system alert ! aidé moi!!! - Page 2

Reprise du message précédent :
Re

Clique sur Démarrer, Exécuter et copie/colle ceci.

chkdsk Cf

Valide par Entrée.
Valide par O pour faire l'analyse au redémarrage.

Redémarre le PC.

Répondre à chercheur_

Inscrivez-vous ou connectez-vous pour masquer ceci.

voila c'est fais, maintenant il me reste quoi a faire

Répondre à el-chico66

Re

Étape 1:
Télécharge eScan Antivirus Toolkit
http://www.spywareinfo.dk/download/mwav.exe
Sauvegarde-le sur ton Bureau.
Avant de lancer le programme, il faut le mettre à jour tel qu'indiqué à l'étape 2.

Étape 2:
Voici comment mettre l'outil à jour :

1.) Double-clique le fichier mwav.exe qui se trouve sur le Bureau; dézippe les fichiers dans le nouveau dossier suggéré (Kaspersky) situé à la racine du lecteur C:\ (C:\Kaspersky.). Le programme va se lancer, et tu dois le quitter (clique sur "Exit" puis "Exit" ).

2.) Double-clique sur le Poste de travail, puis double-clique sur le lecteur principal (habituellement C:\), double-clique sur le dossier Kaspersky; ensuite, double-clique sur le fichier kavupd.exe. Tu verras maintenant une fenêtre DOS apparaître, et la mise à jour se complètera en quelques minutes.

3.) Lorsque la mise à jour sera complétée, tu verras "Press any key to continue"; tape sur une clé pour continuer.

Ne pas lancer le scan tout de suite !

Étape 3:
Redémarre en mode Sans Échec
Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.

Étape 4:
Du mode Sans Échec, voici comment utiliser le programme :

1.) Pour lancer "eScan Antivirus Toolkit", trouve le fichier mwavscan.com situé dans le dossier C:\Kaspersky

2.) Double-clique sur mwavscan.com; l'interface d'eScan va apparaître à l'écran.

3.) Il est très important de bien cocher ces boîtes sous Scan Option
Memory, Registry, Startup Folders, System Folders, Services.

4.) Coche la boîte Drive, ce qui donne accès à une nouvelle boîte Drive (bouton rond) juste dessous; coche ce bouton "Drive" (très important..), et tu verras une nouvelle boîte de navigation apparaître à la droite. Clique sur la petite flèche de cette boîte and choisi la lettre de ton disque dur, habituellement C:\.

5.) Juste au-dessous, assure-toi que Scan All Files est coché, et non Program Files.

6.) Clique sur Scan Clean et laisse le tool vérifier tout le disque dur (ça peut être long..). Lorsque terminé, tu verras Scan Completed. Ne pas quitter tout de suite !

7.) Ouvre un nouveau fichier Bloc notes (clique sur "Démarrer" >> "Programmes" >>"Accessoires" >> "Bloc notes" ), puis copie/colle tout le contenu de la fenêtre Virus Log Information (la deuxième, au bas) dans le fichier texte, et sauvegarde le. eScan génère également un rapport complet dans le dossier C:\Kaspersky (nommé mwav.log), mais il est trop lourd pour poster sur le forum.

Ferme le programme. Redémarre ton PC en mode Normal. Poste (copie/colle) le rapport que tu as sauvegardé dans ta prochaine réponse.

Répondre à chercheur_

File C:\DOCUME~1\VANWIL~1\APPLIC~1\SHIMME~1\CREATI~1.EXE infected by "Trojan.Win32.Obfuscated.en" Virus. Action Taken: File Deleted.

File C:\WINDOWS\RESTORE.INS tagged as not-a-virus:NetTool.Win32.PsKill. No Action Taken.

File C:\Documents and Settings\VANWILDEMEERSCH\Application Data\Shim Meta\live obj eggs jugs.exe infected by "Trojan.Win32.Obfuscated.en" Virus. Action Taken: File Deleted.

File C:\Documents and Settings\VANWILDEMEERSCH\Application Data\Shim Meta\ptkvivvo.exe infected by "Trojan.Win32.Obfuscated.en" Virus. Action Taken: File Deleted.

File C:\Documents and Settings\VANWILDEMEERSCH\Application Data\Shim Meta\that show dale.exe infected by "Trojan.Win32.Obfuscated.en" Virus. Action Taken: File Deleted.

File C:\Documents and Settings\VANWILDEMEERSCH\Bureau\clean\clean\pskill.exe tagged as not-a-virus:RiskTool.Win32.PsKill.k. No Action Taken.

File C:\Documents and Settings\VANWILDEMEERSCH\Bureau\SmitfraudFix\Reboot.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.

File C:\Documents and Settings\VANWILDEMEERSCH\Bureau\SmitfraudFix\SmitfraudFix\Reboot.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.

File C:\Documents and Settings\VANWILDEMEERSCH\Bureau\SmitfraudFix\SmitfraudFix.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.

File C:\Documents and Settings\VANWILDEMEERSCH\Bureau\vincent\clean.zip tagged as not-a-virus:RiskTool.Win32.PsKill.k. No Action Taken.

File C:\OEMCUST\TOOLS\WIN32\PSKILL.EXE tagged as not-a-virus:NetTool.Win32.PsKill. No Action Taken.

File C:\QooBox\Quarantine\C\Program Files\Video ActiveX Object\uninst.exe.vir infected by "Trojan-Downloader.Win32.Zlob.bon" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP395\A0376648.exe infected by "Trojan-Downloader.Win32.Zlob.bon" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP397\A0378177.exe infected by "Trojan.Win32.Obfuscated.en" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP397\A0378178.exe infected by "Trojan.Win32.Obfuscated.en" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP397\A0378184.exe infected by "Trojan-Downloader.Win32.Murlo.fe" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP397\A0378185.exe infected by "Trojan-Downloader.Win32.Zlob.bon" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP397\A0378187.sys infected by "Rootkit.Win32.Agent.cf" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP397\A0378188.exe infected by "Trojan-Proxy.Win32.Wopla.ac" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP398\A0387271.exe infected by "Trojan.Win32.Obfuscated.en" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP398\A0387272.exe infected by "Trojan.Win32.Obfuscated.en" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP398\A0387273.exe infected by "Trojan.Win32.Obfuscated.en" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP398\A0387274.exe infected by "Trojan.Win32.Obfuscated.en" Virus. Action Taken: File Deleted.

File C:\WINDOWS\RESTORE.INS tagged as not-a-virus:NetTool.Win32.PsKill. No Action Taken.

File C:\WINDOWS\system\RESTORE.INS tagged as not-a-virus:NetTool.Win32.PsKill. No Action Taken.

Répondre à el-chico66

il me reste quoi a faire là?

Répondre à el-chico66

Bonjour

eScan trouve ce dossier infectieux Lop que tu aurais du supprimé il y a quelques temps.
C:\Documents and Settings\VANWILDEMEERSCH\Application Data\Shim Meta

On continue avec un autre.

Étape 1:

Crée un dossier que tu vas nommer Sysclean Package dans C:\Program Files par exemple.

Désactive, le temps de la procédure, tous les contrôleurs d'intégrité

(si présents) comme le tea timer de Spybot, Process Guard, Hanti hook,
Winpooch, etc..

Note: Les possesseurs d'Avast antivirus ne doivent pas utiliser Sysclean autrement qu'en mode sans échec car Avast considère sysclean.com comme infecté par le virus VBS:Redlof !!Pour scanner le pc en mode normal(en cas de problème pour accéder au mode sans échec) il faudra désactiver Avast le temps du scan pour éviter tout conflit.(cette remarque peut être valable pour d'autres antivirus!)

Étape 2:

Télécharge Sysclean Package

http://www.trendmicro.com/ftp/prod [...] sclean.com
et enregistre le dans le dossier que tu viens de créer.

Étape 3: Mise à jour.

Rends toi à la page suivante Controlled Pattern Release

:http: //www.trendmicro.com/download/pattern-cpr.asp
et accepte le disclaimer en cliquant sur I Accept.

Une nouvelle fenêtre vas s'ouvrir:télécharge le fichier nommé lptXXX.zip (ou X représente la version du fichier,c'est le premier de la liste.),et dézippe le dans le dossier que tu viens de créer.

Étape 4:

Redémarre le PC, impérativement en mode sans échec,(au démarrage, tapoter immédiatement la touche F8,puis apparaitra un écran avec choix de démarrages : choisir "Mode sans échec" avec les flèches du clavier, puis valider avec "Entrée".)

Choisir le compte usuel (et non Administrateur).

Étape 5:

Comment utiliser Trend Micro Sysclean Package :

Lance le fichier "Sysclean" par un double clic. Une fenêtre nommée "Trend Micro Sysclean Package" va s'ouvrir.
coche la case "Automatically clean or delete detected files"
Clique sur le bouton Scan
Patiente le scan peut prendre du temps!
Une fois le scan terminé, clique sur le bouton View Log .Sauvegarde le rapport au format texte qui a été généré.
Ferme le programme.

Redémarre ton PC en mode Normal.

Poste (copie/colle) le rapport que tu as sauvegardé dans ta prochaine réponse avec un nouveau Hijackthis.

Répondre à chercheur_

bonjour je ne comprend pas l'étape 1.

Étape 1:

* Crée un dossier que tu vas nommer Sysclean Package dans C:\Program Files par exemple.

* Désactive, le temps de la procédure, tous les contrôleurs d'intégrité

(si présents) comme le tea timer de Spybot, Process Guard, Hanti hook,
Winpooch, etc..

* Note: Les possesseurs d'Avast antivirus ne doivent pas utiliser Sysclean autrement qu'en mode sans échec car Avast considère sysclean.com comme infecté par le virus VBS:Redlof !!Pour scanner le pc en mode normal(en cas de problème pour accéder au mode sans échec) il faudra désactiver Avast le temps du scan pour éviter tout conflit.(cette remarque peut être valable pour d'autres antivirus!)

Il faut que je desactive tous les controleur d'integrité et je ne c'est pas où trouver ceci ...

Répondre à el-chico66

Bonjour

Je viens de vérifier, tu peux sauter cette étape.

Répondre à chercheur_

bonjour,
je ne sais pas c'est quoi un compt usuel??? et quand j'ouvre en mode sans echec avec mon compt d'utilisateur sa n'affiche rien !!!

Répondre à el-chico66

Le compte usuel, c'est ton propre compte.

Répondre à chercheur_

ben quand jouvre mon compt en mode sans echec, il y a rien qui s'afficheet sa veu plus rien faire, je suis obligé de l'éteindre

Répondre à el-chico66

Fais la manip en mode normal, on verra le résultat.

Répondre à chercheur_

/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/

2007-05-01, 17:15:56, Auto-clean mode specified.
2007-05-01, 17:15:56, Running scanner "C:\Program Files\Sysclean Package\TSC.BIN"...
2007-05-01, 17:16:15, Scanner "C:\Program Files\Sysclean Package\TSC.BIN" has finished running.
2007-05-01, 17:16:15, TSC Log:

Damage Cleanup Engine (DCE) 5.3(Build 1083)
Windows XP(Build 2600: Service Pack 1)

Start time : mar. mai 01 2007 17:15:58

Load Damage Cleanup Template (DCT) "C:\Program Files\Sysclean Package\TMRDCT.ptn" (version ) [fail]
Load Damage Cleanup Template (DCT) "C:\Program Files\Sysclean Package\tsc.ptn" (version 858) [success]

Complete time : mar. mai 01 2007 17:16:15
Execute pattern count(3084), Virus found count(0), Virus clean count(0), Clean failed count(0)

2007-05-01, 17:17:21, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 5/1/2007 17:17:21
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Command Line: C:\Program Files\Sysclean Package\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.*

2007-05-01, 17:17:21, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 5/1/2007 17:17:21
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Command Line: C:\Program Files\Sysclean Package\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.*

2007-05-01, 17:17:21, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 5/1/2007 17:17:21
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Command Line: C:\Program Files\Sysclean Package\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.*

2007-05-01, 17:17:21, Scanner "C:\Program Files\Sysclean Package\VSCANTM.BIN" has finished running.
2007-05-01, 17:17:21, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 5/1/2007 17:17:21
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Command Line: C:\Program Files\Sysclean Package\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.*

2007-05-01, 17:17:21, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 5/1/2007 17:17:21
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Command Line: C:\Program Files\Sysclean Package\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.*

2007-05-01, 17:17:21, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 5/1/2007 17:17:21
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Command Line: C:\Program Files\Sysclean Package\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.*

2007-05-01, 17:17:21, Scanner "C:\Program Files\Sysclean Package\VSCANTM.BIN" has finished running.

et le HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 17:22:35, on 01/05/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Documents and Settings\VANWILDEMEERSCH\Bureau\vincent\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Intelligent Driver\4DMAIN.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Documents and Settings\VANWILDEMEERSCH\Bureau\vincent\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\VANWILDEMEERSCH\Bureau\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {26FAFD75-1005-41F6-978D-178C00165C0B} - C:\WINDOWS\System32\awtstus.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AD59AB8E-1590-44E1-A526-614649D2CA06} - C:\WINDOWS\System32\awvvs.dll
O2 - BHO: (no name) - {B6F1A4CB-DADD-4D0C-BDFC-E945647302C1} - c:\wmplayer.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\System32\bitfctis.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [ActivSurf] C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\Intelligent Driver\4DMAIN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\VANWILDEMEERSCH\Bureau\vincent\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\System32\eylplbqv.dll",realset
O4 - HKCU\..\Run: [E06FXLRD_123281] "C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?c09ec430239c45f6a3c3744d9db0ea47
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?c09ec430239c45f6a3c3744d9db0ea47
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O12 - Plugin for .VOB: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awtstus - C:\WINDOWS\SYSTEM32\awtstus.dll
O20 - Winlogon Notify: awvvs - C:\WINDOWS\System32\awvvs.dll
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\VANWILDEMEERSCH\Bureau\vincent\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

Répondre à el-chico66

Re

Des infections sont encore là.

Supprime SDFix, il est obsolète.

Une partie de la procédure se déroulera sans avoir accès à internet, prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant cette désinfection.
Les manipulations sont à faire sans interruption et dans l'ordre.
Si tu ne comprends pas quelque chose, demande des explications avant de commencer.

1 Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com [...] /SDFix.exe

2 Double-clique VundoFix.exe afin de le lancer.
---> Ne clique pas sur "Scan for Vundo"

Fais un clic droit dans la fenêtre blanche et clique "Add more files?"
Dans la nouvelle fenêtre qui apparait, Copie/colle le chemin du fichier suivant dans la première case (au haut):

C:\WINDOWS\System32\awtstus.dll

Copie/colle le chemin du fichier suivant dans la seconde case (au centre):

C:\WINDOWS\System32\sutstwa.*

Copie/colle le chemin du fichier suivant dans la troisiéme case (en bas):

C:\WINDOWS\System32\bitfctis.dll

Clique sur le bouton "Add File(s)"
Clique sur le bouton "Close Window"
Clique à nouveau sur "Remove Vundo"
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown" ); clique OK

Démarre ton PC à nouveau.

3 Double-clique VundoFix.exe afin de le lancer.
---> Ne clique pas sur "Scan for Vundo"

Fais un clic droit dans la fenêtre blanche et clique "Add more files?"
Dans la nouvelle fenêtre qui apparait, Copie/colle le chemin du fichier suivant dans la première case (au haut):

C:\WINDOWS\System32\awvvs.dll

Copie/colle le chemin du fichier suivant dans la seconde case (au centre):

C:\WINDOWS\System32\svvwa.*

Copie/colle le chemin du fichier suivant dans la troisiéme case (en bas):

C:\WINDOWS\System32\eylplbqv.dll

Clique sur le bouton "Add File(s)"
Clique sur le bouton "Close Window"
Clique à nouveau sur "Remove Vundo"
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown" ); clique OK
Démarre ton PC à nouveau.

4 Redémarre en mode sans echec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.

5 Relance un scan HijackThis et coche les lignes ci-dessous :

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {26FAFD75-1005-41F6-978D-178C00165C0B} - C:\WINDOWS\System32\awtstus.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {AD59AB8E-1590-44E1-A526-614649D2CA06} - C:\WINDOWS\System32\awvvs.dll
O2 - BHO: (no name) - {B6F1A4CB-DADD-4D0C-BDFC-E945647302C1} - c:\wmplayer.dll
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\System32\bitfctis.dll
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\System32\eylplbqv.dll",realset
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O20 - Winlogon Notify: awtstus - C:\WINDOWS\SYSTEM32\awtstus.dll
O20 - Winlogon Notify: awvvs - C:\WINDOWS\System32\awvvs.dll
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll (file missing)

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »

6 Double clique sur [b]SDFix.exe et choisis Install
Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
Tape Y pour lancer le script.
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire
Presse une touche pour redémarrer

Le PC va mettre du temps avant de démarrer, presse une touche lorsque "Finished" s'affiche

Ouvre le dossier SDFix et copie/colle ici le contenu du fichier "Report.txt" avec le rapport situé dans C:\vundofix.txt et un nouveau HijackThis.

Répondre à chercheur_

SDFix: Version 1.81

Run by VANWILDEMEERSCH - 01/05/2007 - 19:47:11.92

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
EXAMPLE
NDnet1
ntio256
Runtime

ImagePath:
\??\C:\WINDOWS\System32\main.sys
\??\C:\WINDOWS\System32\ksys.sys
\??\C:\WINDOWS\System32\ntio256.sys
\??\C:\WINDOWS\System32\drivers\runtime.sys

EXAMPLE - Deleted
NDnet1 - Deleted
ntio256 - Deleted
Runtime - Deleted

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\system32\update2.exe - Deleted
C:\WINDOWS\system32\update8.exe - Deleted
C:\WINDOWS\system32\update7.exe - Deleted
C:\Temp.htm - Deleted
C:\WINDOWS\system32\5_exception.nls - Deleted
C:\WINDOWS\system32\ksys.sys - Deleted
C:\WINDOWS\system32\RunOnce.t__ - Deleted
C:\WINDOWS\system32\RunOnce.tm_ - Deleted
C:\WINDOWS\system32\update2.exe - Deleted
C:\WINDOWS\system32\update7.exe - Deleted
C:\WINDOWS\system32\update8.exe - Deleted

Removing Temp Files

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Final Check:

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:

C:\WINDOWS\system32\jkkli.dll
C:\WINDOWS\system32\pmkjg.dll
C:\WINDOWS\system32\ilkkj.tmp
C:\WINDOWS\system32\svvwa.tmp
C:\WINDOWS\system32\config\DEFAULT.tmp.LOG
C:\WINDOWS\system32\config\SAM.tmp.LOG
C:\WINDOWS\system32\config\SECURITY.tmp.LOG
C:\WINDOWS\system32\config\SOFTWARE.tmp.LOG
C:\WINDOWS\system32\config\SYSTEM.tmp.LOG

Finished

vundofix.exe

VundoFix V6.3.20

Checking Java version...

