Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

ouvertures pub intempestive

Invité lemegapro

Par Invité lemegapro
dans Analyses et éradication malwares

 Partager

Messages recommandés

Invité lemegapro

Invité lemegapro

Posté(e)
Posté(e)

Bonsoir,

 

J'ai des soucis que je n'arrive à résoudre, si quelqu'un peut m'aider merci

 

Sur internet explorer, j'ai des fenêtres qui s'ouvrent et me ralentissent avec des pubs :

réparateur de système

viruseffaceur

lybresystem

je ne peux plus faire de recherche sur mon disque dur et certains logiciels ne fonctionnent plus

 

J'ai passé avast, combofix et smitfraudfix et combofix mais le problème revient en permanence

voilà le rapport combofix et hijackthis mais j'ai atteint mes limites !!!

Merci de votre aide

 

Bonsoir et merci d'avance à qui peut m'aider et interpréter ces derniers rapports :

combofix :

ComboFix 08-04-15.1 - Utilisateur Windows 2008-04-17 19:02:11.3 - FAT32x86

Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.1.#QNAN [GMT 2:00]

Endroit: C:\Documents and Settings\Utilisateur Windows\Bureau\ComboFix.exe

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\pskt.ini

C:\WINDOWS\SYSTEM32\ahrcxdlg.ini

C:\WINDOWS\system32\gldxcrha.dll

C:\WINDOWS\system32\ordcvuyh.dll

C:\WINDOWS\SYSTEM32\prrqprqr.ini

C:\WINDOWS\SYSTEM32\prrqprqr.ini2

 

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-17 to 2008-04-17 ))))))))))))))))))))))))))))))))))))

.

 

2008-04-16 22:46 . 2008-04-16 22:46 109,163 --a------ C:\WINDOWS\SYSTEM32\rqoghbmy.dll

2008-04-16 22:45 . 2008-04-17 18:41 1,524,244 ---hs---- C:\WINDOWS\SYSTEM32\exlicaei.ini

2008-04-16 22:44 . 2008-04-16 22:44 105,642 --a------ C:\WINDOWS\SYSTEM32\klfchprl.dll

2008-04-16 21:52 . 2008-04-16 21:52 <REP> d-------- C:\Deckard

2008-04-16 21:00 . 2008-04-16 21:00 <REP> d-------- C:\Program Files\EsetOnlineScanner

2008-04-16 19:25 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe

2008-04-16 19:25 . 2008-04-14 19:28 86,528 --a------ C:\WINDOWS\SYSTEM32\VACFix.exe

2008-04-16 19:25 . 2008-04-12 13:49 82,432 --a------ C:\WINDOWS\SYSTEM32\IEDFix.exe

2008-04-16 19:25 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe

2008-04-16 19:22 . 2008-04-16 19:22 100,379 --a------ C:\WINDOWS\SYSTEM32\iojnkquu.dll

2008-04-15 23:22 . 2008-04-15 23:22 105,561 --a------ C:\WINDOWS\SYSTEM32\rjnnukwo.dll

2008-04-15 19:34 . 2008-04-15 19:51 1,600,257 ---hs---- C:\WINDOWS\SYSTEM32\vdrucvrb.ini

2008-04-15 19:34 . 2008-04-15 19:34 100,522 --a------ C:\WINDOWS\SYSTEM32\brvcurdv.dll

2008-04-15 19:28 . 2008-04-15 19:28 110,623 --a------ C:\WINDOWS\SYSTEM32\aniepiof.dll

2008-04-15 19:25 . 2008-04-15 19:25 105,561 --a------ C:\WINDOWS\SYSTEM32\unlnqftq.dll

2008-04-15 19:24 . 2008-04-15 19:25 396,267 --a------ C:\WINDOWS\SYSTEM32\rqrpqrrp.dll

2008-04-15 19:22 . 2008-04-15 19:22 34,099 --a------ C:\WINDOWS\SYSTEM32\cbxxvsrr.dll

2008-04-15 19:19 . 2008-04-15 19:19 <REP> d-------- C:\WINDOWS\SYSTEM32\MId2

2008-04-15 19:19 . 2008-04-15 19:19 <REP> d-------- C:\WINDOWS\SYSTEM32\dtmp

2008-04-15 19:19 . 2008-04-15 19:19 <REP> d-------- C:\WINDOWS\SYSTEM32\dcL

2008-04-15 19:19 . 2008-04-15 19:19 <REP> d-------- C:\WINDOWS\SYSTEM32\dbl3

2008-04-15 19:19 . 2008-04-15 19:19 63,839 --a------ C:\WINDOWS\SYSTEM32\{fc1d3630-d4e7-ab6c-6474-538c81fcb69f}.dll-uninst.exe

2008-04-15 19:19 . 2008-04-15 19:19 34,099 --a------ C:\WINDOWS\SYSTEM32\vturqrqo.dll

2008-04-15 19:19 . 2008-04-15 19:19 936 --a------ C:\WINDOWS\SYSTEM32\winpfz33.sys

2008-04-15 19:18 . 2008-04-15 19:18 <REP> d-------- C:\WINDOWS\SYSTEM32\bharebio01

2008-04-15 19:18 . 2008-04-15 19:18 <REP> d-------- C:\Temp\wdlw14

2008-04-15 19:18 . 2008-04-15 19:18 34,099 --a------ C:\WINDOWS\SYSTEM32\ljjkjjif.dll

2008-03-29 14:08 . 2008-03-29 14:08 <REP> d-------- C:\Program Files\Fichiers communs\Bcgsoft

2008-03-24 20:53 . 2008-03-24 20:53 132 --a------ C:\WINDOWS\picture-shark.INI

2008-03-24 19:13 . 2003-12-09 12:11 1,875,968 --a------ C:\WINDOWS\SYSTEM32\PDFCreatorSV.exe

2008-03-24 19:13 . 2003-12-09 12:11 606,208 --a------ C:\WINDOWS\SYSTEM32\PDFCreator.cpl

2008-03-24 19:13 . 2003-12-09 12:11 360,448 --a------ C:\WINDOWS\SYSTEM32\PDFCreator.dll

2008-03-24 19:13 . 2003-12-09 11:43 290,816 --a------ C:\WINDOWS\SYSTEM32\niknakXML.dll

2008-03-24 19:13 . 2003-12-09 11:48 139,264 --a------ C:\WINDOWS\SYSTEM32\PDFCreatorMessages.exe

2008-03-24 19:13 . 2003-12-09 12:00 32,768 --a------ C:\WINDOWS\SYSTEM32\EventConsumer.dll

2008-03-24 19:13 . 2003-10-23 12:11 24,576 --a------ C:\WINDOWS\SYSTEM32\PDFMacroUtils.dll

2008-03-23 20:31 . 2006-05-26 12:03 339,968 --a------ C:\WINDOWS\SYSTEM32\MP3Enc.dll

2008-03-23 18:12 . 2008-03-23 18:12 172,941,939 --a------ C:\WINDOWS\SYSTEM32\SNAGIT7

2008-03-23 17:53 . 2008-03-23 17:53 <REP> dr------- C:\UDC Output Files

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-16 17:26 1,976 ----a-w C:\WINDOWS\SYSTEM32\tmp.reg

2008-04-15 21:48 175,864 ----a-w C:\Documents and Settings\Utilisateur Windows\Application Data\GDIPFONTCACHEV1.DAT

2008-03-03 20:28 --------- d-----w C:\Documents and Settings\Utilisateur Windows\Application Data\Thinstall

2008-02-11 07:39 253,952 ----a-w C:\WINDOWS\SYSTEM32\OnlineScannerDLLA.dll

2008-02-11 07:39 237,568 ----a-w C:\WINDOWS\SYSTEM32\OnlineScannerDLLW.dll

2008-02-08 11:53 110,592 ----a-w C:\WINDOWS\SYSTEM32\OnlineScannerLang.dll

2008-02-05 06:48 77,824 ----a-w C:\WINDOWS\SYSTEM32\OnlineScannerUninstaller.exe

2007-11-03 17:01 782 ----a-w C:\Documents and Settings\Utilisateur Windows\Application Data\waver_2.95.dat

2004-07-17 20:55 460,728 ----a-w C:\WINDOWS\FONTS\SET4ED.tmp

2004-07-17 20:55 383,140 ----a-w C:\WINDOWS\FONTS\SET4EC.tmp

2004-07-17 20:55 355,436 ----a-w C:\WINDOWS\FONTS\SET4EB.tmp

2004-07-17 09:39 409,280 ----a-w C:\WINDOWS\FONTS\SET4EA.tmp

2004-07-17 09:39 398,372 ----a-w C:\WINDOWS\FONTS\SET4E9.tmp

2004-07-17 09:39 367,112 ----a-w C:\WINDOWS\FONTS\SET4F0.tmp

2004-07-17 09:39 352,224 ----a-w C:\WINDOWS\FONTS\SET4EF.tmp

2004-07-17 09:39 127,596 ----a-w C:\WINDOWS\FONTS\SET4EE.tmp

2003-05-04 15:11 266 --sh--w C:\Program Files\desktop.ini

2003-05-04 15:11 11,208 ------w C:\Program Files\folder.htt

1996-12-02 16:44 582,144 ------w C:\Program Files\Fichiers communs\dao350.dll

2005-05-13 15:12 217,073 --sha-r C:\WINDOWS\meta4.exe

2005-10-24 09:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe

2003-07-14 16:55 32 --sha-w C:\WINDOWS\{A4BA2D91-B62C-11D7-82ED-0050BAEED455}.dat

2003-09-27 13:26 4,263 --sh--w C:\WINDOWS\windllreg1c.sys

2005-10-13 19:27 422,400 --sha-r C:\WINDOWS\x2.64.exe

2003-07-14 16:55 32 --sha-w C:\WINDOWS\SYSTEM\{A4BA2D90-B62C-11D7-82ED-0050BAEED455}.dat

2005-06-26 13:32 616,448 --sha-r C:\WINDOWS\SYSTEM32\cygwin1.dll

2005-06-21 20:37 45,568 --sha-r C:\WINDOWS\SYSTEM32\cygz.dll

2005-10-07 17:14 308,224 --sha-r C:\WINDOWS\SYSTEM32\avisynth.dll

2004-01-24 22:00 70,656 --sha-r C:\WINDOWS\SYSTEM32\i420vfw.dll

2005-04-03 09:46 56 --sh--r C:\WINDOWS\SYSTEM32\FD453BF819.sys

2008-01-13 10:28 56 --sh--r C:\WINDOWS\SYSTEM32\265ACE4C56.sys

2008-01-13 10:28 10,332 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys

2005-07-14 10:31 27,648 --sha-r C:\WINDOWS\SYSTEM32\AVSredirect.dll

2005-02-28 11:16 240,128 --sha-r C:\WINDOWS\SYSTEM32\x.264.exe

2006-04-27 08:24 2,945,024 --sha-r C:\WINDOWS\SYSTEM32\Smab.dll

.

