP> d-------- C:\Program Files\MOTU
2008-03-30 23:17 . 2008-03-30 23:17 87 --a------ C:\WINDOWS\MOTU FW CueMix Prefs.prefs
2008-03-30 22:10 . 2008-03-30 22:10 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Sony
2008-03-30 20:49 . 2008-03-30 20:50 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Waves Preferences
2008-03-30 20:49 . 2008-03-30 20:49 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Waves
2008-03-30 20:44 . 2008-03-30 20:44 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Audio Ease
2008-03-30 17:31 . 2008-03-30 17:31 <REP> d-------- C:\Program Files\Digidesign
2008-03-30 17:30 . 2004-03-17 19:54 163,840 --a------ C:\WINDOWS\system32\ArtFfct.dll
2008-03-30 17:24 . 2008-03-30 17:24 <REP> d-------- C:\Program Files\Fichiers communs\iZotope
2008-03-30 17:21 . 2001-10-19 15:40 1,683,792 --a------ C:\WINDOWS\system32\wmvcore2.dll
2008-03-30 17:21 . 2001-10-19 15:40 665,424 --a------ C:\WINDOWS\system32\wmv8dmoe.dll
2008-03-30 17:21 . 2002-10-09 13:21 566,272 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2008-03-30 17:21 . 2001-10-19 15:40 438,608 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-03-30 17:21 . 2001-10-19 03:05 285,184 --a------ C:\WINDOWS\system32\wmidx2.ocx
2008-03-30 17:21 . 2008-03-30 17:21 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-03-30 17:18 . 2008-03-30 17:18 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Waves Audio
2008-03-30 17:16 . 2008-03-30 17:18 <REP> d-------- C:\Program Files\Waves
2008-03-30 17:15 . 2008-03-30 23:20 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Ableton
2008-03-30 17:15 . 2003-03-18 20:20 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-03-30 17:15 . 2003-03-18 20:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-03-30 17:15 . 2007-02-12 16:58 368,640 --a------ C:\WINDOWS\system32\ReWire.dll
2008-03-30 17:14 . 2008-03-31 14:35 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-30 17:14 . 2003-06-20 12:28 1,777,664 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-03-30 17:11 . 2008-03-31 16:48 16 --a------ C:\WINDOWS\system32\w3data.vss
2008-03-30 17:11 . 2008-03-31 16:48 16 --a------ C:\WINDOWS\msocreg32.dat
2008-03-30 17:08 . 2008-03-30 17:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Audio Ease
2008-03-30 17:08 . 2006-11-02 23:18 54,156 --a------ C:\WINDOWS\QTFont.qfn
2008-03-30 17:08 . 2006-11-02 23:18 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-30 17:07 . 2008-03-30 17:07 <REP> d-------- C:\Program Files\Audio Ease
2008-03-30 17:04 . 2008-03-30 17:04 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-03-30 16:57 . 2008-03-30 16:57 <REP> d-------- C:\Program Files\Sierra
2008-03-30 16:23 . 2008-03-31 16:40 <REP> d-------- C:\Program Files\Steinberg
2008-03-30 15:54 . 2008-03-30 15:54 <REP> d-------- C:\Program Files\Native Instruments
2008-03-30 15:03 . 2008-03-30 15:03 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\InstallShield
2008-03-30 14:35 . 2007-01-29 21:15 185,344 --a------ C:\WINDOWS\system32\drivers\RTL8187.sys
2008-03-30 14:28 . 2008-03-30 14:28 <REP> d-------- C:\WINDOWS\nvidia icons
2008-03-30 14:28 . 2008-03-30 14:31 <REP> d-------- C:\WINDOWS\NV31163136.TMP
2008-03-29 21:54 . 2008-03-30 15:03 <REP> d-------- C:\Program Files\Intel
2008-03-29 21:54 . 2008-03-29 21:54 <REP> d-------- C:\Intel
2008-03-28 20:01 . 2008-03-31 15:16 <REP> d-------- C:\Program Files\Yahoo!
2008-03-28 20:01 . 2008-04-01 12:32 <REP> d-------- C:\Program Files\CCleaner
2008-03-28 18:00 . 2008-03-28 18:00 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Uniblue
2008-03-28 17:52 . 2008-03-28 17:52 <REP> d-------- C:\Program Files\uTorrent
2008-03-28 17:52 . 2008-04-02 19:48 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\uTorrent
2008-03-28 17:35 . 2008-03-31 12:23 <REP> d-------- C:\Program Files\Fichiers communs\Native Instruments
2008-03-28 17:31 . 2008-03-30 23:05 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Steinberg
2008-03-28 17:24 . 2008-03-28 17:24 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-27 19:07 --------- d-----w C:\Program Files\Marvell
2008-03-27 18:57 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-27 18:56 --------- d-----w C:\Program Files\Services en ligne
2008-03-06 15:23 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-02-14 16:14 25,648 ----a-w C:\WINDOWS\system32\drivers\mfwamidi.sys
2008-02-14 16:14 23,600 ----a-w C:\WINDOWS\system32\drivers\motubus.sys
2008-02-14 16:14 22,064 ----a-w C:\WINDOWS\system32\drivers\mfwagsif.sys
2008-02-14 16:13 60,976 ----a-w C:\WINDOWS\system32\drivers\mfwawave.sys
2008-02-14 16:13 378,416 ----a-w C:\WINDOWS\system32\drivers\motufwa.sys
2008-02-14 15:56 184,320 ----a-w C:\WINDOWS\system32\mfwaasio.drv
2008-02-08 16:37 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
2008-02-08 16:35 23,604 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
.