Sun Java not detected
Scan started at 13:10:07 25/04/2007

Listing files found while scanning....

No infected files were found.

Beginning removal...

VundoFix V6.3.20

Checking Java version...

Sun Java not detected
Scan started at 13:16:08 25/04/2007

Listing files found while scanning....

No infected files were found.

Beginning removal...

VundoFix V6.3.20

Checking Java version...

Sun Java not detected
Scan started at 13:19:23 25/04/2007

Listing files found while scanning....

No infected files were found.

Beginning removal...

Beginning removal...

Attempting to delete C:\WINDOWS\System32\awtstus.dll
C:\WINDOWS\System32\awtstus.dll Could not be deleted.

Attempting to delete C:\WINDOWS\System32\bitfctis.dll
C:\WINDOWS\System32\bitfctis.dll Has been deleted!

et le hijackThis.log

Logfile of HijackThis v1.99.1
Scan saved at 20:04:31, on 01/05/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Documents and Settings\VANWILDEMEERSCH\Bureau\vincent\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Apps\ActivBoard\OSD.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Intelligent Driver\4DMAIN.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Documents and Settings\VANWILDEMEERSCH\Bureau\vincent\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\VANWILDEMEERSCH\Bureau\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {05AEFFC3-7F3D-44E3-B909-B158A84F232F} - C:\WINDOWS\System32\awvvs.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [ActivSurf] C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\Intelligent Driver\4DMAIN.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\VANWILDEMEERSCH\Bureau\vincent\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [E06FXLRD_123281] "C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?c09ec430239c45f6a3c3744d9db0ea47
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?c09ec430239c45f6a3c3744d9db0ea47
O12 - Plugin for .VOB: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\VANWILDEMEERSCH\Bureau\vincent\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

voila

Répondre à el-chico66

Bien, gros ménage.

Relance Hijackthis et fixe cette ligne.

O2 - BHO: (no name) - {05AEFFC3-7F3D-44E3-B909-B158A84F232F} - C:\WINDOWS\System32\awvvs.dll (file missing)

Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.
Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis.

Répondre à chercheur_

"VANWILDEMEERSCH" - 07-05-02 1:54:04 Service Pack 1
ComboFix 07-04-22.6V - Running from: "C:\Documents and Settings\VANWILDEMEERSCH\Bureau\logiciel s‚curit‚\"

(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\pmkjg.dll
C:\WINDOWS\system32\jkkli.dll
C:\WINDOWS\system32\awttstq.dll
C:\WINDOWS\system32\gjkmp.ini
C:\WINDOWS\system32\ilkkj.tmp

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\Documents and Settings\All Users.\documents\settings

[color=red] C:\WINDOWS\system32\winlogon.exe . . . is infected!![/color]

[color=red] C:\WINDOWS\system32\winlogon.exe . . . is infected!![/color]

((((((((((((((((((((((((((((((( Files Created from 2007-04-02 to 2007-05-02 ))))))))))))))))))))))))))))))))))

2007-05-01 01:17 <REP> d-------- C:\Program Files\Bowling 2006
2007-04-30 23:39 539,842 ---hs---- C:\WINDOWS\system32\svvwa.ini2
2007-04-30 23:22 537,184 ---hs---- C:\WINDOWS\system32\svvwa.bak2
2007-04-30 22:44 8,192 --a------ C:\WINDOWS\system32\tsbyuv.dll
2007-04-30 22:44 7,734 -ra------ C:\WINDOWS\system32\Repository.reg
2007-04-30 22:44 527,136 -ra------ C:\WINDOWS\system32\LVUI2RC.dll
2007-04-30 22:44 50,688 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-04-30 22:44 487,328 -ra------ C:\WINDOWS\system32\drivers\LV561AV.SYS
2007-04-30 22:44 45,568 --a------ C:\WINDOWS\system32\iyuv_32.dll
2007-04-30 22:44 40,352 -ra------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2007-04-30 22:44 348,160 -ra------ C:\WINDOWS\system\msvcr71.dll
2007-04-30 22:44 264,992 -ra------ C:\WINDOWS\system32\lvcodec2.dll
2007-04-30 22:44 211,744 -ra------ C:\WINDOWS\system32\LVUI2.dll
2007-04-30 22:44 121,632 -ra------ C:\WINDOWS\system32\lvcoinst.dll
2007-04-30 02:38 <REP> d-------- C:\Program Files\uTorrent
2007-04-30 02:38 <REP> d-------- C:\DOCUME~1\VANWIL~1\APPLIC~1\uTorrent
2007-04-30 01:17 <REP> d-------- C:\Program Files\Sysclean Package
2007-04-29 19:22 <REP> d-------- C:\Program Files\Car Jacker
2007-04-29 19:06 1,156 --a------ C:\WINDOWS\mozver.dat
2007-04-29 01:33 <REP> d-------- C:\Downloads
2007-04-29 01:33 <REP> d-------- C:\Bases
2007-04-29 01:30 <REP> d-------- C:\Kaspersky
2007-04-28 02:49 0 --a------ C:\WINDOWS\nsreg.dat
2007-04-28 01:59 <REP> d-------- C:\Program Files\PhotoFiltre Studio
2007-04-27 18:27 <REP> d-------- C:\DOCUME~1\VANWIL~1\DoctorWeb
2007-04-27 16:50 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-04-27 16:50 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-27 16:50 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-27 16:50 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-04-27 16:50 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-27 16:50 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-27 16:50 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-26 18:24 3,596 --a------ C:\WINDOWS\system32\tmp.reg
2007-04-26 14:09 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-26 13:49 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-04-26 13:47 <REP> d-------- C:\Program Files\Yahoo!
2007-04-26 13:10 153,088 --a------ C:\WINDOWS\system32\windbg48.sys
2007-04-25 13:10 <REP> d-------- C:\VundoFix Backups
2007-04-24 20:18 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-04-24 20:18 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-04-24 20:18 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-04-24 16:34 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-04-22 21:15 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2007-04-22 21:15 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
2007-04-22 21:15 <REP> d-------- C:\WINDOWS\system32\AlertModule
2007-04-20 20:34 <REP> d--h----- C:\DOCUME~1\ADMINI~1\ModŠles

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-02 02:04 -------- d-------- C:\Program Files\wanadoo
2007-05-02 00:59 -------- d-------- C:\Program Files\emule
2007-04-29 19:00 -------- d--h----- C:\Program Files\installshield installation information
2007-04-29 19:00 -------- d-------- C:\Program Files\micro application
2007-04-29 02:03 -------- d-------- C:\DOCUME~1\VANWIL~1\APPLIC~1\shim meta
2007-04-28 13:34 65606 --a--c--- C:\WINDOWS\system32\perfc00c.dat
2007-04-28 13:34 448638 --a--c--- C:\WINDOWS\system32\perfh00c.dat
2007-04-26 14:42 75264 --a------ C:\WINDOWS\system32\ws2_32.dll
2007-04-26 14:42 520704 --a------ C:\WINDOWS\system32\winlogon.exe
2007-04-19 13:53 -------- d-------- C:\Program Files\maplom
2007-04-19 13:53 -------- d-------- C:\Program Files\gamespy arcade
2007-03-08 22:58 -------- d-------- C:\DOCUME~1\VANWIL~1\APPLIC~1\image zone express
2007-03-08 18:02 -------- d-------- C:\Program Files\hewlett-packard
2007-03-08 17:53 -------- d-------- C:\Program Files\hp
2007-03-02 18:12 71 ---h----- C:\WINDOWS\dhdd7548.dat

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
{5CA3D70E-1895-11CF-8E15-001234567890} C:\WINDOWS\system32\dla\tfswshx.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar1.dll
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\Windows Live Toolbar\msntb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"EM_EXEC"="C:\\PROGRA~1\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /installquiet"
"ACTIVBOARD"="C:\\Apps\\ActivBoard\\MMKeybd.exe"
"ActivSurf"="C:\\apps\\ActivSurf\\4448364\\Program\\backweb-4448364.exe"
"VCSPlayer"="\"C:\\Program Files\\Virtual CD v4 SDK\\system\\vcsplay.exe\""
"VOBRegCheck"="C:\\WINDOWS\\System32\\VOBREGCheck.exe -CheckReg"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"WheelMouse"="C:\\Program Files\\Intelligent Driver\\4DMAIN.EXE"
"StorageGuard"="\"C:\\Program Files\\VERITAS Software\\Update Manager\\sgtray.exe\" /r"
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"WOOWATCH"="C:\\PROGRA~1\\Wanadoo\\Watch.exe"
"WOOTASKBARICON"="C:\\PROGRA~1\\Wanadoo\\GestMaj.exe TaskBarIcon.exe"
"!AVG Anti-Spyware"="\"C:\\Documents and Settings\\VANWILDEMEERSCH\\Bureau\\vincent\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"E06FXLRD_123281"="\"C:\\Program Files\\Microsoft Encarta\\Collection Microsoft Encarta 2006 DVD\\EDICT.EXE\" -m"
"WOOKIT"="C:\\PROGRA~1\\Wanadoo\\Shell.exe appLaunchClientZone.shl|PARAM= cnx"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"eMuleAutoStart"="C:\\Program Files\\eMule\\emule.exe -AutoStart"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\FF918010914E61CC.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1092916326.job
C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-02 02:05:15
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-05-02 2:08:44 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-05-02 02:08
C:\ComboFix2.txt ... 07-04-24 20:13
C:\ComboFix3.txt ... 07-04-24 16:34

et le nouveau hijackThis

Logfile of HijackThis v1.99.1
Scan saved at 02:10:52, on 02/05/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Documents and Settings\VANWILDEMEERSCH\Bureau\vincent\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Intelligent Driver\4DMAIN.EXE
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Documents and Settings\VANWILDEMEERSCH\Bureau\vincent\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\VANWILDEMEERSCH\Bureau\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [ActivSurf] C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\Intelligent Driver\4DMAIN.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\VANWILDEMEERSCH\Bureau\vincent\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [E06FXLRD_123281] "C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?c09ec430239c45f6a3c3744d9db0ea47
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?c09ec430239c45f6a3c3744d9db0ea47
O12 - Plugin for .VOB: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\VANWILDEMEERSCH\Bureau\vincent\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

Répondre à el-chico66

Bonjour

télécharge GenProc http://www.alt-shift-return.org/In [...] ocBèta.zip sur ton bureau

dézippe le dossier, double-clique sur GenProc.bat
et poste le contenu du rapport qui s'ouvre

Aide en images : http://www.alt-shift-return.org/In [...] HowTo.html

Répondre à chercheur_

salut,
quand je clic sur le lien pour telecharger Genproc il me dise error 404-no found

Répondre à el-chico66

Voilà un autre lien

http://www.alt-shift-return.org/In [...] enProc.zip

Répondre à chercheur_

Rapport GenProc 0.46 [1] effectué le 03/05/2007 à 11:52:28.10 - SystemRoot = C:\WINDOWS

# Etape 1/ Télécharge :

- CCleaner http://www.filehippo.com/download_ccleaner.html ("Download Latest Version", sur la droite).
Ce logiciel va permettre de supprimer tous les fichiers temporaires. Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C'est tout.

- VundoFix.exe (par Atribune) http://www.atribune.org/ccount/click.php?id=4 sur ton Bureau

***** Copie ce qui suit dans un fichier texte et redémarre en mode sans échec comme indiqué ici https://www.microsoft.com/technet/p [...] x?mfr=true (choisis ta session courante "VANWILDEMEERSCH" ) *****

# Etape 2/

Double-clique VundoFix.exe afin de le lancer
Clique sur le bouton Scan for Vundo
Lorsque le scan est complété, clique sur le bouton "Remove Vundo"
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué Yes, le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo

# Etape 3/

Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

# Etape 4/

Redémarre normalement et poste :
- Un nouveau rapport HijackThis, toutes fenêtres et applications fermées si tu ne l'as pas tu trouveras HijackThis ici http://www.trendsecure.com/portal/ [...] his_v2.exe ;
- Le contenu du rapport situé dans C:\vundofix.txt ;

Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.

Répondre à el-chico66

voila et je dois faire les étapes ou pas?

Répondre à el-chico66

Oui, car l'infection Vundo est résistante.

Répondre à chercheur_

Logfile of HijackThis v1.99.1
Scan saved at 12:46:19, on 03/05/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Intelligent Driver\4DMAIN.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Documents and Settings\VANWILDEMEERSCH\Bureau\vincent\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\VANWILDEMEERSCH\Bureau\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [ActivSurf] C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\Intelligent Driver\4DMAIN.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\VANWILDEMEERSCH\Bureau\vincent\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [E06FXLRD_123281] "C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?c09ec430239c45f6a3c3744d9db0ea47
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?c09ec430239c45f6a3c3744d9db0ea47
O12 - Plugin for .VOB: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\VANWILDEMEERSCH\Bureau\vincent\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

et le rapport de vundofix.txt

VundoFix V6.3.20

Checking Java version...

Sun Java not detected
Scan started at 13:10:07 25/04/2007

Listing files found while scanning....

No infected files were found.

Beginning removal...

VundoFix V6.3.20

Checking Java version...

Sun Java not detected
Scan started at 13:16:08 25/04/2007

Listing files found while scanning....

No infected files were found.

Beginning removal...

VundoFix V6.3.20

Checking Java version...

Sun Java not detected
Scan started at 13:19:23 25/04/2007

Listing files found while scanning....

No infected files were found.

Beginning removal...

Beginning removal...

Attempting to delete C:\WINDOWS\System32\awtstus.dll
C:\WINDOWS\System32\awtstus.dll Could not be deleted.

Attempting to delete C:\WINDOWS\System32\bitfctis.dll
C:\WINDOWS\System32\bitfctis.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\System32\awtstus.dll
C:\WINDOWS\System32\awtstus.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\System32\awvvs.dll
C:\WINDOWS\System32\awvvs.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\eylplbqv.dll
C:\WINDOWS\System32\eylplbqv.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.21

Checking Java version...

Sun Java not detected
Scan started at 12:26:38 03/05/2007

Listing files found while scanning....

No infected files were found.

Beginning removal...

Répondre à el-chico66

et quand je fais l'analyse avec vundo et que je clic sur remov vundo, ben il ne redemarre pas automatiquement !!! c'est normale?

Répondre à el-chico66

S'il ne redémarre pas, c'est parcequ'il ne trouve pas les fichiers infectieux.

Télécharge VirtumundoBegone sur le bureau
http://secured2k.home.comcast.net/ [...] BeGone.exe

Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu.

Répondre à chercheur_

et je fai l'analyse en mode sans echec???

Répondre à el-chico66

[05/04/2007, 15:54:36] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\VANWILDEMEERSCH\Bureau\VirtumundoBeGone.exe" )
[05/04/2007, 15:54:42] - Detected System Information:
[05/04/2007, 15:54:42] - Windows Version: 5.1.2600, Service Pack 1
[05/04/2007, 15:54:42] - Current Username: VANWILDEMEERSCH (Admin)
[05/04/2007, 15:54:42] - Windows is in NORMAL mode.
[05/04/2007, 15:54:42] - Searching for Browser Helper Objects:
[05/04/2007, 15:54:42] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[05/04/2007, 15:54:42] - BHO 2: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[05/04/2007, 15:54:42] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[05/04/2007, 15:54:42] - BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[05/04/2007, 15:54:42] - BHO 5: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[05/04/2007, 15:54:42] - Finished Searching Browser Helper Objects
[05/04/2007, 15:54:42] - Finishing up...
[05/04/2007, 15:54:42] - Nothing found! Exiting...

[05/04/2007, 15:55:38] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\VANWILDEMEERSCH\Bureau\VirtumundoBeGone.exe" )
[05/04/2007, 15:55:42] - User choose NOT to continue. Exiting...

et le hijackThis

Logfile of HijackThis v1.99.1
Scan saved at 16:03:02, on 04/05/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Intelligent Driver\4DMAIN.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Documents and Settings\VANWILDEMEERSCH\Bureau\vincent\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\VANWILDEMEERSCH\Bureau\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [ActivSurf] C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\Intelligent Driver\4DMAIN.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\VANWILDEMEERSCH\Bureau\vincent\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [E06FXLRD_123281] "C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?c09ec430239c45f6a3c3744d9db0ea47
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?c09ec430239c45f6a3c3744d9db0ea47
O12 - Plugin for .VOB: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\VANWILDEMEERSCH\Bureau\vincent\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

Répondre à el-chico66

Bonjour

Hijackthis est propre.

On regarde ce qu'il reste.
Télécharge DiagHelp.zip (de Malekal_Morte) sur ton bureau
http://www.malekal.com/download/DiagHelp.zip
- Fais un clic droit sur le fichier et extraire tout
- Un nouveau dossier chercher va être créé DiagHelp
- Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
- Une fenêtre va s'ouvrir, choisis l'option 1
- L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande
- A la fin de l'analyse, il te sera peut-être redemandé de redémarrer l'ordinateur... Une fois l'ordinateur redémarré le rapport va apparaître sur le bloc-note.. Ce dernier se trouve sur C:\resultat.txt
- Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
-- Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
-- A nouveau menu Edition / copier
-- Dans un nouveau message ici, faire un clic droit / coller

Répondre à chercheur_

salut,
quand je fait extraire tous il me dise aucun fichier à extraire...

Répondre à el-chico66

Re

As tu essayer de le retélécharger ?

