HELPPPPPP SUR-INFECTION !!!!!!!!!

HELPPPPPP SUR-INFECTION !!!!!!!!! - Sécurité - Virus

Recherche Recherche
Règles Règles
Aide Aide

Dans la même thématique :

Ceci répond-il à votre question ? Oui | Non

Voir les posts : Par défaut Tous Les bonnes notes Les notes insuffisantes

Mot : Pseudo : Filtrer
Bas de page
Auteur	Sujet : HELPPPPPP SUR-INFECTION !!!!!!!!!

maikilestb o

Profil : IDNaute

Plus d'informations

11-05-2008 à 21:29:49

Quelqu'un peut m'aider j'ai peur que mon ordi soit envahis de trojan????? :ouch: :ouch: :ouch:

je suis sous XP

j'avais avast jusque hier mais aujourd'hui remplacé par antivir

je vous post ; antivir ; combofix (en MSE) ; Malwarebytes' Anti-Malware (MSE) ; et bien sur HijackThis par contre vundo fix ne donne rien

Merci de votre aide je suis largé là!!!!!!

ANTIVIR :

Avira AntiVir Personal
Report file date: dimanche 11 mai 2008 16:34

Scanning for 1258665 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: GOUGOUNE

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 05/05/2008 11:12:23
ANTIVIR3.VDF : 7.0.4.23 99840 Bytes 09/05/2008 11:12:27
Engineversion : 8.1.0.42
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.31 262522 Bytes 11/05/2008 11:13:07
AESCN.DLL : 8.1.0.16 119156 Bytes 11/05/2008 11:13:06
AERDL.DLL : 8.1.0.20 418165 Bytes 11/05/2008 11:13:05
AEPACK.DLL : 8.1.1.4 364918 Bytes 11/05/2008 11:13:01
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 11/05/2008 11:12:57
AEHEUR.DLL : 8.1.0.26 1237366 Bytes 11/05/2008 11:12:55
AEHELP.DLL : 8.1.0.14 115063 Bytes 11/05/2008 11:12:36
AEGEN.DLL : 8.1.0.20 299380 Bytes 11/05/2008 11:12:35
AEEMU.DLL : 8.1.0.6 430451 Bytes 11/05/2008 11:12:31
AECORE.DLL : 8.1.0.28 168310 Bytes 11/05/2008 11:12:29
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 11 mai 2008 16:34

Starting search for hidden objects.
'63806' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'searchfilterhost.exe' - '1' Module(s) have been scanned
Scan process 'searchprotocolhost.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'lxcgcoms.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'ServiceLayer.exe' - '1' Module(s) have been scanned
Scan process 'WindowsSearch.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'LaunchApplication.exe' - '1' Module(s) have been scanned
Scan process 'ezprint.exe' - '1' Module(s) have been scanned
Scan process 'lxcgmon.exe' - '1' Module(s) have been scanned
Scan process 'ps2.EXE' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'HpqCmon.exe' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'searchindexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'oodag.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
48 processes with 48 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '46' files ).

Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\QooBox\Quarantine\catchme2008-05-11_ 94652,00.zip
[0] Archive type: ZIP
--> ddcYrQih.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '489b2f68.qua'!
C:\QooBox\Quarantine\C\WINDOWS\qadovnel.dll.vir
[DETECTION] Is the Trojan horse TR/Vapsup.ept.1
[NOTE] The file was moved to '488b2f6d.qua'!
C:\QooBox\Quarantine\C\WINDOWS\spwoqbmv.exe.vir
[DETECTION] Is the Trojan horse TR/Vapsup.ept.2
[NOTE] The file was moved to '489e2f7e.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\dvwxgphp.dll.vir
[DETECTION] Is the Trojan horse TR/Monder.DB
[NOTE] The file was moved to '489e2f87.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ejqqxobk.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '48982f7e.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\rgpfaluv.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '48972f7f.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\wilpktss.dll.vir
[DETECTION] Is the Trojan horse TR/Monder.96320
[NOTE] The file was moved to '48932f83.qua'!
C:\System Volume Information\_restore{BCBB538F-4B22-4C6E-BAFD-9A806D251BB2}\RP330\A0064418.exe
[DETECTION] Contains detection pattern of the dropper DR/Click.Agent.IQ.3
[NOTE] The file was moved to '48573014.qua'!
C:\System Volume Information\_restore{BCBB538F-4B22-4C6E-BAFD-9A806D251BB2}\RP345\A0071784.dll
[DETECTION] Is the Trojan horse TR/PCK.Monder.96256.2
[NOTE] The file was moved to '4857308e.qua'!
C:\System Volume Information\_restore{BCBB538F-4B22-4C6E-BAFD-9A806D251BB2}\RP345\A0072772.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '4857308f.qua'!
C:\System Volume Information\_restore{BCBB538F-4B22-4C6E-BAFD-9A806D251BB2}\RP348\A0073864.dll
[DETECTION] Is the Trojan horse TR/Monder.96320
[NOTE] The file was moved to '48573093.qua'!
C:\System Volume Information\_restore{BCBB538F-4B22-4C6E-BAFD-9A806D251BB2}\RP351\A0075333.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '485730a2.qua'!
C:\System Volume Information\_restore{BCBB538F-4B22-4C6E-BAFD-9A806D251BB2}\RP351\A0075553.exe
[DETECTION] Is the Trojan horse TR/Vapsup.ept.2
[NOTE] The file was moved to '485730a7.qua'!
C:\System Volume Information\_restore{BCBB538F-4B22-4C6E-BAFD-9A806D251BB2}\RP351\A0075554.dll
[DETECTION] Is the Trojan horse TR/Vapsup.ept.1
[NOTE] The file was moved to '49d07078.qua'!
C:\System Volume Information\_restore{BCBB538F-4B22-4C6E-BAFD-9A806D251BB2}\RP351\A0075584.dll
[DETECTION] Is the Trojan horse TR/Monder.DB
[NOTE] The file was moved to '485730a8.qua'!
C:\System Volume Information\_restore{BCBB538F-4B22-4C6E-BAFD-9A806D251BB2}\RP351\A0075585.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '49d07079.qua'!
C:\System Volume Information\_restore{BCBB538F-4B22-4C6E-BAFD-9A806D251BB2}\RP351\A0075589.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '485730aa.qua'!
C:\System Volume Information\_restore{BCBB538F-4B22-4C6E-BAFD-9A806D251BB2}\RP351\A0075590.dll
[DETECTION] Is the Trojan horse TR/Monder.96320
[NOTE] The file was moved to '485730a9.qua'!
C:\System Volume Information\_restore{BCBB538F-4B22-4C6E-BAFD-9A806D251BB2}\RP353\A0075724.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '485730af.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <HP_RECOVERY>

End of the scan: dimanche 11 mai 2008 20:06
Used time: 3:32:08 min

The scan has been done completely.

8146 Scanning directories
527322 Files were scanned
19 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
19 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
527303 Files not concerned
19456 Archives were scanned
7 Warnings
19 Notes
63806 Objects were scanned with rootkit scan
0 Hidden objects were found

COMBOFIX (MSE):

ComboFix 08-05-09.1 - Propriétaire 2008-05-11 16:08:31.3 - NTFSx86 MINIMAL
Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2008-04-11 to 2008-05-11 ))))))))))))))))))))))))))))))))))))
.

