Virus Pop Up/Lenteur internet (impossible d'aller sur google)

Bonjour,voila j'ai récemment tenté d'installer un crack nocd et j'ai chopé un virus qui me fait des pops up chiants et surtout rend mon internet LENT voir meme impossible de faire une recherche sur google.
Avec un ami informaticien nous avons déja résolu 2 problemes mais il en reste un :S

Je vais donc poster mon rapport HijackThis en espérant trouver de l'aider :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:08:59, on 26/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\PROGRA~1\FICHIE~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\RivaTuner v2.06\RivaTuner.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
G:\Applications\Scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {14370F76-7676-44A2-AD11-93A31C5FC9FC} - C:\WINDOWS\system32\ssqOhIAT.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {59b9203d-271d-c158-3804-59548cd340d9} - {9d043dc8-4595-4083-851c-d172d3029b95} - C:\WINDOWS\system32\owuwfude.dll
O2 - BHO: (no name) - {E5F8DA84-78C8-440E-A9E4-50E61B120200} - C:\WINDOWS\system32\tuvUNdDu.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /T
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /S
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Giganews Accelerator.lnk = C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe
O4 - Global Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O20 - Winlogon Notify: ssqOhIAT - C:\WINDOWS\SYSTEM32\ssqOhIAT.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6765 bytes

Voila,merci d'avance.

Message édité par CourgetteHxC le 26-06-2008 à 21:07:35

Répondre

Inscrivez-vous ou connectez-vous pour masquer ceci.

bonsoir

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.

AIDE : Tuto en images sur MBAM

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

Bonsoir.
Merci beaucoup.
J'ai donc fait comme il était dit,mais,l'analyse prend énormément de temps alors je la relancerai cette nuit avant de dormir
J'ai déja trouvé ca :

Malwarebytes' Anti-Malware 1.18
Version de la base de données: 894

22:43:35 26/06/2008
mbam-log-6-26-2008 (22-43-35).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|)
Eléments examinés: 48122
Temps écoulé: 43 minute(s), 0 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 7

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\tuvUNdDu.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\ssqOhIAT.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3b9b3fe9-7832-4edb-876d-c3c935db4589} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3b9b3fe9-7832-4edb-876d-c3c935db4589} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{14370f76-7676-44a2-ad11-93a31c5fc9fc} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14370f76-7676-44a2-ad11-93a31c5fc9fc} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqohiat (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{14370f76-7676-44a2-ad11-93a31c5fc9fc} (Trojan.Vundo) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\tuvunddu -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\tuvunddu -> Delete on reboot.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\mvsjkcyb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byckjsvm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvUNdDu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\uDdNUvut.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uDdNUvut.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvUNdDu.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqOhIAT.dll (Trojan.Vundo) -> Delete on reboot.

En tout cas merci beaucoup pour ton aide.

Message édité par CourgetteHxC le 26-06-2008 à 22:52:58

Répondre à CourgetteHxC

re

Citation :

J'ai donc fait comme il était dit,mais,l'analyse prend énormément de temps alors je la relancerai cette nuit avant de dormir

tu n'as pas attendu la fin du scan?

fais le en entier stp

Message édité par Sham_Rock le 26-06-2008 à 22:50:53

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

Vi je vais le faire mais je posterai les logs demain matin car en 45 minutes il a scan la moité de mon disque C et y'en a encore BEAUCOUP a scanner
Merci encore.

Répondre à CourgetteHxC

Bonjour.
Voila analyse terminée :

Malwarebytes' Anti-Malware 1.18
Version de la base de données: 894

08:46:14 27/06/2008
mbam-log-6-27-2008 (08-46-14).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|)
Eléments examinés: 193775
Temps écoulé: 5 hour(s), 39 minute(s), 50 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 10
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 15

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\tuvUNdDu.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\ssqOhIAT.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73f59a61-aff7-42f9-a95d-8e724f825259} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{73f59a61-aff7-42f9-a95d-8e724f825259} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{14370f76-7676-44a2-ad11-93a31c5fc9fc} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14370f76-7676-44a2-ad11-93a31c5fc9fc} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqohiat (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\50a5834f (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{14370f76-7676-44a2-ad11-93a31c5fc9fc} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM5396b0d3 (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\rtixkvuu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uuvkxitr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvUNdDu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\uDdNUvut.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uDdNUvut.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqOhIAT.dll (Trojan.Vundo) -> Delete on reboot.
C:\System Volume Information\_restore{534151C7-68EF-444A-953F-E415426E42B0}\RP38\A0004290.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{534151C7-68EF-444A-953F-E415426E42B0}\RP39\A0005290.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{534151C7-68EF-444A-953F-E415426E42B0}\RP39\A0005369.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{534151C7-68EF-444A-953F-E415426E42B0}\RP40\A0005584.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{534151C7-68EF-444A-953F-E415426E42B0}\RP40\A0005798.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\Mes Documents\Jeux Vidéos\PC\Battlefield 2\Battlefield.2\vtl-bf2k.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nusbjbbh.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

Malheureusement ca a toujours rien changé
Je sens que je suis reparti pour formater (je l'ai fait y'a 4 jours deja... >.> ).

Message édité par CourgetteHxC le 27-06-2008 à 08:52:33

Répondre à CourgetteHxC

bonjour

non, pas de format

Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport :C: \Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

viens sur le forum et édition "coller"

ajoute un nouveau rapport Hijackthis.

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

Re.
Alors j'ai apparemment résolu mon prob en utilisant Vundofix et Virtumondebegone + en supprimant des clés de registre en mode sans échec et avec la restauration systeme désactivée.
Merci bien pour ton aide en tout cas et si j'ai le prob a nouveau j'hésiterai pas a repasser
Et si les gens ont besoin d'infos,demandez

Répondre à CourgetteHxC

re
j'attends ton rapport

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:10:03, on 27/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\PROGRA~1\FICHIE~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\RivaTuner v2.06\RivaTuner.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\FRAPS\FRAPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Ventrilo\Ventrilo.exe
G:\Applications\Scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {2369AF1D-C2C5-475E-B537-B8FA07099120} - C:\WINDOWS\system32\tuvUNdDu.dll (file missing)
O2 - BHO: {028ff773-6ea7-b26a-6754-e9e90a6b6c96} - {69c6b6a0-9e9e-4576-a62b-7ae6377ff820} - C:\WINDOWS\system32\tsyhaawx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /T
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /S
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Giganews Accelerator.lnk = C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe
O4 - Global Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6337 bytes

Répondre à CourgetteHxC

re
bah il en reste...

Citation :

O2 - BHO: {028ff773-6ea7-b26a-6754-e9e90a6b6c96} - {69c6b6a0-9e9e-4576-a62b-7ae6377ff820} - C:\WINDOWS\system32\tsyhaawx.dll

j'attends ton rapport:
C:\Combofix.txt

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

ComboFix 08-06-20.4 - Shuu 2008-06-27 23:17:48.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1279 [GMT 2:00]
Endroit: G:\Applications\ComboFix.exe
* Création d'un nouveau point de restauration
* Resident AV is active

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM5396b0d3.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\enwwgltv.ini
C:\WINDOWS\system32\irexpqed.ini
C:\WINDOWS\system32\uDdNUvut.ini
C:\WINDOWS\system32\uDdNUvut.ini2
C:\WINDOWS\system32\vhihuvoc.ini

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-27 to 2008-06-27 ))))))))))))))))))))))))))))))))))))
.

