Log HJT aide svp - Sécurité - Virus
  

FORUM Infos-du-Net

»

Sécurité - Virus

»

Log HJT aide svp

 
 


Sujet auquel vous répondez
Sujet : Log HJT aide svp
chercheur_ Bonjour
 
 
Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
 
Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.  
 
Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis.

Votre réponse
Nom d'utilisateur    Pour poster, vous devez être inscrit sur ce forum .... si ce n'est pas le cas, cliquez ici !
Le ton de votre message                        
                       
Votre réponse


Smilies
 
:pfff:
:ange:
:non:
:bounce:
:)
:(
:D
;)
:ouch:
:o
:??:
:p
:na:
:sarcastic:
:fou:
:pt1cable:
:lol:
:wahoo:
:kaola:
:love:
:heink:
:cry:
:whistle:
:sol:
:sleep:
:sweat:
:hello:
 

Liste des smilies perso
[b][i][u][strike][spoiler][fixed][cpp][url][email][img][flash]Insérer un code de video fourni[*]  
 
   [quote]
 
Options

 
Vous avez perdu votre mot de passe ?


Vue Rapide de la discussion
chercheur_ Euh ...
 
Effectivement, plutôt Logiciels.
Ou peut être Internet et Réseaux.
Simouel Msn ça va dans le hardware ???
chercheur_ Bonjour
 
 
Expose ce problème sur la section Hardware ;)
Simouel Toujours messenger inutilisable...
 
Malgré toutes les démarches et tentatives de désinstallations et réinstallations...
 
Plus de popup ni de "lag" mais ce foutu messenger rien à y faire...
 
J'ai fait des démarches de ce côté aussi
 
http://www.commentcamarche.net/for [...] p?page=4#0
 
Mais malgré tout ça...rien à faire pour messenger...
chercheur_ Bonjour
 
Supprime ces trois fichiers
 
F:\Emule\Download\Anyplace Control 4.1.1.0.zip
F:\Emule\Download\DynamSoft.SourceAnyWhere.Professional.Edition.v5.0.WinALL.Incl.Keygen-ViRiLiTY.zip  
F:\Emule\Download\DynamSoft.SourceAnyWhere.v5.0.1.Professional.Edition.Server.Incl.Keymaker-ZWT.zip
 
 
As tu encore des dysfonctionnements ?
Simouel -------------------------------------------------------------------------------
 KASPERSKY ONLINE SCANNER REPORT
 Friday, December 21, 2007 6:24:31 AM
 Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
 Kaspersky Online Scanner version: 5.0.98.0
 Kaspersky Anti-Virus database last update: 20/12/2007
 Kaspersky Anti-Virus database records: 458627
-------------------------------------------------------------------------------
 
Scan Settings:
 Scan using the following antivirus database: standard
 Scan Archives: true
 Scan Mail Bases: true
 
Scan Target - My Computer:
 A:\
 C:\
 D:\
 E:\
 F:\
 G:\
 H:\
 I:\
 J:\
 K:\
 L:\
 
Scan Statistics:
 Total number of scanned objects: 63218
 Number of viruses found: 3
 Number of infected objects: 8
 Number of suspicious objects: 2
 Duration of the scan process: 02:40:02
 
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrateur\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\MSHist012007122020071221\index.dat Object is locked skipped
C:\Documents and Settings\Administrateur\Local Settings\Temp\Perflib_Perfdata_5a4.dat Object is locked skipped
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrateur\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrateur\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt4.zip/retadpu1000137.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt4.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\No-IP\DUC - Administrateur.log Object is locked skipped
C:\Program Files\No-IP\Service.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{51F1CC82-04A9-4F26-94F9-F8F132D1783A}\RP66\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{0D052141-3F21-4B15-8E8A-2D3211A1A812}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\NetLimit.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\Emule\Download\Anyplace Control 4.1.1.0.zip/Anyplace Control 4.1.1.0.exe Infected: Trojan-Downloader.Win32.Bagle.go skipped
F:\Emule\Download\Anyplace Control 4.1.1.0.zip ZIP: infected - 1 skipped
F:\Emule\Download\DynamSoft.SourceAnyWhere.Professional.Edition.v5.0.WinALL.Incl.Keygen-ViRiLiTY.zip/DynamSoft.SourceAnyWhere.Professional.Edition.v5.0.WinALL.Incl.Keygen-ViRiLiTY/keygen.exe Infected: Trojan-Dropper.Win32.Delf.xo skipped
F:\Emule\Download\DynamSoft.SourceAnyWhere.Professional.Edition.v5.0.WinALL.Incl.Keygen-ViRiLiTY.zip/DynamSoft.SourceAnyWhere.Professional.Edition.v5.0.WinALL.Incl.Keygen-ViRiLiTY/SAW5.0ProServer.exe Infected: Trojan-Dropper.Win32.Delf.xo skipped
F:\Emule\Download\DynamSoft.SourceAnyWhere.Professional.Edition.v5.0.WinALL.Incl.Keygen-ViRiLiTY.zip ZIP: infected - 2 skipped
F:\Emule\Download\DynamSoft.SourceAnyWhere.v5.0.1.Professional.Edition.Server.Incl.Keymaker-ZWT.zip/DynamSoft.SourceAnyWhere.v5.0.1.Professional.Edition.Server.Incl.Keymaker-ZWT/Keygen.exe Infected: Trojan-Dropper.Win32.Delf.xo skipped
F:\Emule\Download\DynamSoft.SourceAnyWhere.v5.0.1.Professional.Edition.Server.Incl.Keymaker-ZWT.zip/DynamSoft.SourceAnyWhere.v5.0.1.Professional.Edition.Server.Incl.Keymaker-ZWT/setup.exe Infected: Trojan-Dropper.Win32.Delf.xo skipped
F:\Emule\Download\DynamSoft.SourceAnyWhere.v5.0.1.Professional.Edition.Server.Incl.Keymaker-ZWT.zip ZIP: infected - 2 skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
 