2008-05-11 14:11 . 2008-05-11 14:11 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Malwarebytes
2008-05-11 14:11 . 2008-05-11 14:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-11 14:11 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-11 14:11 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-11 13:10 . 2008-05-11 13:10 <REP> d-------- C:\Program Files\Avira
2008-05-11 13:10 . 2008-05-11 13:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-11 01:11 . 2008-05-11 01:11 <REP> d-------- C:\VundoFix Backups
2008-05-10 22:53 . 2008-05-10 22:53 <REP> d-------- C:\Program Files\TimeAdjuster
2008-05-10 21:33 . 2008-05-10 21:56 192 --a------ C:\WINDOWS\dvdtoaviconverter.ini
2008-05-10 21:30 . 2008-05-10 21:30 1 --a------ C:\WINDOWS\system32\SysDVDtoavi.dat
2008-05-10 21:29 . 2006-03-24 14:55 958,464 --a------ C:\WINDOWS\system32\advdaudio.ocx
2008-05-10 21:29 . 2003-08-07 14:01 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-05-10 21:29 . 2002-05-23 20:40 110,080 --a------ C:\WINDOWS\system32\advd.dll
2008-05-10 21:29 . 2001-06-23 21:20 23,040 --a------ C:\WINDOWS\system32\auth.dll
2008-05-10 21:28 . 2008-05-10 21:28 <REP> d-------- C:\Program Files\MyDVDTools
2008-05-05 01:41 . 2008-05-05 01:41 <REP> d-------- C:\Deckard
2008-05-02 15:31 . 2008-05-02 15:31 <REP> d-------- C:\Program Files\Ubi Soft
2008-05-02 14:51 . 2008-05-02 14:51 <REP> d-------- C:\Program Files\Red Storm Entertainment
2008-05-02 13:51 . 2008-05-11 00:18 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-02 13:50 . 2008-05-02 14:15 <REP> d-------- C:\Program Files\Spyware Doctor
2008-05-02 13:50 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-05-02 13:50 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-05-02 13:50 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-05-02 13:50 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-05-01 00:23 . 2008-05-01 00:24 <REP> d-------- C:\Program Files\PDFCreator
2008-05-01 00:23 . 2005-10-15 12:32 196,608 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
2008-05-01 00:23 . 1998-07-06 00:00 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL
2008-04-30 23:03 . 2008-05-11 13:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\tqrefyxq
2008-04-28 13:38 . 2008-04-28 13:38 <REP> d-------- C:\Données Ciel
2008-04-28 13:36 . 2008-04-28 13:36 <REP> d-------- C:\Program Files\Fichiers communs\Sage
2008-04-28 13:36 . 2008-04-28 13:36 <REP> d-------- C:\Program Files\Ciel
2008-04-28 13:36 . 2008-04-28 13:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ciel
2008-04-28 10:38 . 2008-04-28 10:38 <REP> d-------- C:\Program Files\EBP
2008-04-28 10:38 . 2008-04-28 10:39 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\{BCCC73C0-0E1A-4E82-9085-F29F133687F4}
2008-04-13 14:48 . 2008-05-10 22:39 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-13 14:48 . 2008-04-13 14:48 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-12 09:56 . 2008-05-08 10:05 <REP> d-------- C:\Program Files\CyberMUT
2008-04-12 09:56 . 2002-07-04 17:54 176,128 --a------ C:\WINDOWS\calceuro.exe
2008-04-12 09:56 . 2001-07-05 16:10 102,400 --a------ C:\WINDOWS\system32\CmutEuro32.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-11 12:09 --------- d-----w C:\Program Files\Common files
2008-05-10 20:56 --------- d-----w C:\Program Files\URUSoft
2008-05-10 19:58 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-10 19:58 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Thunderbird
2008-05-10 08:08 --------- d-----w C:\Program Files\Lx_cats
2008-05-08 12:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-05 23:11 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\LimeWire
2008-05-05 18:08 --------- d-----w C:\Program Files\PowerArchiver
2008-05-04 06:57 --------- d-----w C:\Program Files\Hijackthis Version Française
2008-05-02 13:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-02 12:13 --------- d-----w C:\Program Files\RKFree
2008-04-30 21:28 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-27 18:24 --------- d-----w C:\Program Files\CréaStart 2007
2008-04-27 18:19 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\OpenOffice.org2
2008-04-13 12:28 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Nokia Multimedia Player
2008-04-08 10:07 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\PC Suite