2008-06-27 11:55 . 2008-06-27 11:55 <REP> d-------- C:\Program Files\Marsu-Fix
2008-06-27 10:45 . 2008-06-27 10:45 <REP> d-------- C:\VundoFix Backups
2008-06-27 10:35 . 2008-06-27 10:37 <REP> d-------- C:\Program Files\RegCure
2008-06-27 10:27 . 2008-06-27 11:06 152 --a------ C:\WINDOWS\wininit.ini
2008-06-27 08:59 . 2008-06-27 08:59 106,496 --a------ C:\WINDOWS\system32\tsyhaawx.dll
2008-06-27 08:56 . 2008-06-27 08:56 1,727,338 ---hs---- C:\WINDOWS\system32\qsvjtnub.tmp
2008-06-27 08:56 . 2008-06-27 08:56 80,896 --a------ C:\WINDOWS\system32\vtlgwwne.dll
2008-06-27 08:53 . 2008-06-27 08:53 91,648 --a------ C:\WINDOWS\system32\xefaoyon.dll
2008-06-27 08:52 . 2008-06-27 08:52 106,496 --a------ C:\WINDOWS\system32\lcswoifu.dll
2008-06-27 08:52 . 2008-06-27 08:52 80,896 --------- C:\WINDOWS\system32\buntjvsq.dll
2008-06-27 08:50 . 2008-06-27 08:50 91,648 --a------ C:\WINDOWS\system32\bnlqrhli.dll
2008-06-26 22:49 . 2008-06-26 22:49 106,496 --a------ C:\WINDOWS\system32\mbfbflgg.dll
2008-06-26 21:55 . 2008-06-26 21:55 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-26 21:55 . 2008-06-26 21:55 <REP> d-------- C:\Documents and Settings\Shuu\Application Data\Malwarebytes
2008-06-26 21:55 . 2008-06-26 21:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-26 21:55 . 2008-06-19 17:55 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-26 21:55 . 2008-06-19 17:55 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-26 21:01 . 2008-06-26 21:02 <REP> d-------- C:\Program Files\Panda Security
2008-06-26 20:18 . 2007-02-09 18:34 420,816 --a------ C:\Documents and Settings\Shuu\Application Data\wunauclt.exe
2008-06-26 20:18 . 2008-03-15 17:57 199,445 --a------ C:\Documents and Settings\Shuu\Application Data\toolbar.dll
2008-06-26 20:18 . 2008-05-12 11:56 92,672 --------- C:\Documents and Settings\Shuu\Application Data\dr.exe
2008-06-26 20:18 . 2008-03-15 15:24 82,937 --a------ C:\Documents and Settings\Shuu\Application Data\space1.exe
2008-06-26 20:18 . 2008-06-26 20:18 57,344 --a------ C:\WINDOWS\system32\ssqOhIAT.dll.vir
2008-06-26 19:59 . 2008-06-26 19:59 <REP> d--hs---- C:\WINDOWS\ftpcache
2008-06-26 19:55 . 2005-09-01 12:03 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2008-06-26 19:55 . 2005-09-01 12:03 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2008-06-26 19:54 . 2008-06-26 19:54 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2008-06-26 19:54 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-06-26 19:54 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-06-26 19:54 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-06-26 19:54 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-06-26 19:54 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-06-26 19:54 . 2006-01-12 16:40 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-06-26 19:54 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-06-26 18:42 . 2008-06-26 18:42 106,496 --a------ C:\WINDOWS\system32\owuwfude.dll
2008-06-26 18:39 . 2008-06-26 18:39 91,648 --a------ C:\WINDOWS\system32\hqftkpjw.dll
2008-06-26 17:31 . 2008-06-27 09:42 <REP> d-------- C:\Warhammer Online - Age of Reckoning
2008-06-26 17:15 . 2008-06-26 17:15 <REP> d-------- C:\Program Files\Fichiers communs\SWF Studio
2008-06-26 16:15 . 2008-06-27 22:07 <REP> d-------- C:\Program Files\TubeMaster
2008-06-26 16:09 . 2008-06-26 16:09 <REP> d-------- C:\Program Files\KC Softwares
2008-06-25 17:05 . 2008-02-28 13:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-06-25 17:05 . 2008-02-28 13:01 774,144 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB
2008-06-25 17:05 . 2008-06-25 17:05 0 --a------ C:\WINDOWS\Irremote.ini
2008-06-24 17:26 . 2008-06-24 17:26 <REP> d-------- C:\Documents and Settings\Shuu\Application Data\Nokia Multimedia Player
2008-06-23 18:36 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-06-23 18:36 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-06-23 18:36 . 2008-06-23 18:36 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-06-23 18:30 . 2008-06-26 20:27 <REP> d-------- C:\Documents and Settings\Shuu\Application Data\OpenOffice.org2
2008-06-23 18:29 . 2008-06-23 18:29 <REP> d-------- C:\Program Files\OpenOffice.org 2.4
2008-06-23 18:29 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-23 18:28 . 2008-06-24 16:08 <REP> d-------- C:\Program Files\Java
2008-06-23 18:28 . 2008-06-23 18:28 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-06-23 18:24 . 2008-06-27 23:01 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-06-23 18:23 . 2008-06-26 23:29 <REP> d-------- C:\Documents and Settings\Shuu\.homeplayer
2008-06-23 17:17 . 2008-06-23 17:17 <REP> d-------- C:\Program Files\Runtime Software
2008-06-23 16:43 . 2008-06-23 16:43 <REP> d-------- C:\Program Files\RivaTuner v2.06
2008-06-23 16:35 . 2008-06-23 16:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-06-23 16:33 . 2008-06-23 16:33 <REP> d-------- C:\Program Files\Bonjour
2008-06-23 16:29 . 2008-06-23 16:29 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-06-23 16:27 . 2008-06-23 16:33 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-06-23 16:23 . 2008-06-23 16:23 <REP> d-------- C:\Fraps
2008-06-23 16:23 . 2008-06-27 23:20 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-23 16:13 . 2008-06-26 16:08 <REP> d-------- C:\Program Files\PokerStars
2008-06-23 15:53 . 2008-06-23 15:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-06-23 15:50 . 2008-06-23 15:50 <REP> d-------- C:\Program Files\NeroInstall.bak
2008-06-23 15:49 . 2008-06-23 15:49 <REP> d-------- C:\Documents and Settings\Shuu\Application Data\Nero
2008-06-23 15:48 . 2008-06-26 19:54 <REP> d-------- C:\Program Files\Ahead
2008-06-23 15:47 . 2008-06-25 17:06 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-06-23 15:47 . 2008-06-25 17:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-23 14:10 . 2008-06-23 15:18 <REP> d-------- C:\Documents and Settings\Shuu\Application Data\Ventrilo
2008-06-23 14:09 . 2004-08-04 02:54 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-06-23 14:09 . 2001-08-17 23:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-06-23 14:08 . 2004-08-04 02:39 58,496 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-06-23 14:07 . 2004-08-04 00:54 77,312 --a------ C:\WINDOWS\system32\usbui.dll
2008-06-23 14:07 . 2004-08-04 00:54 77,312 --a--c--- C:\WINDOWS\system32\dllcache\usbui.dll
2008-06-23 14:06 . 2008-06-23 14:06 <REP> d-------- C:\Documents and Settings\Shuu\Application Data\vlc
2008-06-23 14:06 . 2008-06-23 14:06 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage r‚seau
2008-06-23 14:06 . 2008-06-23 14:06 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage d'impression
2008-06-23 14:06 . 2008-06-23 12:10 <REP> d--h----- C:\Documents and Settings\Default User\ModŠles
2008-06-23 14:06 . 2008-06-23 14:06 <REP> d-------- C:\Documents and Settings\Default User\Mes documents
2008-06-23 14:06 . 2008-06-23 14:06 <REP> dr------- C:\Documents and Settings\Default User\Menu D‚marrer
2008-06-23 14:06 . 2008-06-23 12:13 <REP> d-------- C:\Documents and Settings\Default User\Favoris
2008-06-23 14:06 . 2008-06-23 14:06 <REP> d-------- C:\Documents and Settings\Default User\Bureau
2008-06-23 14:06 . 2008-06-23 18:29 <REP> d--h----- C:\Documents and Settings\All Users\ModŠles
2008-06-23 14:06 . 2008-06-23 17:31 <REP> dr------- C:\Documents and Settings\All Users\Menu D‚marrer
2008-06-23 14:06 . 2008-06-23 14:06 <REP> d-------- C:\Documents and Settings\All Users\Favoris
2008-06-23 14:06 . 2008-06-23 16:34 <REP> dr------- C:\Documents and Settings\All Users\Documents
2008-06-23 14:06 . 2008-06-27 11:36 <REP> d-------- C:\Documents and Settings\All Users\Bureau
2008-06-23 14:05 . 2008-06-23 15:48 <REP> d--h----- C:\Documents and Settings\Default User
2008-06-23 14:05 . 2008-06-23 12:13 <REP> d-------- C:\Documents and Settings\All Users
2008-06-23 14:05 . 2008-06-23 12:16 <REP> d-------- C:\Documents and Settings
2008-06-23 14:05 . 2008-06-23 12:15 1,264 --a------ C:\WINDOWS\system32\$winnt$.inf