 

 

Code :

 

<pre>

------r 13,122,160 2003-03-17 11:42:44 C:\Program Files\Windows Media Player\Installer\windows media player 9 pour windows 98 2000 millenium .exe

</pre>

 

 

 

 

 

((((((((((((((((((((((((((((( snapshot@2008-04-16_19.06.40.02 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-04-16 17:05:08 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-04-17 17:07:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat

- 2007-09-30 09:41:30 16,384 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\Cookies\index.dat

+ 2008-04-17 16:45:14 16,384 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\Cookies\index.dat

- 2007-09-30 09:41:30 32,768 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat

+ 2008-04-17 16:45:14 32,768 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat

+ 2007-07-27 12:49:02 196,683 ----a-w C:\WINDOWS\SYSTEM32\lnod32apiA.dll

+ 2007-07-27 12:49:02 225,355 ----a-w C:\WINDOWS\SYSTEM32\lnod32apiW.dll

+ 2005-12-05 17:25:22 139,264 ----a-w C:\WINDOWS\SYSTEM32\lnod32umc.dll

+ 2005-12-05 10:37:10 106,496 ----a-w C:\WINDOWS\SYSTEM32\lnod32upd.dll

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5C367C2-0463-4965-8A45-60B97B0A412C}]

2008-04-15 19:25 396267 --a------ C:\WINDOWS\system32\rqrpqrrp.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2}]

2008-04-15 19:18 34099 --a------ C:\WINDOWS\system32\ljjkjjif.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]

@={7D688A77-C613-11D0-999B-00C04FD655E1}

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]

"Nero PhotoShow Media Manager"="F:\NEROPH~1\data\xtras\mssysmgr.exe" [2006-01-13 22:22 249856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-04-01 16:16 5562368]

"nwiz"="nwiz.exe" [2005-04-01 16:16 1495040 C:\WINDOWS\SYSTEM32\nwiz.exe]

"Vade Retro Outlook Express"="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2006-02-16 16:46 295936]

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2003-02-08 10:26 151597]

"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-04-01 16:16 86016]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

"BM2c5728c2"="C:\WINDOWS\system32\klfchprl.dll" [2008-04-16 22:44 105642]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Printing Migration"="C:\WINDOWS\System32\spool\migrate.dll" [2001-08-28 12:00 30720]

"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 15:52 44544]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2}"= C:\WINDOWS\system32\ljjkjjif.dll [2008-04-15 19:18 34099]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjkjjif]

ljjkjjif.dll 2008-04-15 19:18 34099 C:\WINDOWS\SYSTEM32\ljjkjjif.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Ask Harrap's Shorter.lnk]

backup=C:\WINDOWS\pss\Ask Harrap's Shorter.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Digital TV.lnk]

backup=C:\WINDOWS\pss\Digital TV.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]

backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Acrobat.lnk]

backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Acrobat.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Printkey2000.lnk]

backup=C:\WINDOWS\pss\Printkey2000.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^RFScheduler.lnk]

backup=C:\WINDOWS\pss\RFScheduler.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SpySubtract.lnk]

backup=C:\WINDOWS\pss\SpySubtract.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^VoipBuster.lnk]

backup=C:\WINDOWS\pss\VoipBuster.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Utilisateur Windows^Menu Démarrer^Programmes^Démarrage^AdDestroyer.lnk]

backup=C:\WINDOWS\pss\AdDestroyer.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Utilisateur Windows^Menu Démarrer^Programmes^Démarrage^VoipBuster.lnk]

backup=C:\WINDOWS\pss\VoipBuster.lnkStartup

 

[HKLM\~\startupfolder\C:^DOCUME~1^ALLUSE~1^Menu Démarrer^Programmes^Démarrage^Ask Harrap's Shorter.lnk]

backup=C:\WINDOWS\pss\Ask Harrap's Shorter.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

--a------ 2007-07-03 20:36 6731312 C:\AVG Anti-Spyware 7.5\avgas.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2f641b5e]

--a------ 2008-04-15 19:34 100522 C:\WINDOWS\system32\brvcurdv.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\340.exe]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3R5CZ5B486NZNY]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]

--a------ 2004-12-14 02:12 483328 D:\Adobe Acrobat 7.0 FR\Distillr\Acrotray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

F:\photoshop éléments v.4 fr\apdproxy.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aEv3RWGpX]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alchem]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Arovax AntiSpyware]

--a------ 2007-09-21 13:56 1966080 F:\Arovax AntiSpyware\arovaxantispyware.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoUpdater]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

--a------ 2007-12-04 14:00 79224 F:\ANTIVI~1\ashDisp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bakra]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM2c5728c2]

--a------ 2008-04-15 19:25 105561 C:\WINDOWS\system32\unlnqftq.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Copernic Desktop Search]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLD.EXE]

F:\Download Direct\DLD.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dsi]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]

--a------ 2007-05-13 16:57 5308416 C:\eMule\emule.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Explorer32]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]

F:\antispyware microsoft\gcasServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hnnhmiucznqgb]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IpWins]

C:\Program Files\Ipwindows\ipwins.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2007-09-26 14:42 267064 F:\Itunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]

--a------ 2004-03-23 14:44 49152 F:\pinnacle studio 9\LaunchList.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeScape Media Detector]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2004-08-19 16:10 1667584 C:\Program Files\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mswspl]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ndpi]

C:\WINDOWS\System32\SSTEM3~1\wuauboot.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]

--a------ 2006-01-13 22:22 249856 F:\NEROPH~1\data\Xtras\mssysmgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NewsUpd]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntldr]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Office SturtUp]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]

--a------ 2006-05-31 11:20 1281425 C:\Program Files\Fichiers communs\Acronis\Partition Suite\oss_reinstall.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFCreatorClient]

F:\Jaws PDF Créator\PDFClient.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]

--a------ 2004-03-10 16:26 406016 C:\WINDOWS\System32\PSDrvCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pwbccy]

C:\Documents and Settings\Utilisateur Windows\Mes documents\?ppPatch\ping.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rp4T36i]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]

Fichier c:\windows\system32\winlogon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunDLL]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spa_start]

C:\WINDOWS\system32\{fc1d3630-d4e7-ab6c-6474-538c81fcb69f}.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2005-04-13 03:48 36975 C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

--a------ 2005-05-01 13:50 100056 C:\PROGRA~1\SYMNET~1\SNDMon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\syswin]

C:\WINDOWS\System32\v6.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--------- 2003-02-08 10:26 151597 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

--a------ 2007-10-31 10:19 378784 F:\TomTom Home\HOMERunner.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TV Media]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ub4TrayApp]

F:\UltraBackup4.0\bin\ubtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UDC Integration]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updater]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UrAtHB98.exe]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]

--a------ 2004-04-23 11:00 192512 F:\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VBouncer]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows installer]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xp_system]

Fichier c:\windows\system32\winlogon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{2F641BF1-05FF-1036-1022-011128200021}]

C:\Program Files\Fichiers communs\{2F641BF1-05FF-1036-1022-011128200021}\Update.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"svcWRSSSDK"=2 (0x2)

"ewido security suite control"=2 (0x2)

"AVKWCtl"=2 (0x2)

"AVKService"=2 (0x2)

"aswUpdSv"=2 (0x2)

"SQLAgent$PINNACLESYS"=3 (0x3)

"MSSQL$PINNACLESYS"=2 (0x2)

"PDEngine"=3 (0x3)

"PDAgent"=2 (0x2)

"vsmon"=2 (0x2)

"avast! Web Scanner"=3 (0x3)

"avast! Mail Scanner"=3 (0x3)

"avast! Antivirus"=2 (0x2)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\SYSTEM32\NvMCTray.dll,NvTaskbarInit

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"EnsoniqMixer"=starter.exe

"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\SYSTEM32\NvCpl.dll,NvStartup

"WinFast2KLoadDefault"=rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings

"LoadQM"=loadqm.exe

"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

"nwiz"=nwiz.exe /install

"TPP Auto Loader"=C:\WINDOWS\TPPALDR.EXE

"Microsoft Works Update Detection"=C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

"SchedulingAgent"=mstinit.exe /firstlogon

"QuickTime Task"="C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]

"DataCaching"=C:\PROGRA~1\DATACA~1\FLashKsk.exe

"EnsoniqMixer"=starter.exe

"QuickTime Task"="C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]

"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

"SchedulingAgent"=mstask.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"F:\\Itunes\\iTunes.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"58711:TCP"= 58711:TCP:Pando P2P TCP Listening Port

"58711:UDP"= 58711:UDP:Pando P2P UDP Listening Port

 

R2 Dnscache;Client DNS;C:\WINDOWS\System32\svchost.exe [2004-08-19 16:10]

R2 SamVirtualCable;SAM Virtual Cable;C:\WINDOWS\system32\Drivers\samvckmd.sys [2005-03-08 06:55]

R2 tansgt;tansgt;C:\WINDOWS\system32\drivers\tansgt.sys [2007-12-15 15:27]

R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2004-08-19 16:10]

S0 NVDual;NVDual;C:\WINDOWS\system32\DRIVERS\nvDual.sys []

S3 3xHybrid;Pinnacle PCTV 300i Stereo DVB-T;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-12-03 15:55]

S3 DFSTR2K;Base USB Mass Storage Driver;C:\WINDOWS\system32\DRIVERS\DFSTOR2K.SYS [2001-11-01 09:49]

S3 DIBLOAD2;Digital TV firmware loader(Type 2);C:\WINDOWS\system32\DRIVERS\dgtvload2.sys [2004-11-16 11:15]

S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 15:23]

S3 GDInterceptor;GDInterceptor;C:\WINDOWS\System32\interceptor.sys [2005-11-27 13:12]

S3 HookCentre;HookCentre;C:\WINDOWS\System32\drivers\HookCentre.sys [2005-11-27 13:12]

S3 MODUSB;Digital TV DVB-T USB adapter driver;C:\WINDOWS\system32\Drivers\dgtvcap.sys [2004-06-03 05:03]

S3 REGMON;REGMON;C:\WINDOWS\system32\drivers\REGSYS.SYS []

S3 RHDISK;RHDISK;I:\Rohos\RHDISK.SYS []

S4 COM+ Alerter Service;COM+ Alerter Service;C:\WINDOWS\system32\altsvc.exe []

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21959260-19d3-11dc-bd8e-0050baeed455}]

\Shell\AutoRun\command - I:\InstallTomTomHOME.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b22b3d42-d9f9-11db-bcf7-0050baeed455}]

\Shell\AutoRun\command - K:\PStart.exe

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]

"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]

"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]

"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]

"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]

C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2008-04-16 19:31:02 C:\WINDOWS\Tasks\Symantec NetDetect.job"

- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE

"2008-04-04 15:16:42 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"

- F:\TuneUp Utilities 2007\SystemOptimizer.exe

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-17 19:08:05

Windows 5.1.2600 Service Pack 1 FAT NTAPI

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

.