2008-04-08 07:41 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Nokia
2008-04-04 22:55 --------- d-----w C:\Program Files\OO Software
2008-04-04 22:15 --------- d-----w C:\Program Files\FinePixViewer
2008-04-04 22:13 --------- d-----w C:\Program Files\ArcSoft
2008-04-04 22:11 --------- d-----w C:\Program Files\Lavasoft
2008-04-04 22:11 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-04 22:11 --------- d-----w C:\Program Files\a-squared Free
2008-04-04 22:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-04 22:02 --------- d-----w C:\Program Files\CCleaner
2008-04-04 21:37 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\FrostWire
2008-04-04 21:37 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Azureus
2008-04-04 21:30 --------- d-----w C:\Program Files\ToniArts
2008-04-04 21:16 --------- d-----w C:\Program Files\Trend Micro
2008-04-04 21:10 --------- d-----w C:\Program Files\Yahoo!
2008-03-24 19:25 --------- d-----w C:\Program Files\Webteh
2008-03-24 19:25 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\BSplayer
2008-03-24 18:36 110,040 -c--a-w C:\Documents and Settings\Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
2008-03-24 12:41 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Vso
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-18 21:18 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Zylom
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-15 21:45 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-02-15 21:45 290,816 ------w C:\WINDOWS\Setup1.exe
2007-09-14 19:43 450 ----a-w C:\Documents and Settings\Propriétaire\Application Data\filterclsid.dat
2007-06-07 00:37 0 ----a-w C:\Documents and Settings\Propriétaire\Application Data\wklnhst.dat
2006-01-27 23:07 313,856 -c--a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2005-01-21 03:23 45,056 -c----r C:\Program Files\SetAttrib.exe
2004-12-19 19:49 30,010,107 -c--a-w C:\Program Files\nero6603.exe
2004-11-30 09:53 40,960 -c----r C:\Program Files\delete.exe
2004-07-12 22:12 1,023,726 -c--a-w C:\Program Files\wrar320.exe
2004-06-21 16:12 21,861,938 -c--a-w C:\Program Files\3820-fra-win2k_xp.exe
2004-05-03 19:01 2,713,880 -c--a-w C:\Program Files\WindowsXP-KB835732-x86-FRA.EXE
2004-03-05 21:00 3,783,046 -c--a-w C:\Program Files\codecfull.exe
2004-03-05 20:41 252,657 -c--a-w C:\Program Files\gspot221.exe
2004-02-15 19:48 9,304,688 -c--a-w C:\Program Files\MPSetupXP.exe
2007-09-05 07:38 64 -csha-r C:\WINDOWS\A696C37FD14D1A13.bin
2007-04-07 22:56 5 -csha-w C:\WINDOWS\system32\fdedfffc_g.dll
2006-10-05 19:34 5 -csha-w C:\WINDOWS\system32\fdedfffc_s.dll
2006-10-13 16:47 16,384 -csha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2006-10-13 16:47 16,384 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
2006-10-13 16:47 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-05-11_ 9.57.11.87 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-11 07:49:19 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-11 14:06:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-01-21 16:12:56 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-03-04 11:28:53 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C2C91F8-5B98-41B2-AFA2-6C1B1977167D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5DABEDE9-B27E-46B6-B41B-73899090D8C1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C78394D-954E-4D04-93E6-6EE2A392E27F}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-05-03 07:19 835654 C:\WINDOWS\system32\nview.dll]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 02:04 1415824]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2003-04-14 21:05 1498032]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-03 22:10 344064]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 05:42 248320]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 15:23 90112]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-17 00:57 81920]
"LXCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-04-27 16:21 69632]
"lxcgmon.exe"="C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" [2005-05-05 01:24 200704]
"EzPrint"="C:\Program Files\Lexmark 2300 Series\ezprint.exe" [2005-06-08 18:19 94208]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"KIT3"="C:\WINDOWS\system32\spool\hpprintqueue.exe" [ ]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