Scan process completed.
yakuza onizuka voici un site qui pourra t'aider deja avec tes log hijacthis
 
http://www.hijackthis.de/fr#anl
Simouel ça reste bloqué à 47 fichier vérifiés...j,ai laissé allé 22 min la première fois et réesseyé...il trouve ces 8 fichier dès le début et bloque là avec usage cpu à 100%
 
-------------------------------------------------------------------------------
 KASPERSKY ON-LINE SCANNER REPORT
 Thursday, December 20, 2007 8:28:27 PM
 Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
 Kaspersky On-line Scanner version : 5.0.83.0
 Dernière mise à jour de la base antivirus Kaspersky : 20/12/2007
 Enregistrements dans la base antivirus Kaspersky : 458540
-------------------------------------------------------------------------------
 
Paramètres d'analyse:
 Analyser avec la base antivirus suivante: standard
 Analyser les archives: vrai
 Analyser les bases de messagerie: vrai
 
Cible de l'analyse - Poste de travail:
 A:\
 C:\
 D:\
 E:\
 F:\
 G:\
 H:\
 I:\
 J:\
 K:\
 L:\
 
Statistiques de l'analyse:
 Total d'objets analysés: 47
 Nombre de virus trouvés: 1
 Nombre d'objets infectés: 0 / 0
 Nombre d'objets suspects: 8
 Durée de l'analyse: 00:02:12
 
Nom de l'objet infecté / Nom du virus / Dernière action
C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\acw.exe.bac_a02952 Suspect : Packed.Win32.PePatch.dk ignoré
C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\All to All ( MP3, OGG, WMA 8, WAV) converter+crack.zip.bac_a02952/Audio_Conversion_Wizard_Crack.zip/acw.exe Suspect : Packed.Win32.PePatch.dk ignoré
C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\All to All ( MP3, OGG, WMA 8, WAV) converter+crack.zip.bac_a02952/Audio_Conversion_Wizard_Crack.zip Suspect : Packed.Win32.PePatch.dk ignoré
C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\All to All ( MP3, OGG, WMA 8, WAV) converter+crack.zip.bac_a02952 ZIP: suspect - 2 ignoré
C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\All to All ( MP3, OGG, WMA 8, WAV) converter+crack.zip.bac_a02952 CryptFF.b: suspect - 2 ignoré
C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\Audio_Conversion_Wizard_Crack.zip.bac_a02952/acw.exe Suspect : Packed.Win32.PePatch.dk ignoré
C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\Audio_Conversion_Wizard_Crack.zip.bac_a02952 ZIP: suspect - 1 ignoré
C:\Documents and Settings\Administrateur\.housecall6.6\Quarantine\Audio_Conversion_Wizard_Crack.zip.bac_a02952 CryptFF.b: suspect - 1 ignoré
 
Analyse interrompue par l'utilisateur !
chercheur_ Re
 
 
Fais une analyse antivirus en ligne sur Kaspersky
http://webscanner.kaspersky.fr/
Clique sur Démarrer Online Scanner.
Sélectionne le poste de travail comme analyse.
Colle son rapport ici.
 
Aide toi de ce lien.
http://www.infos-du-net.com/forum/ [...] -kaspersky
Simouel ComboFix 07-12-19.2 - Administrateur 2007-12-20 18:48:56.17 - NTFSx86
Microsoft Windows XP Professionnel  5.1.2600.2.1252.1.1036.18.452 [GMT -5:00]
Running from: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrateur\Bureau\CFScript.txt
 * Created a new restore point
 
FILE
C:\WINDOWS\system32\bayay.bak1
C:\WINDOWS\system32\bayay.bak2
C:\WINDOWS\system32\bayay.ini2
.
 
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\Program Files\MPEGFLAWBAIT
C:\Program Files\NetMeter
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\NetMeter\NetMeter.ini
C:\Program Files\NetMeter\NetMeter.tlg
C:\Program Files\NetMeter\ReadMe.txt
C:\Program Files\NetMeter\unins000.dat
C:\Program Files\NetMeter\unins000.exe
 
.
(((((((((((((((((((((((((((((   Fichiers cr‚‚s 2007-11-20 to 2007-12-20  ))))))))))))))))))))))))))))))))))))
.
 