((((((((((((((((((((((((((((( snapshot@2008-04-02_16.48.18.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-21 15:31:48 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
+ 2007-11-21 15:31:48 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
+ 2008-03-14 06:04:29 46,652 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
+ 2006-03-17 09:45:52 1,757,184 ----a-w C:\WINDOWS\system32\imagX7.dll
+ 2006-03-17 09:45:54 497,296 ----a-w C:\WINDOWS\system32\imagXpr7.dll
+ 2006-03-17 09:45:54 258,048 ----a-w C:\WINDOWS\system32\imagXR7.dll
+ 2006-03-17 09:45:54 802,816 ----a-w C:\WINDOWS\system32\imagXRA7.dll
+ 2007-12-03 16:04:12 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
+ 2006-03-17 12:49:46 368,640 ----a-w C:\WINDOWS\system32\TwnLib4.dll
+ 2007-03-20 18:22:04 972,336 ----a-w C:\WINDOWS\UNNeroBackItUp.exe
+ 2007-12-13 17:09:06 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
+ 2007-02-28 13:41:02 972,336 ----a-w C:\WINDOWS\UNNeroShowTime.exe
+ 2007-03-21 18:02:12 972,336 ----a-w C:\WINDOWS\UNNeroVision.exe
+ 2007-12-04 07:59:22 972,072 ----a-w C:\WINDOWS\UNRecode.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"bxcqdqru"="C:\WINDOWS\system32\xgjkvatq.exe" [ ]
"ldxhwoub"="C:\WINDOWS\system32\axqxytuz.exe" [2008-04-02 17:15 102400]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-11 00:03 8429568]
"nwiz"="nwiz.exe" [2008-03-04 11:02 1626112 C:\WINDOWS\system32\nwiz.exe]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 01:00 385024]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-05-11 00:03 81920]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-15 01:50 233472]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
MOTU Pedal Handler.lnk - C:\Program Files\MOTU\Audio\MFWAKeys.exe [2008-02-14 18:13:30 202024]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Sierra\\FEAR\\fpupdate.exe"=
"C:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"C:\\Program Files\\Sierra\\FEAR\\FEARMP.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
"D:\\Emule\\emule.exe"=
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 21:08]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 mfwagsif;MOTU Audio GSIF;C:\WINDOWS\system32\drivers\mfwagsif.sys [2008-02-14 18:14]
R3 mfwamidi;MOTU Audio MIDI;C:\WINDOWS\system32\drivers\mfwamidi.sys [2008-02-14 18:14]
R3 mfwawave;MOTU Audio Wave;C:\WINDOWS\system32\drivers\mfwawave.sys [2008-02-14 18:13]
R3 motubus;MOTU Audio MIDI Extension;C:\WINDOWS\system32\drivers\MotuBus.sys [2008-02-14 18:14]
R3 MotuFWA;MotuFWA;C:\WINDOWS\system32\drivers\motufwa.sys [2008-02-14 18:13]
S3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-05-31 15:29]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2007-01-29 21:15]
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\AutoRun.exe
*Newly Created Service* - NERO_BACKITUP_SCHEDULER_3
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-02 19:52:13
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-04-02 19:54:57
ComboFix-quarantined-files.txt 2008-04-02 17:54:55
ComboFix2.txt 2008-04-02 14:50:09
Pre-Run: 26,041,241,600 octets libres
Post-Run: 26,031,484,928 octets libres
.
2008-04-02 01:00:46 --- E O F ---
Re,
[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
![]()
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
File::
C:\WINDOWS\system32\xgjkvatq.exe
C:\WINDOWS\system32\axqxytuz.exe
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bxcqdqru"=-
"ldxhwoub"=-
C:\WINDOWS\system32\xgjkvatq.exe
C:\WINDOWS\system32\axqxytuz.exe
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bxcqdqru"=-
"ldxhwoub"=-
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
POUR LE RAPPORT combo
ComboFix 08-04-01.2 - fernandes 2008-04-02 20:23:07.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1544 [GMT 2:00]
Endroit: C:\Documents and Settings\fernandes\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\fernandes\Bureau\CFScript.txt.txt
* Création d'un nouveau point de restauration
FILE ::
C:\WINDOWS\system32\axqxytuz.exe
C:\WINDOWS\system32\xgjkvatq.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\axqxytuz.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-02 to 2008-04-02 ))))))))))))))))))))))))))))))))))))
.