Répondre à chercheur_

C:\WINDOWS\System32/drivers\aswmon.sys -->30/04/2007 17:41:55
C:\WINDOWS\System32/drivers\aswmon2.sys -->30/04/2007 17:41:42
C:\WINDOWS\System32/drivers\aswRdr.sys -->30/04/2007 17:39:41
C:\WINDOWS\System32/drivers\aswTdi.sys -->30/04/2007 17:38:51
C:\WINDOWS\System32/drivers\aavmker4.sys -->30/04/2007 17:37:23
C:\WINDOWS\System32/drivers\cdralw2k.sys -->27/03/2007 09:55:32
C:\WINDOWS\System32/drivers\cdr4_xp.sys -->27/03/2007 09:55:32

C:\WINDOWS\System32\FNTCACHE.DAT -->03/05/2007 22:40:18
C:\WINDOWS\System32\CONFIG.NT -->01/05/2007 21:14:00
C:\WINDOWS\System32\svvwa.ini2 -->01/05/2007 19:15:42
C:\WINDOWS\System32\svvwa.bak2 -->01/05/2007 19:05:45
C:\WINDOWS\System32\vqblplye.ini -->01/05/2007 19:05:34
C:\WINDOWS\System32\mcrh.tmp -->30/04/2007 23:31:59
C:\WINDOWS\System32\svvwa.tmp -->30/04/2007 23:31:15
C:\WINDOWS\System32\svvwa.ini -->30/04/2007 23:22:37
C:\WINDOWS\System32\lvcoinst.log -->30/04/2007 22:45:56
C:\WINDOWS\System32\aswBoot.exe -->30/04/2007 17:46:10
C:\WINDOWS\System32\AvastSS.scr -->30/04/2007 17:35:28
C:\WINDOWS\System32\perfh00C.dat -->28/04/2007 13:34:37
C:\WINDOWS\System32\perfh009.dat -->28/04/2007 13:34:37
C:\WINDOWS\System32\perfc00C.dat -->28/04/2007 13:34:37
C:\WINDOWS\System32\perfc009.dat -->28/04/2007 13:34:37
C:\WINDOWS\System32\PerfStringBackup.INI -->28/04/2007 13:34:36
C:\WINDOWS\System32\tmp.txt -->27/04/2007 09:43:35
C:\WINDOWS\System32\tmp.reg -->27/04/2007 09:43:35
C:\WINDOWS\System32\ws2_32.dll -->26/04/2007 14:42:51
C:\WINDOWS\System32\winlogon.exe -->26/04/2007 14:42:51
C:\WINDOWS\System32\windbg48.sys -->26/04/2007 13:10:24
C:\WINDOWS\System32\wpa.dbl -->24/04/2007 16:30:17
C:\WINDOWS\System32\dsm_fr.qm -->27/03/2007 09:55:57
C:\WINDOWS\System32\divxsm.tlb -->27/03/2007 09:55:57
C:\WINDOWS\System32\DivXsm.exe -->27/03/2007 09:55:57

C:\WINDOWS\WindowsUpdate.log -->05/05/2007 22:48:55
C:\WINDOWS\SchedLgU.Txt -->05/05/2007 22:47:00
C:\WINDOWS\0.log -->05/05/2007 22:44:23
C:\WINDOWS\wiadebug.log -->05/05/2007 22:42:52
C:\WINDOWS\wiaservc.log -->05/05/2007 22:42:49
C:\WINDOWS\bootstat.dat -->05/05/2007 22:42:24
C:\WINDOWS\setupapi.log -->05/05/2007 20:47:26
C:\WINDOWS\Sti_Trace.log -->03/05/2007 12:40:57
C:\WINDOWS\ntbtlog.txt -->03/05/2007 12:39:51
C:\WINDOWS\kit.ini -->01/05/2007 18:39:42
C:\WINDOWS\mozver.dat -->29/04/2007 19:06:21
C:\WINDOWS\nsreg.dat -->28/04/2007 02:49:35
C:\WINDOWS\catchme.exe -->21/04/2007 03:52:20
C:\WINDOWS\win.ini -->08/03/2007 18:10:57
C:\WINDOWS\ActiveSurfUI.INI -->06/03/2007 00:52:48

C:\WINDOWS\bnetunin.exe |06/06/2003 14:11:49
C:\WINDOWS\bwUnin-6.1.0.145L.exe |16/05/2003 13:32:52
C:\WINDOWS\catchme.exe |24/04/2007 16:34:50
C:\WINDOWS\dla.exe |16/07/2003 20:41:49
C:\WINDOWS\IsUn040c.exe |30/09/2002 13:59:02
C:\WINDOWS\IsUninst.exe |16/05/2003 13:26:07
C:\WINDOWS\iun6002.exe |29/01/2004 10:44:04
C:\WINDOWS\nircmd.exe |24/04/2007 16:34:50
C:\WINDOWS\sllights.exe |01/01/1980 00:00:00
C:\WINDOWS\smcfg.exe |01/01/1980 00:00:00
C:\WINDOWS\SOUNDMAN.EXE |01/01/1980 00:00:00
C:\WINDOWS\twunk_16.exe |30/09/2002 12:49:35
C:\WINDOWS\twunk_32.exe |30/09/2002 12:49:35
C:\WINDOWS\UN16040C.EXE |05/09/2003 21:17:05
C:\WINDOWS\UNIDRV.exe |19/06/2003 17:05:49
C:\WINDOWS\unin040c.exe |14/06/2003 20:30:32
C:\WINDOWS\uninst.exe |16/05/2003 13:33:44
C:\WINDOWS\UNNeroVision.exe |11/04/2005 14:29:05
C:\WINDOWS\unvise32.exe |06/06/2003 14:26:30
C:\WINDOWS\unvise32qt.exe |06/06/2003 14:24:45
C:\WINDOWS\_SETUPD_.EXE |07/07/2004 17:55:02
C:\WINDOWS\ADE.DLL |05/12/2003 00:49:38
C:\WINDOWS\eSellerateEngine.dll |06/12/2005 23:57:42
C:\WINDOWS\impborl.dll |17/07/2003 14:56:22
C:\WINDOWS\pcdlib32.dll |19/06/2003 17:36:33
C:\WINDOWS\SlantAdj.dll |05/12/2003 00:49:38
C:\WINDOWS\twain.dll |30/09/2002 12:49:35
C:\WINDOWS\twain_32.dll |30/09/2002 12:49:35
C:\WINDOWS\Twunk_16.dll |16/02/2006 23:33:10
C:\WINDOWS\Twunk_32.dll |16/02/2006 23:33:10
C:\WINDOWS\system32\append.exe |30/09/2002 12:48:50
C:\WINDOWS\system32\aswBoot.exe |27/04/2007 16:50:21
C:\WINDOWS\system32\debug.exe |30/09/2002 12:48:56
C:\WINDOWS\system32\DivXCodecUpdateChecker.exe |16/02/2007 03:40:35
C:\WINDOWS\system32\DivXsm.exe |27/03/2007 09:55:57
C:\WINDOWS\system32\dmcpl.exe |01/01/1980 00:00:00
C:\WINDOWS\system32\dosx.exe |30/09/2002 12:48:56
C:\WINDOWS\system32\dumphive.exe |24/04/2007 20:18:14
C:\WINDOWS\system32\dvdplay.exe |23/08/2001 17:47:34
C:\WINDOWS\system32\edlin.exe |30/09/2002 12:49:05
C:\WINDOWS\system32\exe2bin.exe |30/09/2002 12:49:05
C:\WINDOWS\system32\fastopen.exe |30/09/2002 12:49:06
C:\WINDOWS\system32\FTRTSVC.exe |22/04/2007 21:15:18
C:\WINDOWS\system32\HPZinw12.exe |03/12/2003 21:18:21
C:\WINDOWS\system32\HPZipm12.exe |03/12/2003 21:18:21
C:\WINDOWS\system32\keystone.exe |01/01/1980 00:00:00
C:\WINDOWS\system32\mem.exe |30/09/2002 12:49:13
C:\WINDOWS\system32\minirec.exe |01/01/1980 00:00:00
C:\WINDOWS\system32\moveex.exe |24/04/2007 16:34:50
C:\WINDOWS\system32\mscdexnt.exe |30/09/2002 12:49:15
C:\WINDOWS\system32\NeroCheck.exe |26/01/2004 23:37:02
C:\WINDOWS\system32\nlsfunc.exe |30/09/2002 12:49:20
C:\WINDOWS\system32\nvsvc32.exe |01/01/1980 00:00:00
C:\WINDOWS\system32\nwiz.exe |01/01/1980 00:00:00
C:\WINDOWS\system32\Process.exe |24/04/2007 20:18:14
C:\WINDOWS\system32\pxcpya64.exe |02/05/2007 02:24:15
C:\WINDOWS\system32\pxcpyi64.exe |02/05/2007 02:24:15
C:\WINDOWS\system32\pxhpinst.exe |14/08/2004 21:43:19
C:\WINDOWS\system32\pxinsa64.exe |02/05/2007 02:24:15
C:\WINDOWS\system32\pxinsi64.exe |02/05/2007 02:24:15
C:\WINDOWS\system32\qttask.exe |19/06/2003 17:40:14
C:\WINDOWS\system32\redir.exe |30/09/2002 12:49:26
C:\WINDOWS\system32\setver.exe |30/09/2002 12:49:29
C:\WINDOWS\system32\share.exe |30/09/2002 12:49:29
C:\WINDOWS\system32\slserv.exe |01/01/1980 00:00:00
C:\WINDOWS\system32\SrchSTS.exe |24/04/2007 20:18:14
C:\WINDOWS\system32\swsc.exe |24/04/2007 20:13:48
C:\WINDOWS\system32\swxcacls.exe |24/04/2007 20:13:48
C:\WINDOWS\system32\usrmlnka.exe |23/08/2001 17:47:48
C:\WINDOWS\system32\usrprbda.exe |23/08/2001 17:47:48
C:\WINDOWS\system32\usrshuta.exe |23/08/2001 17:47:48
C:\WINDOWS\system32\vfind.exe |24/04/2007 16:34:50
C:\WINDOWS\system32\VOBRegCheck.exe |08/01/2003 15:55:50
C:\WINDOWS\system32\3DViewer.dll |20/06/2001 16:34:31
C:\WINDOWS\system32\amr_cpl.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\amstream.dll |15/09/2004 15:01:37
C:\WINDOWS\system32\atmfd.dll |30/09/2002 12:48:50
C:\WINDOWS\system32\atmlib.dll |30/09/2002 12:48:50
C:\WINDOWS\system32\coinst.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\COMNCTR.DLL |16/05/2003 13:26:27
C:\WINDOWS\system32\compatUI.dll |30/09/2002 12:48:54
C:\WINDOWS\system32\cpuinf32.dll |27/02/2003 05:42:54
C:\WINDOWS\system32\dgrpsetu.dll |30/09/2002 12:55:26
C:\WINDOWS\system32\dgsetup.dll |30/09/2002 12:55:26
C:\WINDOWS\system32\DivX.dll |27/03/2007 09:48:58
C:\WINDOWS\system32\DivXWMPExtType.dll |12/12/2006 18:24:42
C:\WINDOWS\system32\divx_xx07.dll |27/03/2007 09:48:59
C:\WINDOWS\system32\divx_xx0c.dll |27/03/2007 09:48:58
C:\WINDOWS\system32\divx_xx11.dll |27/03/2007 09:48:58
C:\WINDOWS\system32\dpl100.dll |27/03/2007 09:49:07
C:\WINDOWS\system32\dpu10.dll |27/03/2007 09:49:02
C:\WINDOWS\system32\dpu11.dll |27/03/2007 09:49:02
C:\WINDOWS\system32\dpuGUI10.dll |27/03/2007 09:49:05
C:\WINDOWS\system32\dpuGUI11.dll |27/03/2007 09:49:03
C:\WINDOWS\system32\dpus11.dll |27/03/2007 09:49:02
C:\WINDOWS\system32\dpv11.dll |27/03/2007 09:49:02
C:\WINDOWS\system32\dtu100.dll |27/03/2007 09:49:07
C:\WINDOWS\system32\eax.dll |06/01/2004 09:43:26
C:\WINDOWS\system32\EBPCHP.DLL |05/12/2003 00:47:56
C:\WINDOWS\system32\EBPMON24.DLL |04/12/2003 21:04:40
C:\WINDOWS\system32\ECBTEG.DLL |05/12/2003 00:47:56
C:\WINDOWS\system32\Epcmlib.dll |04/12/2003 21:11:46
C:\WINDOWS\system32\EqnClass.Dll |30/09/2002 12:55:26
C:\WINDOWS\system32\esccmd.dll |04/12/2003 21:04:23
C:\WINDOWS\system32\escimgd.dll |04/12/2003 21:04:23
C:\WINDOWS\system32\escwiad.dll |04/12/2003 21:04:23
C:\WINDOWS\system32\E_DCINST.DLL |04/12/2003 21:04:40
C:\WINDOWS\system32\FCLKBTN.DLL |24/02/2007 20:17:46
C:\WINDOWS\system32\FFRAFLIB.DLL |24/02/2007 20:18:24
C:\WINDOWS\system32\FFTIFF16.dll |24/02/2007 20:18:24
C:\WINDOWS\system32\FINFCHECK.dll |24/02/2007 20:17:47
C:\WINDOWS\system32\FINFCOPY.dll |24/02/2007 20:17:47
C:\WINDOWS\system32\FREGSHEX.DLL |24/02/2007 20:17:46
C:\WINDOWS\system32\FSUpldr.dll |19/06/2003 17:41:10
C:\WINDOWS\system32\hpgwiamd.dll |28/02/2003 10:10:02
C:\WINDOWS\system32\HPODStormEncoder.dll |25/07/2003 12:15:20
C:\WINDOWS\system32\HPODXPAT.DLL |27/05/2004 16:00:52
C:\WINDOWS\system32\hpotiop2.dll |08/03/2007 17:48:51
C:\WINDOWS\system32\hpotscl.dll |19/08/2004 13:08:46
C:\WINDOWS\system32\hpowiax2.dll |08/03/2007 17:48:50
C:\WINDOWS\system32\HPTcpMib.dll |23/12/2005 14:11:02
C:\WINDOWS\system32\HPTcpMon.dll |23/12/2005 14:12:22
C:\WINDOWS\system32\hpz3l054.dll |08/03/2007 17:49:28
C:\WINDOWS\system32\HPZc3212.dll |19/08/2004 13:08:46
C:\WINDOWS\system32\hpzcoi07.dll |09/03/2003 06:30:52
C:\WINDOWS\system32\hpzcoi09.dll |11/08/2003 08:44:12
C:\WINDOWS\system32\hpzcon07.dll |09/03/2003 06:30:50
C:\WINDOWS\system32\hpzcon09.dll |11/08/2003 08:44:10
C:\WINDOWS\system32\HPZidr12.dll |03/12/2003 21:18:20
C:\WINDOWS\system32\HPZIDS01.dll |08/03/2007 17:49:31
C:\WINDOWS\system32\HPZipr12.dll |03/12/2003 21:18:20
C:\WINDOWS\system32\HPZipt12.dll |03/12/2003 21:18:21
C:\WINDOWS\system32\HPZisn12.dll |03/12/2003 21:18:21
C:\WINDOWS\system32\hpzjfw01.dll |27/01/2004 09:56:20
C:\WINDOWS\system32\hpzjrd01.dll |26/01/2006 16:06:52
C:\WINDOWS\system32\hpzjsn01.dll |19/07/2005 04:38:59
C:\WINDOWS\system32\hpzsnt07.dll |09/03/2003 06:30:52
C:\WINDOWS\system32\hpzsnt09.dll |11/08/2003 08:44:12
C:\WINDOWS\system32\hticons.dll |30/09/2002 13:00:31
C:\WINDOWS\system32\HttpX.dll |12/06/2002 12:44:56
C:\WINDOWS\system32\hypertrm.dll |30/09/2002 13:00:31
C:\WINDOWS\system32\iacenc.dll |22/12/2004 18:09:14
C:\WINDOWS\system32\iccvid.dll |30/09/2002 12:49:09
C:\WINDOWS\system32\IfHelper.dll |22/04/2007 21:15:19
C:\WINDOWS\system32\imagr5.dll |26/07/2003 10:07:55
C:\WINDOWS\system32\imagx5.dll |26/07/2003 10:07:55
C:\WINDOWS\system32\ImagXpr5.dll |26/07/2003 10:07:55
C:\WINDOWS\system32\InstDlg.dll |11/05/2002 04:09:48
C:\WINDOWS\system32\ir32_32.dll |30/09/2002 12:49:10
C:\WINDOWS\system32\ir41_qc.dll |14/11/2002 12:59:36
C:\WINDOWS\system32\ir41_qcx.dll |14/11/2002 12:59:36
C:\WINDOWS\system32\ir50_32.dll |14/11/2002 12:59:38
C:\WINDOWS\system32\ir50_qc.dll |14/11/2002 12:59:38
C:\WINDOWS\system32\ir50_qcx.dll |14/11/2002 12:59:40
C:\WINDOWS\system32\isrdbg32.dll |30/09/2002 13:02:15
C:\WINDOWS\system32\iyvu9_32.dll |22/12/2004 18:09:14
C:\WINDOWS\system32\jgaw400.dll |30/09/2002 12:49:11
C:\WINDOWS\system32\jgdw400.dll |30/09/2002 12:49:11
C:\WINDOWS\system32\jgmd400.dll |30/09/2002 12:49:11
C:\WINDOWS\system32\jgpl400.dll |30/09/2002 12:49:11
C:\WINDOWS\system32\jgsd400.dll |30/09/2002 12:49:11
C:\WINDOWS\system32\jgsh400.dll |30/09/2002 12:49:11
C:\WINDOWS\system32\LCOINST.DLL |16/05/2003 13:26:27
C:\WINDOWS\system32\lfbmp11n.dll |07/06/2002 04:02:00
C:\WINDOWS\system32\LFCMP11n.DLL |07/06/2002 04:02:00
C:\WINDOWS\system32\lfeps11n.dll |07/06/2002 04:02:00
C:\WINDOWS\system32\lffax11n.dll |07/06/2002 04:02:00
C:\WINDOWS\system32\lfgif11n.dll |07/06/2002 04:02:00
C:\WINDOWS\system32\lfpcd11n.dll |07/06/2002 04:02:00
C:\WINDOWS\system32\lfpcx11n.dll |07/06/2002 04:02:00
C:\WINDOWS\system32\Lfpng11n.dll |07/06/2002 04:02:00
C:\WINDOWS\system32\lfpsd11n.dll |07/06/2002 04:02:00
C:\WINDOWS\system32\lftga11n.dll |07/06/2002 04:02:00
C:\WINDOWS\system32\lftif11n.dll |07/06/2002 04:02:00
C:\WINDOWS\system32\lfwmf11n.dll |07/06/2002 04:02:00
C:\WINDOWS\system32\LGUICOM.DLL |16/05/2003 13:26:27
C:\WINDOWS\system32\libdivx.dll |27/03/2007 09:55:23
C:\WINDOWS\system32\lmoufrc.dll |16/05/2003 13:26:27
C:\WINDOWS\system32\LMOUSE16.DLL |16/05/2003 13:26:27
C:\WINDOWS\system32\LMOUSE32.DLL |16/05/2003 13:26:27
C:\WINDOWS\system32\LOGILANG.DLL |16/05/2003 13:26:27
C:\WINDOWS\system32\LTDIS11n.dll |07/06/2002 04:02:00
C:\WINDOWS\system32\ltfil11n.DLL |07/06/2002 04:02:00
C:\WINDOWS\system32\ltimg11n.dll |07/06/2002 04:02:02
C:\WINDOWS\system32\ltkrn11n.dll |07/06/2002 04:02:02
C:\WINDOWS\system32\Ltwvc11n.dll |07/06/2002 04:02:02
C:\WINDOWS\system32\lvcodec2.dll |30/04/2007 22:44:32
C:\WINDOWS\system32\lvcoinst.dll |30/04/2007 22:44:33
C:\WINDOWS\system32\LVUI2.dll |30/04/2007 22:44:32
C:\WINDOWS\system32\LVUI2RC.dll |30/04/2007 22:44:32
C:\WINDOWS\system32\MabryObj.dll |15/05/2002 14:21:36
C:\WINDOWS\system32\mciqtz32.dll |15/09/2004 15:01:37
C:\WINDOWS\system32\mdwmdmsp.dll |23/08/2001 17:47:06
C:\WINDOWS\system32\mplaa6.dll |16/07/2003 21:00:39
C:\WINDOWS\system32\mplam6.dll |16/07/2003 21:00:39
C:\WINDOWS\system32\mplapx.dll |16/07/2003 21:00:39
C:\WINDOWS\system32\mplaw7.dll |16/07/2003 21:00:39
C:\WINDOWS\system32\mplva6.dll |16/07/2003 21:00:39
C:\WINDOWS\system32\mplvm6.dll |16/07/2003 21:00:39
C:\WINDOWS\system32\mplvpx.dll |16/07/2003 21:00:39
C:\WINDOWS\system32\mplvw7.dll |16/07/2003 21:00:40
C:\WINDOWS\system32\msdmo.dll |15/09/2004 15:01:37
C:\WINDOWS\system32\msencode.dll |30/09/2002 12:49:16
C:\WINDOWS\system32\msikbd.dll |16/05/2003 13:33:08
C:\WINDOWS\system32\msiosd32.dll |16/05/2003 13:33:08
C:\WINDOWS\system32\mslffv1.dll |27/05/2004 17:52:52
C:\WINDOWS\system32\nv4_disp.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvcpl.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nview.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nviewimg.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvinstnt.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvmctray.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvoglnt.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvrsar.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvrscs.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvrsda.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvrsde.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvrsel.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvrseng.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvrses.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvrsesm.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvrsfi.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvrsfr.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvrshe.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvrshu.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvrsit.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvrsja.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvrsko.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvrsnl.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvrsno.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvrspl.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvrspt.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvrsptb.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvrsru.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvrssk.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvrssl.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvrssv.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvrstr.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvrszhc.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvrszht.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvshell.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvwrsar.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvwrscs.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvwrsda.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvwrsde.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvwrsel.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvwrseng.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvwrses.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvwrsesm.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvwrsfi.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvwrsfr.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvwrshe.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvwrshu.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvwrsit.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvwrsja.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvwrsko.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvwrsnl.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvwrsno.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvwrspl.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvwrspt.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvwrsptb.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvwrsru.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvwrssk.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvwrssl.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvwrssv.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvwrstr.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvwrszhc.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\nvwrszht.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\paqsp.dll |23/08/2001 17:47:16
C:\WINDOWS\system32\PCDLIB32.DLL |07/06/2002 04:02:02
C:\WINDOWS\system32\picn20.dll |26/07/2003 10:07:55
C:\WINDOWS\system32\pncrt.dll |16/05/2003 13:34:33
C:\WINDOWS\system32\pndx5016.dll |16/05/2003 13:34:33
C:\WINDOWS\system32\pndx5032.dll |16/05/2003 13:34:33
C:\WINDOWS\system32\psisdecd.dll |15/09/2004 15:01:51
C:\WINDOWS\system32\px.dll |14/08/2004 21:43:19
C:\WINDOWS\system32\pxafs.dll |02/05/2007 02:24:15
C:\WINDOWS\system32\pxdrv.dll |14/08/2004 21:43:19
C:\WINDOWS\system32\pxmas.dll |14/08/2004 21:43:19
C:\WINDOWS\system32\pxsfs.dll |02/05/2007 02:24:14
C:\WINDOWS\system32\pxwave.dll |14/08/2004 21:43:19
C:\WINDOWS\system32\pxwma.dll |14/08/2004 21:43:19
C:\WINDOWS\system32\qd3d.dll |20/06/2001 16:34:31
C:\WINDOWS\system32\qedwipes.dll |15/09/2004 15:01:38
C:\WINDOWS\system32\qt-dx331.dll |27/03/2007 09:55:48
C:\WINDOWS\system32\QTJava.DLL |20/06/2001 16:34:32
C:\WINDOWS\system32\QTJavaNative.dll |20/06/2001 16:34:32
C:\WINDOWS\system32\rave.dll |20/06/2001 16:34:31
C:\WINDOWS\system32\rmoc3260.dll |16/05/2003 13:34:34
C:\WINDOWS\system32\ROBOEX32.DLL |12/02/2002 18:03:00
C:\WINDOWS\system32\sbe.dll |30/09/2002 12:49:29
C:\WINDOWS\system32\SkyLt3Pr.dll |21/12/2001 17:53:22
C:\WINDOWS\system32\slbcsp.dll |30/09/2002 12:49:30
C:\WINDOWS\system32\slbiop.dll |30/09/2002 12:49:30
C:\WINDOWS\system32\slbrccsp.dll |30/09/2002 12:49:30
C:\WINDOWS\system32\slextspk.dll |01/01/1980 00:00:00
C:\WINDOWS\system32\spnike.dll |23/08/2001 17:47:18
C:\WINDOWS\system32\sprio600.dll |23/08/2001 17:47:18
C:\WINDOWS\system32\sprio800.dll |23/08/2001 17:47:18
C:\WINDOWS\system32\spxcoins.dll |30/09/2002 12:55:26
C:\WINDOWS\system32\ssldivx.dll |27/03/2007 09:55:23
C:\WINDOWS\system32\tfswapi.dll |16/07/2003 20:41:49
C:\WINDOWS\system32\tsd32.dll |30/09/2002 12:49:35
C:\WINDOWS\system32\tsseCryp.dll |17/09/2001 12:00:00
C:\WINDOWS\system32\umloader.dll |13/02/2003 01:01:00
C:\WINDOWS\system32\usrcntra.dll |23/08/2001 17:47:20
C:\WINDOWS\system32\usrcoina.dll |23/08/2001 17:47:20
C:\WINDOWS\system32\usrdpa.dll |23/08/2001 17:47:20
C:\WINDOWS\system32\usrdtea.dll |23/08/2001 17:47:20
C:\WINDOWS\system32\usrfaxa.dll |23/08/2001 17:47:20
C:\WINDOWS\system32\usrlbva.dll |23/08/2001 17:47:20
C:\WINDOWS\system32\usrrtosa.dll |23/08/2001 17:47:20
C:\WINDOWS\system32\usrsdpia.dll |23/08/2001 17:47:20
C:\WINDOWS\system32\usrsvpia.dll |23/08/2001 17:47:20
C:\WINDOWS\system32\usrv42a.dll |23/08/2001 17:47:20
C:\WINDOWS\system32\usrv80a.dll |23/08/2001 17:47:20
C:\WINDOWS\system32\usrvoica.dll |23/08/2001 17:47:20
C:\WINDOWS\system32\usrvpa.dll |23/08/2001 17:47:20
C:\WINDOWS\system32\vcsapi.dll |16/05/2003 13:36:36
C:\WINDOWS\system32\vcscomm.dll |16/05/2003 13:36:36
C:\WINDOWS\system32\vcsenv.dll |16/05/2003 13:36:36
C:\WINDOWS\system32\vcsscsi.dll |16/05/2003 13:36:36
C:\WINDOWS\system32\vp6vfw.dll |25/12/2004 01:52:25
C:\WINDOWS\system32\vxblock.dll |02/05/2007 02:24:13
C:\WINDOWS\system32\vxdmdcdlg.dll |16/01/2003 18:39:10
C:\WINDOWS\system32\W32n50.dll |26/02/2007 20:45:11
C:\WINDOWS\system32\win87em.dll |30/09/2002 12:49:38
C:\WINDOWS\system32\WooDial2000.dll |26/02/2007 20:45:18

Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 5C50-1619

Répertoire de C:\WINDOWS\system32

30/08/2002 13:00 4 096 csrss.exe
1 fichier(s) 4 096 octets
0 Rép(s) 76 844 969 984 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 5C50-1619

Répertoire de C:\WINDOWS\system32

02/04/2003 15:40 1 323 008 dmcpl.exe
1 fichier(s) 1 323 008 octets
0 Rép(s) 76 844 965 888 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 5C50-1619

Répertoire de C:\WINDOWS\Downloaded Program Files

28/02/2007 18:47 <REP> .
28/02/2007 18:47 <REP> ..
30/09/2002 13:03 65 desktop.ini
14/10/1997 18:52 697 DirectAnimation Java Classes.osd
20/01/2000 15:25 1 162 Microsoft XML Parser for Java.osd
09/11/2006 15:36 5 019 swflash.inf
4 fichier(s) 6 943 octets

Total des fichiers listés :
4 fichier(s) 6 943 octets
2 Rép(s) 76 844 965 888 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

REGEDIT4

[Winlogon]
"AutoRestartShell"=dword:00000001
"DefaultDomainName"="SN8486187047"
"DefaultUserName"="VANWILDEMEERSCH"
"LegalNoticeCaption"=""
"LegalNoticeText"=""
"PowerdownAfterShutdown"="0"
"ReportBootOk"="1"
"Shell"="Explorer.exe"
"ShutdownWithoutLogon"="0"
"System"=""
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"SfcQuota"=dword:ffffffff
"allocatecdroms"="0"
"allocatedasd"="0"
"allocatefloppies"="0"
"cachedlogonscount"="10"
"forceunlocklogon"=dword:00000000
"passwordexpirywarning"=dword:0000000e
"scremoveoption"="0"
"AllowMultipleTSSessions"=dword:00000001
"UIHost"=hex(2):6c,6f,67,6f,6e,75,69,2e,65,78,65,00
"LogonType"=dword:00000001
"Background"="0 0 0"
"DebugServerCommand"="no"
"SFCDisable"=dword:00000000
"WinStationsDisabled"="0"
"HibernationPreviouslyEnabled"=dword:00000001
"ShowLogonOptions"=dword:00000000
"AltDefaultUserName"="VANWILDEMEERSCH"
"AltDefaultDomainName"="SN8486187047"

[Winlogon\GPExtensions]

[Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@="Quota du disque Microsoft"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=hex(2):64,73,6b,71,75,6f,74,61,2e,64,6c,6c,00
"ProcessGroupPolicy"="ProcessGroupPolicy"

[Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=hex(2):73,63,65,63,6c,69,2e,64,6c,6c,00
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:00000001

[Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"=hex(2):69,65,64,6b,63,73,33,32,2e,64,6c,6c,00
@="Personnalisation de Internet Explorer"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001

[Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=hex(2):73,63,65,63,6c,69,2e,64,6c,6c,00
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001

[Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@="Installation de logiciel"
"DllName"=hex(2):61,70,70,6d,67,6d,74,73,2e,64,6c,6c,00
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=hex(7):28,41,70,70,6c,69,63,61,74,69,6f,6e,20,4d,61,6e,61,67,65,\
6d,65,6e,74,2c,41,70,70,6c,69,63,61,74,69,6f,6e,29,00,28,4d,73,69,49,6e,73,\
74,61,6c,6c,65,72,2c,41,70,70,6c,69,63,61,74,69,6f,6e,29,00,00

[Winlogon\Notify]

[Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,33,32,2e,64,6c,6c,00
"Logoff"="ChainWlxLogoffEvent"

[Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,6e,65,74,2e,64,6c,6c,00
"Logoff"="CryptnetWlxLogoffEvent"

[Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00

[Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[Winlogon\SCLogon]

[Winlogon\SpecialAccounts]

[Winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-06 00:34:02
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\Documents and Settings\VANWILDEMEERSCH\Local Settings\Application Data\Microsoft\Messenger\vivie66000@hotmail.fr\SharingMetadata\campinas666@hotmail.fr\DFSR\Staging\CS{247E84CF-6734-4EB1-AF65-6C52FEB0EA34}\01\10-{247E84CF-6734-4EB1-AF65-6C52FEB0EA34}-v1-{235BCEAB-02E0-42FF-B305-1417299C60A8}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1

Liste des programmes installes

Adobe Flash Player 9 ActiveX
Ahead ImageDrive
ArcSoft Panorama Maker 3.0
ArcSoft Software Suite
ATI Multimedia Center Help Files
AtomixMP3 Limited Edition v2.0
µTorrent
AutoUpdate
avast! Antivirus
AVG Anti-Spyware 7.5
Barre d'outils Outlook de Windows Live (Windows Live Toolbar)
Battle.net
Bloqueur de fenêtres pop-up (Windows Live Toolbar)
Bowling 2006
Car Jacker
CCleaner (remove only)
Correctif Windows XP - KB822603
Correctif Windows XP (SP2) Q327979
Correctif Windows XP (SP2) q330512
Correctif Windows XP (SP2) Q330909
Correctif Windows XP (SP2) Q331816
Correctif Windows XP (SP2) Q810020
Correctif Windows XP (SP2) Q815411
CustomerResearchQFolder
DeviceManagementQFolder
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DocProcQFolder
Détecteur de flux Windows Live Toolbar (Windows Live Toolbar)
EAX4 Unified Redist
eMule
EPSON CardMonitor
EPSON Copy Utility
EPSON Logiciel imprimante
EPSON Photo Print
EPSON PhotoQuicker3.5
EPSON PhotoStarter3.1
EPSON PRINT Image Framer Tool2.1
EPSON Scan
EPSON Smart Panel
eSupportQFolder
Extension de Windows Live Toolbar (Windows Live Toolbar)
FinePixViewer Ver.4.3
FUJIFILM USB Driver
FusionSoft DVD Player XP Version 5.0
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 1.99.1
HP Photosmart Essential
HP Software Update
Intelligent Driver V1.0
L&H TTS3000 Français
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Macromedia Shockwave Player
MailWasher
Memories Disc Creator 2.0
Menus intelligents (Windows Live Toolbar)
Messenger Plus! Live & Sponsor
Micro Application - Jeu de Dames 3D
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft Works 7.0
MLK Mouse Driver
Mozilla Firefox (2.0.0.3)
Navigateur Orange
Navigation par onglets (Windows Live Toolbar)
Nikon View 6
OneCare Advisor (Windows Live Toolbar)
Orange
Package du correctif Windows XP [voir q329112 pour plus de détails]
Package du correctif Windows XP [voir Q331060 pour plus de détails]
Packard Bell Companion
Photo et imagerie HP 2.0 - All-in-One
Photo et imagerie HP 2.0 - All-in-One Pilote
PhotoFiltre Studio
PIF DESIGNER2.1
QuickTime
Roland Garros 2003
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Samsung Samples Installer
ScanToWeb
Shockwave
ShowBiz
System Alert Popup
Triptych
Ulead Photo Express SE
Ulead VideoStudio 6 SE DVD
VERITAS DLA
VERITAS RecordNow DX Update Manager
WebFldrs XP
WebReg
Windows Live Favorites pour Windows Live Toolbar
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Yahoo! Install Manager
Yahoo! Toolbar
Yahoo! Toolbar avec bloqueur de fenêtres pop-up

Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 5C50-1619

Répertoire de C:\Program Files

03/05/2007 12:15 <REP> .
03/05/2007 12:15 <REP> ..
07/07/2004 16:40 <REP> Agnitum
19/04/2007 13:55 <REP> Ahead
06/03/2007 01:20 <REP> Alwil Software
14/08/2004 21:28 <REP> AND
04/12/2003 21:09 <REP> ArcSoft
09/08/2004 18:32 <REP> Atari
16/05/2003 13:33 <REP> Audioneer
14/08/2004 21:20 <REP> AVIcodec
16/05/2003 13:32 <REP> BackWeb
01/05/2007 01:19 <REP> Bowling 2006
01/05/2007 01:14 <REP> Car Jacker
03/05/2007 12:15 <REP> CCleaner
30/09/2002 13:01 <REP> ComPlus Applications
14/02/2007 19:50 <REP> Core Design
08/05/2005 18:46 <REP> CyberLink
20/06/2004 08:42 <REP> DesignPro 2000
16/07/2003 11:33 <REP> directx
29/07/2004 22:08 <REP> Disney Interactive
02/05/2007 02:25 <REP> DivX
14/08/2004 21:20 <REP> DivX_311alpha
25/12/2004 01:52 <REP> EA GAMES
17/02/2004 17:52 <REP> Easy CD-DA Extractor 5.0
14/08/2004 21:20 <REP> eDonkey2000
09/06/2004 20:23 <REP> EHMINSTALL
05/05/2007 22:44 <REP> eMule
07/07/2004 16:40 <REP> Fichiers communs
24/02/2007 20:18 <REP> FinePixViewer
14/08/2004 21:21 <REP> F-Secure Internet Security
02/05/2007 02:18 <REP> FusionSoft DVD Player XP
19/04/2007 13:53 <REP> GameSpy Arcade
02/05/2007 02:25 <REP> Google
01/12/2005 22:35 <REP> Guilty Bastards
16/05/2003 13:36 <REP> HandyBits
16/05/2003 13:31 <REP> hdreg
08/03/2007 18:02 <REP> Hewlett-Packard
08/03/2007 17:53 <REP> HP
11/10/2003 18:05 <REP> Intelligent Driver
08/05/2005 18:46 <REP> InterActual
03/12/2003 21:25 <REP> Internet Explorer
15/02/2007 14:02 <REP> Inventel
06/06/2003 14:24 <REP> JavaSoft
09/06/2004 21:56 <REP> LucasArts
19/04/2007 13:53 <REP> Maplom
28/08/2004 12:59 <REP> Maxis
30/09/2002 13:00 <REP> Messenger
01/03/2007 01:11 <REP> Messenger Plus! Live
29/04/2007 19:00 <REP> Micro Application
30/09/2002 13:05 <REP> microsoft frontpage
08/05/2005 18:46 <REP> Microsoft Games
16/05/2003 13:36 <REP> Microsoft Works
16/05/2003 13:26 <REP> MouseWare
30/09/2002 13:02 <REP> Movie Maker
05/05/2007 16:17 <REP> Mozilla Firefox
30/09/2002 13:00 <REP> MSN Gaming Zone
01/03/2007 01:11 <REP> MSN Messenger
30/09/2002 13:02 <REP> NetMeeting
19/06/2003 17:40 <REP> Nikon
14/08/2004 21:20 <REP> NimoCodec Pack
08/05/2005 18:45 <REP> Nouveau dossier
30/09/2002 13:02 <REP> Outlook Express
28/04/2007 02:11 <REP> PhotoFiltre Studio
12/03/2004 21:54 <REP> QuickTime
12/06/2004 19:05 536 Raccourci vers Windows Media Player.lnk
16/05/2003 13:34 <REP> Real
24/02/2007 20:17 <REP> REGSHAVE
15/09/2004 14:36 <REP> Rockstar Games
17/07/2003 19:52 <REP> Roxio
16/05/2003 13:39 <REP> sbapps
26/02/2007 20:42 <REP> Securitoo
29/07/2003 17:39 <REP> Services en ligne
05/06/2004 20:51 <REP> Smart Panel
28/07/2004 21:36 <REP> Spybot - Search & Destroy
03/09/2003 23:25 <REP> Symantec
01/05/2007 17:19 <REP> Sysclean Package
05/06/2004 17:04 <REP> tradfr.com
03/05/2007 20:37 <REP> Triptych
15/08/2004 11:43 <REP> Ubi Soft
14/08/2004 21:20 <REP> UCmore
14/01/2006 16:50 <REP> Ulead Systems
30/04/2007 23:31 <REP> uTorrent
07/06/2004 10:35 <REP> VERITAS Software
16/05/2003 13:36 <REP> Virtual CD v4 SDK
05/05/2007 22:44 <REP> Wanadoo
14/06/2003 19:52 <REP> Wanadoo Edition
09/06/2004 20:54 <REP> Warcraft III
26/02/2007 22:59 <REP> Windows Live Favorites
26/02/2007 22:59 <REP> Windows Live Toolbar
08/03/2006 10:45 <REP> Windows Media Player
30/09/2002 13:00 <REP> Windows NT
30/09/2002 13:05 <REP> xerox
26/04/2007 13:47 <REP> Yahoo!
14/08/2004 21:20 <REP> Zoom Player
1 fichier(s) 536 octets
93 Rép(s) 76 845 694 976 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 5C50-1619