2007-12-20 11:11 . 2007-12-20 11:15 <REP> d-------- C:\Program Files\jv16 PowerTools 2006
2007-12-18 18:46 . 2004-08-19 16:09 116,736 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2007-12-18 18:46 . 2001-08-23 17:47 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2007-12-18 18:46 . 2001-08-23 17:47 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2007-12-18 18:46 . 2001-08-23 17:47 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2007-12-18 18:46 . 2001-08-17 20:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2007-12-18 18:46 . 2001-08-23 17:47 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2007-12-18 18:44 . 2004-08-19 16:09 1,737,856 --a--c--- C:\WINDOWS\system32\dllcache\mtxparhd.dll
2007-12-18 18:43 . 2004-08-19 16:09 154,112 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2007-12-18 18:43 . 2004-08-03 23:00 87,424 --a--c--- C:\WINDOWS\system32\dllcache\irda.sys
2007-12-18 18:43 . 2004-08-03 23:08 40,832 --a--c--- C:\WINDOWS\system32\dllcache\irbus.sys
2007-12-18 18:43 . 2004-08-19 16:09 28,160 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll
2007-12-18 18:43 . 2001-08-17 21:49 26,624 --a--c--- C:\WINDOWS\system32\dllcache\irstusb.sys
2007-12-18 18:43 . 2001-08-17 21:49 23,552 --a--c--- C:\WINDOWS\system32\dllcache\irmk7.sys
2007-12-18 18:43 . 2001-08-17 21:51 18,688 --a--c--- C:\WINDOWS\system32\dllcache\irsir.sys
2007-12-18 18:43 . 2004-08-19 16:10 16,384 --a--c--- C:\WINDOWS\system32\dllcache\ipsink.ax
2007-12-18 18:42 . 2001-08-23 17:46 462,848 --a--c--- C:\WINDOWS\system32\dllcache\a3dapi.dll
2007-12-18 18:42 . 2004-08-03 22:32 231,552 --a--c--- C:\WINDOWS\system32\dllcache\ac97ali.sys
2007-12-18 18:42 . 2001-08-17 20:20 96,256 --a--c--- C:\WINDOWS\system32\dllcache\ac97intc.sys
2007-12-18 18:42 . 2001-08-23 17:46 38,400 --a--c--- C:\WINDOWS\system32\dllcache\8514a.dll
2007-12-18 18:42 . 2001-08-17 21:52 23,552 --a--c--- C:\WINDOWS\system32\dllcache\abp480n5.sys
2007-12-18 18:24 . 2007-12-18 18:24 20 --a------ C:\WINDOWS\twain.dat
2007-12-18 18:21 . 2007-12-18 18:40 <REP> d-------- C:\I386
2007-12-18 17:43 . 2001-08-23 17:46 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2007-12-18 09:43 . 2007-12-18 09:44 <REP> d-------- C:\Documents and Settings\All Users\Anyplace Control 4
2007-12-18 02:09 . 2007-12-18 07:20 <REP> d-------- C:\__eetemp
2007-12-17 21:36 . 2007-12-20 18:03 <REP> d-------- C:\Program Files\MSN Messenger
2007-12-17 18:26 . 2007-12-17 18:27 <REP> d-------- C:\Qoofix
2007-12-17 18:13 . 2007-12-17 18:13 85,635 --a------ C:\Qoofix.zip
2007-12-17 16:26 . 2007-12-20 18:30 24 --a------ C:\WINDOWS\ShellIcon32.dll
2007-12-17 16:25 . 2007-12-20 18:30 <REP> d-------- C:\Program Files\Anyplace Control 4
2007-12-17 16:25 . 2007-12-17 16:25 47 --a------ C:\WINDOWS\anyplace-control.ini
2007-12-16 23:31 . 2007-12-17 09:14 <REP> d-------- C:\Documents and Settings\Administrateur\.housecall6.6
2007-12-16 19:53 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-16 19:51 . 2007-12-16 19:51 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-12-16 12:06 . 2007-12-16 12:06 <REP> d-------- C:\Program Files\HREFTools
2007-12-15 21:05 . 2007-12-15 21:05 <REP> d-------- C:\fsaua.data
2007-12-15 18:51 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-15 18:51 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-12-15 18:51 . 2007-12-13 19:40 77,824 --a------ C:\WINDOWS\system32\IEDFix.exe
2007-12-15 18:51 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-12-15 18:51 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-15 18:51 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-15 16:09 . 2007-12-15 16:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-12-15 16:05 . 2007-12-15 16:05 <REP> d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2
2007-12-15 16:04 . 2007-12-15 23:21 <REP> d-------- C:\Documents and Settings\Administrateur\SecurityScans
2007-12-15 15:43 . 2007-12-17 15:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2007-12-15 15:12 . 2007-12-15 15:12 <REP> d-------- C:\Program Files\Shavlik Technologies
2007-12-15 14:54 . 2007-12-15 14:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{DD33F2FB-A420-45C0-9477-4F59487EFF1F}
2007-12-15 13:29 . 1996-05-03 23:05 28,672 --a------ C:\WINDOWS\system32\MSGHOO32.OCX
2007-12-15 13:28 . 1998-04-24 01:00 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2007-12-15 13:25 . 2007-12-20 12:54 <REP> d-------- C:\WINDOWS\system32\CatRoot2
2007-12-15 12:59 . 2007-12-15 12:59 <REP> d-------- C:\Program Files\Impact Software LLC
2007-12-14 11:52 . 2007-12-14 11:52 <REP> d-------- C:\VundoFix Backups
2007-12-14 10:37 . 2007-12-14 10:37 <REP> d-------- C:\Program Files\Kill Process
2007-12-12 21:19 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-12 21:19 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-12 21:19 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-12 19:25 . 2007-12-12 19:25 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-12 19:20 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-12-12 19:18 . 2007-12-12 19:18 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-12-12 18:51 . 2007-12-12 19:20 <REP> d-------- C:\Program Files\Windows Live
2007-12-12 18:51 . 2007-12-12 18:55 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-12 18:51 . 2007-12-17 22:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-11 17:41 . 2007-12-15 13:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-12-11 14:32 . 2007-12-11 14:32 <REP> d-------- C:\Documents and Settings\LocalService\Menu D‚marrer
2007-12-11 12:18 . 2007-12-11 12:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-10 21:44 . 2007-12-10 21:44 <REP> d-------- C:\Program Files\Smart Projects
2007-12-08 09:06 . 2007-12-08 09:08 <REP> d-------- C:\Program Files\Bandwidth Monitor Pro
2007-12-08 09:06 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-12-04 08:17 . 2003-03-18 17:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-12-01 14:52 . 2007-12-01 16:03 <REP> d-------- C:\Program Files\mp3Tag 5
2007-11-25 23:43 . 2007-11-25 23:43 245,408 --a------ C:\WINDOWS\system32\unicows.dll
2007-11-25 11:17 . 2007-12-15 13:39 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\BitTorrent
2007-11-25 11:16 . 2007-11-25 11:17 <REP> d-------- C:\Program Files\BitTorrent
2007-11-23 13:28 . 2007-11-23 13:28 <REP> d-------- C:\Program Files\PalickSoft
 
