Onglet intepestifs

[Nizar89]

Bonjour,

J'ai tenté de m'adapter à vos recomendation, et voici ce que j'ai fais:

 

Vista propose une console de récuperation intergrer à windows. J'ai donc choisis le fichier de restauration le plus ancien créer par combofix, et j'ai effectué la récuperation. Le problème dût à l'infection qui était réaparut à de nouveau disparut (sur IE uniquement).

 

Dois-je maintenant procéder à ce que vous demandiez à la page précédante?

[pear]

Bonsoir,

 

Si je vous ai bien compris, vous vous trouvez dans la situation du 14 mai avant le lancement de combofix.

 

Si c'est bien cela, c'est le but recherché:c'est parfait:

 

Téléchargez Flashdisinfector de sUBs

Sauvegardez le sur le bureau.

 

Connecter tous les disques amovibles (disque dur externe, clé USB…).

 

SURTOUT ne pas double-cliquer sur le disque dans le poste de travail

 

-Ouvrez le poste de travail

-Clic sur le menu outils en haut à droite puis options des dossiers

-Dans la nouvelle fenêtre, clic sur l'onglet Affichage en haut

-Cocher dans la liste "Afficher les fichiers cachés"

-Décocher "masquer les fichier protégés du système d’exploitation (recommandée)"

-Un message dit que cela peut endommager le système, ne pas en tenir compte.

-Pour chaque disque dans le poste de travail : Faire un clic droit sur le disque dur

surtout ne pas double-cliquer pas dessus!!!

-Choisir ouvrir dans le menu déroulant.

-Chercher un fichier autorun.inf et des fichiers : Adober.exe ou RavMonE.exe ou MS32DLL.DLL.VBS ou autorun.vbs

-Si présents, supprimez-les en faisant un clic droit puis supprimer.

- Répèter l'opération sur tous les disques se trouvant dans le poste de travail.

* Double-cliquez sur Flash_Disinfector.exe.

* Cela sera très rapide, un message informera de la fin du fix.

Attention, celui-ci stoppe le processus explorer.exe puis le redémarre, prendre soin de ne pas laisser de documents (word, excel) ouverts à ce moment la.

* S'il y a plusieurs supports fixexe ou amovibles , renouveler l'opération en les branchant l'un après l'autre.

 

ensuite lancez Combofix.

[Nizar89]

Bonjour,

-Chercher un fichier autorun.inf et des fichiers : Adober.exe ou RavMonE.exe ou MS32DLL.DLL.VBS ou autorun.vbs

Je n'ai trouvé acun des ces fichiers.

 

Voici le rapport de combofix

ComboFix 08-05-15.3 - Azaiez 2008-05-18 17:56:46.1 - NTFSx86

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1022 [GMT 2:00]

Endroit: C:\Users\Azaiez\Desktop\ComboFix.exe

* Création d'un nouveau point de restauration

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Windows\system32\drivers\Phibtn.exe

C:\Windows\system32\drivers\Tray900.exe

 

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-18 to 2008-05-18 ))))))))))))))))))))))))))))))))))))

.

 

2008-05-17 22:01 . 2008-05-17 22:10 96,645 --a------ C:\Windows\System32\drivers\klin.dat

2008-05-17 22:01 . 2008-05-17 22:10 87,941 --a------ C:\Windows\System32\drivers\klick.dat

2008-05-17 22:00 . 2008-05-18 18:06 <REP> d-------- C:\Users\All Users\Kaspersky Lab

2008-05-17 22:00 . 2008-05-18 18:06 <REP> d-------- C:\ProgramData\Kaspersky Lab

2008-05-17 22:00 . 2008-05-17 22:00 <REP> d-------- C:\Program Files\Kaspersky Lab

2008-05-17 22:00 . 2008-05-18 18:05 68,472,352 --ahs---- C:\Windows\System32\drivers\fidbox.dat

2008-05-17 22:00 . 2008-05-18 18:03 918,392 --ahs---- C:\Windows\System32\drivers\fidbox.idx

2008-05-17 21:34 . 2008-05-17 21:34 <REP> d-------- C:\Windows\4DCA27399D164B55808CE72CD70A5BD3.TMP

2008-05-17 21:32 . 2008-05-17 21:32 <REP> d-------- C:\Users\All Users\Kaspersky Lab Setup Files

2008-05-17 21:32 . 2008-05-17 21:32 <REP> d-------- C:\ProgramData\Kaspersky Lab Setup Files

2008-05-17 20:19 . 2008-05-17 20:19 208 --a------ C:\Windows\System32\MRT.INI

2008-05-17 19:41 . 2008-05-17 19:41 <REP> d-------- C:\ComboFix(2)