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-27 20:57 --------- d-----w C:\Program Files\The KMPlayer
2008-06-27 20:43 --------- d-----w C:\Program Files\ZGuideTV
2008-06-27 09:55 159,839 ----a-w C:\WINDOWS\Marsu-Fix Uninstaller.exe
2008-06-27 08:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-24 19:57 --------- d-----w C:\Program Files\TBC Reveil
2008-06-23 17:26 --------- d-----w C:\Program Files\Winamp
2008-06-23 16:36 --------- d-----w C:\Documents and Settings\Shuu\Application Data\PC Suite
2008-06-23 16:36 --------- d-----w C:\Documents and Settings\Shuu\Application Data\Nokia
2008-06-23 16:23 --------- d-----w C:\Program Files\HomePlayer
2008-06-23 15:29 --------- d-----w C:\Program Files\BitComet
2008-06-23 15:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-06-23 12:14 --------- d-----w C:\Program Files\eMule
2008-06-23 11:53 --------- d-----w C:\Documents and Settings\Shuu\Application Data\Media Player Classic
2008-06-23 11:39 --------- d-----w C:\Program Files\Foxit Software
2008-06-23 11:37 --------- d-----w C:\Program Files\FreeUndelete
2008-06-23 11:35 --------- d-----w C:\Program Files\MSN Messenger
2008-06-23 11:35 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-23 11:35 --------- d-----w C:\Documents and Settings\Shuu\Application Data\Screenshot Sender
2008-06-23 11:30 --------- d-----w C:\Program Files\Giganews Accelerator
2008-06-23 11:24 --------- d-----w C:\Program Files\GrabIt
2008-06-23 11:21 --------- d-----w C:\Documents and Settings\Shuu\Application Data\Winamp
2008-06-23 11:19 --------- d-----w C:\Program Files\VideoLAN
2008-06-23 11:19 --------- d-----w C:\Program Files\Ventrilo
2008-06-23 11:19 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-06-23 11:18 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-23 11:17 --------- d-----w C:\Program Files\DVD Decrypter
2008-06-23 11:16 --------- d-----w C:\Program Files\QuickPar
2008-06-23 11:16 --------- d-----w C:\Program Files\Belkin
2008-06-23 11:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-06-23 11:15 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-06-23 11:15 --------- d-----w C:\Program Files\Nokia
2008-06-23 11:15 --------- d-----w C:\Program Files\Imagenomic
2008-06-23 11:15 --------- d-----w C:\Program Files\Fichiers communs\PCSuite
2008-06-23 11:15 --------- d-----w C:\Program Files\Fichiers communs\Nokia
2008-06-23 11:15 --------- d-----w C:\Program Files\DIFX
2008-06-23 11:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-06-23 11:14 --------- d-----w C:\Program Files\ma-config.com
2008-06-23 11:14 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-06-23 11:12 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-06-23 11:12 --------- d-----w C:\Program Files\Executive Software
2008-06-23 11:12 --------- d-----w C:\Program Files\DVD Shrink
2008-06-23 11:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-06-23 11:10 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-06-23 11:08 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-06-23 11:08 --------- d-----w C:\Documents and Settings\Shuu\Application Data\DAEMON Tools
2008-06-23 11:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\RoboForm
2008-06-23 11:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-23 11:03 --------- d-----w C:\Program Files\Lavasoft
2008-06-23 11:03 --------- d-----w C:\Program Files\7-Zip
2008-06-23 10:59 --------- d-----w C:\Program Files\Stardock
2008-06-23 10:59 --------- d-----w C:\Program Files\Fichiers communs\Stardock
2008-06-23 10:51 --------- d-----w C:\Program Files\MozBackup
2008-06-23 10:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-23 10:42 --------- d-----w C:\Program Files\Realtek
2008-06-23 10:42 --------- d-----w C:\Documents and Settings\Shuu\Application Data\InstallShield
2008-06-23 10:41 15,600 ----a-w C:\WINDOWS\gdrv.sys
2008-06-23 10:38 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-06-23 10:38 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-06-23 10:38 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-06-23 10:38 --------- d-----w C:\Program Files\Logitech
2008-06-23 10:38 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-06-23 10:38 --------- d-----w C:\Documents and Settings\Shuu\Application Data\Logitech
2008-06-23 10:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-06-23 10:27 --------- d-----w C:\Program Files\ESET
2008-06-23 10:27 --------- d-----w C:\Documents and Settings\Shuu\Application Data\ESET
2008-06-23 10:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-06-23 10:23 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-06-23 10:22 --------- d-----w C:\Program Files\Intel
2008-06-23 10:13 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-23 10:12 --------- d-----w C:\Program Files\Services en ligne
2008-06-02 16:10 4,752,384 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-05-30 12:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
2008-05-30 12:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
2008-05-30 12:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
2008-05-30 12:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
2008-05-30 12:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
2008-05-30 12:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
2008-05-30 12:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
2008-05-28 12:52 16,862,720 ----a-w C:\WINDOWS\RTHDCPL.exe
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-04-30 15:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-02 07:27 1,196,032 ----a-w C:\WINDOWS\RtlUpd.exe
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2008-03-28 17:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2369AF1D-C2C5-475E-B537-B8FA07099120}]
C:\WINDOWS\system32\tuvUNdDu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69c6b6a0-9e9e-4576-a62b-7ae6377ff820}]
2008-06-27 08:59 106496 --a------ C:\WINDOWS\system32\tsyhaawx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54 15360]
"Fraps"="C:\FRAPS\FRAPS.EXE" [2008-01-14 14:18 3182248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-28 14:52 16862720 C:\WINDOWS\RTHDCPL.exe]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-13 16:48 1443072]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46 13529088]
"nwiz"="nwiz.exe" [2008-05-03 05:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 05:46 86016]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 08:36 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-05-25 08:07 1953792]
"RivaTuner"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 20:05 2650112]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 20:05 2650112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\FICHIE~1\Stardock\mcpstub.dll 2005-01-31 15:13 49152 C:\PROGRA~1\FICHIE~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8212:TCP"= 8212:TCP:BitComet 8212 TCP
"8212:UDP"= 8212:UDP:BitComet 8212 UDP