Répertoire de C:\Program Files\fichiers communs

07/07/2004 16:40 <REP> .
07/07/2004 16:40 <REP> ..
09/06/2004 22:24 <REP> Adobe
19/04/2007 13:55 <REP> Ahead
03/12/2003 21:33 <REP> Hewlett-Packard
08/03/2007 18:03 <REP> HP
14/03/2004 20:01 <REP> InstallShield
16/05/2003 13:26 <REP> Logitech
26/02/2007 22:58 <REP> Microsoft Shared
30/09/2002 13:02 <REP> MSSoap
19/06/2003 17:41 <REP> Nikon
30/09/2002 12:55 <REP> ODBC
16/05/2003 13:34 <REP> Real
28/07/2003 17:48 <REP> Roxio Shared
20/06/2004 09:31 <REP> Services
30/09/2002 12:55 <REP> SpeechEngines
03/09/2003 23:26 <REP> Symantec Shared
30/09/2002 13:02 <REP> System
16/05/2003 13:34 <REP> TVNavigTechnologies Shared
16/05/2003 13:32 <REP> Ulead Systems
0 fichier(s) 0 octets
20 Rép(s) 76 845 690 880 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 5C50-1619

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

30/09/2002 13:09 <REP> .
30/09/2002 13:09 <REP> ..
18/05/2001 17:57 561 209 MSONSEXT.DLL
03/06/1999 14:09 122 937 MSOWS409.DLL
07/03/2001 09:00 127 033 MSOWS40c.DLL
3 fichier(s) 811 179 octets
2 Rép(s) 76 845 690 880 octets libres
Le volume dans le lecteur C s'appelle HDD
Le numéro de série du volume est 5C50-1619

Répertoire de C:\

11/11/2001 00:00 68 096 diff.exe
03/12/1997 06:52 6 855 FINDRAMD.EXE
09/03/2000 09:06 28 680 FLIPART.EXE
29/08/2002 15:03 6 384 GETDRIVE.EXE
27/08/2006 14:10 103 424 grep.exe
06/05/1998 20:01 25 473 MSCDEX.EXE
22/02/2000 14:38 323 670 MSTOOLS.EXE
11/04/2003 15:51 115 950 OEMSETUP.EXE
04/07/2000 08:16 41 136 OTHER.EXE
23/04/1999 21:22 755 REBOOT.EXE
21/03/2002 16:57 4 352 SEEKDRVS.EXE
06/05/1998 18:01 45 379 SMARTDRV.EXE
30/05/2003 04:24 3 684 032 spybotsd12.exe
29/09/2001 15:26 114 494 TSADDON.EXE
24/05/2001 13:59 162 304 UNWISE.EXE
15 fichier(s) 4 730 984 octets
0 Rép(s) 76 845 690 880 octets libres
c:\Documents and Settings\VANWILDEMEERSCH\DEBUG.EXE
c:\Documents and Settings\VANWILDEMEERSCH\FDISK.EXE
c:\Documents and Settings\VANWILDEMEERSCH\SCANDISK.EXE
c:\Documents and Settings\VANWILDEMEERSCH\TREECRC.EXE
c:\Documents and Settings\VANWILDEMEERSCH\XCOPY.EXE
c:\Documents and Settings\VANWILDEMEERSCH\XCOPY32.EXE
c:\Documents and Settings\VANWILDEMEERSCH\Application Data\Microsoft\Installer\{6E4E8273-1F16-47DF-B573-25F39F35F0C6}\ARPPRODUCTICON.exe
c:\Documents and Settings\VANWILDEMEERSCH\Application Data\Microsoft\Installer\{6E4E8273-1F16-47DF-B573-25F39F35F0C6}\bowling.exe_6E4E82731F1647DFB57325F39F35F0C6.exe
c:\Documents and Settings\VANWILDEMEERSCH\Application Data\Microsoft\Installer\{6E4E8273-1F16-47DF-B573-25F39F35F0C6}\bowling.exe1_6E4E82731F1647DFB57325F39F35F0C6.exe
c:\Documents and Settings\VANWILDEMEERSCH\Application Data\Microsoft\Installer\{6E4E8273-1F16-47DF-B573-25F39F35F0C6}\UNINST_Uninstall_B_6E4E82731F1647DFB57325F39F35F0C6.exe
c:\Documents and Settings\VANWILDEMEERSCH\Application Data\Microsoft\Installer\{89661B04-C646-4412-B6D3-5E19F02F1F37}\ARPPRODUCTICON.exe
c:\Documents and Settings\VANWILDEMEERSCH\Application Data\Microsoft\Installer\{F7C02047-361D-4085-94B3-CB868F6B2988}\ARPPRODUCTICON.exe
c:\Documents and Settings\VANWILDEMEERSCH\Application Data\Microsoft\Installer\{F7C02047-361D-4085-94B3-CB868F6B2988}\AutoThief.exe_F7C02047361D408594B3CB868F6B2988.exe
c:\Documents and Settings\VANWILDEMEERSCH\Application Data\Microsoft\Installer\{F7C02047-361D-4085-94B3-CB868F6B2988}\AutoThief.exe1_F7C02047361D408594B3CB868F6B2988.exe
c:\Documents and Settings\VANWILDEMEERSCH\Application Data\Microsoft\Installer\{F7C02047-361D-4085-94B3-CB868F6B2988}\clubincagold.html_F7C02047361D408594B3CB868F6B2988.exe
c:\Documents and Settings\VANWILDEMEERSCH\Application Data\Microsoft\Installer\{F7C02047-361D-4085-94B3-CB868F6B2988}\GamesSite.html_F7C02047361D408594B3CB868F6B2988.exe
c:\Documents and Settings\VANWILDEMEERSCH\Application Data\Microsoft\Installer\{F7C02047-361D-4085-94B3-CB868F6B2988}\IGTreasures.html_F7C02047361D408594B3CB868F6B2988.exe
c:\Documents and Settings\VANWILDEMEERSCH\Application Data\Microsoft\Installer\{F7C02047-361D-4085-94B3-CB868F6B2988}\UNINST_Uninstall_Car_F7C02047361D408594B3CB868F6B2988.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\VirtumundoBeGone.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\DiagHelp\DiagHelp\catchme.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\DiagHelp\DiagHelp\diff.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\DiagHelp\DiagHelp\dumphive.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\DiagHelp\DiagHelp\Fport.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\DiagHelp\DiagHelp\grep.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\DiagHelp\DiagHelp\LFiles.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\DiagHelp\DiagHelp\pslist.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\DiagHelp\DiagHelp\streams.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\DiagHelp\DiagHelp\swreg.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\Hijackthis Version Française\hijackthis vf.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\Hijackthis Version Française\unins000.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\logiciel sécurité\ComboFix.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\logiciel sécurité\drweb-cureit.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\logiciel sécurité\mwav.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\logiciel sécurité\SDFix.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\logiciel sécurité\VundoFix.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\logiciel sécurité\clean\clean\pskill.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\logiciel sécurité\GenProc\outil\swreg.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\logiciel sécurité\SmitfraudFix\dumphive.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\logiciel sécurité\SmitfraudFix\GenericRenosFix.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\logiciel sécurité\SmitfraudFix\HostsChk.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\logiciel sécurité\SmitfraudFix\Process.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\logiciel sécurité\SmitfraudFix\Reboot.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\logiciel sécurité\SmitfraudFix\restart.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\logiciel sécurité\SmitfraudFix\SmitfraudFix.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\logiciel sécurité\SmitfraudFix\SmiUpdate.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\logiciel sécurité\SmitfraudFix\SrchSTS.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\logiciel sécurité\SmitfraudFix\swreg.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\logiciel sécurité\SmitfraudFix\swsc.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\logiciel sécurité\SmitfraudFix\swxcacls.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\logiciel sécurité\SmitfraudFix\unzip.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\logiciel sécurité\SmitfraudFix\SmitfraudFix\dumphive.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\logiciel sécurité\SmitfraudFix\SmitfraudFix\GenericRenosFix.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\logiciel sécurité\SmitfraudFix\SmitfraudFix\HostsChk.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\logiciel sécurité\SmitfraudFix\SmitfraudFix\Process.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\logiciel sécurité\SmitfraudFix\SmitfraudFix\Reboot.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\logiciel sécurité\SmitfraudFix\SmitfraudFix\restart.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\logiciel sécurité\SmitfraudFix\SmitfraudFix\SmiUpdate.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\logiciel sécurité\SmitfraudFix\SmitfraudFix\SrchSTS.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\logiciel sécurité\SmitfraudFix\SmitfraudFix\swreg.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\logiciel sécurité\SmitfraudFix\SmitfraudFix\swsc.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\logiciel sécurité\SmitfraudFix\SmitfraudFix\swxcacls.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\logiciel sécurité\SmitfraudFix\SmitfraudFix\unzip.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\vincent\AVG Anti-Spyware 7.5\avgas.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\vincent\AVG Anti-Spyware 7.5\guard.exe
c:\Documents and Settings\VANWILDEMEERSCH\Bureau\vincent\AVG Anti-Spyware 7.5\Uninstall.exe
c:\Documents and Settings\VANWILDEMEERSCH\Mes documents\MsgPlusLive-420.exe
c:\Documents and Settings\VANWILDEMEERSCH\Mes documents\setupfre.exe
c:\Documents and Settings\VANWILDEMEERSCH\Mes documents\Mes fichiers reçus\emule0.47c-installer.exe
c:\Documents and Settings\VANWILDEMEERSCH\Mes documents\Mes fichiers reçus\install_messenger.exe
c:\Documents and Settings\VANWILDEMEERSCH\Mes documents\Sylvie SZCZUKOWSKI\DivXPlay.exe
c:\Documents and Settings\VANWILDEMEERSCH\Mes documents\Sylvie SZCZUKOWSKI\firefox setup 2.0.0.3.exe
c:\Documents and Settings\VANWILDEMEERSCH\Mes documents\Sylvie SZCZUKOWSKI\pfs-setup.exe
c:\Documents and Settings\VANWILDEMEERSCH\Mes documents\Sylvie SZCZUKOWSKI\uTorrent-1.6-install.exe
c:\Documents and Settings\VANWILDEMEERSCH\Mes documents\Sylvie SZCZUKOWSKI\bs-nnb00\BS-PS732.exe
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll

et il na pas redemarrer c'est pas grave?

Répondre à el-chico66

Bonjour

Pour le redémarrage, cela arrive.

Il y a des fichiers douteux.

Va sur ce site
http://www.virustotal.com/xhtml/virustotal_en.html
Clique sur Parcourir et cherche ce fichier.

C:\WINDOWS\System32\windbg48.sys

Ensuite clique sur Send .
Si tu as le message "STATUS: QUEUED", patiente.

Colle le rapport ici.

Recommence avec ce fichier

C:\WINDOWS\system32\IfHelper.dll

Répondre à chercheur_

Complete scanning result of "IfHelper.dll", received in VirusTotal at 05.07.2007, 13:21:52 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.5.7.1 05.07.2007 no virus found
AntiVir 7.4.0.15 05.07.2007 no virus found
Authentium 4.93.8 05.04.2007 no virus found
Avast 4.7.997.0 05.05.2007 no virus found
AVG 7.5.0.467 05.06.2007 no virus found
BitDefender 7.2 05.07.2007 no virus found
CAT-QuickHeal 9.00 05.05.2007 no virus found
ClamAV devel-20070416 05.07.2007 no virus found
DrWeb 4.33 05.07.2007 no virus found
eSafe 7.0.15.0 05.03.2007 no virus found
eTrust-Vet 30.7.3616 05.07.2007 no virus found
Ewido 4.0 05.07.2007 no virus found
FileAdvisor 1 05.07.2007 no virus found
Fortinet 2.85.0.0 05.07.2007 no virus found
F-Prot 4.3.2.48 05.04.2007 no virus found
F-Secure 6.70.13030.0 05.07.2007 no virus found
Ikarus T3.1.1.7 05.07.2007 no virus found
Kaspersky 4.0.2.24 05.07.2007 no virus found
McAfee 5024 05.04.2007 no virus found
Microsoft 1.2503 05.07.2007 no virus found
NOD32v2 2246 05.07.2007 no virus found
Norman 5.80.02 05.04.2007 no virus found
Panda 9.0.0.4 05.07.2007 no virus found
Prevx1 V2 05.07.2007 no virus found
Sophos 4.17.0 05.05.2007 no virus found
Sunbelt 2.2.907.0 05.05.2007 no virus found
Symantec 10 05.07.2007 no virus found
TheHacker 6.1.6.108 05.06.2007 no virus found
VBA32 3.11.4 05.07.2007 no virus found
VirusBuster 4.3.7:9 05.06.2007 no virus found
Webwasher-Gateway 6.0.1 05.07.2007 no virus found

Aditional Information
File size: 36864 bytes
MD5: a690ae7f4418401815ce3d73d60b8c6f
SHA1: d118f3d3ddaf98c19ab5a0832405db741fe1357b

et pour C:\WINDOWS\System32\windbg48.sys sa ne marque pas "STATUS: QUEUED

Répondre à el-chico66

Bien, le premier n'est pas infectieux.

Réessaye pour windbg48.sys afin de connaitre sa nature.

Répondre à chercheur_

je ne trouve plus C:\WINDOWS\System32\windbg48.sys

Répondre à el-chico66

Re

Supprime ces fichiers

C:\WINDOWS\System32\svvwa.ini2
C:\WINDOWS\System32\svvwa.bak2
C:\WINDOWS\System32\vqblplye.ini
C:\WINDOWS\System32\svvwa.tmp
C:\WINDOWS\System32\svvwa.ini

Vide la corbeille

Comment se comporte le PC ?

Répondre à chercheur_

salut,
je ne trouve pas ces fichiers...

et mon pc il rame toujours, il met 2h a ouvrir une page, quand je vais sur internet sai écrit tous petit, et il detecte plus mes clé usb... voila

Répondre à el-chico66

Bonjour

Pour l'écriture, vérifie cela.
Clique sur Affichage, Taille du texte et sélectionne une taille plus grande.

Pour ces fichiers. Télécharge la dernière version de Killbox
http://www.downloads.subratam.org/KillBox.zip
Place le programme dans le répertoire qui te plaît.

- lance Pocket Killbox
--- choisis l'option Delete on Reboot
--- copie le chemin complet du fichier dans la boîte "Full Path of File to Delete" :
--- copie la liste ci-dessous, des fichiers à supprimer (Ctrl-C) et File / Paste from Clipboard

C:\WINDOWS\System32\svvwa.ini2
C:\WINDOWS\System32\svvwa.bak2
C:\WINDOWS\System32\vqblplye.ini
C:\WINDOWS\System32\svvwa.tmp
C:\WINDOWS\System32\svvwa.ini

* les boutons "Single File" et "All Files" deviennent actifs mais "Single File" est activé par défaut.
Il faut alors impérativement activer (cliquer sur) "All Files", impérativement, sinon seul le premier de la liste sera supprimé.
--- vérifie que tous les fichiers sont enregistrés, par la liste déroulante "Full Path of File to Delete"
--- clique sur la croix blanche sur fond rouge (Delete File) :

- "File will be Removed on Reboot, Do you want to reboot now?", réponds OUI si tu es prêt à procéder

Si Pocket KillBox ne fait pas redémarrer le PC, redémarre le toi même.

Supprime ce dossier : C:\!KillBox

Poste le rapport de Killbox (contenu du fichier C:\!KillBox\Logs\kb.log).

Fais aussi ceci. Télécharge WinPFind3U.exe sur ton bureau.
http://download.bleepingcomputer.c [...] find3u.exe

Double clique sur le fichier téléchargé : un dossier nommé WinPFind3U va apparaitre sur ton bureau.
Ouvre le dossier et double clique sur le fichier WinPFind3U.exe pour lancer le programme.
Sous le groupe Files Created Within sélectionne 30 days
Sous le groupe Files Modified Within sélectionne 30 days
Sous le groupe String Search sélectionne Non-Microsoft
A présent clique sur le bouton Run Scan dans la barre d'outils
Lorsque le scan est terminé,le bloc-notes s'ouvre et affiche le rapport.
Clique sur le menu "Format" et assure toi que la case "Retour automatique à la ligne" ne soit pas cochée.
Copie/Colle le contenu du rapport dans ta prochaine réponse.