2008-05-17 08:06 . 2008-05-17 19:14 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{569c8dab-23d7-11dd-85c8-001a924085c8}.TMContainer00000000000000000002.regtrans-ms

2008-05-17 08:06 . 2008-05-17 20:04 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{569c8dab-23d7-11dd-85c8-001a924085c8}.TMContainer00000000000000000001.regtrans-ms

2008-05-17 08:06 . 2008-05-17 19:13 524,288 --ahs---- C:\Users\Azaiez\ntuser.dat{569c8db3-23d7-11dd-85c8-001a924085c8}.TMContainer00000000000000000002.regtrans-ms

2008-05-17 08:06 . 2008-05-17 19:56 524,288 --ahs---- C:\Users\Azaiez\ntuser.dat{569c8db3-23d7-11dd-85c8-001a924085c8}.TMContainer00000000000000000001.regtrans-ms

2008-05-17 08:06 . 2008-05-17 20:04 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{569c8dab-23d7-11dd-85c8-001a924085c8}.TM.blf

2008-05-17 08:06 . 2008-05-17 19:56 65,536 --ahs---- C:\Users\Azaiez\ntuser.dat{569c8db3-23d7-11dd-85c8-001a924085c8}.TM.blf

2008-05-17 01:46 . 2008-05-17 01:51 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{49b1772b-23a2-11dd-a365-001a924085c8}.TMContainer00000000000000000002.regtrans-ms

2008-05-17 01:46 . 2008-05-17 07:57 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{49b1772b-23a2-11dd-a365-001a924085c8}.TMContainer00000000000000000001.regtrans-ms

2008-05-17 01:46 . 2008-05-17 07:57 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{49b1772b-23a2-11dd-a365-001a924085c8}.TM.blf

2008-05-16 18:24 . 2008-05-16 18:25 <REP> d-------- C:\ComboFix(1)

2008-05-15 13:42 . 2008-05-15 13:42 <REP> d-------- C:\ComboFix(0)

2008-05-12 12:18 . 2008-05-12 12:19 <REP> d-------- C:\Karcher

2008-05-12 11:51 . 2008-05-12 12:14 <REP> d-------- C:\Program Files\Navilog1

2008-05-11 20:45 . 2008-05-12 11:20 5,204 --a------ C:\Windows\System32\tmp.reg

2008-05-11 20:45 . 2008-05-12 11:20 0 --a------ C:\Windows\System32\tmp.MSNFix

2008-05-11 20:44 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe

2008-05-11 20:44 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe

2008-05-11 20:44 . 2008-04-24 08:10 86,528 --a------ C:\Windows\System32\VACFix.exe

2008-05-11 20:44 . 2008-04-28 08:03 82,944 --a------ C:\Windows\System32\IEDFix.exe

2008-05-11 20:44 . 2008-04-28 08:03 82,944 --a------ C:\Windows\System32\404Fix.exe

2008-05-11 20:44 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe

2008-05-11 20:44 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe

2008-05-11 15:14 . 2008-05-11 15:14 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2008-05-11 13:14 . 2008-01-19 09:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll

2008-05-11 13:13 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll

2008-05-11 13:12 . 2008-01-19 09:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll

2008-05-11 13:11 . 2008-01-19 09:36 2,588,160 --a------ C:\Windows\System32\UIHub.dll

2008-05-11 13:10 . 2008-01-19 09:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll

2008-05-11 13:09 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL

2008-05-11 13:07 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll

2008-05-11 13:07 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll

2008-05-11 13:07 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll

2008-05-11 13:06 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll

2008-05-11 13:06 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll

2008-05-11 13:06 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll

2008-05-11 13:06 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll

2008-05-11 13:06 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe

2008-05-11 13:06 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll

2008-05-11 13:05 . 2006-11-02 11:39 6,656 --a------ C:\Windows\System32\kbd106.dll

2008-05-11 09:50 . 2008-05-11 12:16 <REP> d-------- C:\Program Files\a-squared Free

2008-05-10 23:20 . 2008-05-10 23:20 <REP> d-------- C:\Program Files\Common Files\Scanner

2008-05-10 23:20 . 2002-02-21 17:56 24,576 --a------ C:\Windows\System32\msxml3a.dll

2008-05-09 13:43 . 2008-05-09 13:43 <REP> d-------- C:\Program Files\SEGA

2008-05-04 20:08 . 2008-05-10 19:05 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy

2008-05-04 20:08 . 2008-05-10 19:05 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy

2008-05-04 20:08 . 2008-05-08 15:37 <REP> d-------- C:\Program Files\Spybot - Search & Destroy