--------------------- DLLs a charg‚ sous des processus courants ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\samvcumd.dll

-> C:\WINDOWS\system32\ljjkjjif.dll

 

PROCESS: C:\WINDOWS\explorer.exe

-> C:\WINDOWS\system32\samvcumd.dll

-> C:\WINDOWS\system32\klfchprl.dll

.

------------------------ Other Running Processes ------------------------

.

F:\photoshop éléments v.4 fr\PhotoshopElementsFileAgent.exe

C:\PROGRAM FILES\GOTO SOFTWARE\VADE RETRO\VADERETRO_OE.EXE

C:\WINDOWS\SYSTEM32\RUNDLL32.EXE

C:\PROGRAM FILES\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE

C:\AVG ANTI-SPYWARE 7.5\GUARD.EXE

C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE

C:\WINDOWS\SYSTEM32\CRYPSERV.EXE

C:\WINDOWS\SYSTEM32\NVSVC32.EXE

C:\WINDOWS\SYSTEM32\PDFCREATORMESSAGES.EXE

.

**************************************************************************

.

Temps d'accomplissement: 2008-04-17 19:10:36 - machine was rebooted

ComboFix4.txt 2007-03-09 16:40:48

ComboFix-quarantined-files.txt 2008-04-17 17:10:28

ComboFix3.txt 2008-04-16 17:07:30

ComboFix2.txt 2008-04-16 20:37:48

 

Pre-Run: 3,056,386,048 octets libres

Post-Run: 3,041,312,768 octets libres

 

rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:23:23, on 17/04/2008

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

F:\photoshop éléments v.4 fr\PhotoshopElementsFileAgent.exe

C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\Rundll32.exe

F:\NEROPH~1\data\xtras\mssysmgr.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\System32\CTSvcCDA.exe

C:\WINDOWS\system32\crypserv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\SYSTEM32\PDFCreatorMessages.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

F:\ANNEE 2008\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Adobe Acrobat 7.0 FR\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [bM2c5728c2] Rundll32.exe "C:\WINDOWS\system32\klfchprl.dll",s

O4 - HKLM\..\Run: [2f641b5e] rundll32.exe "C:\WINDOWS\system32\ppdroxnc.dll",b

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] F:\NEROPH~1\data\xtras\mssysmgr.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'Default user')

O8 - Extra context menu item: &Télécharger avec NetTransport - F:\NetTransport 2\NTAddLink.html

O8 - Extra context menu item: Convertir en Adobe PDF - res://D:\Adobe Acrobat 7.0 FR\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir en un fichier PDF existant - res://D:\Adobe Acrobat 7.0 FR\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://D:\Adobe Acrobat 7.0 FR\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://D:\Adobe Acrobat 7.0 FR\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://D:\Adobe Acrobat 7.0 FR\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://D:\Adobe Acrobat 7.0 FR\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://D:\Adobe Acrobat 7.0 FR\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://D:\Adobe Acrobat 7.0 FR\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - Fichier "c:\documents and settings\utilisateur windows\bureau\excel.exe/3000" n'existe pas.

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm

O8 - Extra context menu item: Tout t&élécharger avec NetTransport - F:\NetTransport 2\NTAddList.html

O8 - Extra context menu item: Traduire cette page - C:\WINDOWS\WEB\powertoy.htm

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - F:\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - F:\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lemegapro.spaces.msn.com//P [...] nPUpld.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/re [...] oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft. [...] 1992903324

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - F:\photoshop éléments v.4 fr\PhotoshopElementsFileAgent.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe

O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PDFCreatorMessages - Global Graphics Software Ltd - C:\WINDOWS\SYSTEM32\PDFCreatorMessages.exe

O23 - Service: SAVScan - Unknown owner - (no file)

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

 

--

End of file - 9503 bytes

Invité lemegapro@hotmail.com

Invité lemegapro@hotmail.com

Posté(e)
Posté(e)
Bonsoir,

 

J'ai des soucis que je n'arrive à résoudre, si quelqu'un peut m'aider merci

 

Sur internet explorer, j'ai des fenêtres qui s'ouvrent et me ralentissent avec des pubs :

réparateur de système

viruseffaceur

lybresystem

je ne peux plus faire de recherche sur mon disque dur et certains logiciels ne fonctionnent plus

 

J'ai passé avast, combofix et smitfraudfix et combofix mais le problème revient en permanence

voilà le rapport combofix et hijackthis mais j'ai atteint mes limites !!!

Merci de votre aide

 

Bonsoir et merci d'avance à qui peut m'aider et interpréter ces derniers rapports :

combofix :

ComboFix 08-04-15.1 - Utilisateur Windows 2008-04-17 19:02:11.3 - FAT32x86

Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.1.#QNAN [GMT 2:00]

Endroit: C:\Documents and Settings\Utilisateur Windows\Bureau\ComboFix.exe

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\pskt.ini

C:\WINDOWS\SYSTEM32\ahrcxdlg.ini

C:\WINDOWS\system32\gldxcrha.dll

C:\WINDOWS\system32\ordcvuyh.dll

C:\WINDOWS\SYSTEM32\prrqprqr.ini

C:\WINDOWS\SYSTEM32\prrqprqr.ini2

 

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-17 to 2008-04-17 ))))))))))))))))))))))))))))))))))))

.

 

2008-04-16 22:46 . 2008-04-16 22:46 109,163 --a------ C:\WINDOWS\SYSTEM32\rqoghbmy.dll

2008-04-16 22:45 . 2008-04-17 18:41 1,524,244 ---hs---- C:\WINDOWS\SYSTEM32\exlicaei.ini

2008-04-16 22:44 . 2008-04-16 22:44 105,642 --a------ C:\WINDOWS\SYSTEM32\klfchprl.dll

2008-04-16 21:52 . 2008-04-16 21:52 <REP> d-------- C:\Deckard

2008-04-16 21:00 . 2008-04-16 21:00 <REP> d-------- C:\Program Files\EsetOnlineScanner

2008-04-16 19:25 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe

2008-04-16 19:25 . 2008-04-14 19:28 86,528 --a------ C:\WINDOWS\SYSTEM32\VACFix.exe

2008-04-16 19:25 . 2008-04-12 13:49 82,432 --a------ C:\WINDOWS\SYSTEM32\IEDFix.exe

2008-04-16 19:25 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe

2008-04-16 19:22 . 2008-04-16 19:22 100,379 --a------ C:\WINDOWS\SYSTEM32\iojnkquu.dll

2008-04-15 23:22 . 2008-04-15 23:22 105,561 --a------ C:\WINDOWS\SYSTEM32\rjnnukwo.dll

2008-04-15 19:34 . 2008-04-15 19:51 1,600,257 ---hs---- C:\WINDOWS\SYSTEM32\vdrucvrb.ini

2008-04-15 19:34 . 2008-04-15 19:34 100,522 --a------ C:\WINDOWS\SYSTEM32\brvcurdv.dll

2008-04-15 19:28 . 2008-04-15 19:28 110,623 --a------ C:\WINDOWS\SYSTEM32\aniepiof.dll

2008-04-15 19:25 . 2008-04-15 19:25 105,561 --a------ C:\WINDOWS\SYSTEM32\unlnqftq.dll

2008-04-15 19:24 . 2008-04-15 19:25 396,267 --a------ C:\WINDOWS\SYSTEM32\rqrpqrrp.dll

2008-04-15 19:22 . 2008-04-15 19:22 34,099 --a------ C:\WINDOWS\SYSTEM32\cbxxvsrr.dll

2008-04-15 19:19 . 2008-04-15 19:19 <REP> d-------- C:\WINDOWS\SYSTEM32\MId2

2008-04-15 19:19 . 2008-04-15 19:19 <REP> d-------- C:\WINDOWS\SYSTEM32\dtmp

2008-04-15 19:19 . 2008-04-15 19:19 <REP> d-------- C:\WINDOWS\SYSTEM32\dcL

2008-04-15 19:19 . 2008-04-15 19:19 <REP> d-------- C:\WINDOWS\SYSTEM32\dbl3

2008-04-15 19:19 . 2008-04-15 19:19 63,839 --a------ C:\WINDOWS\SYSTEM32\{fc1d3630-d4e7-ab6c-6474-538c81fcb69f}.dll-uninst.exe

2008-04-15 19:19 . 2008-04-15 19:19 34,099 --a------ C:\WINDOWS\SYSTEM32\vturqrqo.dll

2008-04-15 19:19 . 2008-04-15 19:19 936 --a------ C:\WINDOWS\SYSTEM32\winpfz33.sys

2008-04-15 19:18 . 2008-04-15 19:18 <REP> d-------- C:\WINDOWS\SYSTEM32\bharebio01