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-20 14:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-18 16:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-17 00:53 --------- d-----w C:\Program Files\Java
2007-12-15 17:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-15 17:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-13 23:51 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Skype
2007-12-13 23:04 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\AVG7
2007-12-11 17:18 --------- d-----w C:\Program Files\Lavasoft
2007-12-08 17:55 --------- d-----w C:\Program Files\NetLimiter 2 Pro
2007-12-03 21:43 --------- d-----w C:\Program Files\Shareaza
2007-12-01 20:18 --------- d-----w C:\Program Files\Winamp
2007-11-17 15:38 --------- d-----w C:\Program Files\iTunes
2007-11-17 15:38 --------- d-----w C:\Program Files\iPod
2007-11-17 15:36 --------- d-----w C:\Program Files\QuickTime
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-09 23:52 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\BearShare
2007-11-07 13:05 --------- d-----w C:\Program Files\BearFlix
2007-11-07 12:18 --------- d-----w C:\Program Files\BearShare Applications
2007-11-04 17:26 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-11-04 13:33 --------- d-----w C:\Program Files\Mortal Kombat 4
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-28 17:42 --------- d-----w C:\Program Files\WinLemm
2007-10-28 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-25 14:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-24 06:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2007-10-24 06:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
2007-10-24 06:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2007-10-24 06:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
2007-10-23 22:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-23 01:57 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
2007-10-21 19:41 --------- d-----w C:\Program Files\The GodFather
2007-10-21 19:04 --------- d-----w C:\Program Files\My Video Downloader
2007-10-21 19:03 --------- d-----w C:\Program Files\Ripp-it_AM
2007-10-21 19:03 --------- d-----w C:\Program Files\ProFF-Morse-3
2007-10-21 19:01 --------- d-----w C:\Program Files\VideoLAN
2007-10-21 19:01 --------- d-----w C:\Program Files\RSHUT Pro
2007-10-21 18:57 --------- d-----w C:\Program Files\ABF software
2007-10-21 18:21 --------- d-----w C:\Program Files\windirstat
2007-10-21 12:05 --------- d-----w C:\Program Files\Fichiers communs\DVDVIDEOSOFT
2007-05-08 19:53 19,560 -c--a-w C:\Documents and Settings\Administrateur\Application Data\GDIPFONTCACHEV1.DAT
2007-03-25 13:55 434,688 -c--a-w C:\WINDOWS\system32\config\systemprofile\dpy.exe
2007-03-25 13:52 737,280 -c--a-w C:\WINDOWS\system32\config\systemprofile\irsetup.exe
2004-10-12 16:14 57,344 -c--a-w C:\WINDOWS\system32\config\systemprofile\InstHelp.dll
2004-10-12 16:14 57,344 -c--a-w C:\Documents and Settings\Default User\InstHelp.dll
2004-10-12 16:14 57,344 -c--a-w C:\Documents and Settings\Administrateur\InstHelp.dll
.
 
(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:09]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2005-03-13 18:37]
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ    scecli scecli
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^MagicDisc.lnk]
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
   C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray]
2007-12-11 19:28 87392 --a------ C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bandwidth Monitor Pro]
   C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe /minimized
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-10-28 21:25 94208 --a--c--- C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ButtonMonitor]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\combofix]
   C:\WINDOWS\system32\cmd.exe /c C:\ComboFix\Combobatch.bat
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch]
2002-03-19 17:30 45632 --a--c--- C:\WINDOWS\system32\taskswitch.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-19 15:09 15360 --a------ C:\WINDOWS\system32\ctfmon.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FolderSizeMonitor]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq.com]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-11-15 13:11 267048 --a------ C:\Program Files\iTunes\iTunesHelper.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
2001-11-29 00:00 28672 --a--c--- C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keep download]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
   Logi_MwX.Exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
   MMTray.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray2K]
   MMTray2k.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTrayLSI]
   MMTrayLSI.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 --a--c--- C:\WINDOWS\system32\NeroCheck.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Save and Restore]
2006-03-03 20:36 1582744 --a--c--- C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCPitstop Optimize Registration Reminder]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
   C:\Program Files\QuickTime\qttask.exe -atboottime
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ServUTrayIcon]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza Turbo Accelerator]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
   C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundService]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]
2005-03-13 18:37 1057280 --a--c--- C:\Program Files\SuperCopier2\SuperCopier2.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Memory Card Detector]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 00:00 90112 -----c--- C:\WINDOWS\UpdReg.EXE
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
2005-02-16 10:06 218112 --a------ f:\progs\hijackthis\hijackthis.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VFSCache]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Videora]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
   CTHELPER.EXE
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winehq.org]
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"bcserver"=2 (0x2)
"Serv-U"=2 (0x2)
"SandraTheSrv"=3 (0x3)
"SandraDataSrv"=3 (0x3)
"FTService"=2 (0x2)
"cmdService"=2 (0x2)
"Network Monitor"=2 (0x2)
"VundoFixSvc"=3 (0x3)
"AVG Anti-Spyware Guard"=3 (0x3)
"NSCService"=3 (0x3)
"Norton Save and Restore"=2 (0x2)
"NetChkPatch"=2 (0x2)
"usnjsvc"=3 (0x3)
"MDM"=2 (0x2)
"LiveUpdate"=2 (0x2)
"CCALib8"=2 (0x2)
"Avg7UpdSvc"=3 (0x3)
"Avg7Alrt"=2 (0x2)
"AgentInstallationService"=2 (0x2)
"aawservice"=2 (0x2)
"HDDTService"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=3 (0x3)
"aswUpdSv"=3 (0x3)
"PRTG4Service"=2 (0x2)
"WLSetupSvc"=3 (0x3)
"nlsvc"=2 (0x2)
"srvRSU"=2 (0x2)
"HFNetChkProSvc"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirScheduler"=2 (0x2)
 