2008-05-03 17:48 . 2008-05-03 23:13 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{2f9f44ed-1928-11dd-b7fd-001a924085c8}.TMContainer00000000000000000002.regtrans-ms

2008-05-03 17:48 . 2008-05-18 18:03 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{2f9f44ed-1928-11dd-b7fd-001a924085c8}.TMContainer00000000000000000001.regtrans-ms

2008-05-03 17:48 . 2008-05-03 23:13 524,288 --ahs---- C:\Users\Azaiez\ntuser.dat{2f9f44f5-1928-11dd-b7fd-001a924085c8}.TMContainer00000000000000000002.regtrans-ms

2008-05-03 17:48 . 2008-05-18 18:02 524,288 --ahs---- C:\Users\Azaiez\ntuser.dat{2f9f44f5-1928-11dd-b7fd-001a924085c8}.TMContainer00000000000000000001.regtrans-ms

2008-05-03 17:48 . 2008-05-18 18:03 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{2f9f44ed-1928-11dd-b7fd-001a924085c8}.TM.blf

2008-05-03 17:48 . 2008-05-18 18:02 65,536 --ahs---- C:\Users\Azaiez\ntuser.dat{2f9f44f5-1928-11dd-b7fd-001a924085c8}.TM.blf

2008-05-01 18:32 . 2008-05-01 18:33 <REP> d-------- C:\Program Files\MOVAVI

2008-05-01 18:32 . 2008-05-01 18:33 <REP> d-------- C:\Program Files\ConvertMovie 5.0

2008-05-01 18:19 . 2008-05-01 18:19 <REP> d-------- C:\Program Files\Yamb

2008-05-01 18:03 . 2008-05-01 18:03 <REP> d-------- C:\videodvdmaker

2008-05-01 17:59 . 2008-05-01 17:59 <REP> d-------- C:\Program Files\Video DVD Maker

2008-05-01 17:23 . 2008-05-03 18:43 <REP> d-------- C:\0e8d4d347a10744117ffacd44f81dd

2008-04-28 15:06 . 2008-04-28 22:18 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{c97de34e-1523-11dd-96bd-001a924085c8}.TMContainer00000000000000000002.regtrans-ms

2008-04-28 15:06 . 2008-05-03 16:58 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{c97de34e-1523-11dd-96bd-001a924085c8}.TMContainer00000000000000000001.regtrans-ms

2008-04-28 15:06 . 2008-05-03 16:58 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{c97de34e-1523-11dd-96bd-001a924085c8}.TM.blf

2008-04-27 11:11 . 2008-04-27 11:11 <REP> d-------- C:\PerfLogs

2008-04-27 09:39 . 2008-04-28 16:01 <REP> d-------- C:\e8016fc4bc0b50c5d5

2008-04-24 12:43 . 2008-04-24 12:43 331 --a------ C:\Windows\doom3.ini

2008-04-24 12:32 . 2008-04-30 13:30 <REP> d-------- C:\Program Files\DOOM 3

2008-04-22 12:35 . 2008-02-12 14:45 48 --a------ C:\Users\Azaiez\readme.bat

2008-04-22 10:07 . 2008-04-23 10:23 43,520 --a------ C:\Windows\System32\CmdLineExt03.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-18 01:00 --------- d-----w C:\Program Files\Windows Mail

2008-05-17 20:04 --------- d-----w C:\ProgramData\McAfee

2008-05-17 20:04 --------- d-----w C:\Program Files\McAfee

2008-05-17 20:04 --------- d-----w C:\Program Files\Common Files\McAfee

2008-05-17 19:54 --------- d---a-w C:\ProgramData\TEMP

2008-05-17 18:16 --------- d-----w C:\ProgramData\Google Updater

2008-05-17 18:03 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-17 18:03 --------- d-----w C:\Program Files\Microsoft Games

2008-05-17 18:03 --------- d-----w C:\Program Files\Cossacks 2 - Battle for Europe

2008-05-15 20:25 --------- d-----w C:\Program Files\Mozilla Thunderbird

2008-05-11 13:10 --------- d-----w C:\Program Files\Google

2008-05-11 12:34 174 --sha-w C:\Program Files\desktop.ini

2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Sidebar

2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Photo Gallery

2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Journal

2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Defender

2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Collaboration

2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Calendar

2008-05-11 11:44 82,432 ----a-w C:\Windows\System32\axaltocm.dll

2008-05-11 11:44 101,888 ----a-w C:\Windows\System32\ifxcardm.dll

2008-05-10 21:20 --------- d-----w C:\Program Files\Yahoo!