2008-04-15 19:18 . 2008-04-15 19:18 <REP> d-------- C:\Temp\wdlw14

2008-04-15 19:18 . 2008-04-15 19:18 34,099 --a------ C:\WINDOWS\SYSTEM32\ljjkjjif.dll

2008-03-29 14:08 . 2008-03-29 14:08 <REP> d-------- C:\Program Files\Fichiers communs\Bcgsoft

2008-03-24 20:53 . 2008-03-24 20:53 132 --a------ C:\WINDOWS\picture-shark.INI

2008-03-24 19:13 . 2003-12-09 12:11 1,875,968 --a------ C:\WINDOWS\SYSTEM32\PDFCreatorSV.exe

2008-03-24 19:13 . 2003-12-09 12:11 606,208 --a------ C:\WINDOWS\SYSTEM32\PDFCreator.cpl

2008-03-24 19:13 . 2003-12-09 12:11 360,448 --a------ C:\WINDOWS\SYSTEM32\PDFCreator.dll

2008-03-24 19:13 . 2003-12-09 11:43 290,816 --a------ C:\WINDOWS\SYSTEM32\niknakXML.dll

2008-03-24 19:13 . 2003-12-09 11:48 139,264 --a------ C:\WINDOWS\SYSTEM32\PDFCreatorMessages.exe

2008-03-24 19:13 . 2003-12-09 12:00 32,768 --a------ C:\WINDOWS\SYSTEM32\EventConsumer.dll

2008-03-24 19:13 . 2003-10-23 12:11 24,576 --a------ C:\WINDOWS\SYSTEM32\PDFMacroUtils.dll

2008-03-23 20:31 . 2006-05-26 12:03 339,968 --a------ C:\WINDOWS\SYSTEM32\MP3Enc.dll

2008-03-23 18:12 . 2008-03-23 18:12 172,941,939 --a------ C:\WINDOWS\SYSTEM32\SNAGIT7

2008-03-23 17:53 . 2008-03-23 17:53 <REP> dr------- C:\UDC Output Files

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-16 17:26 1,976 ----a-w C:\WINDOWS\SYSTEM32\tmp.reg

2008-04-15 21:48 175,864 ----a-w C:\Documents and Settings\Utilisateur Windows\Application Data\GDIPFONTCACHEV1.DAT

2008-03-03 20:28 --------- d-----w C:\Documents and Settings\Utilisateur Windows\Application Data\Thinstall

2008-02-11 07:39 253,952 ----a-w C:\WINDOWS\SYSTEM32\OnlineScannerDLLA.dll

2008-02-11 07:39 237,568 ----a-w C:\WINDOWS\SYSTEM32\OnlineScannerDLLW.dll

2008-02-08 11:53 110,592 ----a-w C:\WINDOWS\SYSTEM32\OnlineScannerLang.dll

2008-02-05 06:48 77,824 ----a-w C:\WINDOWS\SYSTEM32\OnlineScannerUninstaller.exe

2007-11-03 17:01 782 ----a-w C:\Documents and Settings\Utilisateur Windows\Application Data\waver_2.95.dat

2004-07-17 20:55 460,728 ----a-w C:\WINDOWS\FONTS\SET4ED.tmp

2004-07-17 20:55 383,140 ----a-w C:\WINDOWS\FONTS\SET4EC.tmp

2004-07-17 20:55 355,436 ----a-w C:\WINDOWS\FONTS\SET4EB.tmp

2004-07-17 09:39 409,280 ----a-w C:\WINDOWS\FONTS\SET4EA.tmp

2004-07-17 09:39 398,372 ----a-w C:\WINDOWS\FONTS\SET4E9.tmp

2004-07-17 09:39 367,112 ----a-w C:\WINDOWS\FONTS\SET4F0.tmp

2004-07-17 09:39 352,224 ----a-w C:\WINDOWS\FONTS\SET4EF.tmp

2004-07-17 09:39 127,596 ----a-w C:\WINDOWS\FONTS\SET4EE.tmp

2003-05-04 15:11 266 --sh--w C:\Program Files\desktop.ini

2003-05-04 15:11 11,208 ------w C:\Program Files\folder.htt

1996-12-02 16:44 582,144 ------w C:\Program Files\Fichiers communs\dao350.dll

2005-05-13 15:12 217,073 --sha-r C:\WINDOWS\meta4.exe

2005-10-24 09:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe

2003-07-14 16:55 32 --sha-w C:\WINDOWS\{A4BA2D91-B62C-11D7-82ED-0050BAEED455}.dat

2003-09-27 13:26 4,263 --sh--w C:\WINDOWS\windllreg1c.sys

2005-10-13 19:27 422,400 --sha-r C:\WINDOWS\x2.64.exe

2003-07-14 16:55 32 --sha-w C:\WINDOWS\SYSTEM\{A4BA2D90-B62C-11D7-82ED-0050BAEED455}.dat

2005-06-26 13:32 616,448 --sha-r C:\WINDOWS\SYSTEM32\cygwin1.dll

2005-06-21 20:37 45,568 --sha-r C:\WINDOWS\SYSTEM32\cygz.dll

2005-10-07 17:14 308,224 --sha-r C:\WINDOWS\SYSTEM32\avisynth.dll

2004-01-24 22:00 70,656 --sha-r C:\WINDOWS\SYSTEM32\i420vfw.dll

2005-04-03 09:46 56 --sh--r C:\WINDOWS\SYSTEM32\FD453BF819.sys

2008-01-13 10:28 56 --sh--r C:\WINDOWS\SYSTEM32\265ACE4C56.sys

2008-01-13 10:28 10,332 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys

2005-07-14 10:31 27,648 --sha-r C:\WINDOWS\SYSTEM32\AVSredirect.dll

2005-02-28 11:16 240,128 --sha-r C:\WINDOWS\SYSTEM32\x.264.exe

2006-04-27 08:24 2,945,024 --sha-r C:\WINDOWS\SYSTEM32\Smab.dll

.

 

 

Code :

 

<pre>

------r 13,122,160 2003-03-17 11:42:44 C:\Program Files\Windows Media Player\Installer\windows media player 9 pour windows 98 2000 millenium .exe

</pre>

 

 

 

 

 

((((((((((((((((((((((((((((( snapshot@2008-04-16_19.06.40.02 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-04-16 17:05:08 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-04-17 17:07:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat

- 2007-09-30 09:41:30 16,384 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\Cookies\index.dat

+ 2008-04-17 16:45:14 16,384 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\Cookies\index.dat

- 2007-09-30 09:41:30 32,768 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat

+ 2008-04-17 16:45:14 32,768 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat

+ 2007-07-27 12:49:02 196,683 ----a-w C:\WINDOWS\SYSTEM32\lnod32apiA.dll

+ 2007-07-27 12:49:02 225,355 ----a-w C:\WINDOWS\SYSTEM32\lnod32apiW.dll

+ 2005-12-05 17:25:22 139,264 ----a-w C:\WINDOWS\SYSTEM32\lnod32umc.dll

+ 2005-12-05 10:37:10 106,496 ----a-w C:\WINDOWS\SYSTEM32\lnod32upd.dll

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5C367C2-0463-4965-8A45-60B97B0A412C}]

2008-04-15 19:25 396267 --a------ C:\WINDOWS\system32\rqrpqrrp.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2}]

2008-04-15 19:18 34099 --a------ C:\WINDOWS\system32\ljjkjjif.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]

@={7D688A77-C613-11D0-999B-00C04FD655E1}

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]

"Nero PhotoShow Media Manager"="F:\NEROPH~1\data\xtras\mssysmgr.exe" [2006-01-13 22:22 249856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-04-01 16:16 5562368]

"nwiz"="nwiz.exe" [2005-04-01 16:16 1495040 C:\WINDOWS\SYSTEM32\nwiz.exe]

"Vade Retro Outlook Express"="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2006-02-16 16:46 295936]

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2003-02-08 10:26 151597]

"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-04-01 16:16 86016]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

"BM2c5728c2"="C:\WINDOWS\system32\klfchprl.dll" [2008-04-16 22:44 105642]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Printing Migration"="C:\WINDOWS\System32\spool\migrate.dll" [2001-08-28 12:00 30720]

"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 15:52 44544]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2}"= C:\WINDOWS\system32\ljjkjjif.dll [2008-04-15 19:18 34099]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjkjjif]

ljjkjjif.dll 2008-04-15 19:18 34099 C:\WINDOWS\SYSTEM32\ljjkjjif.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Ask Harrap's Shorter.lnk]

backup=C:\WINDOWS\pss\Ask Harrap's Shorter.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Digital TV.lnk]

backup=C:\WINDOWS\pss\Digital TV.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]

backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Acrobat.lnk]

backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Acrobat.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Printkey2000.lnk]

backup=C:\WINDOWS\pss\Printkey2000.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^RFScheduler.lnk]

backup=C:\WINDOWS\pss\RFScheduler.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SpySubtract.lnk]

backup=C:\WINDOWS\pss\SpySubtract.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^VoipBuster.lnk]

backup=C:\WINDOWS\pss\VoipBuster.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Utilisateur Windows^Menu Démarrer^Programmes^Démarrage^AdDestroyer.lnk]

backup=C:\WINDOWS\pss\AdDestroyer.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Utilisateur Windows^Menu Démarrer^Programmes^Démarrage^VoipBuster.lnk]

backup=C:\WINDOWS\pss\VoipBuster.lnkStartup

 

[HKLM\~\startupfolder\C:^DOCUME~1^ALLUSE~1^Menu Démarrer^Programmes^Démarrage^Ask Harrap's Shorter.lnk]

backup=C:\WINDOWS\pss\Ask Harrap's Shorter.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

--a------ 2007-07-03 20:36 6731312 C:\AVG Anti-Spyware 7.5\avgas.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2f641b5e]

--a------ 2008-04-15 19:34 100522 C:\WINDOWS\system32\brvcurdv.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\340.exe]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3R5CZ5B486NZNY]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]

--a------ 2004-12-14 02:12 483328 D:\Adobe Acrobat 7.0 FR\Distillr\Acrotray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

F:\photoshop éléments v.4 fr\apdproxy.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aEv3RWGpX]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alchem]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Arovax AntiSpyware]

--a------ 2007-09-21 13:56 1966080 F:\Arovax AntiSpyware\arovaxantispyware.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoUpdater]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

