CHRISSAND63

Merci pour ton aide. J'ai fait le scan avec ANTIVIR, dès que j'ai fait le nettoyage je posterai le rapport HijackThis a+

Bonsoir, Besoin d'aide suite à attaque de STORAGEPROTECTOR Ci-joint rapports de HijackThis & combofix Merci d'avance pour votre aide Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:24:58, on 10/02/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\SW5kaWVuWFA\command.exe C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\System32\FTRTSVC.exe C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE C:\Program Files\Logitech\ImageStudio\LogiTray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\Microsoft Office\Office\FINDFAST.EXE C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\Oregon Scientific\SmartGlobe FR\SmartGlobeFR.exe C:\Program Files\Berchet Media\eLooK\StvDetect.exe C:\WINDOWS\explorer.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Wanadoo\EspaceWanadoo.exe C:\Program Files\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\Wanadoo\Watch.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu.exe O4 - HKCU\..\Run: [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ? O4 - Global Startup: SmartGlobeFR.lnk = ? O4 - Global Startup: Start ELooK.lnk = ? O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O17 - HKLM\System\CCS\Services\Tcpip\..\{4F2A2F7D-CC80-4FE3-B646-34909BBAA7F7}: NameServer = 81.253.149.1 80.10.246.3 O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SW5kaWVuWFA\command.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing) O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 6692 bytes ComboFix 08-02.05.3 - Christophe 2008-02-10 13:32:36.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.531 [GMT 1:00] Endroit: C:\Documents and Settings\All Users\Documents\Téléchargement\Combofix\ComboFix.exe * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\ddcyv.dll C:\WINDOWS\system32\mljifef.dll C:\Documents and Settings\LocalService\Application Data\NetMon C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt C:\Documents and Settings\NetworkService\Application Data\NetMon C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt C:\Program Files\Fichiers communs\Yazzle1281OinAdmin.exe C:\Program Files\Fichiers communs\Yazzle1281OinUninstaller.exe C:\WINDOWS\SW5kaWVuWFA\ C:\WINDOWS\SW5kaWVuWFA\\asappsrv.dll C:\WINDOWS\SW5kaWVuWFA\\command.exe C:\WINDOWS\SW5kaWVuWFA\\mqc4uqpRqIE.vbs C:\WINDOWS\SW5kaWVuWFA\command.exe C:\WINDOWS\system32\atmtd.dll.tmp C:\WINDOWS\System32\ddcyv.dll C:\WINDOWS\system32\jfwphqpc.dll C:\WINDOWS\system32\mljifef.dll C:\WINDOWS\system32\niixhgto.dll C:\WINDOWS\system32\niixhgto.dll . . . . Echec de suppression C:\WINDOWS\system32\niixhgto.dllbox C:\WINDOWS\system32\p1 C:\WINDOWS\system32\p1\liamdll2.exe C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\vycdd.ini C:\WINDOWS\system32\vycdd.ini2 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_CMDSERVICE -------\LEGACY_NETWORK_MONITOR -------\cmdService -------\Network Monitor ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-10 to 2008-02-10 )))))))))))))))))))))))))))))))))))) . 2008-02-10 13:23 . 2008-02-10 13:23 <REP> d-------- C:\Program Files\Trend Micro 2008-02-09 17:55 . 2008-02-09 18:03 <REP> d-------- C:\WINDOWS\system32\CatRoot2 2008-02-09 16:49 . 2008-02-09 16:49 <REP> d---s---- C:\WINDOWS\Downloaded Program Files 2008-02-09 14:50 . 2008-02-09 14:50 268 --ah----- C:\sqmdata06.sqm 2008-02-09 14:50 . 2008-02-09 14:50 244 --ah----- C:\sqmnoopt06.sqm 2008-02-09 14:29 . 2008-02-09 14:29 2,126 --a------ C:\WINDOWS\system32\wpa.dbl 2008-02-08 22:00 . 2008-02-10 13:34 163,904 --a------ C:\WINDOWS\system32\niixhgto.dll 2008-02-08 21:52 . 2008-02-08 21:52 <REP> d-------- C:\WINDOWS\system32\nGpxx01 2008-02-05 18:32 . 2008-02-05 18:32 268 --ah----- C:\sqmdata05.sqm 2008-02-05 18:32 . 2008-02-05 18:32 244 --ah----- C:\sqmnoopt05.sqm 2008-01-20 21:15 . 