2008-04-02 17:53 . 2008-04-02 17:53 <REP> d--h----- C:\WINDOWS\PIF
2008-04-02 17:29 . 2008-04-02 17:29 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Nero
2008-04-02 17:27 . 2008-04-02 17:27 <REP> d-------- C:\Program Files\Nero
2008-04-02 17:27 . 2008-04-02 17:28 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-04-02 17:27 . 2008-04-02 17:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-04-02 17:11 . 2008-04-02 17:11 <REP> d-------- C:\Program Files\PowerISO
2008-04-02 16:09 . 2008-04-02 16:12 211 --a------ C:\WINDOWS\wininit.ini
2008-04-02 03:00 . 2008-04-02 03:00 <REP> d-------- C:\Program Files\MSXML 4.0
2008-04-01 17:38 . 2008-04-01 17:38 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-01 17:38 . 2008-04-01 17:38 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Malwarebytes
2008-04-01 17:38 . 2008-04-01 17:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-01 16:59 . 2008-04-01 16:59 <REP> d-------- C:\Program Files\Trend Micro
2008-04-01 16:58 . 2008-04-01 16:58 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Grisoft
2008-04-01 16:58 . 2008-04-01 16:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-01 16:58 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-01 14:48 . 2008-04-01 14:48 <REP> d-------- C:\Program Files\CleanUp!
2008-03-31 18:23 . 2008-03-31 18:23 <REP> d-------- C:\Program Files\Toontrack
2008-03-31 18:15 . 2008-03-31 18:15 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-31 18:15 . 2008-03-31 18:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-31 16:55 . 2008-03-31 16:56 26 --a------ C:\WINDOWS\system32\satsukidecodersettings.ini
2008-03-31 16:40 . 2002-01-05 14:48 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2008-03-31 16:40 . 2002-03-20 22:22 905,290 --a------ C:\WINDOWS\system32\libmmd.dll
2008-03-31 16:37 . 2008-03-31 16:37 <REP> d-------- C:\Program Files\Sony
2008-03-31 16:03 . 2008-03-31 16:03 <REP> d-------- C:\Program Files\Lavasoft
2008-03-31 16:03 . 2008-03-31 16:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-31 15:42 . 2008-03-31 15:42 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-03-31 15:42 . 2008-03-31 15:42 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-03-31 15:41 . 2008-03-31 15:41 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-03-31 15:41 . 2008-04-02 17:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-31 15:41 . 2008-04-02 17:31 4,397,088 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-31 15:41 . 2008-04-02 20:25 298,272 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-31 15:41 . 2008-04-02 17:31 66,104 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-31 15:41 . 2008-04-02 17:31 32,468 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-31 15:28 . 2008-03-31 16:03 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-31 14:25 . 2008-03-31 14:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-03-31 13:57 . 2008-03-31 15:48 <REP> d-------- C:\Program Files\Spectrasonics
2008-03-31 13:23 . 2008-04-01 12:23 <REP> d-------- C:\Program Files\DAEMON Tools Pro
2008-03-31 13:15 . 2008-03-31 13:15 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\DAEMON Tools Pro
2008-03-31 12:29 . 2008-03-31 12:29 <REP> d-------- C:\Presets
2008-03-31 12:29 . 2008-03-31 12:29 <REP> d-------- C:\Default
2008-03-31 12:29 . 2006-06-26 12:44 2,020,522 --a------ C:\AkoustikPiano_info.nkx
2008-03-31 12:26 . 2006-09-11 13:43 393,216 --a------ C:\WINDOWS\system32\NI_IRC_1_1.dll
2008-03-31 12:26 . 2006-09-11 13:43 61,440 --a------ C:\WINDOWS\system32\NI_DFD_1_4.dll
2008-03-31 12:25 . 2006-11-09 02:09 1,895,936 --a------ C:\WINDOWS\system32\kconvert.dll
2008-03-31 12:25 . 2006-10-04 14:13 1,870,336 --a------ C:\WINDOWS\system32\bconvert.dll
2008-03-31 12:25 . 2006-10-04 14:13 393,216 --a------ C:\WINDOWS\system32\NI_IRC_1_2.dll
2008-03-31 12:25 . 2006-09-05 12:41 393,216 --a------ C:\WINDOWS\system32\NI_IRC_1_0_3.dll