--a------ 2007-12-04 14:00 79224 F:\ANTIVI~1\ashDisp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bakra]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM2c5728c2]

--a------ 2008-04-15 19:25 105561 C:\WINDOWS\system32\unlnqftq.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Copernic Desktop Search]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLD.EXE]

F:\Download Direct\DLD.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dsi]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]

--a------ 2007-05-13 16:57 5308416 C:\eMule\emule.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Explorer32]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]

F:\antispyware microsoft\gcasServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hnnhmiucznqgb]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IpWins]

C:\Program Files\Ipwindows\ipwins.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2007-09-26 14:42 267064 F:\Itunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]

--a------ 2004-03-23 14:44 49152 F:\pinnacle studio 9\LaunchList.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeScape Media Detector]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2004-08-19 16:10 1667584 C:\Program Files\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mswspl]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ndpi]

C:\WINDOWS\System32\SSTEM3~1\wuauboot.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]

--a------ 2006-01-13 22:22 249856 F:\NEROPH~1\data\Xtras\mssysmgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NewsUpd]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntldr]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Office SturtUp]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]

--a------ 2006-05-31 11:20 1281425 C:\Program Files\Fichiers communs\Acronis\Partition Suite\oss_reinstall.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFCreatorClient]

F:\Jaws PDF Créator\PDFClient.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]

--a------ 2004-03-10 16:26 406016 C:\WINDOWS\System32\PSDrvCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pwbccy]

C:\Documents and Settings\Utilisateur Windows\Mes documents\?ppPatch\ping.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rp4T36i]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]

Fichier c:\windows\system32\winlogon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunDLL]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spa_start]

C:\WINDOWS\system32\{fc1d3630-d4e7-ab6c-6474-538c81fcb69f}.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2005-04-13 03:48 36975 C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

--a------ 2005-05-01 13:50 100056 C:\PROGRA~1\SYMNET~1\SNDMon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\syswin]

C:\WINDOWS\System32\v6.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--------- 2003-02-08 10:26 151597 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

--a------ 2007-10-31 10:19 378784 F:\TomTom Home\HOMERunner.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TV Media]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ub4TrayApp]

F:\UltraBackup4.0\bin\ubtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UDC Integration]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updater]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UrAtHB98.exe]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]

--a------ 2004-04-23 11:00 192512 F:\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VBouncer]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows installer]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xp_system]

Fichier c:\windows\system32\winlogon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{2F641BF1-05FF-1036-1022-011128200021}]

C:\Program Files\Fichiers communs\{2F641BF1-05FF-1036-1022-011128200021}\Update.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"svcWRSSSDK"=2 (0x2)

"ewido security suite control"=2 (0x2)

"AVKWCtl"=2 (0x2)

"AVKService"=2 (0x2)

"aswUpdSv"=2 (0x2)

"SQLAgent$PINNACLESYS"=3 (0x3)

"MSSQL$PINNACLESYS"=2 (0x2)

"PDEngine"=3 (0x3)

"PDAgent"=2 (0x2)

"vsmon"=2 (0x2)

"avast! Web Scanner"=3 (0x3)

"avast! Mail Scanner"=3 (0x3)

"avast! Antivirus"=2 (0x2)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\SYSTEM32\NvMCTray.dll,NvTaskbarInit

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"EnsoniqMixer"=starter.exe

"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\SYSTEM32\NvCpl.dll,NvStartup

"WinFast2KLoadDefault"=rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings

"LoadQM"=loadqm.exe

"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

"nwiz"=nwiz.exe /install

"TPP Auto Loader"=C:\WINDOWS\TPPALDR.EXE

"Microsoft Works Update Detection"=C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

"SchedulingAgent"=mstinit.exe /firstlogon

"QuickTime Task"="C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]

"DataCaching"=C:\PROGRA~1\DATACA~1\FLashKsk.exe

"EnsoniqMixer"=starter.exe

"QuickTime Task"="C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]

"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

"SchedulingAgent"=mstask.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"F:\\Itunes\\iTunes.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"58711:TCP"= 58711:TCP:Pando P2P TCP Listening Port

"58711:UDP"= 58711:UDP:Pando P2P UDP Listening Port

 

R2 Dnscache;Client DNS;C:\WINDOWS\System32\svchost.exe [2004-08-19 16:10]

R2 SamVirtualCable;SAM Virtual Cable;C:\WINDOWS\system32\Drivers\samvckmd.sys [2005-03-08 06:55]

R2 tansgt;tansgt;C:\WINDOWS\system32\drivers\tansgt.sys [2007-12-15 15:27]

R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2004-08-19 16:10]

S0 NVDual;NVDual;C:\WINDOWS\system32\DRIVERS\nvDual.sys []

S3 3xHybrid;Pinnacle PCTV 300i Stereo DVB-T;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-12-03 15:55]

S3 DFSTR2K;Base USB Mass Storage Driver;C:\WINDOWS\system32\DRIVERS\DFSTOR2K.SYS [2001-11-01 09:49]

S3 DIBLOAD2;Digital TV firmware loader(Type 2);C:\WINDOWS\system32\DRIVERS\dgtvload2.sys [2004-11-16 11:15]

S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 15:23]

S3 GDInterceptor;GDInterceptor;C:\WINDOWS\System32\interceptor.sys [2005-11-27 13:12]

S3 HookCentre;HookCentre;C:\WINDOWS\System32\drivers\HookCentre.sys [2005-11-27 13:12]

S3 MODUSB;Digital TV DVB-T USB adapter driver;C:\WINDOWS\system32\Drivers\dgtvcap.sys [2004-06-03 05:03]

S3 REGMON;REGMON;C:\WINDOWS\system32\drivers\REGSYS.SYS []

S3 RHDISK;RHDISK;I:\Rohos\RHDISK.SYS []

S4 COM+ Alerter Service;COM+ Alerter Service;C:\WINDOWS\system32\altsvc.exe []

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21959260-19d3-11dc-bd8e-0050baeed455}]

\Shell\AutoRun\command - I:\InstallTomTomHOME.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b22b3d42-d9f9-11db-bcf7-0050baeed455}]

\Shell\AutoRun\command - K:\PStart.exe

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]

"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]

"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]

"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]

"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]

C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2008-04-16 19:31:02 C:\WINDOWS\Tasks\Symantec NetDetect.job"

- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE

"2008-04-04 15:16:42 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"

- F:\TuneUp Utilities 2007\SystemOptimizer.exe

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-17 19:08:05

Windows 5.1.2600 Service Pack 1 FAT NTAPI

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

.

--------------------- DLLs a charg‚ sous des processus courants ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\samvcumd.dll

-> C:\WINDOWS\system32\ljjkjjif.dll

 

PROCESS: C:\WINDOWS\explorer.exe

-> C:\WINDOWS\system32\samvcumd.dll

-> C:\WINDOWS\system32\klfchprl.dll

.

------------------------ Other Running Processes ------------------------

.

F:\photoshop éléments v.4 fr\PhotoshopElementsFileAgent.exe

C:\PROGRAM FILES\GOTO SOFTWARE\VADE RETRO\VADERETRO_OE.EXE

C:\WINDOWS\SYSTEM32\RUNDLL32.EXE

C:\PROGRAM FILES\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE

C:\AVG ANTI-SPYWARE 7.5\GUARD.EXE

C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE

C:\WINDOWS\SYSTEM32\CRYPSERV.EXE

C:\WINDOWS\SYSTEM32\NVSVC32.EXE

C:\WINDOWS\SYSTEM32\PDFCREATORMESSAGES.EXE

.

**************************************************************************

.

Temps d'accomplissement: 2008-04-17 19:10:36 - machine was rebooted

ComboFix4.txt 2007-03-09 16:40:48

ComboFix-quarantined-files.txt 2008-04-17 17:10:28

ComboFix3.txt 2008-04-16 17:07:30

ComboFix2.txt 2008-04-16 20:37:48

 

Pre-Run: 3,056,386,048 octets libres

Post-Run: 3,041,312,768 octets libres

 

rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:23:23, on 17/04/2008

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

F:\photoshop éléments v.4 fr\PhotoshopElementsFileAgent.exe

C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\Rundll32.exe

F:\NEROPH~1\data\xtras\mssysmgr.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\System32\CTSvcCDA.exe

C:\WINDOWS\system32\crypserv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\SYSTEM32\PDFCreatorMessages.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

F:\ANNEE 2008\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Adobe Acrobat 7.0 FR\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [bM2c5728c2] Rundll32.exe "C:\WINDOWS\system32\klfchprl.dll",s

O4 - HKLM\..\Run: [2f641b5e] rundll32.exe "C:\WINDOWS\system32\ppdroxnc.dll",b

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] F:\NEROPH~1\data\xtras\mssysmgr.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'Default user')

O8 - Extra context menu item: &Télécharger avec NetTransport - F:\NetTransport 2\NTAddLink.html

O8 - Extra context menu item: Convertir en Adobe PDF - res://D:\Adobe Acrobat 7.0 FR\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir en un fichier PDF existant - res://D:\Adobe Acrobat 7.0 FR\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://D:\Adobe Acrobat 7.0 FR\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://D:\Adobe Acrobat 7.0 FR\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://D:\Adobe Acrobat 7.0 FR\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://D:\Adobe Acrobat 7.0 FR\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://D:\Adobe Acrobat 7.0 FR\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://D:\Adobe Acrobat 7.0 FR\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - Fichier "c:\documents and settings\utilisateur windows\bureau\excel.exe/3000" n'existe pas.