2002-06-10 07:24 220,079 -ra------ C:\WINDOWS\system32\drivers\LV551AV.sys 2008-01-20 21:15 . 2002-06-10 07:22 167,936 -ra------ C:\WINDOWS\system32\lvcodec2.dll 2008-01-20 21:15 . 2002-06-10 07:16 131,072 -ra------ C:\WINDOWS\system32\SP5X_32.DLL 2008-01-20 21:15 . 2002-06-10 07:23 110,592 -ra------ C:\WINDOWS\system32\LVUI2.dll 2008-01-20 21:15 . 2002-06-10 07:25 69,632 -ra------ C:\WINDOWS\system32\lvcoinst.dll 2008-01-20 21:15 . 2002-06-10 07:20 12,112 -ra------ C:\WINDOWS\system32\drivers\LVUSBSta.sys 2008-01-20 21:15 . 2002-06-10 07:16 5,187 -ra------ C:\WINDOWS\system32\lvcoinst.ini 2008-01-20 21:12 . 2002-08-29 11:45 286,720 --a------ C:\WINDOWS\system32\msh263.drv 2008-01-20 21:12 . 2002-08-29 11:45 50,688 --a------ C:\WINDOWS\system32\vfwwdm32.dll 2008-01-20 21:12 . 2002-08-29 11:45 50,688 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll 2008-01-20 21:12 . 2001-08-23 17:47 45,568 --a------ C:\WINDOWS\system32\iyuv_32.dll 2008-01-20 21:12 . 2001-08-23 17:47 45,568 --a--c--- C:\WINDOWS\system32\dllcache\iyuv_32.dll 2008-01-20 21:12 . 2001-08-23 17:47 8,192 --a------ C:\WINDOWS\system32\tsbyuv.dll 2008-01-20 21:12 . 2001-08-23 17:47 8,192 --a--c--- C:\WINDOWS\system32\dllcache\tsbyuv.dll 2008-01-16 16:44 . 2008-01-16 16:44 268 --ah----- C:\sqmdata04.sqm 2008-01-16 16:44 . 2008-01-16 16:44 244 --ah----- C:\sqmnoopt04.sqm 2008-01-13 21:54 . 2008-01-13 21:54 <REP> d-------- C:\Documents and Settings\Sandrine\Application Data\FUJIFILM 2008-01-10 19:15 . 2008-01-10 19:15 <REP> d-------- C:\Program Files\Oregon Scientific 2008-01-10 19:15 . 2008-01-10 21:14 <REP> d-------- C:\Program Files\Fichiers communs\USB9KD 2008-01-10 19:15 . 2003-03-19 13:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.DLL 2008-01-10 19:15 . 2006-07-07 14:10 16,000 --a------ C:\WINDOWS\system32\drivers\9kdUSBXP.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-10 12:31 --------- d-----w C:\Program Files\Wanadoo 2008-02-09 16:55 5,719,590 ----a-w C:\WINDOWS\java\Packages\K7JX797H.ZIP 2008-02-09 16:55 4,312,123 ----a-w C:\WINDOWS\java\Packages\DN5FBXVZ.ZIP 2008-01-10 18:15 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-27 20:35 --------- d-----w C:\Documents and Settings\Christophe\Application Data\U3 . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}] 2008-02-10 13:34 163904 --a------ C:\WINDOWS\system32\niixhgto.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B09AFD95-D321-4287-ADD0-B8555EEE423B}] 2008-02-08 02:07 217088 --a------ C:\Program Files\NetMeeting\gisawuge89104.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Drmupgds"="C:\Program Files\Drmupgds\Drmupgds.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-31 07:35 7634944] "nwiz"="nwiz.exe" [2006-10-31 07:35 1622016 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-31 07:35 86016] "RTHDCPL"="RTHDCPL.EXE" [2006-08-01 12:10 16049664 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-08-27 03:01 1450096] "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49 20480] "LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2002-09-20 14:16 90112] "LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-09-11 11:58 155648] "LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-09-11 11:57 45056] "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-22 17:45 282624] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="C:\\WINDOWS\\System32\\logonuiX.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\niixhgto] niixhgto.dll 2008-02-10 13:34 163904 C:\WINDOWS\system32\niixhgto.dll R3 LVBulk;LVBulk Service;C:\WINDOWS\System32\DRIVERS\LVBulk.sys [2002-06-10 07:21] R3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);C:\WINDOWS\System32\DRIVERS\LV551AV.sys [2002-06-10 07:24] S3 SNL320XP;SmartGlobe II;C:\WINDOWS\System32\DRIVERS\9kdUSBXP.sys [2006-07-07 14:10] . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-02-10 12:24:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"