R1 cpuidlep;CpuIdle Pro System Driver;C:\WINDOWS\system32\drivers\cpuidlep.sys [1999-11-16 07:48]
R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2006-09-13 17:01]
R1 V2IMount;V2IMount;C:\WINDOWS\system32\drivers\V2IMount.sys [2006-03-03 20:36]
R2 APC-Host;APC-Host;C:\Program Files\Anyplace Control 4\apc_host.exe /service []
R3 SMC1211;SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver;C:\WINDOWS\system32\DRIVERS\SMC1211.SYS [2001-07-11 10:06]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;F:\Progs\Everest\kerneld.wnt [2006-12-14 22:42]
S4 Norton Save and Restore;Norton Save and Restore;C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe [2006-03-03 20:36]
 
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-17 13:00:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
 
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-20 18:54:53
Windows 5.1.2600 Service Pack 2 NTFS
 
scanning hidden processes ...
 
scanning hidden autostart entries ...
 
scanning hidden files ...
 
scan completed successfully  
hidden files: 0  
 
**************************************************************************
.
Completion time: 2007-12-20 18:55:50 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-19 19:42
C:\ComboFix3.txt ... 2007-12-19 19:18
.
2007-12-20 00:20:13 --- E O F ---  
 
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:57:48, on 2007-12-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Anyplace Control 4\apc_host.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\No-IP\DUC20.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis\Sim.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =  
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =  
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =  
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Powermarks - {E166B4A2-83E7-11D3-B4FD-004005A47AAA} - C:\PROGRA~1\POWERM~1.5\iec.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.cyberpresse.ca/
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/control [...] oader3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/re [...] oscan8.cab
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols3beta/fscax.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{71D3F6CB-C4F7-4F09-8A20-8B7612E2DE42}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{71D3F6CB-C4F7-4F09-8A20-8B7612E2DE42}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{71D3F6CB-C4F7-4F09-8A20-8B7612E2DE42}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: APC-Host - Anyplace Control Software - C:\Program Files\Anyplace Control 4\apc_host.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
 
--
End of file - 5584 bytes
chercheur_ Bonjour
 
On continue
 
 
Copie (Ctrl+C) le texte ci-dessous :
 
File::
C:\WINDOWS\system32\bayay.bak1  
C:\WINDOWS\system32\bayay.bak2  
C:\WINDOWS\system32\bayay.ini2  
 
Folder::
C:\Documents and Settings\Administrateur\Application Data\WinButler  
C:\Documents and Settings\All Users\Application Data\Fast Warn Ooze Info
C:\Program Files\Evidence Eliminator
C:\Program Files\NetMeter
C:\Documents and Settings\Administrateur\Application Data\a?sembly  
C:\Documents and Settings\Administrateur\Application Data\A?pPatch  
C:\Documents and Settings\Administrateur\Application Data\F?nts  
C:\Documents and Settings\Administrateur\Application Data\F?nts  
C:\Documents and Settings\Administrateur\Application Data\MPEGFLAWBAIT  
C:\Documents and Settings\Administrateur\Application Data\M?crosoft  
C:\Documents and Settings\Administrateur\Application Data\M?crosoft.NET  
C:\Documents and Settings\Administrateur\Application Data\s?curity  
C:\Documents and Settings\Administrateur\Application Data\S?mantec  
C:\Documents and Settings\Administrateur\Application Data\s?mbols  
C:\Documents and Settings\Administrateur\Application Data\s?stem  
C:\Documents and Settings\Administrateur\Application Data\s?stem32  
C:\Documents and Settings\Administrateur\Application Data\T?sks  
C:\Documents and Settings\Administrateur\Application Data\W?nSxS  
C:\Documents and Settings\Administrateur\Application Data\?dobe  
C:\Documents and Settings\Administrateur\Application Data\?ppPatch  
C:\Documents and Settings\Administrateur\Application Data\??pPatch  
C:\Documents and Settings\Administrateur\Application Data\?icrosoft  
C:\Documents and Settings\Administrateur\Application Data\?icrosoft.NET  
C:\Documents and Settings\Administrateur\Application Data\??crosoft  
C:\Documents and Settings\Administrateur\Application Data\??crosoft.NET  
C:\Documents and Settings\Administrateur\Application Data\?racle  
C:\Documents and Settings\Administrateur\Application Data\?asks  
C:\Documents and Settings\Administrateur\Application Data\??sks  
C:\Documents and Settings\Administrateur\Application Data\?dobe  
C:\Documents and Settings\Administrateur\Application Data\?ppPatch  
C:\Documents and Settings\Administrateur\Application Data\?ssembly  
C:\Documents and Settings\Administrateur\Application Data\??sembly  
C:\Documents and Settings\Administrateur\Application Data\??pPatch  
C:\Documents and Settings\Administrateur\Application Data\?ecurity  
C:\Documents and Settings\Administrateur\Application Data\?ymantec  
C:\Documents and Settings\Administrateur\Application Data\?ymbols  
C:\Documents and Settings\Administrateur\Application Data\?ystem  
C:\Documents and Settings\Administrateur\Application Data\?ystem32  
C:\Documents and Settings\Administrateur\Application Data\??curity  
C:\Documents and Settings\Administrateur\Application Data\??mantec  
C:\Documents and Settings\Administrateur\Application Data\??mbols  
C:\Documents and Settings\Administrateur\Application Data\??stem  
C:\Documents and Settings\Administrateur\Application Data\??stem32  
C:\Documents and Settings\Administrateur\Application Data\?icrosoft  
C:\Documents and Settings\Administrateur\Application Data\?icrosoft.NET  
C:\Documents and Settings\Administrateur\Application Data\??crosoft  
C:\Documents and Settings\Administrateur\Application Data\?racle  
C:\Documents and Settings\Administrateur\Application Data\?asks  
C:\Documents and Settings\Administrateur\Application Data\??sks  
C:\Documents and Settings\All Users\Application Data\Fast Warn Ooze Info  
C:\Program Files\a?sembly  
C:\Program Files\A?pPatch  
C:\Program Files\F?nts  
C:\Program Files\MPEGFLAWBAIT  
C:\Program Files\M?crosoft  
C:\Program Files\M?crosoft.NET  
C:\Program Files\s?curity  
C:\Program Files\S?mantec  
C:\Program Files\s?mbols  
C:\Program Files\s?stem  
C:\Program Files\s?stem32  
C:\Program Files\T?sks  
C:\Program Files\W?nSxS  
C:\Program Files\?dobe  
C:\Program Files\?ppPatch  
C:\Program Files\??pPatch  
C:\Program Files\?icrosoft  
C:\Program Files\?icrosoft.NET  
C:\Program Files\??crosoft  
C:\Program Files\??crosoft.NET  
C:\Program Files\?racle  
C:\Program Files\?asks  
C:\Program Files\??sks  
C:\Program Files\?dobe  
C:\Program Files\?ppPatch  
C:\Program Files\?ssembly  
C:\Program Files\??sembly  
C:\Program Files\??pPatch  
C:\Program Files\?ecurity  
C:\Program Files\?ymantec  
C:\Program Files\?ymbols  
C:\Program Files\?ystem  
C:\Program Files\?ystem32  
C:\Program Files\??curity  
C:\Program Files\??mantec  
C:\Program Files\??mbols  
C:\Program Files\??stem  
C:\Program Files\??stem32  
C:\Program Files\?icrosoft  
C:\Program Files\?icrosoft.NET  
C:\Program Files\??crosoft  
C:\Program Files\??crosoft.NET  
C:\Program Files\?racle  
C:\Program Files\?asks  
C:\Program Files\??sks  
 