R3 bcgame;Nostromo HID Device Minidriver;C:\WINDOWS\system32\drivers\bcgame.sys [2003-07-24 02:16]
S3 maconfservice;Ma-Config Service;"C:\Program Files\ma-config.com\maconfservice.exe" [2008-06-19 15:24]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-26 06:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\Documents
"2008-06-26 18:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\Documents
"2008-06-26 12:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\Documents
"2008-06-27 21:20:41 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-06-27 08:36:42 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-27 23:20:46
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\PROGRA~1\FICHIE~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-27 23:22:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-27 21:21:59

Pre-Run: 55,831,924,736 octets libres
Post-Run: 57,363,517,440 octets libres

295

Voili voila

Répondre à CourgetteHxC

re
faudrait se calmer sur le P2P
cracks/P2P

RegCure est un rogue:
http://assiste.com.free.fr/p/craptheque/regcure.html

Copie (Ctrl+C) le texte ci-dessous :

File::
C:\WINDOWS\system32\tsyhaawx.dll
C:\WINDOWS\system32\qsvjtnub.tmp
C:\WINDOWS\system32\vtlgwwne.dll
C:\WINDOWS\system32\xefaoyon.dll
C:\WINDOWS\system32\lcswoifu.dll
C:\WINDOWS\system32\buntjvsq.dll
C:\WINDOWS\system32\bnlqrhli.dll
C:\WINDOWS\system32\mbfbflgg.dll
C:\Documents and Settings\Shuu\Application Data\wunauclt.exe
C:\Documents and Settings\Shuu\Application Data\toolbar.dll
C:\Documents and Settings\Shuu\Application Data\dr.exe
C:\Documents and Settings\Shuu\Application Data\space1.exe
C:\WINDOWS\system32\ssqOhIAT.dll.vir
C:\WINDOWS\system32\owuwfude.dll
C:\WINDOWS\system32\hqftkpjw.dll
C:\WINDOWS\system32\tuvUNdDu.dll
C:\WINDOWS\system32\tsyhaawx.dll
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At1.job

Folder::
C:\Program Files\Marsu-Fix
C:\VundoFix Backups
C:\Program Files\RegCure
C:\WINDOWS\Marsu-Fix Uninstaller.exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2369AF1D-C2C5-475E-B537-B8FA07099120}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69c6b6a0-9e9e-4576-a62b-7ae6377ff820}]

Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
Sauvegarde ce fichier sous le nom de CFScript.txt

Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

Hum j'ai fait comme tu as dis,ca a simplement refait un scan,mais regcure est parti ceci dit.
Niveau P2P,a part DL des mangas et des MMOs...,j'en fais pas grand chose.
ComboFix 08-06-20.4 - Shuu 2008-06-28 0:18:38.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1412 [GMT 2:00]
Endroit: G:\Applications\ComboFix.exe
Command switches used :: G:\Applications\CFScript.txt
* Création d'un nouveau point de restauration
* Resident AV is active

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]

FILE ::
C:\Documents and Settings\Shuu\Application Data\dr.exe
C:\Documents and Settings\Shuu\Application Data\space1.exe
C:\Documents and Settings\Shuu\Application Data\toolbar.dll
C:\Documents and Settings\Shuu\Application Data\wunauclt.exe
C:\WINDOWS\system32\bnlqrhli.dll
C:\WINDOWS\system32\buntjvsq.dll
C:\WINDOWS\system32\hqftkpjw.dll
C:\WINDOWS\system32\lcswoifu.dll
C:\WINDOWS\system32\mbfbflgg.dll
C:\WINDOWS\system32\owuwfude.dll
C:\WINDOWS\system32\qsvjtnub.tmp
C:\WINDOWS\system32\ssqOhIAT.dll.vir
C:\WINDOWS\system32\tsyhaawx.dll
C:\WINDOWS\system32\tuvUNdDu.dll
C:\WINDOWS\system32\vtlgwwne.dll
C:\WINDOWS\system32\xefaoyon.dll
C:\WINDOWS\Tasks\At1.job
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Marsu-Fix Uninstaller.exe\
.
---- Previous Run -------
.
C:\Documents and Settings\Shuu\Application Data\dr.exe
C:\Documents and Settings\Shuu\Application Data\space1.exe
C:\Documents and Settings\Shuu\Application Data\toolbar.dll
C:\Documents and Settings\Shuu\Application Data\wunauclt.exe
C:\Program Files\Marsu-Fix
C:\Program Files\RegCure
C:\Program Files\RegCure\0_days.htm
C:\Program Files\RegCure\1_days.htm
C:\Program Files\RegCure\15_days.htm
C:\Program Files\RegCure\2_days.htm
C:\Program Files\RegCure\30_days.htm
C:\Program Files\RegCure\5_days.htm
C:\Program Files\RegCure\Animated-Bar.gif
C:\Program Files\RegCure\AutoUpdate.dll
C:\Program Files\RegCure\Backup\RegCureBak_June_27_08_10_37_47.bak
C:\Program Files\RegCure\Backup\RegCureBak_June_27_08_10_37_47.reg
C:\Program Files\RegCure\Backup\RegCureBak_June_27_08_10_37_47\Mass Effect.lnk
C:\Program Files\RegCure\Backup\RegCureBak_June_27_08_10_37_47\Tutorial.lnk
C:\Program Files\RegCure\Backup\RegCureBak_June_27_08_10_37_47\Visit the GrabIt website.lnk
C:\Program Files\RegCure\buttonfill.jpg
C:\Program Files\RegCure\buttonfill_expire.jpg
C:\Program Files\RegCure\buttonfill_mo.jpg
C:\Program Files\RegCure\buttonfill_mo_expire.jpg
C:\Program Files\RegCure\config.xml
C:\Program Files\RegCure\contentwrapper.gif
C:\Program Files\RegCure\expire.css
C:\Program Files\RegCure\footerbar.gif
C:\Program Files\RegCure\help.chm
C:\Program Files\RegCure\info_bubble.jpg
C:\Program Files\RegCure\Logs\Regcure-27-06-08-10-37-52.zip
C:\Program Files\RegCure\Logs\SystemInfo.zip
C:\Program Files\RegCure\LogSettings.xml
C:\Program Files\RegCure\main.css
C:\Program Files\RegCure\process-animation.gif
C:\Program Files\RegCure\RegCure.exe
C:\Program Files\RegCure\RegCure.exe.BAK
C:\Program Files\RegCure\settings.xml
C:\Program Files\RegCure\subtitlebar.gif
C:\Program Files\RegCure\tile_titlebar.jpg
C:\Program Files\RegCure\uninst.exe
C:\Program Files\RegCure\whitelist.dat
C:\Program Files\RegCure\zlibwapi.dll
C:\WINDOWS\Marsu-Fix Uninstaller.exe\
C:\WINDOWS\system32\bnlqrhli.dll
C:\WINDOWS\system32\buntjvsq.dll
C:\WINDOWS\system32\hqftkpjw.dll
C:\WINDOWS\system32\lcswoifu.dll
C:\WINDOWS\system32\mbfbflgg.dll
C:\WINDOWS\system32\owuwfude.dll
C:\WINDOWS\system32\qsvjtnub.tmp
C:\WINDOWS\system32\ssqOhIAT.dll.vir
C:\WINDOWS\system32\tsyhaawx.dll
C:\WINDOWS\system32\vtlgwwne.dll
C:\WINDOWS\system32\xefaoyon.dll
C:\WINDOWS\Tasks\At1.job

.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-27 to 2008-06-27 ))))))))))))))))))))))))))))))))))))
.