2008-03-31 12:25 . 2006-09-04 17:41 233,472 --a------ C:\WINDOWS\system32\REX Shared Library.dll
2008-03-31 12:25 . 2006-09-05 12:41 69,632 --a------ C:\WINDOWS\system32\NI_DFD_1_2_9.dll
2008-03-31 12:25 . 2006-09-05 12:41 65,536 --a------ C:\WINDOWS\system32\NI_DFD_1_3_0.dll
2008-03-31 12:25 . 2006-10-04 14:13 61,440 --a------ C:\WINDOWS\system32\NI_DFD_1_5.dll
2008-03-30 23:35 . 2008-03-30 23:35 <REP> d-------- C:\WINDOWS\MOTU
2008-03-30 23:35 . 2008-03-30 23:35 <REP> d-------- C:\Program Files\MOTU
2008-03-30 23:17 . 2008-03-30 23:17 87 --a------ C:\WINDOWS\MOTU FW CueMix Prefs.prefs
2008-03-30 22:10 . 2008-03-30 22:10 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Sony
2008-03-30 20:49 . 2008-03-30 20:50 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Waves Preferences
2008-03-30 20:49 . 2008-03-30 20:49 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Waves
2008-03-30 20:44 . 2008-03-30 20:44 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Audio Ease
2008-03-30 17:31 . 2008-03-30 17:31 <REP> d-------- C:\Program Files\Digidesign
2008-03-30 17:30 . 2004-03-17 19:54 163,840 --a------ C:\WINDOWS\system32\ArtFfct.dll
2008-03-30 17:24 . 2008-03-30 17:24 <REP> d-------- C:\Program Files\Fichiers communs\iZotope
2008-03-30 17:21 . 2001-10-19 15:40 1,683,792 --a------ C:\WINDOWS\system32\wmvcore2.dll
2008-03-30 17:21 . 2001-10-19 15:40 665,424 --a------ C:\WINDOWS\system32\wmv8dmoe.dll
2008-03-30 17:21 . 2002-10-09 13:21 566,272 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2008-03-30 17:21 . 2001-10-19 15:40 438,608 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-03-30 17:21 . 2001-10-19 03:05 285,184 --a------ C:\WINDOWS\system32\wmidx2.ocx
2008-03-30 17:21 . 2008-03-30 17:21 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-03-30 17:18 . 2008-03-30 17:18 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Waves Audio
2008-03-30 17:16 . 2008-03-30 17:18 <REP> d-------- C:\Program Files\Waves
2008-03-30 17:15 . 2008-03-30 23:20 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Ableton
2008-03-30 17:15 . 2003-03-18 20:20 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-03-30 17:15 . 2003-03-18 20:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-03-30 17:15 . 2007-02-12 16:58 368,640 --a------ C:\WINDOWS\system32\ReWire.dll
2008-03-30 17:14 . 2008-03-31 14:35 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-30 17:14 . 2003-06-20 12:28 1,777,664 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-03-30 17:11 . 2008-03-31 16:48 16 --a------ C:\WINDOWS\system32\w3data.vss
2008-03-30 17:11 . 2008-03-31 16:48 16 --a------ C:\WINDOWS\msocreg32.dat
2008-03-30 17:08 . 2008-03-30 17:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Audio Ease
2008-03-30 17:08 . 2006-11-02 23:18 54,156 --a------ C:\WINDOWS\QTFont.qfn
2008-03-30 17:08 . 2006-11-02 23:18 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-30 17:07 . 2008-03-30 17:07 <REP> d-------- C:\Program Files\Audio Ease
2008-03-30 17:04 . 2008-03-30 17:04 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-03-30 16:57 . 2008-03-30 16:57 <REP> d-------- C:\Program Files\Sierra
2008-03-30 16:23 . 2008-03-31 16:40 <REP> d-------- C:\Program Files\Steinberg
2008-03-30 15:54 . 2008-03-30 15:54 <REP> d-------- C:\Program Files\Native Instruments
2008-03-30 15:03 . 2008-03-30 15:03 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\InstallShield
2008-03-30 14:35 . 2007-01-29 21:15 185,344 --a------ C:\WINDOWS\system32\drivers\RTL8187.sys
2008-03-30 14:28 . 2008-03-30 14:28 <REP> d-------- C:\WINDOWS\nvidia icons
2008-03-30 14:28 . 2008-03-30 14:31 <REP> d-------- C:\WINDOWS\NV31163136.TMP
2008-03-29 21:54 . 2008-03-30 15:03 <REP> d-------- C:\Program Files\Intel
2008-03-29 21:54 . 2008-03-29 21:54 <REP> d-------- C:\Intel
2008-03-28 20:01 . 2008-03-31 15:16 <REP> d-------- C:\Program Files\Yahoo!