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\NetMeter]  
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drvsyskit]    
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Evidence Eliminator]    
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hldrrr]  
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Lsass Service]  
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooze info 4 shim]  
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\p2p networking]  
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6w]  
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinButler]      
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFlyer32.dll]  
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPop]  
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTouch]
 
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt
 
http://img.photobucket.com/albums/ [...] Script.gif  
 
Comme l'image le montre, fait glisser CFScript.txt sur Combofix.exe
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu avec un nouveau Hijackthis.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Simouel Youpiiiiiiiiii ça a marché...
 
voici le log
 
ComboFix 07-12-19.2 - Administrateur 2007-12-18 18:54:32.15 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel  5.1.2600.2.1252.1.1036.18.608 [GMT -5:00]
Running from: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
.
 
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\dn20212563.dat
C:\WINDOWS\system32\NTSVC.ocx
C:\WINDOWS\system32\pskill.exe
C:\WINDOWS\wr.txt
 
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
 
.
-------\LEGACY_CMDSERVICE
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_M_HOOK
-------\LEGACY_NETWORK_MONITOR
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
-------\poof
 
 
(((((((((((((((((((((((((((((   Fichiers cr‚‚s 2007-11-20 to 2007-12-20  ))))))))))))))))))))))))))))))))))))
.
 