2008-06-27 10:27 . 2008-06-27 11:06 152 --a------ C:\WINDOWS\wininit.ini
2008-06-26 21:55 . 2008-06-26 21:55 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-26 21:55 . 2008-06-26 21:55 <REP> d-------- C:\Documents and Settings\Shuu\Application Data\Malwarebytes
2008-06-26 21:55 . 2008-06-26 21:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-26 21:55 . 2008-06-19 17:55 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-26 21:55 . 2008-06-19 17:55 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-26 21:01 . 2008-06-27 23:26 <REP> d-------- C:\Program Files\Panda Security
2008-06-26 19:59 . 2008-06-26 19:59 <REP> d--hs---- C:\WINDOWS\ftpcache
2008-06-26 19:55 . 2005-09-01 12:03 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2008-06-26 19:55 . 2005-09-01 12:03 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2008-06-26 19:54 . 2008-06-26 19:54 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2008-06-26 19:54 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-06-26 19:54 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-06-26 19:54 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-06-26 19:54 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-06-26 19:54 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-06-26 19:54 . 2006-01-12 16:40 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-06-26 19:54 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-06-26 17:31 . 2008-06-27 23:59 <REP> d-------- C:\Warhammer Online - Age of Reckoning
2008-06-26 17:15 . 2008-06-26 17:15 <REP> d-------- C:\Program Files\Fichiers communs\SWF Studio
2008-06-26 16:15 . 2008-06-27 22:07 <REP> d-------- C:\Program Files\TubeMaster
2008-06-26 16:09 . 2008-06-26 16:09 <REP> d-------- C:\Program Files\KC Softwares
2008-06-25 17:05 . 2008-02-28 13:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-06-25 17:05 . 2008-02-28 13:01 774,144 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB
2008-06-25 17:05 . 2008-06-25 17:05 0 --a------ C:\WINDOWS\Irremote.ini
2008-06-24 17:26 . 2008-06-24 17:26 <REP> d-------- C:\Documents and Settings\Shuu\Application Data\Nokia Multimedia Player
2008-06-23 18:36 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-06-23 18:36 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-06-23 18:36 . 2008-06-23 18:36 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-06-23 18:30 . 2008-06-26 20:27 <REP> d-------- C:\Documents and Settings\Shuu\Application Data\OpenOffice.org2
2008-06-23 18:29 . 2008-06-23 18:29 <REP> d-------- C:\Program Files\OpenOffice.org 2.4
2008-06-23 18:29 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-23 18:28 . 2008-06-24 16:08 <REP> d-------- C:\Program Files\Java
2008-06-23 18:28 . 2008-06-23 18:28 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-06-23 18:24 . 2008-06-27 23:01 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-06-23 18:23 . 2008-06-26 23:29 <REP> d-------- C:\Documents and Settings\Shuu\.homeplayer
2008-06-23 17:17 . 2008-06-23 17:17 <REP> d-------- C:\Program Files\Runtime Software
2008-06-23 16:43 . 2008-06-23 16:43 <REP> d-------- C:\Program Files\RivaTuner v2.06
2008-06-23 16:35 . 2008-06-23 16:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-06-23 16:33 . 2008-06-23 16:33 <REP> d-------- C:\Program Files\Bonjour
2008-06-23 16:29 . 2008-06-23 16:29 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-06-23 16:27 . 2008-06-23 16:33 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-06-23 16:23 . 2008-06-23 16:23 <REP> d-------- C:\Fraps
2008-06-23 16:23 . 2008-06-28 00:16 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-23 16:13 . 2008-06-26 16:08 <REP> d-------- C:\Program Files\PokerStars
2008-06-23 15:53 . 2008-06-23 15:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-06-23 15:50 . 2008-06-23 15:50 <REP> d-------- C:\Program Files\NeroInstall.bak
2008-06-23 15:49 . 2008-06-23 15:49 <REP> d-------- C:\Documents and Settings\Shuu\Application Data\Nero
2008-06-23 15:48 . 2008-06-26 19:54 <REP> d-------- C:\Program Files\Ahead
2008-06-23 15:47 . 2008-06-25 17:06 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-06-23 15:47 . 2008-06-25 17:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-23 14:10 . 2008-06-23 15:18 <REP> d-------- C:\Documents and Settings\Shuu\Application Data\Ventrilo
2008-06-23 14:09 . 2004-08-04 02:54 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-06-23 14:09 . 2001-08-17 23:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-06-23 14:08 . 2004-08-04 02:39 58,496 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-06-23 14:07 . 2004-08-04 00:54 77,312 --a------ C:\WINDOWS\system32\usbui.dll
2008-06-23 14:07 . 2004-08-04 00:54 77,312 --a--c--- C:\WINDOWS\system32\dllcache\usbui.dll
2008-06-23 14:06 . 2008-06-23 14:06 <REP> d-------- C:\Documents and Settings\Shuu\Application Data\vlc
2008-06-23 14:06 . 2008-06-23 14:06 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage réseau
2008-06-23 14:06 . 2008-06-23 14:06 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage d'impression
2008-06-23 14:06 . 2008-06-23 12:10 <REP> d--h----- C:\Documents and Settings\Default User\Modèles
2008-06-23 14:06 . 2008-06-23 14:06 <REP> d-------- C:\Documents and Settings\Default User\Mes documents
2008-06-23 14:06 . 2008-06-23 14:06 <REP> dr------- C:\Documents and Settings\Default User\Menu Démarrer
2008-06-23 14:06 . 2008-06-23 12:13 <REP> d-------- C:\Documents and Settings\Default User\Favoris
2008-06-23 14:06 . 2008-06-23 14:06 <REP> d-------- C:\Documents and Settings\Default User\Bureau
2008-06-23 14:06 . 2008-06-23 18:29 <REP> d--h----- C:\Documents and Settings\All Users\Modèles
2008-06-23 14:06 . 2008-06-23 17:31 <REP> dr------- C:\Documents and Settings\All Users\Menu Démarrer
2008-06-23 14:06 . 2008-06-23 14:06 <REP> d-------- C:\Documents and Settings\All Users\Favoris
2008-06-23 14:06 . 2008-06-23 16:34 <REP> dr------- C:\Documents and Settings\All Users\Documents
2008-06-23 14:06 . 2008-06-27 11:36 <REP> d-------- C:\Documents and Settings\All Users\Bureau
2008-06-23 14:05 . 2008-06-23 15:48 <REP> d--h----- C:\Documents and Settings\Default User
2008-06-23 14:05 . 2008-06-23 12:13 <REP> d-------- C:\Documents and Settings\All Users
2008-06-23 14:05 . 2008-06-23 12:16 <REP> d-------- C:\Documents and Settings
2008-06-23 14:05 . 2008-06-23 12:15 1,264 --a------ C:\WINDOWS\system32\$winnt$.inf