Répondre à chercheur_

voici le rapport de killbox:

Pocket Killbox version 2.0.0.648
Running on Windows XP as VANWILDEMEERSCH(Administrator)
was started @ mardi, mai 08, 2007, 5:37 PM

# 1 [Delete on Reboot]
Path = C:\WINDOWS\System32\svvwa.ini2

# 2 [Delete on Reboot]
Path = C:\WINDOWS\System32\svvwa.bak2

# 3 [Delete on Reboot]
Path = C:\WINDOWS\System32\vqblplye.ini

# 4 [Delete on Reboot]
Path = C:\WINDOWS\System32\svvwa.tmp

# 5 [Delete on Reboot]
Path = C:\WINDOWS\System32\svvwa.ini

I Rebooted @ 5:45:27 PM
Killbox Closed(Exit) @ 5:46:23 PM
__________________________________________________

voici le rapport de WinPFind3U.exe:

WinPFind3 logfile created on: 08/05/2007 18:02:15
WinPFind3U by OldTimer - Version 1.0.35 Folder = C:\Documents and Settings\VANWILDEMEERSCH\Bureau\WinPFind3u\
Microsoft Windows XP Service Pack 1 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2800.1106)

255.49 Mb Total Physical Memory | 71.39 Mb Available Physical Memory | 27.94% Memory free
416.47 Mb Paging File | 79.12 Mb Available in Paging File | 19.00% Paging File free
Paging file location(s): C:\pagefile.sys 144 288;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 112.53 Gb Total Space | 64.62 Gb Free Space | 57.42% Space Free
Drive D: | 1.95 Gb Total Space | 1.95 Gb Free Space | 99.96% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: SN8486187047
Current User Name: VANWILDEMEERSCH
Logged in as Administrator.
Current Boot Mode: Normal

[Processes - Non-Microsoft Only]
4dmain.exe -> %ProgramFiles%\Intelligent Driver\4DMAIN.EXE -> [Ver = | Size = 61440 bytes | Modified Date = 08/05/2000 09:54:36 | Attr = ]
alertm~1.exe -> %System32%\AlertModule\AlertModule.exe -> [Ver = 1, 0, 0, 1 | Size = 45056 bytes | Modified Date = 21/10/2004 08:50:52 | Attr = ]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 75392 bytes | Modified Date = 30/04/2007 17:42:48 | Attr = ]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 243328 bytes | Modified Date = 30/04/2007 18:04:38 | Attr = ]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 132736 bytes | Modified Date = 30/04/2007 17:42:40 | Attr = ]
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 345728 bytes | Modified Date = 30/04/2007 17:41:28 | Attr = ]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 16512 bytes | Modified Date = 30/04/2007 17:29:56 | Attr = ]
avgas.exe -> %UserDesktop%\vincent\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 07/10/2006 14:20:00 | Attr = ]
backweb-4448364.exe -> %SystemDrive%\APPS\ActivSurf\4448364\Program\backweb-4448364.exe -> [Ver = | Size = 16384 bytes | Modified Date = 16/05/2003 13:32:54 | Attr = ]
calcheck.exe -> %ProgramFiles%\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe -> Ulead Systems, Inc. [Ver = 4, 0, 0, 0 | Size = 69632 bytes | Modified Date = 03/05/2002 13:05:26 | Attr = ]
comcomp.exe -> %ProgramFiles%\Wanadoo\ComComp.exe -> France Télécom R&D [Ver = 11b.0 (8) | Size = 249856 bytes | Modified Date = 28/11/2005 16:41:40 | Attr = ]
emule.exe -> %ProgramFiles%\eMule\emule.exe -> http://www.emule-project.net [Ver = 0.47.2 Unicode | Size = 5001216 bytes | Modified Date = 14/09/2006 16:15:26 | Attr = ]
ftrtsvc.exe -> %System32%\FTRTSVC.exe -> France Telecom [Ver = 11.0 (4) | Size = 40960 bytes | Modified Date = 23/08/2004 14:49:56 | Attr = ]
gestionnaireinternet.exe -> %ProgramFiles%\Wanadoo\GestionnaireInternet.exe -> France Télécom R&D [Ver = 5.9 (3) | Size = 819200 bytes | Modified Date = 06/12/2005 14:53:30 | Attr = ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 1128, 5462 | Size = 171448 bytes | Modified Date = 28/02/2007 21:23:30 | Attr = ]
hpohmr08.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe -> Hewlett-Packard Co. [Ver = 4.2.0.020 | Size = 147456 bytes | Modified Date = 06/04/2003 01:17:18 | Attr = ]
hpotdd01.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe -> Hewlett-Packard [Ver = 1, 0, 0, 1 | Size = 28672 bytes | Modified Date = 06/04/2003 01:06:58 | Attr = ]
inactivity.exe -> %ProgramFiles%\Wanadoo\Inactivity.exe -> [Ver = 1, 0, 0, 1 | Size = 32768 bytes | Modified Date = 27/10/2004 11:30:44 | Attr = ]
mmkeybd.exe -> %SystemDrive%\APPS\ActivBoard\MMKeybd.exe -> Netropa Corp. [Ver = 1.01 | Size = 192512 bytes | Modified Date = 19/06/2002 18:51:12 | Attr = ]
nhksrv.exe -> %SystemDrive%\APPS\ActivBoard\nhksrv.exe -> [Ver = | Size = 28672 bytes | Modified Date = 06/08/2001 06:41:48 | Attr = ]
nkvmon.exe -> %ProgramFiles%\Nikon\NkView6\NkvMon.exe -> Nikon Corporation [Ver = 6, 0, 0, 3000 | Size = 237568 bytes | Modified Date = 04/12/2002 10:52:48 | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.01.4351 | Size = 69632 bytes | Modified Date = 02/04/2003 15:40:00 | Attr = ]
osd.exe -> %SystemDrive%\APPS\ActivBoard\osd.exe -> Netropa Corp. [Ver = 2.02 | Size = 90112 bytes | Modified Date = 14/11/2001 04:03:12 | Attr = ]
pollingmodule.exe -> %ProgramFiles%\Wanadoo\PollingModule.exe -> [Ver = 1, 0, 0, 1 | Size = 69632 bytes | Modified Date = 27/10/2004 11:07:06 | Attr = ]
slserv.exe -> %System32%\slserv.exe -> [Ver = 2.80.00(24Apr2000) | Size = 45056 bytes | Modified Date = 29/11/2001 16:09:28 | Attr = ]
soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> Avance Logic, Inc. [Ver = 5.0.07 | Size = 46592 bytes | Modified Date = 11/09/2002 18:57:20 | Attr = ]
taskbaricon.exe -> %ProgramFiles%\Wanadoo\TaskBarIcon.exe -> France Télécom R&D [Ver = 5.9 (1) | Size = 61440 bytes | Modified Date = 05/10/2004 17:00:12 | Attr = ]
tfswctrl.exe -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 3.50.31a | Size = 114741 bytes | Modified Date = 12/03/2003 01:03:00 | Attr = ]
toaster.exe -> %ProgramFiles%\Wanadoo\Toaster.exe -> France Telecom R&D [Ver = 1, 0, 0, 1 | Size = 69632 bytes | Modified Date = 02/11/2004 15:31:20 | Attr = ]
traymon.exe -> %SystemDrive%\APPS\ActivBoard\Traymon.exe -> [Ver = | Size = 110592 bytes | Modified Date = 30/05/2002 13:30:28 | Attr = ]
vcsplay.exe -> %ProgramFiles%\Virtual CD v4 SDK\System\vcsplay.exe -> H+H Software GmbH [Ver = 4, 3, 0, 2 | Size = 299008 bytes | Modified Date = 07/06/2002 12:34:50 | Attr = ]
vcssecs.exe -> %ProgramFiles%\Virtual CD v4 SDK\System\vcssecs.exe -> H+H Software GmbH [Ver = 4, 3, 0, 1 | Size = 139264 bytes | Modified Date = 16/05/2002 12:17:32 | Attr = ]
watch.exe -> %ProgramFiles%\Wanadoo\Watch.exe -> France Télécom R&D [Ver = 11.0 (2) | Size = 20480 bytes | Modified Date = 23/08/2004 14:49:56 | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.35.0 | Size = 319488 bytes | Modified Date = 06/05/2007 09:38:54 | Attr = ]
woobrowser.exe -> %ProgramFiles%\Wanadoo\WOOBrowser\WOOBrowser.exe -> [Ver = 5.9.2 | Size = 344064 bytes | Modified Date = 15/11/2004 17:58:56 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 16512 bytes | Modified Date = 30/04/2007 17:29:56 | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 132736 bytes | Modified Date = 30/04/2007 17:42:40 | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 243328 bytes | Modified Date = 30/04/2007 18:04:38 | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 345728 bytes | Modified Date = 30/04/2007 17:41:28 | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Stopped] -> %UserDesktop%\vincent\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28/09/2006 16:13:20 | Attr = ]
(dmadmin) Service d'administration du Gestionnaire de disque logique [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 205312 bytes | Modified Date = 30/08/2002 13:00:00 | Attr = ]
(FTRTSVC) France Telecom Routing Table Service [Win32_Own | Auto | Running] -> %System32%\FTRTSVC.exe -> France Telecom [Ver = 11.0 (4) | Size = 40960 bytes | Modified Date = 23/08/2004 14:49:56 | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 28/02/2007 21:23:28 | Attr = ]
(nhksrv) Netropa NHK Server [Win32_Own | Auto | Running] -> %SystemDrive%\APPS\ActivBoard\nhksrv.exe -> [Ver = | Size = 28672 bytes | Modified Date = 06/08/2001 06:41:48 | Attr = ]
(NVSvc) NVIDIA Driver Helper Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.01.4351 | Size = 69632 bytes | Modified Date = 02/04/2003 15:40:00 | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %System32%\HPZipm12.exe -> HP [Ver = 10, 1, 1, 5 | Size = 69632 bytes | Modified Date = 03/03/2006 22:03:10 | Attr = ]
(SLService) SmartLinkService [Win32_Own | Auto | Running] -> %System32%\slserv.exe -> [Ver = 2.80.00(24Apr2000) | Size = 45056 bytes | Modified Date = 29/11/2001 16:09:28 | Attr = ]
(VCSSecS) Virtual CD v4 Security service (SDK - Version) [Win32_Own | Auto | Running] -> %ProgramFiles%\Virtual CD v4 SDK\System\vcssecs.exe -> H+H Software GmbH [Ver = 4, 3, 0, 1 | Size = 139264 bytes | Modified Date = 16/05/2002 12:17:32 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> %UserDesktop%\vincent\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 07/10/2006 14:20:00 | Attr = ]
ACTIVBOARD -> %SystemDrive%\APPS\ActivBoard\MMKeybd.exe -> Netropa Corp. [Ver = 1.01 | Size = 192512 bytes | Modified Date = 19/06/2002 18:51:12 | Attr = ]
ActivSurf -> %SystemDrive%\APPS\ActivSurf\4448364\Program\backweb-4448364.exe -> [Ver = | Size = 16384 bytes | Modified Date = 16/05/2003 13:32:54 | Attr = ]
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 75392 bytes | Modified Date = 30/04/2007 17:42:48 | Attr = ]
dla -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 3.50.31a | Size = 114741 bytes | Modified Date = 12/03/2003 01:03:00 | Attr = ]
EM_EXEC -> %ProgramFiles%\MouseWare\system\EM_EXEC.EXE -> Logitech Inc. [Ver = 9.43.75 | Size = 35328 bytes | Modified Date = 28/01/2002 09:43:00 | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.01.4351 | Size = 4616192 bytes | Modified Date = 02/04/2003 15:40:00 | Attr = ]
nwiz -> %System32%\nwiz.exe -> NVIDIA Corporation [Ver = 6.14.01.4351 | Size = 323584 bytes | Modified Date = 02/04/2003 15:40:00 | Attr = ]
REGSHAVE -> %ProgramFiles%\REGSHAVE\REGSHAVE.EXE -> FUJI PHOTO FILM CO., LTD. [Ver = 3.0.0.4 | Size = 53248 bytes | Modified Date = 04/02/2002 23:32:10 | Attr = ]
SoundMan -> %SystemRoot%\SOUNDMAN.EXE -> Avance Logic, Inc. [Ver = 5.0.07 | Size = 46592 bytes | Modified Date = 11/09/2002 18:57:20 | Attr = ]
StorageGuard -> %ProgramFiles%\VERITAS Software\Update Manager\sgtray.exe -> VERITAS Software, Inc. [Ver = 1.01.02a | Size = 155648 bytes | Modified Date = 18/06/2002 00:01:00 | Attr = ]
VCSPlayer -> %ProgramFiles%\Virtual CD v4 SDK\System\vcsplay.exe -> H+H Software GmbH [Ver = 4, 3, 0, 2 | Size = 299008 bytes | Modified Date = 07/06/2002 12:34:50 | Attr = ]
VOBRegCheck -> %System32%\VOBREGCheck.exe -> [Ver = | Size = 153088 bytes | Modified Date = 08/01/2003 15:55:50 | Attr = ]
WheelMouse -> %ProgramFiles%\Intelligent Driver\4DMAIN.EXE -> [Ver = | Size = 61440 bytes | Modified Date = 08/05/2000 09:54:36 | Attr = ]
WOOTASKBARICON -> %SystemDrive%\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe -> File not found
WOOWATCH -> %ProgramFiles%\Wanadoo\Watch.exe -> France Télécom R&D [Ver = 11.0 (2) | Size = 20480 bytes | Modified Date = 23/08/2004 14:49:56 | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
E06FXLRD_123281 -> %ProgramFiles%\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE -> File not found
eMuleAutoStart -> %ProgramFiles%\eMule\emule.exe -> http://www.emule-project.net [Ver = 0.47.2 Unicode | Size = 5001216 bytes | Modified Date = 14/09/2006 16:15:26 | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 1128, 5462 | Size = 171448 bytes | Modified Date = 28/02/2007 21:23:30 | Attr = ]
WOOKIT -> %ProgramFiles%\Wanadoo\Shell.exe -> [Ver = 10.0 (63) | Size = 122880 bytes | Modified Date = 23/08/2004 14:50:00 | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
%AllUsersStartup%\Contrôleur de calendrier Ulead.lnk -> %ProgramFiles%\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe -> Ulead Systems, Inc. [Ver = 4, 0, 0, 0 | Size = 69632 bytes | Modified Date = 03/05/2002 13:05:26 | Attr = ]
%AllUsersStartup%\hp psc 1000 series.lnk -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe -> Hewlett-Packard Co. [Ver = 4.2.0.020 | Size = 147456 bytes | Modified Date = 06/04/2003 01:17:18 | Attr = ]
%AllUsersStartup%\hpoddt01.exe.lnk -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe -> Hewlett-Packard [Ver = 1, 0, 0, 1 | Size = 28672 bytes | Modified Date = 06/04/2003 01:06:58 | Attr = ]
%AllUsersStartup%\NkvMon.exe.lnk -> %ProgramFiles%\Nikon\NkView6\NkvMon.exe -> Nikon Corporation [Ver = 6, 0, 0, 3000 | Size = 237568 bytes | Modified Date = 04/12/2002 10:52:48 | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %UserDesktop%\vincent\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 28/09/2006 16:13:28 | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< HOSTS File > (3395 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
127.0.0.1 bin.errorprotector.com ## added by CiD -> ->
127.0.0.1 br.errorsafe.com ## added by CiD -> ->
127.0.0.1 br.winantivirus.com ## added by CiD -> ->
127.0.0.1 br.winfixer.com ## added by CiD -> ->
127.0.0.1 cdn.drivecleaner.com ## added by CiD -> ->
127.0.0.1 cdn.errorsafe.com ## added by CiD -> ->
127.0.0.1 cdn.winsoftware.com ## added by CiD -> ->
127.0.0.1 de.errorsafe.com ## added by CiD -> ->
127.0.0.1 de.winantivirus.com ## added by CiD -> ->
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD -> ->
127.0.0.1 download.cdn.errorsafe.com ## added by CiD -> ->
127.0.0.1 download.cdn.winsoftware.com ## added by CiD -> ->
127.0.0.1 download.errorsafe.com ## added by CiD -> ->
127.0.0.1 download.systemdoctor.com ## added by CiD -> ->
127.0.0.1 download.winantispyware.com ## added by CiD -> ->
127.0.0.1 download.windrivecleaner.com ## added by CiD -> ->
127.0.0.1 download.winfixer.com ## added by CiD -> ->
127.0.0.1 drivecleaner.com ## added by CiD -> ->
127.0.0.1 dynamique.drivecleaner.com ## added by CiD -> ->
127.0.0.1 errorprotector.com ## added by CiD -> ->
127.0.0.1 errorsafe.com ## added by CiD -> ->
127.0.0.1 es.winantivirus.com ## added by CiD -> ->
127.0.0.1 fr.winantivirus.com ## added by CiD -> ->
127.0.0.1 fr.winfixer.com ## added by CiD -> ->
127.0.0.1 go.drivecleaner.com ## added by CiD -> ->
127.0.0.1 go.errorsafe.com ## added by CiD -> ->
127.0.0.1 go.winantispyware.com ## added by CiD -> ->
127.0.0.1 go.winantivirus.com ## added by CiD -> ->
127.0.0.1 hk.winantivirus.com ## added by CiD -> ->
127.0.0.1 instlog.errorsafe.com ## added by CiD -> ->
127.0.0.1 instlog.winantivirus.com ## added by CiD -> ->
127.0.0.1 instlog.winfixer.com ## added by CiD -> ->
127.0.0.1 jsp.drivecleaner.com ## added by CiD -> ->
127.0.0.1 kb.errorsafe.com ## added by CiD -> ->
127.0.0.1 kb.winantivirus.com ## added by CiD -> ->
127.0.0.1 nl.errorsafe.com ## added by CiD -> ->
127.0.0.1 se.errorsafe.com ## added by CiD -> ->
127.0.0.1 secure.drivecleaner.com ## added by CiD -> ->
127.0.0.1 secure.errorsafe.com ## added by CiD -> ->
127.0.0.1 secure.winantispam.com ## added by CiD -> ->
127.0.0.1 secure.winantispy.com ## added by CiD -> ->
127.0.0.1 secure.winantivirus.com ## added by CiD -> ->
127.0.0.1 support.winantivirus.com ## added by CiD -> ->
127.0.0.1 trial.updates.winsoftware.com ## added by CiD -> ->
127.0.0.1 ulog.winantivirus.com ## added by CiD -> ->
127.0.0.1 utils.errorsafe.com ## added by CiD -> ->
127.0.0.1 utils.winantivirus.com ## added by CiD -> ->
127.0.0.1 utils.winfixer.com ## added by CiD -> ->
127.0.0.1 winantispyware.com ## added by CiD -> ->
127.0.0.1 winantivirus.com ## added by CiD -> ->
127.0.0.1 winfixer.com ## added by CiD -> ->
127.0.0.1 winfixer2006.com ## added by CiD -> ->
127.0.0.1 winsoftware.com ## added by CiD -> ->
127.0.0.1 www.drivecleaner.com ## added by CiD -> ->
127.0.0.1 www.errorprotector.com ## added by CiD -> ->
127.0.0.1 www.errorsafe.com ## added by CiD -> ->
127.0.0.1 www.systemdoctor.com ## added by CiD -> ->
127.0.0.1 www.utils.winfixer.com ## added by CiD -> ->
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD -> ->
127.0.0.1 www.win-virus-pro.com ## added by CiD -> ->
127.0.0.1 www.winantispam.com ## added by CiD -> ->
127.0.0.1 www.winantispy.com ## added by CiD -> ->
127.0.0.1 www.winantispyware.com ## added by CiD -> ->
127.0.0.1 www.winantivirus.com ## added by CiD -> ->
127.0.0.1 www.winantiviruspro.com ## added by CiD -> ->
127.0.0.1 www.windrivecleaner.com ## added by CiD -> ->
127.0.0.1 www.windrivesafe.com ## added by CiD -> ->
127.0.0.1 www.winfixer.com ## added by CiD -> ->
127.0.0.1 www.winfixer2006.com ## added by CiD -> ->
127.0.0.1 www.winsoftware.com ## added by CiD -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/red [...] ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: Local Page -> C:\windows\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/red [...] r=iesearch ->
HKLM: Start Page -> about:blank ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1 [...] chcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/red [...] r=iesearch ->
HKCU: Local Page -> C:\windows\system32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.microsoft.com/isapi/red [...] ar=msnhome ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar avec bloqueur de fenêtres pop-up] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 26/10/2006 10:28:40 | Attr = ]
HKCU: ProxyEnable -> 0 ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 26/10/2006 10:28:40 | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> %System32%\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 3.50.31a | Size = 98356 bytes | Modified Date = 12/03/2003 01:03:00 | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2436160 bytes | Modified Date = 28/02/2007 21:23:28 | Attr = R ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{9455301C-CF6B-11D3-A266-00C04F689C50} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2436160 bytes | Modified Date = 28/02/2007 21:23:28 | Attr = R ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar avec bloqueur de fenêtres pop-up] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 26/10/2006 10:28:40 | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2436160 bytes | Modified Date = 28/02/2007 21:23:28 | Attr = R ]
WebBrowser\\{00000000-0002-0002-0000-000000000000} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2436160 bytes | Modified Date = 28/02/2007 21:23:28 | Attr = R ]
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar avec bloqueur de fenêtres pop-up] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 26/10/2006 10:28:40 | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&Windows Live Search -> %ProgramFiles%\Windows Live Toolbar\msntb.dll\search.htm -> File not found
Add to Windows &Live Favorites -> http:\favorites.live.com\quickadd.asp -> File not found
Ouvrir dans un nouvel onglet d'arrière-plan -> -> File not found
Ouvrir dans un nouvel onglet de premier plan -> -> File not found
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\
.VOB -> %ProgramFiles%\Internet Explorer\PLUGINS\npqtplugin3.dll [QuickTime Plug-in 5.0.2] -> Apple Computer, Inc. [Ver = 5.0.2 | Size = 90112 bytes | Modified Date = 19/06/2003 17:40:16 | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
Orange 7.4 ; NaviWoo1.1 -> IEAKFT ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{0369DD30-C506-4A68-8F8B-1D5FD43B44C7} -> (Carte réseau 1394) ->
{3A08A36D-7A08-401A-AF0B-1E610DA6C64F} -> () ->
{F9BF0C6A-2202-4AF0-B5B9-73B109A3CA84} -> (VIA VT6102 Rhine II Fast Ethernet Adapter) ->
< Default Protocols [HKLM] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
shell -> shell protocol not assigned ->
< Default Protocols [HKCU] - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
shell -> shell protocol not assigned ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -> YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub [...] wflash.cab ->
DirectAnimation Java Classes -> - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->