2008-03-28 20:01 . 2008-04-01 12:32 <REP> d-------- C:\Program Files\CCleaner
2008-03-28 18:00 . 2008-03-28 18:00 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Uniblue
2008-03-28 17:52 . 2008-03-28 17:52 <REP> d-------- C:\Program Files\uTorrent
2008-03-28 17:52 . 2008-04-02 20:23 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\uTorrent
2008-03-28 17:35 . 2008-03-31 12:23 <REP> d-------- C:\Program Files\Fichiers communs\Native Instruments
2008-03-28 17:31 . 2008-03-30 23:05 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Steinberg
2008-03-28 17:24 . 2008-03-28 17:24 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-03-28 17:16 . 2008-03-28 17:16 <REP> d-------- C:\Program Files\Syncrosoft
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-27 19:07 --------- d-----w C:\Program Files\Marvell
2008-03-27 18:57 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-27 18:56 --------- d-----w C:\Program Files\Services en ligne
2008-03-06 15:23 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-02-14 16:14 25,648 ----a-w C:\WINDOWS\system32\drivers\mfwamidi.sys
2008-02-14 16:14 23,600 ----a-w C:\WINDOWS\system32\drivers\motubus.sys
2008-02-14 16:14 22,064 ----a-w C:\WINDOWS\system32\drivers\mfwagsif.sys
2008-02-14 16:13 60,976 ----a-w C:\WINDOWS\system32\drivers\mfwawave.sys
2008-02-14 16:13 378,416 ----a-w C:\WINDOWS\system32\drivers\motufwa.sys
2008-02-14 15:56 184,320 ----a-w C:\WINDOWS\system32\mfwaasio.drv
2008-02-08 16:37 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
2008-02-08 16:35 23,604 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
.
((((((((((((((((((((((((((((( snapshot@2008-04-02_16.48.18.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-21 15:31:48 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
+ 2007-11-21 15:31:48 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
+ 2008-03-14 06:04:29 46,652 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
+ 2006-03-17 09:45:52 1,757,184 ----a-w C:\WINDOWS\system32\imagX7.dll
+ 2006-03-17 09:45:54 497,296 ----a-w C:\WINDOWS\system32\imagXpr7.dll
+ 2006-03-17 09:45:54 258,048 ----a-w C:\WINDOWS\system32\imagXR7.dll
+ 2006-03-17 09:45:54 802,816 ----a-w C:\WINDOWS\system32\imagXRA7.dll
+ 2007-12-03 16:04:12 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
+ 2006-03-17 12:49:46 368,640 ----a-w C:\WINDOWS\system32\TwnLib4.dll
+ 2007-03-20 18:22:04 972,336 ----a-w C:\WINDOWS\UNNeroBackItUp.exe
+ 2007-12-13 17:09:06 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
+ 2007-02-28 13:41:02 972,336 ----a-w C:\WINDOWS\UNNeroShowTime.exe
+ 2007-03-21 18:02:12 972,336 ----a-w C:\WINDOWS\UNNeroVision.exe
+ 2007-12-04 07:59:22 972,072 ----a-w C:\WINDOWS\UNRecode.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-11 00:03 8429568]
"nwiz"="nwiz.exe" [2008-03-04 11:02 1626112 C:\WINDOWS\system32\nwiz.exe]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 01:00 385024]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-05-11 00:03 81920]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-15 01:50 233472]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
MOTU Pedal Handler.lnk - C:\Program Files\MOTU\Audio\MFWAKeys.exe [2008-02-14 18:13:30 202024]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Sierra\\FEAR\\fpupdate.exe"=
"C:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"C:\\Program Files\\Sierra\\FEAR\\FEARMP.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
"D:\\Emule\\emule.exe"=
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 21:08]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 mfwagsif;MOTU Audio GSIF;C:\WINDOWS\system32\drivers\mfwagsif.sys [2008-02-14 18:14]
R3 mfwamidi;MOTU Audio MIDI;C:\WINDOWS\system32\drivers\mfwamidi.sys [2008-02-14 18:14]
R3 mfwawave;MOTU Audio Wave;C:\WINDOWS\system32\drivers\mfwawave.sys [2008-02-14 18:13]
R3 motubus;MOTU Audio MIDI Extension;C:\WINDOWS\system32\drivers\MotuBus.sys [2008-02-14 18:14]
R3 MotuFWA;MotuFWA;C:\WINDOWS\system32\drivers\motufwa.sys [2008-02-14 18:13]
S3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-05-31 15:29]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2007-01-29 21:15]
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\AutoRun.exe
*Newly Created Service* - NERO_BACKITUP_SCHEDULER_3
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-02 20:25:38
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-04-02 20:28:32
ComboFix-quarantined-files.txt 2008-04-02 18:28:30
ComboFix2.txt 2008-04-02 17:55:04
ComboFix3.txt 2008-04-02 14:50:09
Pre-Run: 26,713,198,592 octets libres
Post-Run: 26,704,019,456 octets libres
.
2008-04-02 01:00:46 --- E O F ---
Et pour le HiJack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:30:19, on 02/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\MOTU\Audio\MFWAKeys.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: MOTU Pedal Handler.lnk = C:\Program Files\MOTU\Audio\MFWAKeys.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5251 bytes
ComboFix 08-04-01.2 - fernandes 2008-04-02 20:23:07.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1544 [GMT 2:00]
Endroit: C:\Documents and Settings\fernandes\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\fernandes\Bureau\CFScript.txt.txt
* Création d'un nouveau point de restauration
FILE ::
C:\WINDOWS\system32\axqxytuz.exe
C:\WINDOWS\system32\xgjkvatq.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\axqxytuz.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-02 to 2008-04-02 ))))))))))))))))))))))))))))))))))))
.