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-27 20:57 --------- d-----w C:\Program Files\The KMPlayer
2008-06-27 20:43 --------- d-----w C:\Program Files\ZGuideTV
2008-06-27 09:55 159,839 ----a-w C:\WINDOWS\Marsu-Fix Uninstaller.exe
2008-06-27 08:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-24 19:57 --------- d-----w C:\Program Files\TBC Reveil
2008-06-23 17:26 --------- d-----w C:\Program Files\Winamp
2008-06-23 16:36 --------- d-----w C:\Documents and Settings\Shuu\Application Data\PC Suite
2008-06-23 16:36 --------- d-----w C:\Documents and Settings\Shuu\Application Data\Nokia
2008-06-23 16:23 --------- d-----w C:\Program Files\HomePlayer
2008-06-23 15:29 --------- d-----w C:\Program Files\BitComet
2008-06-23 15:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-06-23 12:14 --------- d-----w C:\Program Files\eMule
2008-06-23 11:53 --------- d-----w C:\Documents and Settings\Shuu\Application Data\Media Player Classic
2008-06-23 11:39 --------- d-----w C:\Program Files\Foxit Software
2008-06-23 11:37 --------- d-----w C:\Program Files\FreeUndelete
2008-06-23 11:35 --------- d-----w C:\Program Files\MSN Messenger
2008-06-23 11:35 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-23 11:35 --------- d-----w C:\Documents and Settings\Shuu\Application Data\Screenshot Sender
2008-06-23 11:30 --------- d-----w C:\Program Files\Giganews Accelerator
2008-06-23 11:24 --------- d-----w C:\Program Files\GrabIt
2008-06-23 11:21 --------- d-----w C:\Documents and Settings\Shuu\Application Data\Winamp
2008-06-23 11:19 --------- d-----w C:\Program Files\VideoLAN
2008-06-23 11:19 --------- d-----w C:\Program Files\Ventrilo
2008-06-23 11:19 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-06-23 11:18 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-23 11:17 --------- d-----w C:\Program Files\DVD Decrypter
2008-06-23 11:16 --------- d-----w C:\Program Files\QuickPar
2008-06-23 11:16 --------- d-----w C:\Program Files\Belkin
2008-06-23 11:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-06-23 11:15 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-06-23 11:15 --------- d-----w C:\Program Files\Nokia
2008-06-23 11:15 --------- d-----w C:\Program Files\Imagenomic
2008-06-23 11:15 --------- d-----w C:\Program Files\Fichiers communs\PCSuite
2008-06-23 11:15 --------- d-----w C:\Program Files\Fichiers communs\Nokia
2008-06-23 11:15 --------- d-----w C:\Program Files\DIFX
2008-06-23 11:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-06-23 11:14 --------- d-----w C:\Program Files\ma-config.com
2008-06-23 11:14 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-06-23 11:12 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-06-23 11:12 --------- d-----w C:\Program Files\Executive Software
2008-06-23 11:12 --------- d-----w C:\Program Files\DVD Shrink
2008-06-23 11:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-06-23 11:10 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-06-23 11:08 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-06-23 11:08 --------- d-----w C:\Documents and Settings\Shuu\Application Data\DAEMON Tools
2008-06-23 11:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\RoboForm
2008-06-23 11:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-23 11:03 --------- d-----w C:\Program Files\Lavasoft
2008-06-23 11:03 --------- d-----w C:\Program Files\7-Zip
2008-06-23 10:59 --------- d-----w C:\Program Files\Stardock
2008-06-23 10:59 --------- d-----w C:\Program Files\Fichiers communs\Stardock
2008-06-23 10:51 --------- d-----w C:\Program Files\MozBackup
2008-06-23 10:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-23 10:42 --------- d-----w C:\Program Files\Realtek
2008-06-23 10:42 --------- d-----w C:\Documents and Settings\Shuu\Application Data\InstallShield
2008-06-23 10:41 15,600 ----a-w C:\WINDOWS\gdrv.sys
2008-06-23 10:38 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-06-23 10:38 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-06-23 10:38 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-06-23 10:38 --------- d-----w C:\Program Files\Logitech
2008-06-23 10:38 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-06-23 10:38 --------- d-----w C:\Documents and Settings\Shuu\Application Data\Logitech
2008-06-23 10:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-06-23 10:27 --------- d-----w C:\Program Files\ESET
2008-06-23 10:27 --------- d-----w C:\Documents and Settings\Shuu\Application Data\ESET
2008-06-23 10:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-06-23 10:23 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-06-23 10:22 --------- d-----w C:\Program Files\Intel
2008-06-23 10:13 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-23 10:12 --------- d-----w C:\Program Files\Services en ligne
2008-06-02 16:10 4,752,384 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-05-30 12:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
2008-05-30 12:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
2008-05-30 12:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
2008-05-30 12:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
2008-05-30 12:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
2008-05-30 12:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
2008-05-30 12:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
2008-05-28 12:52 16,862,720 ----a-w C:\WINDOWS\RTHDCPL.exe
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-04-30 15:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-02 07:27 1,196,032 ----a-w C:\WINDOWS\RtlUpd.exe
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2008-03-28 17:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54 15360]
"Fraps"="C:\FRAPS\FRAPS.EXE" [2008-01-14 14:18 3182248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-28 14:52 16862720 C:\WINDOWS\RTHDCPL.exe]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-13 16:48 1443072]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46 13529088]
"nwiz"="nwiz.exe" [2008-05-03 05:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 05:46 86016]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 08:36 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-05-25 08:07 1953792]
"RivaTuner"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 20:05 2650112]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 20:05 2650112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648]

C:\Documents and Settings\Shuu\Menu D‚marrer\Programmes\D‚marrage\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-06-23 12:59:36 1871941]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Giganews Accelerator.lnk - C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe [2007-12-18 08:52:20 1085440]
Loadout Manager.lnk - C:\Program Files\Belkin\Nostromo\nost_LM.exe [2004-04-06 15:49:02 454656]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-06-23 12:38:13 688128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\FICHIE~1\Stardock\mcpstub.dll 2005-01-31 15:13 49152 C:\PROGRA~1\FICHIE~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8212:TCP"= 8212:TCP:BitComet 8212 TCP
"8212:UDP"= 8212:UDP:BitComet 8212 UDP

R3 bcgame;Nostromo HID Device Minidriver;C:\WINDOWS\system32\drivers\bcgame.sys [2003-07-24 02:16]
S3 maconfservice;Ma-Config Service;"C:\Program Files\ma-config.com\maconfservice.exe" [2008-06-19 15:24]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-06-26 18:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\Documents
"2008-06-26 12:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\Documents
"2008-06-27 21:20:41 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-06-27 08:36:42 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-28 00:19:26
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-06-28 0:19:46
ComboFix-quarantined-files.txt 2008-06-27 22:19:43
ComboFix2.txt 2008-06-27 21:22:05

Pre-Run: 57,409,703,936 octets libres
Post-Run: 57,420,034,048 octets libres

329

Répondre à CourgetteHxC

re

tu fais pas comme je t'ai expliqué:

Citation :

Command switches used :: G:\Applications\CFScript.txt
* Création d'un nouveau point de restauration
* Resident AV is active

L'antivirus doit être désactivé
ComboFix doit être sur le bureau

Recommence avec mon script stp

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

Re.
Effectivement,désolé j'avais zappé :S

ComboFix 08-06-20.4 - Shuu 2008-06-28 13:47:16.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1239 [GMT 2:00]
Endroit: C:\Documents and Settings\Shuu\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Shuu\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]

FILE ::
C:\Documents and Settings\Shuu\Application Data\dr.exe
C:\Documents and Settings\Shuu\Application Data\space1.exe
C:\Documents and Settings\Shuu\Application Data\toolbar.dll
C:\Documents and Settings\Shuu\Application Data\wunauclt.exe
C:\WINDOWS\system32\bnlqrhli.dll
C:\WINDOWS\system32\buntjvsq.dll
C:\WINDOWS\system32\hqftkpjw.dll
C:\WINDOWS\system32\lcswoifu.dll
C:\WINDOWS\system32\mbfbflgg.dll
C:\WINDOWS\system32\owuwfude.dll
C:\WINDOWS\system32\qsvjtnub.tmp
C:\WINDOWS\system32\ssqOhIAT.dll.vir
C:\WINDOWS\system32\tsyhaawx.dll
C:\WINDOWS\system32\tuvUNdDu.dll
C:\WINDOWS\system32\vtlgwwne.dll
C:\WINDOWS\system32\xefaoyon.dll
C:\WINDOWS\Tasks\At1.job
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Marsu-Fix Uninstaller.exe\

.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-28 to 2008-06-28 ))))))))))))))))))))))))))))))))))))
.