Bonsoir, Besoin d'aide suite à attaque de STORAGEPROTECTOR Ci-joint rapports de HijackThis & combofix Merci d'avance pour votre aide Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:24:58, on 10/02/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\SW5kaWVuWFA\command.exe C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\System32\FTRTSVC.exe C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE C:\Program Files\Logitech\ImageStudio\LogiTray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\Microsoft Office\Office\FINDFAST.EXE C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\Oregon Scientific\SmartGlobe FR\SmartGlobeFR.exe C:\Program Files\Berchet Media\eLooK\StvDetect.exe C:\WINDOWS\explorer.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Wanadoo\EspaceWanadoo.exe C:\Program Files\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\Wanadoo\Watch.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu.exe O4 - HKCU\..\Run: [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ? O4 - Global Startup: SmartGlobeFR.lnk = ? O4 - Global Startup: Start ELooK.lnk = ? O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O17 - HKLM\System\CCS\Services\Tcpip\..\{4F2A2F7D-CC80-4FE3-B646-34909BBAA7F7}: NameServer = 81.253.149.1 80.10.246.3 O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SW5kaWVuWFA\command.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing) O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 6692 bytes ComboFix 08-02.05.3 - Christophe 2008-02-10 13:32:36.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.531 [GMT 1:00] Endroit: C:\Documents and Settings\All Users\Documents\Téléchargement\Combofix\ComboFix.exe * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\ddcyv.dll C:\WINDOWS\system32\mljifef.dll C:\Documents and Settings\LocalService\Application Data\NetMon C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt C:\Documents and Settings\NetworkService\Application Data\NetMon C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt C:\Program Files\Fichiers communs\Yazzle1281OinAdmin.exe C:\Program Files\Fichiers communs\Yazzle1281OinUninstaller.exe C:\WINDOWS\SW5kaWVuWFA\ C:\WINDOWS\SW5kaWVuWFA\\asappsrv.dll C:\WINDOWS\SW5kaWVuWFA\\command.exe C:\WINDOWS\SW5kaWVuWFA\\mqc4uqpRqIE.vbs C:\WINDOWS\SW5kaWVuWFA\command.exe C:\WINDOWS\system32\atmtd.dll.tmp C:\WINDOWS\System32\ddcyv.dll C:\WINDOWS\system32\jfwphqpc.dll C:\WINDOWS\system32\mljifef.dll C:\WINDOWS\system32\niixhgto.dll C:\WINDOWS\system32\niixhgto.dll . . . . Echec de suppression C:\WINDOWS\system32\niixhgto.dllbox C:\WINDOWS\system32\p1 C:\WINDOWS\system32\p1\liamdll2.exe C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\vycdd.ini C:\WINDOWS\system32\vycdd.ini2 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_CMDSERVICE -------\LEGACY_NETWORK_MONITOR -------\cmdService -------\Network Monitor ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-10 to 2008-02-10 )))))))))))))))))))))))))))))))))))) . 2008-02-10 13:23 . 2008-02-10 13:23 <REP> d-------- C:\Program Files\Trend Micro 2008-02-09 17:55 . 2008-02-09 18:03 <REP> d-------- C:\WINDOWS\system32\CatRoot2 2008-02-09 16:49 . 2008-02-09 16:49 <REP> d---s---- C:\WINDOWS\Downloaded Program Files 2008-02-09 14:50 . 2008-02-09 14:50 268 --ah----- C:\sqmdata06.sqm 2008-02-09 14:50 . 2008-02-09 14:50 244 --ah----- C:\sqmnoopt06.sqm 2008-02-09 14:29 . 2008-02-09 14:29 2,126 --a------ C:\WINDOWS\system32\wpa.dbl 2008-02-08 22:00 . 2008-02-10 13:34 163,904 --a------ C:\WINDOWS\system32\niixhgto.dll 2008-02-08 21:52 . 2008-02-08 21:52 <REP> d-------- C:\WINDOWS\system32\nGpxx01 2008-02-05 18:32 . 2008-02-05 18:32 268 --ah----- C:\sqmdata05.sqm 2008-02-05 18:32 . 2008-02-05 18:32 244 --ah----- C:\sqmnoopt05.sqm 2008-01-20 21:15 . 