2008-04-23 09:06 --------- d-----w C:\Program Files\Diablo II

2008-04-21 10:54 98,304 ----a-w C:\Windows\System32\CmdLineExt.dll

2008-04-21 10:54 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys

2008-04-21 10:54 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe

2008-04-12 16:33 --------- d-----w C:\ProgramData\Media Center Programs

2008-04-12 16:25 --------- d-----w C:\Program Files\THQ

2008-04-12 06:52 21,840 ----a-w C:\Windows\System32\SIntfNT.dll

2008-04-12 06:52 17,212 ----a-w C:\Windows\System32\SIntf32.dll

2008-04-12 06:52 12,067 ----a-w C:\Windows\System32\SIntf16.dll

2008-04-12 06:45 2,829 ----a-w C:\Windows\DIIUnin.pif

2008-04-12 06:45 102,400 ----a-w C:\Windows\DIIUnin.exe

2008-04-05 10:29 --------- d-----w C:\Program Files\Hamachi

2008-04-05 10:28 25,280 ----a-w C:\Windows\system32\drivers\hamachi.sys

2008-03-23 16:15 --------- d-----w C:\Program Files\Illustrate

2008-03-23 16:14 4,230,520 ----a-w C:\Windows\System32\SpoonUninstall.exe

2008-03-22 12:50 --------- d-----w C:\ProgramData\Lavasoft

2008-03-14 15:06 52 ----a-w C:\amp.bat

2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll

2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe

2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe

2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll

2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll

2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll

2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll

2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys

2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe

2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe

2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll

2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll

2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll

2007-12-01 15:57 32 ----a-w C:\Users\All Users\ezsid.dat

2007-12-01 15:57 32 ----a-w C:\ProgramData\ezsid.dat

2007-11-18 11:17 31 ----a-w C:\Users\Azaiez\RUNME.bat

2005-03-03 20:56 16,753 ----a-w C:\Users\Azaiez\Stalker_v2.0.zip

2008-01-02 18:04 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2008-01-02 18:04 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2008-01-02 18:04 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

 

------- Sigcheck -------

 

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E48D8FF-79FD-430B-B33F-B1F3955CF9EE}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E57E3A0-1D17-451A-B7AF-3FDA09F332F7}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C4DC08A-5C1E-4CBE-8184-BF64DC4157A0}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3448FA63-F04C-410B-8EC6-F48D50914D6B}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37BF8AAA-1672-4F3F-96DB-DA78F794C0F6}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50442F11-C5CD-4B10-8DE0-06F374A59B66}]

C:\Users\Azaiez\AppData\Local\Temp\kHaYsQHW.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54F2ACD2-9CA0-4102-B33A-79F5792A081A}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5634198B-233F-480A-9FD2-F91EEA177054}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{65C462BD-5AFF-4C7E-AAFC-650870C31F02}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A45DFF1-8E12-4AFE-B2E4-45420E21A9EC}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E2B2EB3-01CA-47CD-BD13-6893635D67C4}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{735AADA2-84F3-4948-9CBC-B107015DA08B}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7CC623B7-37E2-4D28-BF77-3FBDDDC45DB7}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F0B207C-4359-49D7-8325-5F1CA915F90C}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8FCB72CC-5DC9-47A2-B0A2-C90EFB78D577}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1A59E3C-2A70-4314-9156-4CA2C70E1868}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6125F9D-98D6-4BB7-8238-01DAD9279F82}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D0022941-9470-46FF-87E2-D4C331042A58}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D62CC015-D348-4AEC-A838-47582647FE43}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D9F2F557-5237-4BD6-BF4C-E53364E916F2}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E240FF4E-3005-44C2-9B34-B7C4EB7887D8}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E3387251-B171-48A6-8487-375CD7B25434}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF222A11-9687-4127-BE91-96882A6CE14E}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Yahoo! Pager"="~C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [ ]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-03-05 21:10 36904]

"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]

"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="" []

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= C:\Program Files\ffdshow\ffdshow.ax

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Outil de mise à jour Google.lnk]

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Outil de mise à jour Google.lnk

backup=C:\Windows\pss\Outil de mise à jour Google.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrayMin700.exe.lnk]

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TrayMin700.exe.lnk

backup=C:\Windows\pss\TrayMin700.exe.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\444ce99b]

C:\Users\Azaiez\AppData\Local\Temp\urpwyqgc.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM477fda07]

C:\Users\Azaiez\AppData\Local\Temp\vvvxsnyg.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

--a------ 2008-01-19 09:33 125952 C:\Windows\ehome\ehTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2006-12-10 22:52 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]

--a------ 2006-09-28 15:42 65536 c:\hp\support\hpsysdrv.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

--a------ 2007-04-19 18:11 151552 C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

--a------ 2005-08-11 16:30 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

--a------ 2005-08-11 16:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]