2008-04-02 17:53 . 2008-04-02 17:53 <REP> d--h----- C:\WINDOWS\PIF
2008-04-02 17:29 . 2008-04-02 17:29 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Nero
2008-04-02 17:27 . 2008-04-02 17:27 <REP> d-------- C:\Program Files\Nero
2008-04-02 17:27 . 2008-04-02 17:28 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-04-02 17:27 . 2008-04-02 17:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-04-02 17:11 . 2008-04-02 17:11 <REP> d-------- C:\Program Files\PowerISO
2008-04-02 16:09 . 2008-04-02 16:12 211 --a------ C:\WINDOWS\wininit.ini
2008-04-02 03:00 . 2008-04-02 03:00 <REP> d-------- C:\Program Files\MSXML 4.0
2008-04-01 17:38 . 2008-04-01 17:38 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-01 17:38 . 2008-04-01 17:38 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Malwarebytes
2008-04-01 17:38 . 2008-04-01 17:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-01 16:59 . 2008-04-01 16:59 <REP> d-------- C:\Program Files\Trend Micro
2008-04-01 16:58 . 2008-04-01 16:58 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Grisoft
2008-04-01 16:58 . 2008-04-01 16:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-01 16:58 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-01 14:48 . 2008-04-01 14:48 <REP> d-------- C:\Program Files\CleanUp!
2008-03-31 18:23 . 2008-03-31 18:23 <REP> d-------- C:\Program Files\Toontrack
2008-03-31 18:15 . 2008-03-31 18:15 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-31 18:15 . 2008-03-31 18:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-31 16:55 . 2008-03-31 16:56 26 --a------ C:\WINDOWS\system32\satsukidecodersettings.ini
2008-03-31 16:40 . 2002-01-05 14:48 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2008-03-31 16:40 . 2002-03-20 22:22 905,290 --a------ C:\WINDOWS\system32\libmmd.dll
2008-03-31 16:37 . 2008-03-31 16:37 <REP> d-------- C:\Program Files\Sony
2008-03-31 16:03 . 2008-03-31 16:03 <REP> d-------- C:\Program Files\Lavasoft
2008-03-31 16:03 . 2008-03-31 16:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-31 15:42 . 2008-03-31 15:42 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-03-31 15:42 . 2008-03-31 15:42 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-03-31 15:41 . 2008-03-31 15:41 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-03-31 15:41 . 2008-04-02 17:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-31 15:41 . 2008-04-02 17:31 4,397,088 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-31 15:41 . 2008-04-02 20:25 298,272 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-31 15:41 . 2008-04-02 17:31 66,104 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-31 15:41 . 2008-04-02 17:31 32,468 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-31 15:28 . 2008-03-31 16:03 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-31 14:25 . 2008-03-31 14:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-03-31 13:57 . 2008-03-31 15:48 <REP> d-------- C:\Program Files\Spectrasonics
2008-03-31 13:23 . 2008-04-01 12:23 <REP> d-------- C:\Program Files\DAEMON Tools Pro
2008-03-31 13:15 . 2008-03-31 13:15 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\DAEMON Tools Pro
2008-03-31 12:29 . 2008-03-31 12:29 <REP> d-------- C:\Presets
2008-03-31 12:29 . 2008-03-31 12:29 <REP> d-------- C:\Default
2008-03-31 12:29 . 2006-06-26 12:44 2,020,522 --a------ C:\AkoustikPiano_info.nkx
2008-03-31 12:26 . 2006-09-11 13:43 393,216 --a------ C:\WINDOWS\system32\NI_IRC_1_1.dll
2008-03-31 12:26 . 2006-09-11 13:43 61,440 --a------ C:\WINDOWS\system32\NI_DFD_1_4.dll
2008-03-31 12:25 . 2006-11-09 02:09 1,895,936 --a------ C:\WINDOWS\system32\kconvert.dll
2008-03-31 12:25 . 2006-10-04 14:13 1,870,336 --a------ C:\WINDOWS\system32\bconvert.dll
2008-03-31 12:25 . 2006-10-04 14:13 393,216 --a------ C:\WINDOWS\system32\NI_IRC_1_2.dll
2008-03-31 12:25 . 2006-09-05 12:41 393,216 --a------ C:\WINDOWS\system32\NI_IRC_1_0_3.dll
2008-03-31 12:25 . 2006-09-04 17:41 233,472 --a------ C:\WINDOWS\system32\REX Shared Library.dll
2008-03-31 12:25 . 2006-09-05 12:41 69,632 --a------ C:\WINDOWS\system32\NI_DFD_1_2_9.dll
2008-03-31 12:25 . 2006-09-05 12:41 65,536 --a------ C:\WINDOWS\system32\NI_DFD_1_3_0.dll
2008-03-31 12:25 . 2006-10-04 14:13 61,440 --a------ C:\WINDOWS\system32\NI_DFD_1_5.dll
2008-03-30 23:35 . 2008-03-30 23:35 <REP> d-------- C:\WINDOWS\MOTU
2008-03-30 23:35 . 2008-03-30 23:35 <REP> d-------- C:\Program Files\MOTU
2008-03-30 23:17 . 2008-03-30 23:17 87 --a------ C:\WINDOWS\MOTU FW CueMix Prefs.prefs
2008-03-30 22:10 . 2008-03-30 22:10 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Sony
2008-03-30 20:49 . 2008-03-30 20:50 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Waves Preferences