C:\Documents and Settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 15:11:14 27136]

C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 15:11:14 27136]

C:\Documents and Settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 15:11:14 27136]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 16:40:46 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 16:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebyaab]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqQgHwx]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtutt]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIVF"= DivX412.dll
"vidc.vp31"= vp31vfw.dll
"vidc.3ivx"= 3ivxVfWCodec.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"msacm.l3acm"= l3codecp.acm
"VIDC.X264"= x264vfw.dll
"vidc.i420"= i420vfw.dll
"vidc.dvsd"= pdvcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KLBLMain]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bootvis.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^F-Secure Anti-Virus 2006.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoEngine]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoWeather]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Startup Wizard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDDHealth]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 1998-05-08 00:04 52736 c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAV50]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a--c--- 2002-07-18 16:36 28672 C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2003-05-03 07:19 4640768 C:\WINDOWS\System32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PVModule]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
--a------ 2003-02-13 16:01 190976 C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Restore]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a--c--- 2003-05-08 08:32 36864 C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
--a------ 2004-08-23 14:50 122880 C:\PROGRA~1\Wanadoo\Shell.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Jeux classiques\\Bin\\CmCenterV2.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\NEC\\NEC Mobile Suite\\CommsService.exe"=
"<NO NAME>"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\mshta.exe"=
"C:\\WINDOWS\\system32\\lxcgcoms.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22117:TCP"= 22117:TCP:BitComet 22117 TCP
"22117:UDP"= 22117:UDP:BitComet 22117 UDP
"10240:TCP"= 10240:TCPIOLET_TCP
"20480:UDP"= 20480:UDPIOLET_UDP
"45400:TCP"= 45400:TCP:frost
"13720:TCP"= 13720:TCP:frostwire13720

R3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys [2006-05-25 00:09]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
S1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys [2006-05-18 19:38]
S2 litsgt;litsgt;C:\WINDOWS\system32\DRIVERS\litsgt.sys [2006-05-24 22:46]
S2 tansgt;tansgt;C:\WINDOWS\system32\DRIVERS\tansgt.sys [2006-05-24 22:46]
S3 archbus;NEC WMC USB_BJ1 Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\archbus.sys [2005-08-30 13:17]
S3 archmdfl;NEC WMC USB_BJ1 Modem Filter;C:\WINDOWS\system32\DRIVERS\archmdfl.sys [2005-08-30 13:17]
S3 archmdm;NEC WMC USB_BJ1 Port Drivers;C:\WINDOWS\system32\DRIVERS\archmdm.sys [2005-08-30 13:17]
S3 archobex;NEC WMC USB_BJ1 OBEX Interface Drivers (WDM);C:\WINDOWS\system32\DRIVERS\archobex.sys [2005-08-30 13:17]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2006-10-28 11:57]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]
S3 RapDrv;RapDrv;C:\WINDOWS\system32\drivers\RapDrv.sys [2003-10-24 15:57]
S3 RapFile;RapFile;C:\WINDOWS\system32\drivers\RapFile.sys [2003-02-25 18:26]
S3 RapNet;RapNet;C:\WINDOWS\system32\drivers\RapNet.sys [2003-02-25 18:26]
S3 snpstd2;Trust WB-3400T Webcam;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-10-14 18:12]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 07:58]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2006-02-26 16:00:00 C:\WINDOWS\Tasks\A83F101F9190803F.job"
- c:\docume~1\moman\applic~1\proxyt~1\Upload Type Does.exe
"2008-01-07 19:15:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-02-26 16:05:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2007-11-03 02:01:28 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-11 16:11:40
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-11 16:13:49
ComboFix-quarantined-files.txt 2008-05-11 14:13:28
ComboFix2.txt 2008-05-11 12:03:58

Pre-Run: 82,128,248,832 octets libres
Post-Run: 82,108,289,024 octets libres

281 --- E O F --- 2008-04-09 12:26:34

Malwarebytes' Anti-Malware (aussi en MSE) :