2007-12-19 19:14 . 2007-12-19 19:14 <REP> d-------- C:\WINDOWS\LastGood
2007-12-18 18:46 . 2004-08-19 16:09 116,736 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2007-12-18 18:46 . 2001-08-23 17:47 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2007-12-18 18:46 . 2001-08-23 17:47 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2007-12-18 18:46 . 2001-08-23 17:47 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2007-12-18 18:46 . 2001-08-17 20:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2007-12-18 18:46 . 2001-08-23 17:47 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2007-12-18 18:44 . 2004-08-19 16:09 1,737,856 --a--c--- C:\WINDOWS\system32\dllcache\mtxparhd.dll
2007-12-18 18:43 . 2004-08-19 16:09 154,112 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2007-12-18 18:43 . 2004-08-03 23:00 87,424 --a--c--- C:\WINDOWS\system32\dllcache\irda.sys
2007-12-18 18:43 . 2004-08-03 23:08 40,832 --a--c--- C:\WINDOWS\system32\dllcache\irbus.sys
2007-12-18 18:43 . 2004-08-19 16:09 28,160 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll
2007-12-18 18:43 . 2001-08-17 21:49 26,624 --a--c--- C:\WINDOWS\system32\dllcache\irstusb.sys
2007-12-18 18:43 . 2001-08-17 21:49 23,552 --a--c--- C:\WINDOWS\system32\dllcache\irmk7.sys
2007-12-18 18:43 . 2001-08-17 21:51 18,688 --a--c--- C:\WINDOWS\system32\dllcache\irsir.sys
2007-12-18 18:43 . 2004-08-19 16:10 16,384 --a--c--- C:\WINDOWS\system32\dllcache\ipsink.ax
2007-12-18 18:42 . 2001-08-23 17:46 462,848 --a--c--- C:\WINDOWS\system32\dllcache\a3dapi.dll
2007-12-18 18:42 . 2004-08-03 22:32 231,552 --a--c--- C:\WINDOWS\system32\dllcache\ac97ali.sys
2007-12-18 18:42 . 2001-08-17 20:20 96,256 --a--c--- C:\WINDOWS\system32\dllcache\ac97intc.sys
2007-12-18 18:42 . 2001-08-23 17:46 38,400 --a--c--- C:\WINDOWS\system32\dllcache\8514a.dll
2007-12-18 18:42 . 2001-08-17 21:52 23,552 --a--c--- C:\WINDOWS\system32\dllcache\abp480n5.sys
2007-12-18 18:24 . 2007-12-18 18:24 20 --a------ C:\WINDOWS\twain.dat
2007-12-18 18:21 . 2007-12-18 18:40 <REP> d-------- C:\I386
2007-12-18 17:43 . 2001-08-23 17:46 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2007-12-18 09:43 . 2007-12-18 09:44 <REP> d-------- C:\Documents and Settings\All Users\Anyplace Control 4
2007-12-18 02:09 . 2007-12-18 07:20 <REP> d-------- C:\__eetemp
2007-12-17 21:36 . 2007-12-18 17:26 <REP> d-------- C:\Program Files\MSN Messenger
2007-12-17 18:26 . 2007-12-17 18:27 <REP> d-------- C:\Qoofix
2007-12-17 18:13 . 2007-12-17 18:13 85,635 --a------ C:\Qoofix.zip
2007-12-17 16:26 . 2007-12-18 18:24 24 --a------ C:\WINDOWS\ShellIcon32.dll
2007-12-17 16:25 . 2007-12-18 18:24 <REP> d-------- C:\Program Files\Anyplace Control 4
2007-12-17 16:25 . 2007-12-17 16:25 47 --a------ C:\WINDOWS\anyplace-control.ini
2007-12-16 23:31 . 2007-12-17 09:14 <REP> d-------- C:\Documents and Settings\Administrateur\.housecall6.6
2007-12-16 19:53 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-16 19:51 . 2007-12-16 19:51 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-12-16 12:06 . 2007-12-16 12:06 <REP> d-------- C:\Program Files\HREFTools
2007-12-15 21:05 . 2007-12-15 21:05 <REP> d-------- C:\fsaua.data
2007-12-15 18:51 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-15 18:51 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-12-15 18:51 . 2007-12-13 19:40 77,824 --a------ C:\WINDOWS\system32\IEDFix.exe
2007-12-15 18:51 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-12-15 18:51 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-15 18:51 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-15 16:23 . 2007-12-15 16:23 <REP> d-------- C:\Program Files\HfNetChk
2007-12-15 16:09 . 2007-12-15 16:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-12-15 16:05 . 2007-12-15 16:05 <REP> d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2
2007-12-15 16:04 . 2007-12-15 23:21 <REP> d-------- C:\Documents and Settings\Administrateur\SecurityScans
2007-12-15 15:43 . 2007-12-17 15:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2007-12-15 15:12 . 2007-12-15 15:12 <REP> d-------- C:\Program Files\Shavlik Technologies
2007-12-15 14:54 . 2007-12-15 14:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{DD33F2FB-A420-45C0-9477-4F59487EFF1F}
2007-12-15 13:29 . 1996-05-03 23:05 28,672 --a------ C:\WINDOWS\system32\MSGHOO32.OCX
2007-12-15 13:28 . 1998-04-24 01:00 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2007-12-15 13:25 . 2007-12-19 19:15 <REP> d-------- C:\WINDOWS\system32\CatRoot2
2007-12-15 12:59 . 2007-12-15 12:59 <REP> d-------- C:\Program Files\Impact Software LLC
2007-12-14 11:52 . 2007-12-14 11:52 <REP> d-------- C:\VundoFix Backups
2007-12-14 10:37 . 2007-12-14 10:37 <REP> d-------- C:\Program Files\Kill Process
2007-12-12 21:19 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-12 21:19 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-12 21:19 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-12 19:25 . 2007-12-12 19:25 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-12 19:20 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-12-12 19:18 . 2007-12-12 19:18 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-12-12 18:51 . 2007-12-12 19:20 <REP> d-------- C:\Program Files\Windows Live
2007-12-12 18:51 . 2007-12-12 18:55 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-12 18:51 . 2007-12-17 22:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-11 17:41 . 2007-12-15 13:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-12-11 14:32 . 2007-12-11 14:32 <REP> d-------- C:\Documents and Settings\LocalService\Menu D‚marrer
2007-12-11 12:18 . 2007-12-11 12:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-11 09:41 . 2007-12-11 09:42 <REP> d-------- C:\Program Files\PRTG Traffic Grapher 4
2007-12-11 09:37 . 2007-12-11 09:37 <REP> d-------- C:\Program Files\MPEGFLAWBAIT
2007-12-11 09:37 . 2007-12-11 09:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Fast Warn Ooze Info
2007-12-11 09:37 . 2007-12-11 17:46 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\MPEGFLAWBAIT
2007-12-10 21:44 . 2007-12-10 21:44 <REP> d-------- C:\Program Files\Smart Projects
2007-12-08 09:06 . 2007-12-08 09:08 <REP> d-------- C:\Program Files\Bandwidth Monitor Pro
2007-12-08 09:06 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-12-04 08:17 . 2007-12-04 08:17 <REP> d-------- C:\Program Files\Alwil Software
2007-12-04 08:17 . 2003-03-18 17:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-12-04 08:13 . 2007-12-11 12:26 <REP> d-------- C:\Program Files\RegCure
2007-12-01 16:07 . 2007-12-01 16:11 <REP> d-------- C:\Program Files\CD to MP3 Ripper
2007-12-01 14:52 . 2007-12-01 16:03 <REP> d-------- C:\Program Files\mp3Tag 5
2007-11-25 23:43 . 2007-11-25 23:43 245,408 --a------ C:\WINDOWS\system32\unicows.dll
2007-11-25 11:17 . 2007-12-15 13:39 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\BitTorrent
2007-11-25 11:16 . 2007-11-25 11:17 <REP> d-------- C:\Program Files\BitTorrent
2007-11-23 13:28 . 2007-11-23 13:28 <REP> d-------- C:\Program Files\PalickSoft
 