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm

O8 - Extra context menu item: Tout t&élécharger avec NetTransport - F:\NetTransport 2\NTAddList.html

O8 - Extra context menu item: Traduire cette page - C:\WINDOWS\WEB\powertoy.htm

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - F:\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - F:\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lemegapro.spaces.msn.com//P [...] nPUpld.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/re [...] oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft. [...] 1992903324

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - F:\photoshop éléments v.4 fr\PhotoshopElementsFileAgent.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe

O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PDFCreatorMessages - Global Graphics Software Ltd - C:\WINDOWS\SYSTEM32\PDFCreatorMessages.exe

O23 - Service: SAVScan - Unknown owner - (no file)

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

 

--

End of file - 9503 bytes

pear Devil Member !

pear

Posté(e)
Posté(e) (modifié)

Bonsoir,

 

Combo, Nettoyage

# Déconnectez-vous du net et désactivez l'antivirus (juste le temps de la procédure !)

Lancez Combofix

# Dans le bloc-note ,copiez-collez ces lignes :

KillAll::

 

File::

C:\WINDOWS\SYSTEM32\rqoghbmy.dll

C:\WINDOWS\SYSTEM32\exlicaei.ini

C:\WINDOWS\SYSTEM32\klfchprl.dll

C:\WINDOWS\SYSTEM32\iojnkquu.dll

C:\WINDOWS\SYSTEM32\rjnnukwo.dll

C:\WINDOWS\SYSTEM32\vdrucvrb.ini

C:\WINDOWS\SYSTEM32\brvcurdv.dll

C:\WINDOWS\SYSTEM32\aniepiof.dll

C:\WINDOWS\SYSTEM32\unlnqftq.dll

C:\WINDOWS\SYSTEM32\rqrpqrrp.dll

C:\WINDOWS\SYSTEM32\cbxxvsrr.dll

C:\WINDOWS\SYSTEM32\ljjkjjif.dll

C:\WINDOWS\SYSTEM32\tmp.reg

C:\WINDOWS\SYSTEM32\vturqrqo.dll

C:\WINDOWS\SYSTEM32\bharebio01

C:\WINDOWS\SYSTEM32\MId2

C:\WINDOWS\System32\v6.exe

C:\Temp\wdlw14

C:\WINDOWS\system32\{fc1d3630-d4e7-ab6c-6474-538c81fcb69f}.dll

 

 

 

driver::

C:\WINDOWS\SYSTEM32\winpfz33.sys

 

REgistry::

 

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5C367C2-0463-4965-8A45-60B97B0A412C}]

 

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BM2c5728c2"=-

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2}"=-

 

 

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjkjjif]

 

 

[-HKLM\~\startupfolder\C:^Documents and Settings^Utilisateur Windows^Menu Démarrer^Programmes^Démarrage^AdDestroyer.lnk]

 

 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2f641b5e]

 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\340.exe]

 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3R5CZ5B486NZNY]

 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM2c5728c2]

 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bakra]

 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Explorer32]

 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hnnhmiucznqgb]

 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IpWins]

 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mswspl]

 

[-(HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spa_start]

 

 

 

 

 

 

* Attention, ce code a été rédigé spécialement pour cet utilisateur, prière de ne pas le réutiliser dans d'autres cas !

 

Enregistrez-le en lui donnant le nom CFScript.txt

 

* Faire un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

http://i261.photobucket.com/albums/ii49/Ma...te/CFScript.gif

wv0zyqhphc.gif

 

*

* Au message qui apparait dans une fenêtre bleue ( Type 1 to continue, or 2 to abort) , taper 1 puis valider.

* Patienter le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne toucher à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poster son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

Modifié par pear
Invité Invité

Invité Invité

Posté(e)
Posté(e)

Un grand merci pour ton aide car celà fait plusieurs jours que je galère

 

combofix n'a pas redéméré après avoir mis le fichier CFScript.txt, je l'ai fait en cliquant dessus.

j'ai eu un message d'erreur :

application error

exception ereaderror in module ervnt.cfexe at 00013001

error reading Gauge 1 . Progress : Invalid floating point opération

 

j'ai cliqué ok et c'est reparti

 

voilà le résultat :

 

ComboFix 08-04-15.1 - Utilisateur Windows 2008-04-17 22:58:33.4 - FAT32x86

Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.1.#QNAN [GMT 2:00]

Endroit: C:\Documents and Settings\Utilisateur Windows\Bureau\ComboFix.exe

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\cookies.ini

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\bhrddwyl.dll

C:\WINDOWS\system32\cjxpcixu.dll

C:\WINDOWS\SYSTEM32\prrqprqr.ini

C:\WINDOWS\SYSTEM32\prrqprqr.ini2

C:\WINDOWS\system32\tughdfau.dll

C:\WINDOWS\SYSTEM32\uafdhgut.ini

C:\WINDOWS\system32\wicncuvl.dll

 

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-17 to 2008-04-17 ))))))))))))))))))))))))))))))))))))

.

 

2008-04-17 22:25 . 2008-04-17 22:45 461,226 --a------ C:\WINDOWS\SYSTEM32\PerfStringBackup.TMP

2008-04-17 19:20 . 2008-04-17 23:50 1,529,567 ---hs---- C:\WINDOWS\SYSTEM32\cnxordpp.ini

2008-04-17 19:19 . 2008-04-17 19:19 1,529,129 ---hs---- C:\WINDOWS\SYSTEM32\nvrlaimy.ini

2008-04-16 22:46 . 2008-04-16 22:46 109,163 --a------ C:\WINDOWS\SYSTEM32\rqoghbmy.dll

2008-04-16 22:45 . 2008-04-17 18:41 1,524,244 ---hs---- C:\WINDOWS\SYSTEM32\exlicaei.ini

2008-04-16 22:44 . 2008-04-16 22:44 105,642 --a------ C:\WINDOWS\SYSTEM32\klfchprl.dll

2008-04-16 21:52 . 2008-04-16 21:52 <REP> d-------- C:\Deckard

2008-04-16 21:00 . 2008-04-16 21:00 <REP> d-------- C:\Program Files\EsetOnlineScanner

2008-04-16 19:25 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe

2008-04-16 19:25 . 2008-04-14 19:28 86,528 --a------ C:\WINDOWS\SYSTEM32\VACFix.exe

2008-04-16 19:25 . 2008-04-12 13:49 82,432 --a------ C:\WINDOWS\SYSTEM32\IEDFix.exe

2008-04-16 19:25 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe

2008-04-16 19:22 . 2008-04-16 19:22 100,379 --a------ C:\WINDOWS\SYSTEM32\iojnkquu.dll

2008-04-15 23:22 . 2008-04-15 23:22 105,561 --a------ C:\WINDOWS\SYSTEM32\rjnnukwo.dll

2008-04-15 19:34 . 2008-04-15 19:51 1,600,257 ---hs---- C:\WINDOWS\SYSTEM32\vdrucvrb.ini

2008-04-15 19:34 . 2008-04-15 19:34 100,522 --a------ C:\WINDOWS\SYSTEM32\brvcurdv.dll

2008-04-15 19:28 . 2008-04-15 19:28 110,623 --a------ C:\WINDOWS\SYSTEM32\aniepiof.dll

2008-04-15 19:25 . 2008-04-15 19:25 105,561 --a------ C:\WINDOWS\SYSTEM32\unlnqftq.dll

2008-04-15 19:24 . 2008-04-15 19:25 396,267 --a------ C:\WINDOWS\SYSTEM32\rqrpqrrp.dll

2008-04-15 19:22 . 2008-04-15 19:22 34,099 --a------ C:\WINDOWS\SYSTEM32\cbxxvsrr.dll

2008-04-15 19:19 . 2008-04-15 19:19 <REP> d-------- C:\WINDOWS\SYSTEM32\MId2

2008-04-15 19:19 . 2008-04-15 19:19 <REP> d-------- C:\WINDOWS\SYSTEM32\dtmp

2008-04-15 19:19 . 2008-04-15 19:19 <REP> d-------- C:\WINDOWS\SYSTEM32\dcL

2008-04-15 19:19 . 2008-04-15 19:19 <REP> d-------- C:\WINDOWS\SYSTEM32\dbl3

2008-04-15 19:19 . 2008-04-15 19:19 63,839 --a------ C:\WINDOWS\SYSTEM32\{fc1d3630-d4e7-ab6c-6474-538c81fcb69f}.dll-uninst.exe

2008-04-15 19:19 . 2008-04-15 19:19 34,099 --a------ C:\WINDOWS\SYSTEM32\vturqrqo.dll

2008-04-15 19:19 . 2008-04-15 19:19 936 --a------ C:\WINDOWS\SYSTEM32\winpfz33.sys

2008-04-15 19:18 . 2008-04-15 19:18 <REP> d-------- C:\WINDOWS\SYSTEM32\bharebio01

2008-04-15 19:18 . 2008-04-15 19:18 <REP> d-------- C:\Temp\wdlw14

2008-04-15 19:18 . 2008-04-15 19:18 34,099 --a------ C:\WINDOWS\SYSTEM32\ljjkjjif.dll

2008-03-29 14:08 . 2008-03-29 14:08 <REP> d-------- C:\Program Files\Fichiers communs\Bcgsoft

2008-03-24 20:53 . 2008-03-24 20:53 132 --a------ C:\WINDOWS\picture-shark.INI

2008-03-24 19:13 . 2003-12-09 12:11 1,875,968 --a------ C:\WINDOWS\SYSTEM32\PDFCreatorSV.exe

2008-03-24 19:13 . 2003-12-09 12:11 606,208 --a------ C:\WINDOWS\SYSTEM32\PDFCreator.cpl

2008-03-24 19:13 . 2003-12-09 12:11 360,448 --a------ C:\WINDOWS\SYSTEM32\PDFCreator.dll

2008-03-24 19:13 . 2003-12-09 11:43 290,816 --a------ C:\WINDOWS\SYSTEM32\niknakXML.dll

2008-03-24 19:13 . 2003-12-09 11:48 139,264 --a------ C:\WINDOWS\SYSTEM32\PDFCreatorMessages.exe

2008-03-24 19:13 . 2003-12-09 12:00 32,768 --a------ C:\WINDOWS\SYSTEM32\EventConsumer.dll

2008-03-24 19:13 . 2003-10-23 12:11 24,576 --a------ C:\WINDOWS\SYSTEM32\PDFMacroUtils.dll

2008-03-23 20:31 . 2006-05-26 12:03 339,968 --a------ C:\WINDOWS\SYSTEM32\MP3Enc.dll

2008-03-23 18:12 . 2008-03-23 18:12 172,941,939 --a------ C:\WINDOWS\SYSTEM32\SNAGIT7

2008-03-23 17:53 . 2008-03-23 17:53 <REP> dr------- C:\UDC Output Files

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-16 17:26 1,976 ----a-w C:\WINDOWS\SYSTEM32\tmp.reg