--a------ 2006-12-08 17:16 65536 C:\HP\KBD\KbdStub.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

--a------ 2006-01-17 14:12 135168 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRT]

--a------ 2008-05-09 23:35 16863864 C:\Windows\system32\MRT.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]

C:\Users\Azaiez\AppData\Local\Temp\qoMfgGay.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phc700]

C:\Windows\system32\vphc700.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-06-10 19:52 282624 C:\Program Files\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

--a------ 2006-11-09 12:57 3784704 C:\Windows\RtHDVCpl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

--a------ 2008-01-19 09:33 1233920 C:\Program Files\Windows Sidebar\sidebar.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

--a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]

--a------ 2006-12-27 17:53 73840 C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2007-04-03 11:12 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2007-09-13 20:17 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]

--a------ 2008-04-01 18:35 3587120 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]

--a------ 2006-04-29 15:21 94208 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]

%windir%\WindowsMobile\wmdSync.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

--a------ 2008-01-19 09:33 202240 C:\Program Files\Windows Media Player\WMPNSCFG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{DA8BDA47-26ED-4C80-838E-25ADEB4B0958}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM

"{C1C62C23-E5F3-43BB-83E1-2A3CBD7E3EC7}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM

"{C8322D34-B73D-43A8-8F4D-76DD8C1A03D4}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server

"{93AF1CAD-8DEB-4F11-BE69-673E70E14631}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server

"{43264955-0B3F-4EB9-AD54-92A8D46582C3}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service

"{A241423A-F794-4707-952E-7B3FD534A06A}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service

"{5F0BEC45-5D2C-49A8-AF8B-A9B29B3C62F8}"= TCP:9442:127.0.0.1:Intel® Viiv Media Server Discovery

"{ED41B33F-BAC2-4820-8E98-61E60AECFF70}"= TCP:1900:LocalSubnet:LocalSubnet:Intel® Viiv Media Server UPnP Discovery

"{256BA5C8-B3C2-4983-B454-600F5AA8EF44}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"{F13EBF44-AC10-4297-A3A6-E98E7FF39142}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"{949EB903-E835-407E-8458-7DFBAD448F4A}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server

"{AF4A4330-02B4-49C0-A57B-A0F8A4EB5F23}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server

"{BDAD8392-DB41-4FE1-AF5C-52336A815283}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"{13E444D6-7964-4755-95D5-0E16810C26EC}"= UDP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR

"{83196E5D-01B0-4BDD-B8B0-8AD4D0CAE330}"= TCP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR

"{A06AEA53-5BE3-4509-9D10-E9958DAA34FA}"= UDP:C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II

"{C601AB94-43E4-47F4-BDE0-3DCD42A61A02}"= TCP:C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II

"{7C0C3818-357F-4905-B387-A33165FE3CBD}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent

"{B5833123-362D-4854-BB11-BE7023FE159E}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent

"{2B3D521F-A6E0-4842-92BB-95198A03F4EA}"= UDP:C:\Program Files\Sierra\FEARCombat\FEARMP.exe:FEAR Combat

"{2A500327-BEB5-4E90-AACE-C2144583C98C}"= TCP:C:\Program Files\Sierra\FEARCombat\FEARMP.exe:FEAR Combat

"{5ACF4C4E-B744-4915-94A8-FE551EF4FB4E}"= UDP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander

"{22B3CACF-01A3-4266-8CC4-CAE6FA5EA637}"= TCP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander

"{2B6E05FA-C8EE-4D94-9842-F04D26407943}"= UDP:C:\Program Files\Microsoft Games\Halo 2\halo2.exe:Halo 2

"{59C6B8EA-0F55-4E6A-8DC8-9DE740FA1AF2}"= TCP:C:\Program Files\Microsoft Games\Halo 2\halo2.exe:Halo 2

"{CD3BE5CD-DC83-4A27-932D-4928D9E7C3C6}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{7A944F5E-2707-4492-9BD0-BD7CDC8019AD}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{8F864C4F-AF6E-4B55-9AA5-C069F6A37222}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{F0C1F55C-8761-4E20-B839-336234AD619E}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{42C127B6-D7A5-4C19-A38F-6751D6B786D7}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars Demo\etqw.exe:Enemy Territory - QUAKE Wars Demo

"{CC8AD5EA-69A9-44D6-9BD5-0A6E4F34EF26}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars Demo\etqw.exe:Enemy Territory - QUAKE Wars Demo

"{377A1038-5E4A-4209-ABD1-FF869D76D2FE}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars Demo\etqwded.exe:etqwded.exe

"{F7BEBBE5-0181-433B-BC68-3C5D606FC42C}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars Demo\etqwded.exe:etqwded.exe