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-18 16:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-17 00:53 --------- d-----w C:\Program Files\Java
2007-12-15 18:29 --------- d-----w C:\Program Files\Evidence Eliminator
2007-12-15 17:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-15 17:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-13 23:51 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Skype
2007-12-13 23:04 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\AVG7
2007-12-11 17:18 --------- d-----w C:\Program Files\Lavasoft
2007-12-11 17:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-08 17:55 --------- d-----w C:\Program Files\NetLimiter 2 Pro
2007-12-06 21:16 --------- d-----w C:\Program Files\NetMeter
2007-12-03 21:43 --------- d-----w C:\Program Files\Shareaza
2007-12-01 20:18 --------- d-----w C:\Program Files\Winamp
2007-11-17 15:38 --------- d-----w C:\Program Files\iTunes
2007-11-17 15:38 --------- d-----w C:\Program Files\iPod
2007-11-17 15:36 --------- d-----w C:\Program Files\QuickTime
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-09 23:52 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\BearShare
2007-11-07 13:05 --------- d-----w C:\Program Files\BearFlix
2007-11-07 12:18 --------- d-----w C:\Program Files\BearShare Applications
2007-11-04 17:26 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-11-04 13:33 --------- d-----w C:\Program Files\Mortal Kombat 4
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-28 17:42 --------- d-----w C:\Program Files\WinLemm
2007-10-28 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-25 14:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-24 06:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2007-10-24 06:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
2007-10-24 06:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2007-10-24 06:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
2007-10-23 22:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-23 01:57 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
2007-10-21 19:41 --------- d-----w C:\Program Files\The GodFather
2007-10-21 19:04 --------- d-----w C:\Program Files\My Video Downloader
2007-10-21 19:04 --------- d-----w C:\Program Files\jv16 PowerTools 2005
2007-10-21 19:03 --------- d-----w C:\Program Files\Ripp-it_AM
2007-10-21 19:03 --------- d-----w C:\Program Files\ProFF-Morse-3
2007-10-21 19:01 --------- d-----w C:\Program Files\VideoLAN
2007-10-21 19:01 --------- d-----w C:\Program Files\RSHUT Pro
2007-10-21 18:57 --------- d-----w C:\Program Files\ABF software
2007-10-21 18:21 --------- d-----w C:\Program Files\windirstat
2007-10-21 14:44 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\WinButler
2007-10-21 12:05 --------- d-----w C:\Program Files\Fichiers communs\DVDVIDEOSOFT
2007-05-08 19:53 19,560 -c--a-w C:\Documents and Settings\Administrateur\Application Data\GDIPFONTCACHEV1.DAT
2007-03-25 13:55 434,688 -c--a-w C:\WINDOWS\system32\config\systemprofile\dpy.exe
2007-03-25 13:52 737,280 -c--a-w C:\WINDOWS\system32\config\systemprofile\irsetup.exe
2004-10-12 16:14 57,344 -c--a-w C:\WINDOWS\system32\config\systemprofile\InstHelp.dll
2004-10-12 16:14 57,344 -c--a-w C:\Documents and Settings\Default User\InstHelp.dll
2004-10-12 16:14 57,344 -c--a-w C:\Documents and Settings\Administrateur\InstHelp.dll
2007-07-17 23:56 1,199,874 -csh--w C:\WINDOWS\system32\bayay.bak1
2007-07-19 22:44 1,184,702 -csh--w C:\WINDOWS\system32\bayay.bak2
2007-07-19 23:02 1,188,553 -csh--w C:\WINDOWS\system32\bayay.ini2
.
 
(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:09]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2005-03-13 18:37]
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ    scecli scecli
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^MagicDisc.lnk]
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
   C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray]
2007-12-11 19:28 87392 --a------ C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
   C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe /min
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bandwidth Monitor Pro]
   C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe /minimized
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-10-28 21:25 94208 --a--c--- C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ButtonMonitor]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\NetMeter]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\NetMeter\NetMeter.exe]
2007-06-02 19:49 330240 --a------ C:\Program Files\NetMeter\NetMeter.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\combofix]
   C:\WINDOWS\system32\cmd.exe /c C:\ComboFix\Combobatch.bat
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch]
2002-03-19 17:30 45632 --a--c--- C:\WINDOWS\system32\taskswitch.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-19 15:09 15360 --a------ C:\WINDOWS\system32\ctfmon.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drvsyskit]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Evidence Eliminator]
   C:\Program Files\Evidence Eliminator\ee.exe /m
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FolderSizeMonitor]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hldrrr]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq.com]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-11-15 13:11 267048 --a------ C:\Program Files\iTunes\iTunesHelper.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
2001-11-29 00:00 28672 --a--c--- C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keep download]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
   Logi_MwX.Exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Lsass Service]
   lsass2.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
   MMTray.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray2K]
   MMTray2k.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTrayLSI]
   MMTrayLSI.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mule_st_key]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 --a--c--- C:\WINDOWS\system32\NeroCheck.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Save and Restore]
2006-03-03 20:36 1582744 --a--c--- C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooze info 4 shim]
2007-12-11 16:31 1165824 --a------ C:\Documents and Settings\All Users\Application Data\Fast Warn Ooze Info\Spam Phone.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\p2p networking]
   p2pnetworking.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCPitstop Optimize Registration Reminder]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
   C:\Program Files\QuickTime\qttask.exe -atboottime
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ServUTrayIcon]
2006-06-12 08:09 65536 --a--c--- C:\Program Files\RhinoSoft.com\Serv-U\ServUTray.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6w]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza Turbo Accelerator]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
   C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundService]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2007-08-31 16:46 1460560 --a------ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]
2005-03-13 18:37 1057280 --a--c--- C:\Program Files\SuperCopier2\SuperCopier2.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Memory Card Detector]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 00:00 90112 -----c--- C:\WINDOWS\UpdReg.EXE
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
   C:\WINDOWS\system32\dumprep 0 -u
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VFSCache]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Videora]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinButler]
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
&nb