2008-06-27 10:27 . 2008-06-27 11:06 152 --a------ C:\WINDOWS\wininit.ini
2008-06-26 21:55 . 2008-06-26 21:55 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-26 21:55 . 2008-06-26 21:55 <REP> d-------- C:\Documents and Settings\Shuu\Application Data\Malwarebytes
2008-06-26 21:55 . 2008-06-26 21:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-26 21:55 . 2008-06-19 17:55 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-26 21:55 . 2008-06-19 17:55 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-26 21:01 . 2008-06-27 23:26 <REP> d-------- C:\Program Files\Panda Security
2008-06-26 19:59 . 2008-06-26 19:59 <REP> d--hs---- C:\WINDOWS\ftpcache
2008-06-26 19:55 . 2005-09-01 12:03 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2008-06-26 19:55 . 2005-09-01 12:03 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2008-06-26 19:54 . 2008-06-26 19:54 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2008-06-26 19:54 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-06-26 19:54 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-06-26 19:54 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-06-26 19:54 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-06-26 19:54 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-06-26 19:54 . 2006-01-12 16:40 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-06-26 19:54 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-06-26 17:31 . 2008-06-27 23:59 <REP> d-------- C:\Warhammer Online - Age of Reckoning
2008-06-26 17:15 . 2008-06-26 17:15 <REP> d-------- C:\Program Files\Fichiers communs\SWF Studio
2008-06-26 16:15 . 2008-06-27 22:07 <REP> d-------- C:\Program Files\TubeMaster
2008-06-26 16:09 . 2008-06-26 16:09 <REP> d-------- C:\Program Files\KC Softwares
2008-06-25 17:05 . 2008-02-28 13:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-06-25 17:05 . 2008-02-28 13:01 774,144 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB
2008-06-25 17:05 . 2008-06-25 17:05 0 --a------ C:\WINDOWS\Irremote.ini
2008-06-24 17:26 . 2008-06-24 17:26 <REP> d-------- C:\Documents and Settings\Shuu\Application Data\Nokia Multimedia Player
2008-06-23 18:36 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-06-23 18:36 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-06-23 18:36 . 2008-06-23 18:36 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-06-23 18:30 . 2008-06-26 20:27 <REP> d-------- C:\Documents and Settings\Shuu\Application Data\OpenOffice.org2
2008-06-23 18:29 . 2008-06-23 18:29 <REP> d-------- C:\Program Files\OpenOffice.org 2.4
2008-06-23 18:29 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-23 18:28 . 2008-06-24 16:08 <REP> d-------- C:\Program Files\Java
2008-06-23 18:28 . 2008-06-23 18:28 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-06-23 18:24 . 2008-06-28 13:38 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-06-23 18:23 . 2008-06-28 01:17 <REP> d-------- C:\Documents and Settings\Shuu\.homeplayer
2008-06-23 17:17 . 2008-06-23 17:17 <REP> d-------- C:\Program Files\Runtime Software
2008-06-23 16:43 . 2008-06-23 16:43 <REP> d-------- C:\Program Files\RivaTuner v2.06
2008-06-23 16:35 . 2008-06-23 16:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-06-23 16:33 . 2008-06-23 16:33 <REP> d-------- C:\Program Files\Bonjour
2008-06-23 16:29 . 2008-06-23 16:29 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-06-23 16:27 . 2008-06-23 16:33 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-06-23 16:23 . 2008-06-23 16:23 <REP> d-------- C:\Fraps
2008-06-23 16:23 . 2008-06-28 00:21 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-23 16:13 . 2008-06-26 16:08 <REP> d-------- C:\Program Files\PokerStars
2008-06-23 15:53 . 2008-06-23 15:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-06-23 15:50 . 2008-06-23 15:50 <REP> d-------- C:\Program Files\NeroInstall.bak
2008-06-23 15:49 . 2008-06-23 15:49 <REP> d-------- C:\Documents and Settings\Shuu\Application Data\Nero
2008-06-23 15:48 . 2008-06-26 19:54 <REP> d-------- C:\Program Files\Ahead
2008-06-23 15:47 . 2008-06-25 17:06 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-06-23 15:47 . 2008-06-25 17:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-23 14:10 . 2008-06-23 15:18 <REP> d-------- C:\Documents and Settings\Shuu\Application Data\Ventrilo
2008-06-23 14:09 . 2004-08-04 02:54 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-06-23 14:09 . 2001-08-17 23:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-06-23 14:08 . 2004-08-04 02:39 58,496 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-06-23 14:07 . 2004-08-04 00:54 77,312 --a------ C:\WINDOWS\system32\usbui.dll
2008-06-23 14:07 . 2004-08-04 00:54 77,312 --a--c--- C:\WINDOWS\system32\dllcache\usbui.dll
2008-06-23 14:06 . 2008-06-23 14:06 <REP> d-------- C:\Documents and Settings\Shuu\Application Data\vlc
2008-06-23 14:06 . 2008-06-23 14:06 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage réseau
2008-06-23 14:06 . 2008-06-23 14:06 <REP> d--h----- C:\Documents and Settings\Default User\Voisinage d'impression
2008-06-23 14:06 . 2008-06-23 12:10 <REP> d--h----- C:\Documents and Settings\Default User\Modèles
2008-06-23 14:06 . 2008-06-23 14:06 <REP> d-------- C:\Documents and Settings\Default User\Mes documents
2008-06-23 14:06 . 2008-06-23 14:06 <REP> dr------- C:\Documents and Settings\Default User\Menu Démarrer
2008-06-23 14:06 . 2008-06-23 12:13 <REP> d-------- C:\Documents and Settings\Default User\Favoris
2008-06-23 14:06 . 2008-06-23 14:06 <REP> d-------- C:\Documents and Settings\Default User\Bureau
2008-06-23 14:06 . 2008-06-23 18:29 <REP> d--h----- C:\Documents and Settings\All Users\Modèles
2008-06-23 14:06 . 2008-06-23 17:31 <REP> dr------- C:\Documents and Settings\All Users\Menu Démarrer
2008-06-23 14:06 . 2008-06-23 14:06 <REP> d-------- C:\Documents and Settings\All Users\Favoris
2008-06-23 14:06 . 2008-06-23 16:34 <REP> dr------- C:\Documents and Settings\All Users\Documents
2008-06-23 14:06 . 2008-06-27 11:36 <REP> d-------- C:\Documents and Settings\All Users\Bureau
2008-06-23 14:05 . 2008-06-23 15:48 <REP> d--h----- C:\Documents and Settings\Default User
2008-06-23 14:05 . 2008-06-23 12:13 <REP> d-------- C:\Documents and Settings\All Users
2008-06-23 14:05 . 2008-06-23 12:16 <REP> d-------- C:\Documents and Settings
2008-06-23 14:05 . 2008-06-23 12:15 1,264 --a------ C:\WINDOWS\system32\$winnt$.inf