"{94C474BD-D001-4CD6-A305-18E702F57D5F}"= UDP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo

"{1F70259E-0512-4805-9D15-3B2A5340B6B9}"= TCP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo

"{17F8443B-4CED-459B-848B-F6D43AB4EF2E}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)

"{9282BF41-EC99-4676-8DF7-3A2C61A17DEC}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)

"{546D4843-3B34-4324-AF2E-93EEA1E1D888}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)

"{4F9F1B32-BA6A-4849-B7C1-12260F6808F5}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)

"{49AFF427-17E1-4697-988A-D71B331B4BE7}"= UDP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance

"{F8682EBE-6FCB-42C3-87BD-DB92E1853499}"= TCP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance

"{06C39CC5-E266-485B-B9AB-4A4A90F72CFC}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance

"{1111940A-44B6-40C8-88C4-1FD18CECAD57}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance

"{5D5A6AEC-006B-4637-9F24-4FD9F5A304C9}"= UDP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3

"{EB636B46-D5BD-4223-AD5E-E51B507B5FD3}"= TCP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3

"{39215C1D-0978-461A-A572-E62B5B058808}"= UDP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts

"{0AC844D3-C5A6-4933-B479-C3F0F4830148}"= TCP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts

"{6A2977D8-4B21-416A-9A9B-F70715D459B9}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype

"{EB9DAB2F-8D8E-493C-AFF3-14530287BBAB}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 11:05]

R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2006-09-03 11:32]

R2 RapiMgr;Connectivité de l'appareil Windows Mobile;C:\Windows\system32\svchost.exe [2008-01-19 09:33]

R2 WcesComm;Connectivité de l'appareil Windows Mobile 2003;C:\Windows\system32\svchost.exe [2008-01-19 09:33]

R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-10-20 23:47]

R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-18 04:01]

R3 camdrv41;Philips SPC 900NC PC Camera;C:\Windows\system32\DRIVERS\camdrv41.sys [2007-04-23 14:44]

R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2006-11-06 11:14]

S2 IntelDHSvcConf;Intel DH Service;"C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [2006-05-10 10:13]

S3 3xHybrid;ASUSTek SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2006-09-19 18:57]

S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\Windows\system32\DRIVERS\fbxusb32.sys [2004-10-20 15:23]

S3 GOGA;GOGA;C:\Users\Azaiez\AppData\Local\Temp\GOGA.exe []

S3 JATLCW;JATLCW;C:\Users\Azaiez\AppData\Local\Temp\JATLCW.exe []

S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-18 04:01]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d93cbb4-52d5-11dc-935a-001a924085c8}]

\shell\AutoRun\command - RAVMON.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f19dff4-00b5-11dd-b98e-001a924085c8}]

\shell\AutoRun\command - G:\PMB_P.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0550188-4d9f-11dc-b50a-001a924085c8}]

\shell\AutoRun\command - RAVMON.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6f66148-0920-11dd-a4b4-001a924085c8}]

\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7679cde-2085-11dc-9bf4-001a924085c8}]

\shell\AutoRun\command - F:\blank.exe

 

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2007-05-13 05:38:46 C:\Windows\Tasks\McDefragTask.job"

- c:\program files\mcafee\mqc\QcConsol.exe'

"2007-05-13 05:38:46 C:\Windows\Tasks\McQcTask.job"

- c:\program files\mcafee\mqc\QcConsol.exe

"2008-05-18 16:10:39 C:\Windows\Tasks\User_Feed_Synchronization-{48D2F123-9750-4DB6-815B-983FB705A8CB}.job"

- C:\Windows\system32\msfeedssync.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-18 18:06:11

Windows 6.0.6001 Service Pack 1 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

.

--------------------- DLLs a charg‚ sous des processus courants ---------------------

 

PROCESS: C:\Windows\Explorer.exe

-> C:\Program Files\SiteAdvisor\6253\saHook.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Windows\System32\Ati2evxx.exe

C:\Windows\System32\audiodg.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Windows\System32\Ati2evxx.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\McAfee\MPF\MpfSrv.exe

C:\Windows\System32\PnkBstrA.exe

C:\Program Files\SiteAdvisor\6253\SAService.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\System32\conime.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Windows\ehome\ehsched.exe

C:\Windows\ehome\ehrecvr.exe

C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe

C:\PROGRA~1\McAfee\MSC\mcuimgr.exe

C:\Windows\System32\wbem\WMIADAP.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-05-18 18:13:25 - machine was rebooted [Azaiez]

ComboFix-quarantined-files.txt 2008-05-18 16:13:05

ComboFix2.txt 2008-05-17 17:23:33

ComboFix3.txt 2008-05-14 16:34:43

ComboFix4.txt 2008-05-14 16:15:36

 