2002-06-10 07:24 220,079 -ra------ C:\WINDOWS\system32\drivers\LV551AV.sys 2008-01-20 21:15 . 2002-06-10 07:22 167,936 -ra------ C:\WINDOWS\system32\lvcodec2.dll 2008-01-20 21:15 . 2002-06-10 07:16 131,072 -ra------ C:\WINDOWS\system32\SP5X_32.DLL 2008-01-20 21:15 . 2002-06-10 07:23 110,592 -ra------ C:\WINDOWS\system32\LVUI2.dll 2008-01-20 21:15 . 2002-06-10 07:25 69,632 -ra------ C:\WINDOWS\system32\lvcoinst.dll 2008-01-20 21:15 . 2002-06-10 07:20 12,112 -ra------ C:\WINDOWS\system32\drivers\LVUSBSta.sys 2008-01-20 21:15 . 2002-06-10 07:16 5,187 -ra------ C:\WINDOWS\system32\lvcoinst.ini 2008-01-20 21:12 . 2002-08-29 11:45 286,720 --a------ C:\WINDOWS\system32\msh263.drv 2008-01-20 21:12 . 2002-08-29 11:45 50,688 --a------ C:\WINDOWS\system32\vfwwdm32.dll 2008-01-20 21:12 . 2002-08-29 11:45 50,688 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll 2008-01-20 21:12 . 2001-08-23 17:47 45,568 --a------ C:\WINDOWS\system32\iyuv_32.dll 2008-01-20 21:12 . 2001-08-23 17:47 45,568 --a--c--- C:\WINDOWS\system32\dllcache\iyuv_32.dll 2008-01-20 21:12 . 2001-08-23 17:47 8,192 --a------ C:\WINDOWS\system32\tsbyuv.dll 2008-01-20 21:12 . 2001-08-23 17:47 8,192 --a--c--- C:\WINDOWS\system32\dllcache\tsbyuv.dll 2008-01-16 16:44 . 2008-01-16 16:44 268 --ah----- C:\sqmdata04.sqm 2008-01-16 16:44 . 2008-01-16 16:44 244 --ah----- C:\sqmnoopt04.sqm 2008-01-13 21:54 . 2008-01-13 21:54 <REP> d-------- C:\Documents and Settings\Sandrine\Application Data\FUJIFILM 2008-01-10 19:15 . 2008-01-10 19:15 <REP> d-------- C:\Program Files\Oregon Scientific 2008-01-10 19:15 . 2008-01-10 21:14 <REP> d-------- C:\Program Files\Fichiers communs\USB9KD 2008-01-10 19:15 . 2003-03-19 13:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.DLL 2008-01-10 19:15 . 2006-07-07 14:10 16,000 --a------ C:\WINDOWS\system32\drivers\9kdUSBXP.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-10 12:31 --------- d-----w C:\Program Files\Wanadoo 2008-02-09 16:55 5,719,590 ----a-w C:\WINDOWS\java\Packages\K7JX797H.ZIP 2008-02-09 16:55 4,312,123 ----a-w C:\WINDOWS\java\Packages\DN5FBXVZ.ZIP 2008-01-10 18:15 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-27 20:35 --------- d-----w C:\Documents and Settings\Christophe\Application Data\U3 . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}] 2008-02-10 13:34 163904 --a------ C:\WINDOWS\system32\niixhgto.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B09AFD95-D321-4287-ADD0-B8555EEE423B}] 2008-02-08 02:07 217088 --a------ C:\Program Files\NetMeeting\gisawuge89104.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Drmupgds"="C:\Program Files\Drmupgds\Drmupgds.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-31 07:35 7634944] "nwiz"="nwiz.exe" [2006-10-31 07:35 1622016 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-31 07:35 86016] "RTHDCPL"="RTHDCPL.EXE" [2006-08-01 12:10 16049664 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-08-27 03:01 1450096] "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49 20480] "LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2002-09-20 14:16 90112] "LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-09-11 11:58 155648] "LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-09-11 11:57 45056] "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-22 17:45 282624] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="C:\\WINDOWS\\System32\\logonuiX.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\niixhgto] niixhgto.dll 2008-02-10 13:34 163904 C:\WINDOWS\system32\niixhgto.dll R3 LVBulk;LVBulk Service;C:\WINDOWS\System32\DRIVERS\LVBulk.sys [2002-06-10 07:21] R3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);C:\WINDOWS\System32\DRIVERS\LV551AV.sys [2002-06-10 07:24] S3 SNL320XP;SmartGlobe II;C:\WINDOWS\System32\DRIVERS\9kdUSBXP.sys [2006-07-07 14:10] . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-02-10 12:24:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"