2008-04-15 21:48 175,864 ----a-w C:\Documents and Settings\Utilisateur Windows\Application Data\GDIPFONTCACHEV1.DAT

2008-03-03 20:28 --------- d-----w C:\Documents and Settings\Utilisateur Windows\Application Data\Thinstall

2008-02-11 07:39 253,952 ----a-w C:\WINDOWS\SYSTEM32\OnlineScannerDLLA.dll

2008-02-11 07:39 237,568 ----a-w C:\WINDOWS\SYSTEM32\OnlineScannerDLLW.dll

2008-02-08 11:53 110,592 ----a-w C:\WINDOWS\SYSTEM32\OnlineScannerLang.dll

2008-02-05 06:48 77,824 ----a-w C:\WINDOWS\SYSTEM32\OnlineScannerUninstaller.exe

2007-11-03 17:01 782 ----a-w C:\Documents and Settings\Utilisateur Windows\Application Data\waver_2.95.dat

2004-07-17 20:55 460,728 ----a-w C:\WINDOWS\FONTS\SET4ED.tmp

2004-07-17 20:55 383,140 ----a-w C:\WINDOWS\FONTS\SET4EC.tmp

2004-07-17 20:55 355,436 ----a-w C:\WINDOWS\FONTS\SET4EB.tmp

2004-07-17 09:39 409,280 ----a-w C:\WINDOWS\FONTS\SET4EA.tmp

2004-07-17 09:39 398,372 ----a-w C:\WINDOWS\FONTS\SET4E9.tmp

2004-07-17 09:39 367,112 ----a-w C:\WINDOWS\FONTS\SET4F0.tmp

2004-07-17 09:39 352,224 ----a-w C:\WINDOWS\FONTS\SET4EF.tmp

2004-07-17 09:39 127,596 ----a-w C:\WINDOWS\FONTS\SET4EE.tmp

2003-05-04 15:11 266 --sh--w C:\Program Files\desktop.ini

2003-05-04 15:11 11,208 ------w C:\Program Files\folder.htt

1996-12-02 16:44 582,144 ------w C:\Program Files\Fichiers communs\dao350.dll

2005-05-13 15:12 217,073 --sha-r C:\WINDOWS\meta4.exe

2005-10-24 09:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe

2003-07-14 16:55 32 --sha-w C:\WINDOWS\{A4BA2D91-B62C-11D7-82ED-0050BAEED455}.dat

2003-09-27 13:26 4,263 --sh--w C:\WINDOWS\windllreg1c.sys

2005-10-13 19:27 422,400 --sha-r C:\WINDOWS\x2.64.exe

2003-07-14 16:55 32 --sha-w C:\WINDOWS\SYSTEM\{A4BA2D90-B62C-11D7-82ED-0050BAEED455}.dat

2005-06-26 13:32 616,448 --sha-r C:\WINDOWS\SYSTEM32\cygwin1.dll

2005-06-21 20:37 45,568 --sha-r C:\WINDOWS\SYSTEM32\cygz.dll

2005-10-07 17:14 308,224 --sha-r C:\WINDOWS\SYSTEM32\avisynth.dll

2004-01-24 22:00 70,656 --sha-r C:\WINDOWS\SYSTEM32\i420vfw.dll

2005-04-03 09:46 56 --sh--r C:\WINDOWS\SYSTEM32\FD453BF819.sys

2008-01-13 10:28 56 --sh--r C:\WINDOWS\SYSTEM32\265ACE4C56.sys

2008-01-13 10:28 10,332 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys

2005-07-14 10:31 27,648 --sha-r C:\WINDOWS\SYSTEM32\AVSredirect.dll

2005-02-28 11:16 240,128 --sha-r C:\WINDOWS\SYSTEM32\x.264.exe

2006-04-27 08:24 2,945,024 --sha-r C:\WINDOWS\SYSTEM32\Smab.dll

.

<pre>
------r		13,122,160 2003-03-17 11:42:44  C:\Program Files\Windows Media Player\Installer\windows media player 9 pour windows 98 2000 millenium .exe
</pre>

 

 

((((((((((((((((((((((((((((( snapshot@2008-04-16_19.06.40.02 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-04-16 17:05:08 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-04-17 22:04:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat

- 2007-09-30 09:41:30 16,384 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\Cookies\index.dat

+ 2008-04-17 20:55:34 16,384 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\Cookies\index.dat

- 2007-09-30 09:41:30 32,768 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat

+ 2008-04-17 20:55:34 32,768 ----a-w C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat

+ 2007-07-27 12:49:02 196,683 ----a-w C:\WINDOWS\SYSTEM32\lnod32apiA.dll

+ 2007-07-27 12:49:02 225,355 ----a-w C:\WINDOWS\SYSTEM32\lnod32apiW.dll

+ 2005-12-05 17:25:22 139,264 ----a-w C:\WINDOWS\SYSTEM32\lnod32umc.dll

+ 2005-12-05 10:37:10 106,496 ----a-w C:\WINDOWS\SYSTEM32\lnod32upd.dll

- 2008-04-15 21:23:38 59,670 ----a-w C:\WINDOWS\SYSTEM32\perfc009.dat

+ 2008-04-17 20:45:24 59,670 ----a-w C:\WINDOWS\SYSTEM32\perfc009.dat

- 2008-04-15 21:23:38 70,952 ----a-w C:\WINDOWS\SYSTEM32\perfc00C.dat

+ 2008-04-17 20:45:24 71,876 ----a-w C:\WINDOWS\SYSTEM32\perfc00C.dat

- 2008-04-15 21:23:36 62,482 ----a-w C:\WINDOWS\SYSTEM32\perfc040.dat

+ 2008-04-17 20:45:22 62,482 ----a-w C:\WINDOWS\SYSTEM32\perfc040.dat

- 2008-04-15 21:23:38 394,848 ----a-w C:\WINDOWS\SYSTEM32\perfh009.dat

+ 2008-04-17 20:45:24 394,848 ----a-w C:\WINDOWS\SYSTEM32\perfh009.dat

- 2008-04-15 21:23:38 460,786 ----a-w C:\WINDOWS\SYSTEM32\perfh00C.dat

+ 2008-04-17 20:45:24 462,756 ----a-w C:\WINDOWS\SYSTEM32\perfh00C.dat

- 2008-04-15 21:23:36 435,030 ----a-w C:\WINDOWS\SYSTEM32\perfh040.dat

+ 2008-04-17 20:45:22 435,030 ----a-w C:\WINDOWS\SYSTEM32\perfh040.dat

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17DBBCF3-BE3F-499B-9886-B1E20A4A0108}]

2008-04-15 19:25 396267 --a------ C:\WINDOWS\system32\rqrpqrrp.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C3E72EC-1E59-42CE-A4DC-27A1E35CF4DB}]

2008-04-17 23:02 272896 --a------ C:\WINDOWS\system32\gebbbaxy.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2}]

2008-04-15 19:18 34099 --a------ C:\WINDOWS\system32\ljjkjjif.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]

@={7D688A77-C613-11D0-999B-00C04FD655E1}

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]

"Nero PhotoShow Media Manager"="F:\NEROPH~1\data\xtras\mssysmgr.exe" [2006-01-13 22:22 249856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-04-01 16:16 5562368]

"nwiz"="nwiz.exe" [2005-04-01 16:16 1495040 C:\WINDOWS\SYSTEM32\nwiz.exe]

"Vade Retro Outlook Express"="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2006-02-16 16:46 295936]

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2003-02-08 10:26 151597]

"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-04-01 16:16 86016]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

"BM2c5728c2"="C:\WINDOWS\system32\klfchprl.dll" [2008-04-16 22:44 105642]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Printing Migration"="C:\WINDOWS\System32\spool\migrate.dll" [2001-08-28 12:00 30720]

"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 15:52 44544]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2}"= C:\WINDOWS\system32\ljjkjjif.dll [2008-04-15 19:18 34099]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjkjjif]

ljjkjjif.dll 2008-04-15 19:18 34099 C:\WINDOWS\SYSTEM32\ljjkjjif.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\gebbbaxy

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Ask Harrap's Shorter.lnk]

backup=C:\WINDOWS\pss\Ask Harrap's Shorter.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Digital TV.lnk]

backup=C:\WINDOWS\pss\Digital TV.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]

backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Acrobat.lnk]

backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Acrobat.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Printkey2000.lnk]

backup=C:\WINDOWS\pss\Printkey2000.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^RFScheduler.lnk]

backup=C:\WINDOWS\pss\RFScheduler.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^SpySubtract.lnk]

backup=C:\WINDOWS\pss\SpySubtract.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^VoipBuster.lnk]

backup=C:\WINDOWS\pss\VoipBuster.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Utilisateur Windows^Menu Démarrer^Programmes^Démarrage^AdDestroyer.lnk]

backup=C:\WINDOWS\pss\AdDestroyer.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Utilisateur Windows^Menu Démarrer^Programmes^Démarrage^VoipBuster.lnk]

backup=C:\WINDOWS\pss\VoipBuster.lnkStartup

 

[HKLM\~\startupfolder\C:^DOCUME~1^ALLUSE~1^Menu Démarrer^Programmes^Démarrage^Ask Harrap's Shorter.lnk]

backup=C:\WINDOWS\pss\Ask Harrap's Shorter.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

--a------ 2007-07-03 20:36 6731312 C:\AVG Anti-Spyware 7.5\avgas.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2f641b5e]

--a------ 2008-04-15 19:34 100522 C:\WINDOWS\system32\brvcurdv.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\340.exe]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3R5CZ5B486NZNY]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]

--a------ 2004-12-14 02:12 483328 D:\Adobe Acrobat 7.0 FR\Distillr\Acrotray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

F:\photoshop éléments v.4 fr\apdproxy.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aEv3RWGpX]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alchem]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Arovax AntiSpyware]

--a------ 2007-09-21 13:56 1966080 F:\Arovax AntiSpyware\arovaxantispyware.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoUpdater]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

--a------ 2007-12-04 14:00 79224 F:\ANTIVI~1\ashDisp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bakra]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM2c5728c2]

--a------ 2008-04-15 19:25 105561 C:\WINDOWS\system32\unlnqftq.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Copernic Desktop Search]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLD.EXE]