[Files/Folders - Created Within 30 days]
23990098.$$$ -> %SystemDrive%\23990098.$$$ -> [Ver = | Size = 0 bytes | Created Date = 29/04/2007 02:35:19 | Attr = ]
Bases -> %SystemDrive%\Bases -> [Folder | Created Date = 29/04/2007 00:33:55 | Attr = ]
diff.exe -> %SystemDrive%\diff.exe -> [Ver = | Size = 68096 bytes | Created Date = 05/05/2007 23:42:38 | Attr = ]
Downloads -> %SystemDrive%\Downloads -> [Folder | Created Date = 29/04/2007 00:33:55 | Attr = ]
grep.exe -> %SystemDrive%\grep.exe -> [Ver = | Size = 103424 bytes | Created Date = 05/05/2007 23:42:38 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 267968512 bytes | Created Date = 02/01/1601 23:00:00 | Attr = HS]
Kaspersky -> %SystemDrive%\Kaspersky -> [Folder | Created Date = 29/04/2007 00:30:39 | Attr = ]
os466477.bin -> %SystemDrive%\os466477.bin -> [Ver = | Size = 549 bytes | Created Date = 06/05/2007 00:19:56 | Attr = H ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 23/04/2007 14:51:06 | Attr = ]
reboot.cmd -> %SystemDrive%\reboot.cmd -> [Ver = | Size = 853 bytes | Created Date = 05/05/2007 23:42:38 | Attr = ]
SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 01/05/2007 18:43:25 | Attr = ]
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [Ver = | Size = 268 bytes | Created Date = 21/04/2007 01:26:42 | Attr = H ]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 232 bytes | Created Date = 26/04/2007 13:55:25 | Attr = H ]
sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [Ver = | Size = 160 bytes | Created Date = 26/04/2007 13:55:25 | Attr = H ]
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [Ver = | Size = 244 bytes | Created Date = 21/04/2007 01:26:42 | Attr = H ]
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Created Date = 26/04/2007 13:55:25 | Attr = H ]
sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [Ver = | Size = 172 bytes | Created Date = 26/04/2007 13:55:25 | Attr = H ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 25/04/2007 12:10:07 | Attr = ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 86528 bytes | Created Date = 24/04/2007 15:34:50 | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 23/04/2007 14:52:02 | Attr = ]
kit.ini -> %SystemRoot%\kit.ini -> [Ver = | Size = 21 bytes | Created Date = 26/04/2007 17:54:51 | Attr = ]
MaxTV -> %SystemRoot%\MaxTV -> [Folder | Created Date = 06/05/2007 02:05:11 | Attr = ]
mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 1156 bytes | Created Date = 29/04/2007 18:06:19 | Attr = ]
nircmd.exe -> %SystemRoot%\nircmd.exe -> NirSoft [Ver = 1.85 | Size = 49152 bytes | Created Date = 24/04/2007 15:34:50 | Attr = ]
Noslip -> %SystemRoot%\Noslip -> [Folder | Created Date = 06/05/2007 00:18:58 | Attr = ]
nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 0 bytes | Created Date = 28/04/2007 01:49:35 | Attr = ]
pack.epk -> %SystemRoot%\pack.epk -> [Ver = | Size = 1191856 bytes | Created Date = 06/05/2007 02:20:54 | Attr = ]
PreviewSoft -> %SystemRoot%\PreviewSoft -> [Folder | Created Date = 06/05/2007 00:19:23 | Attr = ]
temp -> %SystemRoot%\temp -> [Folder | Created Date = 24/04/2007 15:34:57 | Attr = ]
ULEAD32.INI -> %SystemRoot%\ULEAD32.INI -> [Ver = | Size = 330 bytes | Created Date = 06/05/2007 00:19:11 | Attr = ]
AlertModule -> %System32%\AlertModule -> [Folder | Created Date = 22/04/2007 20:15:25 | Attr = ]
aswBoot.exe -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 745600 bytes | Created Date = 27/04/2007 15:50:21 | Attr = ]
AvastSS.scr -> %System32%\AvastSS.scr -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 95872 bytes | Created Date = 27/04/2007 15:50:33 | Attr = ]
dumphive.exe -> %System32%\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 24/04/2007 19:18:14 | Attr = ]
FTRTSVC.exe -> %System32%\FTRTSVC.exe -> France Telecom [Ver = 11.0 (4) | Size = 40960 bytes | Created Date = 22/04/2007 20:15:18 | Attr = ]
gaeffect.sti -> %System32%\gaeffect.sti -> [Ver = | Size = 4508 bytes | Created Date = 06/05/2007 00:20:02 | Attr = ]
gafilter.sti -> %System32%\gafilter.sti -> [Ver = | Size = 3176 bytes | Created Date = 06/05/2007 00:20:05 | Attr = ]
IfHelper.dll -> %System32%\IfHelper.dll -> France Télécom R&D [Ver = 11b.0 (3) | Size = 36864 bytes | Created Date = 22/04/2007 20:15:19 | Attr = ]
INETWH32.dll -> %System32%\INETWH32.dll -> Blue Sky Software Corporation. [Ver = 7.00.133 | Size = 49152 bytes | Created Date = 06/05/2007 00:19:06 | Attr = ]
lvcodec2.dll -> %System32%\lvcodec2.dll -> Logitech Inc. [Ver = 10.4.0.1235 | Size = 264992 bytes | Created Date = 30/04/2007 21:44:32 | Attr = R ]
lvcoinst.dll -> %System32%\lvcoinst.dll -> Logitech Inc. [Ver = 10.4.0.1235 | Size = 121632 bytes | Created Date = 30/04/2007 21:44:33 | Attr = R ]
lvcoinst.ini -> %System32%\lvcoinst.ini -> [Ver = | Size = 42594 bytes | Created Date = 30/04/2007 21:44:33 | Attr = R ]
LVUI2.dll -> %System32%\LVUI2.dll -> Logitech Inc. [Ver = 10.4.0.1235 | Size = 211744 bytes | Created Date = 30/04/2007 21:44:32 | Attr = R ]
LVUI2RC.dll -> %System32%\LVUI2RC.dll -> Logitech Inc. [Ver = 10.4.0.1235 | Size = 527136 bytes | Created Date = 30/04/2007 21:44:32 | Attr = R ]
mcdvd_32.dll -> %System32%\mcdvd_32.dll -> MainConcept [Ver = 2.0.4 | Size = 261632 bytes | Created Date = 06/05/2007 02:53:58 | Attr = ]
mcrh.tmp -> %System32%\mcrh.tmp -> [Ver = | Size = 97 bytes | Created Date = 30/04/2007 22:31:58 | Attr = ]
moveex.exe -> %System32%\moveex.exe -> [Ver = | Size = 38400 bytes | Created Date = 24/04/2007 15:34:50 | Attr = ]
nvs2.inf -> %System32%\nvs2.inf -> [Ver = | Size = 22 bytes | Created Date = 06/05/2007 02:21:05 | Attr = ]
Process.exe -> %System32%\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 24/04/2007 19:18:14 | Attr = ]
pxafs.dll -> %System32%\pxafs.dll -> Sonic Solutions [Ver = 3.4.46.500 | Size = 129784 bytes | Created Date = 02/05/2007 01:24:15 | Attr = ]
pxcpya64.exe -> %System32%\pxcpya64.exe -> Sonic Solutions [Ver = 1.00.39a | Size = 64760 bytes | Created Date = 02/05/2007 01:24:15 | Attr = ]
pxcpyi64.exe -> %System32%\pxcpyi64.exe -> Sonic Solutions [Ver = 1.00.39a | Size = 116472 bytes | Created Date = 02/05/2007 01:24:15 | Attr = ]
pxinsa64.exe -> %System32%\pxinsa64.exe -> Sonic Solutions [Ver = 3.00.43J | Size = 64760 bytes | Created Date = 02/05/2007 01:24:15 | Attr = ]
pxinsi64.exe -> %System32%\pxinsi64.exe -> Sonic Solutions [Ver = 3.00.43J | Size = 118520 bytes | Created Date = 02/05/2007 01:24:15 | Attr = ]
pxsfs.dll -> %System32%\pxsfs.dll -> Sonic Solutions [Ver = 3.4.46.500 | Size = 1329912 bytes | Created Date = 02/05/2007 01:24:14 | Attr = ]
Repository.reg -> %System32%\Repository.reg -> [Ver = | Size = 7734 bytes | Created Date = 30/04/2007 21:44:33 | Attr = R ]
SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 24/04/2007 19:18:14 | Attr = ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 24/04/2007 19:13:48 | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 24/04/2007 19:13:48 | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 3596 bytes | Created Date = 26/04/2007 17:24:47 | Attr = ]
vfind.exe -> %System32%\vfind.exe -> [Ver = | Size = 49152 bytes | Created Date = 24/04/2007 15:34:50 | Attr = ]
vxblock.dll -> %System32%\vxblock.dll -> Sonic Solutions [Ver = 1.00.74a | Size = 39672 bytes | Created Date = 02/05/2007 01:24:13 | Attr = ]
ws344069.ocx -> %System32%\ws344069.ocx -> [Ver = | Size = 541 bytes | Created Date = 06/05/2007 00:19:56 | Attr = H ]
xvid.ax -> %System32%\xvid.ax -> [Ver = | Size = 53248 bytes | Created Date = 06/05/2007 02:53:58 | Attr = ]
xvidcore.dll -> %System32%\xvidcore.dll -> [Ver = | Size = 524288 bytes | Created Date = 06/05/2007 02:53:58 | Attr = ]
xvidvfw.dll -> %System32%\xvidvfw.dll -> [Ver = | Size = 139264 bytes | Created Date = 06/05/2007 02:53:58 | Attr = ]
aavmker4.sys -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 26888 bytes | Created Date = 27/04/2007 15:50:36 | Attr = ]
aswmon.sys -> %System32%\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 85952 bytes | Created Date = 27/04/2007 15:50:29 | Attr = ]
aswmon2.sys -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 94552 bytes | Created Date = 27/04/2007 15:50:29 | Attr = ]
aswRdr.sys -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 23416 bytes | Created Date = 27/04/2007 15:50:37 | Attr = ]
aswTdi.sys -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 43176 bytes | Created Date = 27/04/2007 15:50:36 | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 26/04/2007 13:09:50 | Attr = ]
cdr4_xp.sys -> %System32%\drivers\cdr4_xp.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 2432 bytes | Created Date = 02/05/2007 01:24:15 | Attr = ]
cdralw2k.sys -> %System32%\drivers\cdralw2k.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 2560 bytes | Created Date = 02/05/2007 01:24:15 | Attr = ]
LV561AV.SYS -> %System32%\drivers\LV561AV.SYS -> Logitech Inc. [Ver = 10.4.0.1235 | Size = 487328 bytes | Created Date = 30/04/2007 21:44:30 | Attr = R ]
LVUSBSta.sys -> %System32%\drivers\LVUSBSta.sys -> Logitech Inc. [Ver = 10.4.0.1235 | Size = 40352 bytes | Created Date = 30/04/2007 21:44:32 | Attr = R ]