Pre-Run: 197,098,381,312 octets libres

Post-Run: 197,468,983,296 octets libres

 

411 --- E O F --- 2008-05-18 01:00:48

 

 

Rapport généré hiers en fin d'apremidi

Les problèmes semblent avoir disparut (sur mozilla et IE)

Modifié le 19 mai 2008 par Nizar89

[pear]

Bonsoir,

 

Combo, Nettoyage

# Déconnectez-vous du net et désactivez l'antivirus (juste le temps de la procédure !)

Ouvrez Combofix

# Dans le bloc-note ,copiez-collez ces lignes :

KillAll::

 

File::

C:\Users\Azaiez\AppData\Local\Temp\kHaYsQHW

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48C06808-537C-4751-940D-CE7C7A53C087}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d93cbb4-52d5-11dc-935a-001a924085c8}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0550188-4d9f-11dc-b50a-001a924085c8}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6f66148-0920-11dd-a4b4-001a924085c8}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7679cde-2085-11dc-9bf4-001a924085c8}]

 

* Attention, ce code a été rédigé spécialement pour cet utilisateur, prière de ne pas le réutiliser dans d'autres cas !

 

Enregistrez-le en lui donnant le nom CFScript.txt

 

* Faire un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

http://i261.photobucket.com/albums/ii49/Ma...te/CFScript.gif

 

*

* Au message qui apparait dans une fenêtre bleue ( Type 1 to continue, or 2 to abort) , taper 1 puis valider.

* Patienter le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne toucher à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poster son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

 

Et un Hijackthis, svp, avec vos commentaires.

Modifié le 19 mai 2008 par pear

[Nizar89]

Bonjour,

Désolé pour ce message un peu en retard.

J'ai toujours le même soucis avec Combofix: l'ordinateur redémarre au début de l'analyse. Cela pourrais t'il être dût à vista?

Je ne sais pas si cela à de l'importance, mais mon antivirus détecte le virus "Heur" dans l'executable de Combofix.

 

Et enfin, je voulais rajouter que tout les problèmes avaient disparut.

 

Voici la rapport Hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:58, on 2008-05-21

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

c:\PROGRA~1\mcafee\msc\mcuimgr.exe

C:\Windows\System32\mobsync.exe

C:\Karcher\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.zebulon.fr/onglet-intepestifs...15&start=15

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll

O2 - BHO: (no name) - {1E48D8FF-79FD-430B-B33F-B1F3955CF9EE} - (no file)

O2 - BHO: (no name) - {1E57E3A0-1D17-451A-B7AF-3FDA09F332F7} - (no file)

O2 - BHO: (no name) - {2C4DC08A-5C1E-4CBE-8184-BF64DC4157A0} - (no file)

O2 - BHO: (no name) - {3448FA63-F04C-410B-8EC6-F48D50914D6B} - (no file)

O2 - BHO: (no name) - {37BF8AAA-1672-4F3F-96DB-DA78F794C0F6} - (no file)

O2 - BHO: (no name) - {50442F11-C5CD-4B10-8DE0-06F374A59B66} - C:\Users\Azaiez\AppData\Local\Temp\kHaYsQHW.dll (file missing)

O2 - BHO: (no name) - {54F2ACD2-9CA0-4102-B33A-79F5792A081A} - (no file)

O2 - BHO: (no name) - {5634198B-233F-480A-9FD2-F91EEA177054} - (no file)

O2 - BHO: (no name) - {65C462BD-5AFF-4C7E-AAFC-650870C31F02} - (no file)

O2 - BHO: (no name) - {6A45DFF1-8E12-4AFE-B2E4-45420E21A9EC} - (no file)

O2 - BHO: (no name) - {6E2B2EB3-01CA-47CD-BD13-6893635D67C4} - (no file)

O2 - BHO: (no name) - {735AADA2-84F3-4948-9CBC-B107015DA08B} - (no file)

O2 - BHO: (no name) - {7CC623B7-37E2-4D28-BF77-3FBDDDC45DB7} - (no file)

O2 - BHO: (no name) - {7F0B207C-4359-49D7-8325-5F1CA915F90C} - (no file)

O2 - BHO: (no name) - {8FCB72CC-5DC9-47A2-B0A2-C90EFB78D577} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O2 - BHO: (no name) - {C1A59E3C-2A70-4314-9156-4CA2C70E1868} - (no file)

O2 - BHO: (no name) - {C6125F9D-98D6-4BB7-8238-01DAD9279F82} - (no file)

O2 - BHO: (no name) - {D0022941-9470-46FF-87E2-D4C331042A58} - (no file)