F:\Download Direct\DLD.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dsi]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]

--a------ 2007-05-13 16:57 5308416 C:\eMule\emule.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Explorer32]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]

F:\antispyware microsoft\gcasServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hnnhmiucznqgb]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IpWins]

C:\Program Files\Ipwindows\ipwins.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2007-09-26 14:42 267064 F:\Itunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]

--a------ 2004-03-23 14:44 49152 F:\pinnacle studio 9\LaunchList.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeScape Media Detector]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2004-08-19 16:10 1667584 C:\Program Files\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mswspl]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ndpi]

C:\WINDOWS\System32\SSTEM3~1\wuauboot.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]

--a------ 2006-01-13 22:22 249856 F:\NEROPH~1\data\Xtras\mssysmgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NewsUpd]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntldr]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Office SturtUp]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]

--a------ 2006-05-31 11:20 1281425 C:\Program Files\Fichiers communs\Acronis\Partition Suite\oss_reinstall.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFCreatorClient]

F:\Jaws PDF Créator\PDFClient.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]

--a------ 2004-03-10 16:26 406016 C:\WINDOWS\System32\PSDrvCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pwbccy]

C:\Documents and Settings\Utilisateur Windows\Mes documents\?ppPatch\ping.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rp4T36i]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]

Fichier c:\windows\system32\winlogon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunDLL]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spa_start]

C:\WINDOWS\system32\{fc1d3630-d4e7-ab6c-6474-538c81fcb69f}.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2005-04-13 03:48 36975 C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

--a------ 2005-05-01 13:50 100056 C:\PROGRA~1\SYMNET~1\SNDMon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\syswin]

C:\WINDOWS\System32\v6.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--------- 2003-02-08 10:26 151597 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

--a------ 2007-10-31 10:19 378784 F:\TomTom Home\HOMERunner.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TV Media]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ub4TrayApp]

F:\UltraBackup4.0\bin\ubtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UDC Integration]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updater]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UrAtHB98.exe]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]

--a------ 2004-04-23 11:00 192512 F:\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VBouncer]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows installer]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xp_system]

Fichier c:\windows\system32\winlogon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{2F641BF1-05FF-1036-1022-011128200021}]

C:\Program Files\Fichiers communs\{2F641BF1-05FF-1036-1022-011128200021}\Update.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"svcWRSSSDK"=2 (0x2)

"ewido security suite control"=2 (0x2)

"AVKWCtl"=2 (0x2)

"AVKService"=2 (0x2)

"aswUpdSv"=2 (0x2)

"SQLAgent$PINNACLESYS"=3 (0x3)

"MSSQL$PINNACLESYS"=2 (0x2)

"PDEngine"=3 (0x3)

"PDAgent"=2 (0x2)

"vsmon"=2 (0x2)

"avast! Web Scanner"=3 (0x3)

"avast! Mail Scanner"=3 (0x3)

"avast! Antivirus"=2 (0x2)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\SYSTEM32\NvMCTray.dll,NvTaskbarInit

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"EnsoniqMixer"=starter.exe

"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\SYSTEM32\NvCpl.dll,NvStartup

"WinFast2KLoadDefault"=rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings

"LoadQM"=loadqm.exe

"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

"nwiz"=nwiz.exe /install

"TPP Auto Loader"=C:\WINDOWS\TPPALDR.EXE

"Microsoft Works Update Detection"=C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

"SchedulingAgent"=mstinit.exe /firstlogon

"QuickTime Task"="C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]

"DataCaching"=C:\PROGRA~1\DATACA~1\FLashKsk.exe

"EnsoniqMixer"=starter.exe

"QuickTime Task"="C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]

"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

"SchedulingAgent"=mstask.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"F:\\Itunes\\iTunes.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"58711:TCP"= 58711:TCP:Pando P2P TCP Listening Port

"58711:UDP"= 58711:UDP:Pando P2P UDP Listening Port

 

R2 Dnscache;Client DNS;C:\WINDOWS\System32\svchost.exe [2004-08-19 16:10]

R2 SamVirtualCable;SAM Virtual Cable;C:\WINDOWS\system32\Drivers\samvckmd.sys [2005-03-08 06:55]

R2 tansgt;tansgt;C:\WINDOWS\system32\drivers\tansgt.sys [2007-12-15 15:27]

R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2004-08-19 16:10]

S0 NVDual;NVDual;C:\WINDOWS\system32\DRIVERS\nvDual.sys []

S3 3xHybrid;Pinnacle PCTV 300i Stereo DVB-T;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-12-03 15:55]

S3 DFSTR2K;Base USB Mass Storage Driver;C:\WINDOWS\system32\DRIVERS\DFSTOR2K.SYS [2001-11-01 09:49]

S3 DIBLOAD2;Digital TV firmware loader(Type 2);C:\WINDOWS\system32\DRIVERS\dgtvload2.sys [2004-11-16 11:15]

S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 15:23]

S3 GDInterceptor;GDInterceptor;C:\WINDOWS\System32\interceptor.sys [2005-11-27 13:12]

S3 HookCentre;HookCentre;C:\WINDOWS\System32\drivers\HookCentre.sys [2005-11-27 13:12]

S3 MODUSB;Digital TV DVB-T USB adapter driver;C:\WINDOWS\system32\Drivers\dgtvcap.sys [2004-06-03 05:03]

S3 REGMON;REGMON;C:\WINDOWS\system32\drivers\REGSYS.SYS []

S3 RHDISK;RHDISK;I:\Rohos\RHDISK.SYS []

S4 COM+ Alerter Service;COM+ Alerter Service;C:\WINDOWS\system32\altsvc.exe []

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21959260-19d3-11dc-bd8e-0050baeed455}]

\Shell\AutoRun\command - I:\InstallTomTomHOME.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b22b3d42-d9f9-11db-bcf7-0050baeed455}]

\Shell\AutoRun\command - K:\PStart.exe

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]

"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]

"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]

"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]

"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]

C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2008-04-16 19:31:02 C:\WINDOWS\Tasks\Symantec NetDetect.job"

- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE

"2008-04-04 15:16:42 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"

- F:\TuneUp Utilities 2007\SystemOptimizer.exe

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-18 00:04:52

Windows 5.1.2600 Service Pack 1 FAT NTAPI

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

.

--------------------- DLLs a charg‚ sous des processus courants ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\samvcumd.dll

-> C:\WINDOWS\system32\ljjkjjif.dll

 

PROCESS: C:\WINDOWS\explorer.exe

-> C:\WINDOWS\system32\samvcumd.dll

-> C:\WINDOWS\system32\sqlqauji.dll

-> C:\WINDOWS\system32\klfchprl.dll

.

------------------------ Other Running Processes ------------------------

.

F:\photoshop éléments v.4 fr\PhotoshopElementsFileAgent.exe

C:\WINDOWS\SYSTEM32\RUNDLL32.EXE

C:\PROGRAM FILES\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE

C:\AVG ANTI-SPYWARE 7.5\GUARD.EXE

C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE

C:\WINDOWS\SYSTEM32\CRYPSERV.EXE

C:\WINDOWS\SYSTEM32\NVSVC32.EXE

C:\WINDOWS\SYSTEM32\PDFCREATORMESSAGES.EXE

C:\WINDOWS\SYSTEM32\RUNDLL32.EXE

C:\WINDOWS\SYSTEM32\RUNDLL32.EXE

.

**************************************************************************

.

Temps d'accomplissement: 2008-04-17 23:04:10 - machine was rebooted [utilisateur Windows]

ComboFix5.txt 2007-03-09 16:40:48

ComboFix-quarantined-files.txt 2008-04-17 21:04:02

ComboFix4.txt 2008-04-16 17:07:30

ComboFix3.txt 2008-04-16 20:37:48

ComboFix2.txt 2008-04-17 17:10:40

 

Pre-Run: 2,947,629,056 octets libres

Post-Run: 2,953,388,032 octets libres

pear Devil Member !

pear

Posté(e)
Posté(e)

Bonjour,

 

Combofix a trainé les pieds!

 

Combo, Nettoyage

# Déconnectez-vous du net et désactivez l'antivirus (juste le temps de la procédure !)

Lancez Combofix

# Dans le bloc-note ,copiez-collez ces lignes :

KillAll::

 

File::

C:\WINDOWS\system32\rqrpqrrp.dll

C:\WINDOWS\system32\gebbbaxy.dll

C:\WINDOWS\system32\ljjkjjif.dll

C:\WINDOWS\system32\klfchprl.dll

C:\WINDOWS\system32\brvcurdv.dll

C:\WINDOWS\system32\unlnqftq.dll

C:\WINDOWS\system32\{fc1d3630-d4e7-ab6c-6474-538c81fcb69f}.dll

 

Folder::

C:\WINDOWS\pss\AdDestroyer

C:\Program Files\Ipwindows

C:\Program Files\Fichiers communs\{2F641BF1-05FF-1036-1022-011128200021}

 

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17DBBCF3-BE3F-499B-9886-B1E20A4A0108}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C3E72EC-1E59-42CE-A4DC-27A1E35CF4DB}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BM2c5728c2"=-

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2}"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjkjjif]

[-HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\gebbbaxy]

[-HKLM\~\startupfolder\C:^Documents and Settings^Utilisateur Windows^Menu Démarrer^Programmes^Démarrage^AdDestroyer.lnk]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2f641b5e]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\340.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3R5CZ5B486NZNY]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aEv3RWGpX]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alchem]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bakra]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM2c5728c2]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hnnhmiucznqgb]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IpWins]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rp4T36i]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spa_start]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{2F641BF1-05FF-1036-1022-011128200021}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b22b3d42-d9f9-11db-bcf7-0050baeed455}]

 

 

 

 

* Attention, ce code a été rédigé spécialement pour cet utilisateur, prière de ne pas le réutiliser dans d'autres cas !

 

Enregistrez-le en lui donnant le nom CFScript.txt

 

* Faire un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

http://i261.photobucket.com/albums/ii49/Ma...te/CFScript.gif

wv0zyqhphc.gif

 

*

* Au message qui apparait dans une fenêtre bleue ( Type 1 to continue, or 2 to abort) , taper 1 puis valider.

* Patienter le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne toucher à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poster son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...