[Files/Folders - Modified Within 30 days]
23990098.$$$ -> %SystemDrive%\23990098.$$$ -> [Ver = | Size = 0 bytes | Modified Date = 29/04/2007 03:35:20 | Attr = ]
Bases -> %SystemDrive%\Bases -> [Folder | Modified Date = 29/04/2007 01:39:56 | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 06/05/2007 02:23:12 | Attr = ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 22/04/2007 21:18:50 | Attr = ]
Downloads -> %SystemDrive%\Downloads -> [Folder | Modified Date = 29/04/2007 01:39:52 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 267968512 bytes | Modified Date = 08/05/2007 17:48:16 | Attr = HS]
Kaspersky -> %SystemDrive%\Kaspersky -> [Folder | Modified Date = 29/04/2007 01:30:50 | Attr = ]
os466477.bin -> %SystemDrive%\os466477.bin -> [Ver = | Size = 549 bytes | Modified Date = 06/05/2007 01:56:10 | Attr = H ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 06/05/2007 03:53:50 | Attr = R ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 23/04/2007 15:51:08 | Attr = ]
SDFix -> %SystemDrive%\SDFix -> [Folder | Modified Date = 01/05/2007 19:52:24 | Attr = ]
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [Ver = | Size = 268 bytes | Modified Date = 21/04/2007 02:26:44 | Attr = H ]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 232 bytes | Modified Date = 26/04/2007 14:55:26 | Attr = H ]
sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [Ver = | Size = 160 bytes | Modified Date = 26/04/2007 14:55:26 | Attr = H ]
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [Ver = | Size = 244 bytes | Modified Date = 21/04/2007 02:26:44 | Attr = H ]
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Modified Date = 26/04/2007 14:55:26 | Attr = H ]
sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [Ver = | Size = 172 bytes | Modified Date = 26/04/2007 14:55:26 | Attr = H ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 01/05/2007 20:01:52 | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 07/05/2007 11:01:48 | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 08/05/2007 17:48:20 | Attr = S]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 86528 bytes | Modified Date = 21/04/2007 03:52:22 | Attr = ]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 08/05/2007 17:48:42 | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 23/04/2007 15:52:04 | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 06/05/2007 03:54:58 | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 19/04/2007 14:59:40 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 06/05/2007 02:12:56 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 07/05/2007 00:58:52 | Attr = HS]
kit.ini -> %SystemRoot%\kit.ini -> [Ver = | Size = 21 bytes | Modified Date = 01/05/2007 18:39:44 | Attr = ]
Lhsp -> %SystemRoot%\Lhsp -> [Folder | Modified Date = 19/04/2007 14:59:48 | Attr = ]
MaxTV -> %SystemRoot%\MaxTV -> [Folder | Modified Date = 06/05/2007 03:33:44 | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 03/05/2007 12:39:14 | Attr = ]
mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 1156 bytes | Modified Date = 29/04/2007 19:06:22 | Attr = ]
Noslip -> %SystemRoot%\Noslip -> [Folder | Modified Date = 06/05/2007 01:19:00 | Attr = ]
nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 0 bytes | Modified Date = 28/04/2007 02:49:36 | Attr = ]
pack.epk -> %SystemRoot%\pack.epk -> [Ver = | Size = 1191856 bytes | Modified Date = 06/05/2007 03:20:56 | Attr = ]
PCHealth -> %SystemRoot%\PCHealth -> [Folder | Modified Date = 06/05/2007 02:12:58 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 08/05/2007 17:59:58 | Attr = ]
PreviewSoft -> %SystemRoot%\PreviewSoft -> [Folder | Modified Date = 06/05/2007 01:19:24 | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 06/05/2007 02:23:22 | Attr = ]
speech -> %SystemRoot%\speech -> [Folder | Modified Date = 19/04/2007 14:59:50 | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 30/04/2007 22:44:32 | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 08/05/2007 17:48:12 | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 06/05/2007 02:19:10 | Attr = S]
temp -> %SystemRoot%\temp -> [Folder | Modified Date = 08/05/2007 17:49:10 | Attr = ]
twain_32 -> %SystemRoot%\twain_32 -> [Folder | Modified Date = 30/04/2007 22:44:32 | Attr = ]
ULEAD32.INI -> %SystemRoot%\ULEAD32.INI -> [Ver = | Size = 330 bytes | Modified Date = 06/05/2007 01:56:02 | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 06/05/2007 02:13:02 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 08/05/2007 17:48:34 | Attr = H ]
Vérifier les mises à jour de Windows Live Toolbar.job -> %SystemRoot%\tasks\Vérifier les mises à jour de Windows Live Toolbar.job -> [Ver = | Size = 274 bytes | Modified Date = 08/05/2007 17:47:02 | Attr = ]
AlertModule -> %System32%\AlertModule -> [Folder | Modified Date = 22/04/2007 21:15:26 | Attr = ]
aswBoot.exe -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 745600 bytes | Modified Date = 30/04/2007 17:46:10 | Attr = ]
AvastSS.scr -> %System32%\AvastSS.scr -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 95872 bytes | Modified Date = 30/04/2007 17:35:28 | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 06/05/2007 03:07:00 | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 06/05/2007 02:23:28 | Attr = ]
CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 3121 bytes | Modified Date = 01/05/2007 21:14:02 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 30/04/2007 22:44:38 | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 02/05/2007 02:24:16 | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 249496 bytes | Modified Date = 07/05/2007 10:10:36 | Attr = ]
gaeffect.sti -> %System32%\gaeffect.sti -> [Ver = | Size = 4508 bytes | Modified Date = 06/05/2007 01:20:04 | Attr = ]
gafilter.sti -> %System32%\gafilter.sti -> [Ver = | Size = 3176 bytes | Modified Date = 06/05/2007 01:20:06 | Attr = ]
mcrh.tmp -> %System32%\mcrh.tmp -> [Ver = | Size = 97 bytes | Modified Date = 30/04/2007 23:32:00 | Attr = ]
nvs2.inf -> %System32%\nvs2.inf -> [Ver = | Size = 22 bytes | Modified Date = 06/05/2007 03:21:06 | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 54266 bytes | Modified Date = 28/04/2007 13:34:38 | Attr = ]
perfc00C.dat -> %System32%\perfc00C.dat -> [Ver = | Size = 65606 bytes | Modified Date = 28/04/2007 13:34:38 | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 383476 bytes | Modified Date = 28/04/2007 13:34:38 | Attr = ]
perfh00C.dat -> %System32%\perfh00C.dat -> [Ver = | Size = 448638 bytes | Modified Date = 28/04/2007 13:34:38 | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 962276 bytes | Modified Date = 28/04/2007 13:34:38 | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 3596 bytes | Modified Date = 27/04/2007 09:43:36 | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 06/05/2007 02:23:24 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1170 bytes | Modified Date = 06/05/2007 03:39:06 | Attr = ]
ws344069.ocx -> %System32%\ws344069.ocx -> [Ver = | Size = 541 bytes | Modified Date = 06/05/2007 01:56:10 | Attr = H ]
aavmker4.sys -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 26888 bytes | Modified Date = 30/04/2007 17:37:24 | Attr = ]
aswmon.sys -> %System32%\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 85952 bytes | Modified Date = 30/04/2007 17:41:56 | Attr = ]
aswmon2.sys -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 94552 bytes | Modified Date = 30/04/2007 17:41:42 | Attr = ]
aswRdr.sys -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 23416 bytes | Modified Date = 30/04/2007 17:39:42 | Attr = ]
aswTdi.sys -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.997.0 | Size = 43176 bytes | Modified Date = 30/04/2007 17:38:52 | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 06/05/2007 02:18:16 | Attr = ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 745600 bytes | Modified Date = 30/04/2007 17:46:10 | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41131 bytes | Modified Date = 30/08/2002 13:00:00 | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.5.0.53 | Size = 639066 bytes | Modified Date = 27/03/2007 09:49:00 | Attr = ]
UPX! , UPX0 , -> %System32%\dvdaudio.ax -> [Ver = | Size = 168960 bytes | Modified Date = 19/02/2002 12:38:18 | Attr = ]
UPX! , UPX0 , -> %System32%\FraunhoferAudio.ax -> Fraunhofer [Ver = 3.00.0804 | Size = 65536 bytes | Modified Date = 24/11/2001 19:31:48 | Attr = ]
UPX! , UPX0 , -> %System32%\FraunhoferVideo.ax -> Fraunhofer [Ver = 1.00.000 | Size = 86528 bytes | Modified Date = 24/11/2001 19:28:14 | Attr = ]
Thawte Consulting , -> %System32%\http50.ocx -> /n software inc. - www.nsoftware.com [Ver = 5.0.0.516 | Size = 149640 bytes | Modified Date = 14/06/2001 05:08:36 | Attr = ]
UPX! , UPX0 , -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 27/04/2006 17:49:30 | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 30/08/2002 13:00:00 | Attr = ]
Thawte Consulting , -> %System32%\webupl50.ocx -> /n software inc. - www.nsoftware.com [Ver = 5.0.0.516 | Size = 166024 bytes | Modified Date = 14/06/2001 05:08:36 | Attr = ]

< End of report >

Répondre à el-chico66

Re

Ce rapport montre plusieurs choses.

Une partie de la procédure se déroulera sans avoir accès à internet, prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant cette désinfection.
Les manipulations sont à faire sans interruption et dans l'ordre.
Si tu ne comprends pas quelque chose, demande des explications avant de commencer.

$$ Télécharge RHosts.exe de S!Ri sur le Bureau
http://siri.urz.free.fr/Softs/RHosts.exe

$$ Redémarre l'ordinateur en mode sans échec

$$ Lance RHosts.exe
Clique sur Restaurer.

$$ Lance Pocket Killbox
--- choisis l'option Delete on Reboot
--- copie la liste ci-dessous, des fichiers à supprimer (Ctrl-C) et File / Paste from Clipboard

C:\WINDOWS\pack.epk
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nvs2.inf

* les boutons "Single File" et "All Files" deviennent actifs mais "Single File" est activé par défaut.
Il faut alors impérativement activer (cliquer sur) "All Files", impérativement, sinon seul le premier de la liste sera supprimé.
--- vérifie que tous les fichiers sont enregistrés, par la liste déroulante "Full Path of File to Delete"
--- clique sur la croix blanche sur fond rouge (Delete File) :

- "File will be Removed on Reboot, Do you want to reboot now?", réponds OUI si tu es prêt à procéder

Si Pocket KillBox ne fait pas redémarrer le PC, redémarre le toi même.

$$ Redémarre normalement.

Supprime ce dossier : C:\!KillBox

Poste le rapport de Killbox (contenu du fichier C:\!KillBox\Logs\kb.log).

Répondre à chercheur_

salut,

Pocket Killbox version 2.0.0.648
Running on Windows XP as VANWILDEMEERSCH(Administrator)
was started @ mercredi, mai 09, 2007, 2:27 PM

# 1 [Delete on Reboot]
Path = C:\WINDOWS\pack.epk

# 2 [Delete on Reboot]
Path = C:\WINDOWS\system32\mcrh.tmp

# 3 [Delete on Reboot]
Path = C:\WINDOWS\system32\nvs2.inf

I Rebooted @ 2:29:53 PM
Killbox Closed(Exit) @ 2:29:53 PM
__________________________________________________

Répondre à el-chico66

Bonjour

Les fichiers ont étés supprimés.

Fais une analyse antivirus en ligne sur Panda
http://www.pandasoftware.com/activ [...] ncipal.htm

Colle son rapport ici.

Répondre à chercheur_

salut,
quand je clic sur le lien et que je fait analysé votre pc gratuitement, il ouvre une page en disant "navigateur non pris en charge" et "Nous sommes désolés. ActiveScan requiert le navigateur Microsoft Internet Explorer 5.0 ou une version ultérieure."

Répondre à el-chico66

Bonjour

Il faut passer par Internet Explorer pour ce scan.

Répondre à chercheur_

salut,
voila quand l'analyse est entrein de se faire, il y a un alerte virus qui apparait et je dois abandonné

Répondre à el-chico66

Re

Désactive temporairement Avast le temps du scan, car ils sont incompatible.

Répondre à chercheur_

Incident Statut Analyse

Spyware:Cookie/Mediaplex No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Application Data\Mozilla\Firefox\Profiles\raq6qps0.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Application Data\Mozilla\Firefox\Profiles\raq6qps0.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Application Data\Mozilla\Firefox\Profiles\raq6qps0.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Overture No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Application Data\Mozilla\Firefox\Profiles\raq6qps0.default\cookies.txt[.overture.com/]
Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Application Data\Mozilla\Firefox\Profiles\raq6qps0.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/adultfriendfinder No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Application Data\Mozilla\Firefox\Profiles\raq6qps0.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Application Data\Mozilla\Firefox\Profiles\raq6qps0.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Application Data\Mozilla\Firefox\Profiles\raq6qps0.default\cookies.txt[.weborama.fr/]
Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Application Data\Mozilla\Firefox\Profiles\raq6qps0.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Application Data\Mozilla\Firefox\Profiles\raq6qps0.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Application Data\Mozilla\Firefox\Profiles\raq6qps0.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/YieldManager No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Application Data\Mozilla\Firefox\Profiles\raq6qps0.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Comclick No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Application Data\Mozilla\Firefox\Profiles\raq6qps0.default\cookies.txt[fl01.ct2.comclick.com/]
Spyware:Cookie/Advertising No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Application Data\Mozilla\Firefox\Profiles\raq6qps0.default\cookies.txt[.advertising.com/]
Spyware:Cookie/FastClick No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Application Data\Mozilla\Firefox\Profiles\raq6qps0.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Application Data\Mozilla\Firefox\Profiles\raq6qps0.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Adtech No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Application Data\Mozilla\Firefox\Profiles\raq6qps0.default\cookies.txt[.adtech.de/]
Spyware:Cookie/2o7 No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Application Data\Mozilla\Firefox\Profiles\raq6qps0.default\cookies.txt[.2o7.net/]
Spyware:Cookie/WUpd No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Application Data\Mozilla\Firefox\Profiles\raq6qps0.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Searchportal No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Application Data\Mozilla\Firefox\Profiles\raq6qps0.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/cs.sexcounter No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Application Data\Mozilla\Firefox\Profiles\raq6qps0.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Tradedoubler No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Application Data\Mozilla\Firefox\Profiles\raq6qps0.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/WebtrendsLive No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Application Data\Mozilla\Firefox\Profiles\raq6qps0.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/MetriWeb No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Application Data\Mozilla\Firefox\Profiles\raq6qps0.default\cookies.txt[.metriweb.be/]
Spyware:Cookie/SpyLog No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Application Data\Mozilla\Firefox\Profiles\raq6qps0.default\cookies.txt[.spylog.com/]
Spyware:Cookie/Adviva No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Application Data\Mozilla\Firefox\Profiles\raq6qps0.default\cookies.txt[.adviva.net/]
Spyware:Cookie/BurstNet No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Application Data\Mozilla\Firefox\Profiles\raq6qps0.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Hitbox No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Application Data\Mozilla\Firefox\Profiles\raq6qps0.default\cookies.txt[.hitbox.com/]
Adware:Adware/BHO No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Bureau\Hijackthis Version Française\backups\backup-20070501-194152-333.dll
Outil indésirable:Application/Pskill.K No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Bureau\logiciel sécurité\clean\clean\pskill.exe
Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Bureau\logiciel sécurité\SDFix.exe[SDFix\apps\Process.exe]
Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Bureau\logiciel sécurité\SmitfraudFix\Process.exe
Virus:Trj/Shutdown.Z Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Bureau\logiciel sécurité\SmitfraudFix\restart.exe
Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Bureau\logiciel sécurité\SmitfraudFix\SmitfraudFix\Process.exe
Virus:Trj/Shutdown.Z Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Bureau\logiciel sécurité\SmitfraudFix\SmitfraudFix\restart.exe
Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Bureau\logiciel sécurité\VirtumundoBeGone.exe
Outil indésirable:Application/Pskill.K No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Bureau\vincent\clean.zip[clean/pskill.exe]
Spyware:Cookie/2o7 No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Cookies\vanwildemeersch@2o7[2].txt
Spyware:Cookie/Adtech No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Cookies\vanwildemeersch@adtech[2].txt
Spyware:Cookie/Falkag No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Cookies\vanwildemeersch@as1.falkag[1].txt
Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Cookies\vanwildemeersch@atdmt[2].txt
Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Cookies\vanwildemeersch@bluestreak[2].txt
Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Cookies\vanwildemeersch@bs.serving-sys[2].txt
Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Cookies\vanwildemeersch@doubleclick[1].txt
Spyware:Cookie/Mediaplex No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Cookies\vanwildemeersch@mediaplex[1].txt
Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Cookies\vanwildemeersch@serving-sys[2].txt
Spyware:Cookie/Tradedoubler No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Cookies\vanwildemeersch@tradedoubler[1].txt
Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Cookies\vanwildemeersch@weborama[1].txt
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Cookies\vanwildemeersch@xiti[1].txt
Spyware:Cookie/Zedo No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Cookies\vanwildemeersch@zedo[1].txt
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Local Settings\Temp\bis72.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Local Settings\Temp\bis78.exe
Adware:Adware/Lop No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Local Settings\Temp\bisD5.exe
Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Local Settings\Temp\nsb24.tmp
Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\VANWILDEMEERSCH\Local Settings\Temp\nsd29.tmp
Outil indésirable:Application/Pskill.A No Désinfecté C:\OEMCUST\TOOLS\WIN32\PSKILL.EXE
Virus:Trj/Nabload.AJR Désinfecté C:\Program Files\FusionSoft DVD Player XP\bmptojpeg.exe
Adware:Adware/NaviPromo No Désinfecté C:\Program Files\WebMediaPlayer\uninst.exe[²ÜÇ\NSUtils.dll]
Adware:Adware/WebMediaPlayer No Désinfecté C:\Program Files\WebMediaPlayer\WebMediaPlayer.exe
Spyware:Spyware/Virtumonde No Désinfecté C:\QooBox\Quarantine\C\WINDOWS\system32\awttstq.dll.vir
Outil indésirable:Application/Processor No Désinfecté C:\SDFix\apps\Process.exe
Hacktool:Rootkit/NTRootkit.AI No Désinfecté C:\SDFix\backups\backups.zip[backups/ksys.sys]
Adware:Adware/BraveSentry No Désinfecté C:\SDFix\backups\backups.zip[backups/update2.exe]
Adware:Adware/BHO No Désinfecté C:\SDFix\backups\backups.zip[backups/update7.exe]
Adware:Adware/BraveSentry No Désinfecté C:\SDFix\backups\backups.zip[backups/update8.exe]
Spyware:Spyware/Virtumonde No Désinfecté C:\VundoFix Backups\awtstus.dll .bad
Adware:Adware/WebSearch No Désinfecté C:\VundoFix Backups\bitfctis.dll.bad
Spyware:Spyware/Virtumonde No Désinfecté C:\VundoFix Backups\eylplbqv.dll .bad
Outil indésirable:Application/NirCmd.A No Désinfecté C:\WINDOWS\nircmd.exe
Outil indésirable:Application/Pskill.A No Désinfecté C:\WINDOWS\RESTORE.INS[COEMCUST/TOOLS/WIN32/PSKILL.EXE]
Outil indésirable:Application/Pskill.A No Désinfecté C:\WINDOWS\system\RESTORE.INS[COEMCUST/TOOLS/WIN32/PSKILL.EXE]
Outil indésirable:Application/Processor No Désinfecté C:\WINDOWS\system32\Process.exe
Virus:W32/Patchlog.B Désinfecté C:\WINDOWS\system32\winlogon.exe
Adware:Adware/NaviPromo No Désinfecté C:\WINDOWS\temp\NSIS_Install_WMP.exe[²ÜÇ\NSUtils.dll]
Adware:Adware/WebMediaPlayer No Désinfecté C:\WINDOWS\temp\NSIS_Install_WMP.exe[WebMediaPlayer.exe]

Répondre à el-chico66

Bonsoir

$$ Désinstalle ces applications (si tu les trouves) dans Ajout-Suppression de programmes :

WebMediaPlayer

$$ Supprime les fichiers/dossiers incriminés

C:\Documents and Settings\VANWILDEMEERSCH\Bureau\Hijackthis Version Française\backups
C:\Documents and Settings\VANWILDEMEERSCH\Bureau\logiciel sécurité\clean
C:\Documents and Settings\VANWILDEMEERSCH\Bureau\logiciel sécurité\SDFix.exe
C:\Documents and Settings\VANWILDEMEERSCH\Bureau\logiciel sécurité\SmitfraudFix
C:\Documents and Settings\VANWILDEMEERSCH\Bureau\logiciel sécurité\VirtumundoBeGone.exe
C:\Documents and Settings\VANWILDEMEERSCH\Bureau\vincent\clean.zip
C:\Program Files\WebMediaPlayer
C:\QooBox
C:\SDFix C:\VundoFix Backups
C:\WINDOWS\system32\Process.exe

$$ Lance le nettoyage avec CCleaner.

As tu encore des dysfonctionnements ?

Répondre à chercheur_

bonjour,
ben mon pc ne detecte toujours pas met clés usb, et il mais lontemp a ouvrir les page quand je navigue sur le net !!!!

Répondre à el-chico66

Bonsoir

Pour la clé USB.
Cela arrive avec une seule ?
Cela fonctionnait avant tes infections ?
As tu essayé la clé sur un autre PC ?

Pour la lenteur.
Télécharge EasyCleaner
http://personal.inet.fi/business/toniarts/ecleane.htm
Installe le dans un répertoire dédié.
Lance EasyCleaner.
Utilise les fonctions Inutiles et Registre. Supprime ce qu'il trouve. Ne pas toucher à la fonction doublons.

Fais une défragmentation.
http://www.trucsastuces.com/Astuces/76.php

Répondre à chercheur_

system alert ! aidé moi!!! - Page 2

Forum Sécurité - Virus : system alert ! aidé moi!!!

Attention