2008-03-30 20:49 . 2008-03-30 20:49 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Waves
2008-03-30 20:44 . 2008-03-30 20:44 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Audio Ease
2008-03-30 17:31 . 2008-03-30 17:31 <REP> d-------- C:\Program Files\Digidesign
2008-03-30 17:30 . 2004-03-17 19:54 163,840 --a------ C:\WINDOWS\system32\ArtFfct.dll
2008-03-30 17:24 . 2008-03-30 17:24 <REP> d-------- C:\Program Files\Fichiers communs\iZotope
2008-03-30 17:21 . 2001-10-19 15:40 1,683,792 --a------ C:\WINDOWS\system32\wmvcore2.dll
2008-03-30 17:21 . 2001-10-19 15:40 665,424 --a------ C:\WINDOWS\system32\wmv8dmoe.dll
2008-03-30 17:21 . 2002-10-09 13:21 566,272 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2008-03-30 17:21 . 2001-10-19 15:40 438,608 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-03-30 17:21 . 2001-10-19 03:05 285,184 --a------ C:\WINDOWS\system32\wmidx2.ocx
2008-03-30 17:21 . 2008-03-30 17:21 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-03-30 17:18 . 2008-03-30 17:18 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Waves Audio
2008-03-30 17:16 . 2008-03-30 17:18 <REP> d-------- C:\Program Files\Waves
2008-03-30 17:15 . 2008-03-30 23:20 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Ableton
2008-03-30 17:15 . 2003-03-18 20:20 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-03-30 17:15 . 2003-03-18 20:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-03-30 17:15 . 2007-02-12 16:58 368,640 --a------ C:\WINDOWS\system32\ReWire.dll
2008-03-30 17:14 . 2008-03-31 14:35 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-30 17:14 . 2003-06-20 12:28 1,777,664 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-03-30 17:11 . 2008-03-31 16:48 16 --a------ C:\WINDOWS\system32\w3data.vss
2008-03-30 17:11 . 2008-03-31 16:48 16 --a------ C:\WINDOWS\msocreg32.dat
2008-03-30 17:08 . 2008-03-30 17:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Audio Ease
2008-03-30 17:08 . 2006-11-02 23:18 54,156 --a------ C:\WINDOWS\QTFont.qfn
2008-03-30 17:08 . 2006-11-02 23:18 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-30 17:07 . 2008-03-30 17:07 <REP> d-------- C:\Program Files\Audio Ease
2008-03-30 17:04 . 2008-03-30 17:04 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-03-30 16:57 . 2008-03-30 16:57 <REP> d-------- C:\Program Files\Sierra
2008-03-30 16:23 . 2008-03-31 16:40 <REP> d-------- C:\Program Files\Steinberg
2008-03-30 15:54 . 2008-03-30 15:54 <REP> d-------- C:\Program Files\Native Instruments
2008-03-30 15:03 . 2008-03-30 15:03 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\InstallShield
2008-03-30 14:35 . 2007-01-29 21:15 185,344 --a------ C:\WINDOWS\system32\drivers\RTL8187.sys
2008-03-30 14:28 . 2008-03-30 14:28 <REP> d-------- C:\WINDOWS\nvidia icons
2008-03-30 14:28 . 2008-03-30 14:31 <REP> d-------- C:\WINDOWS\NV31163136.TMP
2008-03-29 21:54 . 2008-03-30 15:03 <REP> d-------- C:\Program Files\Intel
2008-03-29 21:54 . 2008-03-29 21:54 <REP> d-------- C:\Intel
2008-03-28 20:01 . 2008-03-31 15:16 <REP> d-------- C:\Program Files\Yahoo!
2008-03-28 20:01 . 2008-04-01 12:32 <REP> d-------- C:\Program Files\CCleaner
2008-03-28 18:00 . 2008-03-28 18:00 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Uniblue
2008-03-28 17:52 . 2008-03-28 17:52 <REP> d-------- C:\Program Files\uTorrent
2008-03-28 17:52 . 2008-04-02 20:23 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\uTorrent
2008-03-28 17:35 . 2008-03-31 12:23 <REP> d-------- C:\Program Files\Fichiers communs\Native Instruments
2008-03-28 17:31 . 2008-03-30 23:05 <REP> d-------- C:\Documents and Settings\fernandes\Application Data\Steinberg
2008-03-28 17:24 . 2008-03-28 17:24 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-03-28 17:16 . 2008-03-28 17:16 <REP> d-------- C:\Program Files\Syncrosoft
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-27 19:07 --------- d-----w C:\Program Files\Marvell
2008-03-27 18:57 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-27 18:56 --------- d-----w C:\Program Files\Services en ligne
2008-03-06 15:23 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-02-14 16:14 25,648 ----a-w C:\WINDOWS\system32\drivers\mfwamidi.sys
2008-02-14 16:14 23,600 ----a-w C:\WINDOWS\system32\drivers\motubus.sys
2008-02-14 16:14 22,064 ----a-w C:\WINDOWS\system32\drivers\mfwagsif.sys
2008-02-14 16:13 60,976 ----a-w C:\WINDOWS\system32\drivers\mfwawave.sys
2008-02-14 16:13 378,416 ----a-w C:\WINDOWS\system32\drivers\motufwa.sys
2008-02-14 15:56 184,320 ----a-w C:\WINDOWS\system32\mfwaasio.drv
2008-02-08 16:37 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
2008-02-08 16:35 23,604 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
.