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-27 20:57 --------- d-----w C:\Program Files\The KMPlayer
2008-06-27 20:43 --------- d-----w C:\Program Files\ZGuideTV
2008-06-27 09:55 159,839 ----a-w C:\WINDOWS\Marsu-Fix Uninstaller.exe
2008-06-27 08:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-24 19:57 --------- d-----w C:\Program Files\TBC Reveil
2008-06-23 17:26 --------- d-----w C:\Program Files\Winamp
2008-06-23 16:36 --------- d-----w C:\Documents and Settings\Shuu\Application Data\PC Suite
2008-06-23 16:36 --------- d-----w C:\Documents and Settings\Shuu\Application Data\Nokia
2008-06-23 16:23 --------- d-----w C:\Program Files\HomePlayer
2008-06-23 15:29 --------- d-----w C:\Program Files\BitComet
2008-06-23 15:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com
2008-06-23 12:14 --------- d-----w C:\Program Files\eMule
2008-06-23 11:53 --------- d-----w C:\Documents and Settings\Shuu\Application Data\Media Player Classic
2008-06-23 11:39 --------- d-----w C:\Program Files\Foxit Software
2008-06-23 11:37 --------- d-----w C:\Program Files\FreeUndelete
2008-06-23 11:35 --------- d-----w C:\Program Files\MSN Messenger
2008-06-23 11:35 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-23 11:35 --------- d-----w C:\Documents and Settings\Shuu\Application Data\Screenshot Sender
2008-06-23 11:30 --------- d-----w C:\Program Files\Giganews Accelerator
2008-06-23 11:24 --------- d-----w C:\Program Files\GrabIt
2008-06-23 11:21 --------- d-----w C:\Documents and Settings\Shuu\Application Data\Winamp
2008-06-23 11:19 --------- d-----w C:\Program Files\VideoLAN
2008-06-23 11:19 --------- d-----w C:\Program Files\Ventrilo
2008-06-23 11:19 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-06-23 11:18 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-23 11:17 --------- d-----w C:\Program Files\DVD Decrypter
2008-06-23 11:16 --------- d-----w C:\Program Files\QuickPar
2008-06-23 11:16 --------- d-----w C:\Program Files\Belkin
2008-06-23 11:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-06-23 11:15 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-06-23 11:15 --------- d-----w C:\Program Files\Nokia
2008-06-23 11:15 --------- d-----w C:\Program Files\Imagenomic
2008-06-23 11:15 --------- d-----w C:\Program Files\Fichiers communs\PCSuite
2008-06-23 11:15 --------- d-----w C:\Program Files\Fichiers communs\Nokia
2008-06-23 11:15 --------- d-----w C:\Program Files\DIFX
2008-06-23 11:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-06-23 11:14 --------- d-----w C:\Program Files\ma-config.com
2008-06-23 11:14 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-06-23 11:12 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-06-23 11:12 --------- d-----w C:\Program Files\Executive Software
2008-06-23 11:12 --------- d-----w C:\Program Files\DVD Shrink
2008-06-23 11:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-06-23 11:10 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-06-23 11:08 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-06-23 11:08 --------- d-----w C:\Documents and Settings\Shuu\Application Data\DAEMON Tools
2008-06-23 11:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\RoboForm
2008-06-23 11:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-23 11:03 --------- d-----w C:\Program Files\Lavasoft
2008-06-23 11:03 --------- d-----w C:\Program Files\7-Zip
2008-06-23 10:59 --------- d-----w C:\Program Files\Stardock
2008-06-23 10:59 --------- d-----w C:\Program Files\Fichiers communs\Stardock
2008-06-23 10:51 --------- d-----w C:\Program Files\MozBackup
2008-06-23 10:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-23 10:42 --------- d-----w C:\Program Files\Realtek
2008-06-23 10:42 --------- d-----w C:\Documents and Settings\Shuu\Application Data\InstallShield
2008-06-23 10:41 15,600 ----a-w C:\WINDOWS\gdrv.sys
2008-06-23 10:38 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-06-23 10:38 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-06-23 10:38 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-06-23 10:38 --------- d-----w C:\Program Files\Logitech
2008-06-23 10:38 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-06-23 10:38 --------- d-----w C:\Documents and Settings\Shuu\Application Data\Logitech
2008-06-23 10:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-06-23 10:27 --------- d-----w C:\Program Files\ESET
2008-06-23 10:27 --------- d-----w C:\Documents and Settings\Shuu\Application Data\ESET
2008-06-23 10:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-06-23 10:23 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-06-23 10:22 --------- d-----w C:\Program Files\Intel
2008-06-23 10:13 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-23 10:12 --------- d-----w C:\Program Files\Services en ligne
2008-06-02 16:10 4,752,384 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-05-30 12:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
2008-05-30 12:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
2008-05-30 12:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
2008-05-30 12:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
2008-05-30 12:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
2008-05-30 12:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
2008-05-30 12:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
2008-05-28 12:52 16,862,720 ----a-w C:\WINDOWS\RTHDCPL.exe
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-04-30 15:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-02 07:27 1,196,032 ----a-w C:\WINDOWS\RtlUpd.exe
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2008-03-28 17:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54 15360]
"Fraps"="C:\FRAPS\FRAPS.EXE" [2008-01-14 14:18 3182248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-28 14:52 16862720 C:\WINDOWS\RTHDCPL.exe]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-13 16:48 1443072]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46 13529088]
"nwiz"="nwiz.exe" [2008-05-03 05:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 05:46 86016]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 08:36 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-05-25 08:07 1953792]
"RivaTuner"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 20:05 2650112]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 20:05 2650112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648]

C:\Documents and Settings\Shuu\Menu D‚marrer\Programmes\D‚marrage\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-06-23 12:59:36 1871941]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Giganews Accelerator.lnk - C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe [2007-12-18 08:52:20 1085440]
Loadout Manager.lnk - C:\Program Files\Belkin\Nostromo\nost_LM.exe [2004-04-06 15:49:02 454656]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-06-23 12:38:13 688128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\FICHIE~1\Stardock\mcpstub.dll 2005-01-31 15:13 49152 C:\PROGRA~1\FICHIE~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8212:TCP"= 8212:TCP:BitComet 8212 TCP
"8212:UDP"= 8212:UDP:BitComet 8212 UDP

R3 bcgame;Nostromo HID Device Minidriver;C:\WINDOWS\system32\drivers\bcgame.sys [2003-07-24 02:16]
S3 maconfservice;Ma-Config Service;"C:\Program Files\ma-config.com\maconfservice.exe" [2008-06-19 15:24]

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-06-26 18:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\Documents
"2008-06-26 12:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\Documents
"2008-06-27 22:21:47 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-06-27 08:36:42 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-28 13:48:14
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-06-28 13:48:47
ComboFix-quarantined-files.txt 2008-06-28 11:48:44
ComboFix2.txt 2008-06-27 22:19:47

Pre-Run: 56,841,949,184 octets libres
Post-Run: 56,833,511,424 octets libres

271

Répondre à CourgetteHxC

re

Copie (Ctrl+C) le texte ci-dessous :

File::
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\RegCure Program Check.job
C:\WINDOWS\Tasks\RegCure.job
Folder::
C:\Program Files\RegCure

Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
Sauvegarde ce fichier sous le nom de CFScript.txt

Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

------------------------------ Prévention et protection
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock

Virus Pop Up/Lenteur internet (impossible d'aller sur google)

Forum Sécurité - Virus : Virus Pop Up/Lenteur internet (impossible d'aller sur google)

Attention