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 139939
Temps écoulé: 1 hour(s), 32 minute(s), 0 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 17

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce86878f-d099-4ffc-a4dc-e51d192063b1} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\Software\Casino Tropez (Adware.Casino) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Casino Tropez (Adware.Casino) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\QooBox\Quarantine\C\WINDOWS\xbaqktfv.exe.vir (Trojan.FakeAlert) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\ddcYrQih.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\epxtdral.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\nnnkLdee.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\qoMdDtqn.dll.vir (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{BCBB538F-4B22-4C6E-BAFD-9A806D251BB2}\RP348\A0073863.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{BCBB538F-4B22-4C6E-BAFD-9A806D251BB2}\RP351\A0075508.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{BCBB538F-4B22-4C6E-BAFD-9A806D251BB2}\RP351\A0075555.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{BCBB538F-4B22-4C6E-BAFD-9A806D251BB2}\RP351\A0075586.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{BCBB538F-4B22-4C6E-BAFD-9A806D251BB2}\RP351\A0075587.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{BCBB538F-4B22-4C6E-BAFD-9A806D251BB2}\RP351\A0075588.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{BCBB538F-4B22-4C6E-BAFD-9A806D251BB2}\RP351\A0075606.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{BCBB538F-4B22-4C6E-BAFD-9A806D251BB2}\RP352\A0075634.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\bwngjgdu.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\ssqQgHwx.dll.vir (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico (Malware.Trace) -> No action taken.
C:\Documents and Settings\Propriétaire\Application Data\urlredir.cfg (Adware.RightOnAds) -> No action taken.

HijackThis dernier en date

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:08:13 , on 11/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0007)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Propriétaire\Bureau\Sanner.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Li [...] SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.metacrawl.ws
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C2C91F8-5B98-41B2-AFA2-6C1B1977167D} - (no file)
O2 - BHO: (no name) - {5DABEDE9-B27E-46B6-B41B-73899090D8C1} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9C78394D-954E-4D04-93E6-6EE2A392E27F} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CE86878F-D099-4FFC-A4DC-E51D192063B1} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KIT3] C:\WINDOWS\system32\spool\hpprintqueue.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O8 - Extra context menu item: Open with BitPump - C:\Program Files\AnalogX\BitPump\ieint.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://sevetlolo.spaces.live.com// [...] nPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0895ce [...] 601_fr.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {981D847D-2C06-4FB7-A09C-4F0A48601B2C} - http://techcity.aol.fr/download/img/DiagSetup.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/bina [...] b32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/bina [...] b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8A5B59B-A90F-4F33-8165-9842E26390E6}: NameServer = 213.140.2.12,213.140.2.21
O20 - Winlogon Notify: gebyaab - C:\WINDOWS\
O20 - Winlogon Notify: ssqQgHwx - C:\WINDOWS\
O20 - Winlogon Notify: vtutt - C:\WINDOWS\
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlackICE - Unknown owner - C:\Program Files\ISS\BlackICE\blackd.exe (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - Unknown owner - C:\WINDOWS\System32\FTRTSVC.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDD Information Service (HDDSvc) - Unknown owner - C:\WINDOWS\system32\HDDSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: RapApp - Unknown owner - C:\Program Files\ISS\BlackICE\rapapp.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - (no file)
O24 - Desktop Component 1: (no name) - file:///CDOCUME~1/PROPRI~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 13261 bytes

MERCDI D'AVANCE

Liens

Aller à :

FORUM Infos-du-Net » Sécurité - Virus » HELPPPPPP SUR-INFECTION !!!!!!!!!

Page générée en 0.499 secondes

Liens

Produits relatifs

Bandaï Hack Vol.1 - Infection (PS2) - 59.99 € / 59.99 € (catégorie : Jeux vidéos)

Dans l'actualité

Les téléchargements

Ressources relatives

Les dernières actualités

Les derniers dossiers