((((((((((((((((((((((((((((( snapshot@2008-04-02_16.48.18.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-21 15:31:48 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
+ 2007-11-21 15:31:48 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
+ 2008-03-14 06:04:29 46,652 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
+ 2006-03-17 09:45:52 1,757,184 ----a-w C:\WINDOWS\system32\imagX7.dll
+ 2006-03-17 09:45:54 497,296 ----a-w C:\WINDOWS\system32\imagXpr7.dll
+ 2006-03-17 09:45:54 258,048 ----a-w C:\WINDOWS\system32\imagXR7.dll
+ 2006-03-17 09:45:54 802,816 ----a-w C:\WINDOWS\system32\imagXRA7.dll
+ 2007-12-03 16:04:12 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
+ 2006-03-17 12:49:46 368,640 ----a-w C:\WINDOWS\system32\TwnLib4.dll
+ 2007-03-20 18:22:04 972,336 ----a-w C:\WINDOWS\UNNeroBackItUp.exe
+ 2007-12-13 17:09:06 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
+ 2007-02-28 13:41:02 972,336 ----a-w C:\WINDOWS\UNNeroShowTime.exe
+ 2007-03-21 18:02:12 972,336 ----a-w C:\WINDOWS\UNNeroVision.exe
+ 2007-12-04 07:59:22 972,072 ----a-w C:\WINDOWS\UNRecode.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-11 00:03 8429568]
"nwiz"="nwiz.exe" [2008-03-04 11:02 1626112 C:\WINDOWS\system32\nwiz.exe]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 01:00 385024]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-05-11 00:03 81920]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-15 01:50 233472]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
MOTU Pedal Handler.lnk - C:\Program Files\MOTU\Audio\MFWAKeys.exe [2008-02-14 18:13:30 202024]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Sierra\\FEAR\\fpupdate.exe"=
"C:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"C:\\Program Files\\Sierra\\FEAR\\FEARMP.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
"D:\\Emule\\emule.exe"=
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 21:08]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 mfwagsif;MOTU Audio GSIF;C:\WINDOWS\system32\drivers\mfwagsif.sys [2008-02-14 18:14]
R3 mfwamidi;MOTU Audio MIDI;C:\WINDOWS\system32\drivers\mfwamidi.sys [2008-02-14 18:14]
R3 mfwawave;MOTU Audio Wave;C:\WINDOWS\system32\drivers\mfwawave.sys [2008-02-14 18:13]
R3 motubus;MOTU Audio MIDI Extension;C:\WINDOWS\system32\drivers\MotuBus.sys [2008-02-14 18:14]
R3 MotuFWA;MotuFWA;C:\WINDOWS\system32\drivers\motufwa.sys [2008-02-14 18:13]
S3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-05-31 15:29]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2007-01-29 21:15]
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\AutoRun.exe
*Newly Created Service* - NERO_BACKITUP_SCHEDULER_3
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-02 20:25:38
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-04-02 20:28:32
ComboFix-quarantined-files.txt 2008-04-02 18:28:30
ComboFix2.txt 2008-04-02 17:55:04
ComboFix3.txt 2008-04-02 14:50:09
Pre-Run: 26,713,198,592 octets libres
Post-Run: 26,704,019,456 octets libres
.
2008-04-02 01:00:46 --- E O F ---
Et pour le HiJack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:30:19, on 02/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\MOTU\Audio\MFWAKeys.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: MOTU Pedal Handler.lnk = C:\Program Files\MOTU\Audio\MFWAKeys.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5251 bytes
salut, je n'ai pas pu me connecter avant , désolé du retard de la réponse, mais le virus a bel et bien disparu, encore merci pour tout , c'est super sympa de faire ça bénévolement .
Mais j'ai un autre problème maintenant , je vais poster un autre message car j'ai beau lire plein de truc sur le forum, je ne comprends pas pourquoi et c'est frustant !!
A tout !!
Mais j'ai un autre problème maintenant , je vais poster un autre message car j'ai beau lire plein de truc sur le forum, je ne comprends pas pourquoi et c'est frustant !!
A tout !!
Lassé par la pub ? Créez un compte