O2 - BHO: (no name) - {D62CC015-D348-4AEC-A838-47582647FE43} - (no file)

O2 - BHO: (no name) - {D9F2F557-5237-4BD6-BF4C-E53364E916F2} - (no file)

O2 - BHO: (no name) - {E240FF4E-3005-44C2-9B34-B7C4EB7887D8} - (no file)

O2 - BHO: (no name) - {E3387251-B171-48A6-8487-375CD7B25434} - (no file)

O2 - BHO: (no name) - {EF222A11-9687-4127-BE91-96882A6CE14E} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

O13 - Gopher Prefix:

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

O23 - Service: GOGA - Unknown owner - C:\Users\Azaiez\AppData\Local\Temp\GOGA.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe

O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe

O23 - Service: JATLCW - Unknown owner - C:\Users\Azaiez\AppData\Local\Temp\JATLCW.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Intel® Viiv Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe

O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

 

--

End of file - 8341 bytes

 

 

 

 

Merci.

[Nizar89]

Après avoir relu votre message, j'ai remarqué que je commetais une erreur: au lieu de lancer le programmer PUIS transferer le fichier txt, je le trnsferais dirrectement.

Voici donc le rapport Combofix (bien que je ne sois pas sur a 100% que le tranfert est marché):

 

 

ComboFix 08-05-15.3 - Azaiez 2008-05-21 17:07:28.2 - NTFSx86

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1249 [GMT 2:00]

Endroit: C:\Users\Azaiez\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((( Fichiers créés 2008-04-21 to 2008-05-21 ))))))))))))))))))))))))))))))))))))

.

 

2008-05-21 17:07 . 2008-05-12 22:31 <REP> d-------- C:\327882R2FWJFW

2008-05-21 14:52 . 2008-05-21 14:52 <REP> d-------- C:\Programme

2008-05-17 22:01 . 2008-05-17 22:10 96,645 --a------ C:\Windows\System32\drivers\klin.dat

2008-05-17 22:01 . 2008-05-17 22:10 87,941 --a------ C:\Windows\System32\drivers\klick.dat

2008-05-17 22:00 . 2008-05-21 16:53 <REP> d-------- C:\Users\All Users\Kaspersky Lab

2008-05-17 22:00 . 2008-05-21 16:53 <REP> d-------- C:\ProgramData\Kaspersky Lab

2008-05-17 22:00 . 2008-05-17 22:00 <REP> d-------- C:\Program Files\Kaspersky Lab

2008-05-17 22:00 . 2008-05-21 17:11 95,884,576 --ahs---- C:\Windows\System32\drivers\fidbox.dat

2008-05-17 22:00 . 2008-05-21 15:25 1,267,232 --ahs---- C:\Windows\System32\drivers\fidbox.idx

2008-05-17 21:34 . 2008-05-17 21:34 <REP> d-------- C:\Windows\4DCA27399D164B55808CE72CD70A5BD3.TMP

2008-05-17 21:32 . 2008-05-17 21:32 <REP> d-------- C:\Users\All Users\Kaspersky Lab Setup Files

2008-05-17 21:32 . 2008-05-17 21:32 <REP> d-------- C:\ProgramData\Kaspersky Lab Setup Files

2008-05-17 20:19 . 2008-05-17 20:19 208 --a------ C:\Windows\System32\MRT.INI

2008-05-17 19:41 . 2008-05-17 19:41 <REP> d-------- C:\ComboFix(2)

2008-05-17 08:06 . 2008-05-17 19:14 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{569c8dab-23d7-11dd-85c8-001a924085c8}.TMContainer00000000000000000002.regtrans-ms

2008-05-17 08:06 . 2008-05-17 20:04 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{569c8dab-23d7-11dd-85c8-001a924085c8}.TMContainer00000000000000000001.regtrans-ms

2008-05-17 08:06 . 2008-05-17 19:13 524,288 --ahs---- C:\Users\Azaiez\ntuser.dat{569c8db3-23d7-11dd-85c8-001a924085c8}.TMContainer00000000000000000002.regtrans-ms

2008-05-17 08:06 . 2008-05-17 19:56 524,288 --ahs---- C:\Users\Azaiez\ntuser.dat{569c8db3-23d7-11dd-85c8-001a924085c8}.TMContainer00000000000000000001.regtrans-ms

2008-05-17 08:06 . 2008-05-17 20:04 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{569c8dab-23d7-11dd-85c8-001a924085c8}.TM.blf

2008-05-17 08:06 . 2008-05-17 19:56 65,536 --ahs---- C:\Users\Azaiez\ntuser.dat{569c8db3-23d7-11dd-85c8-001a924085c8}.TM.blf

2008-05-17 01:46 . 2008-05-17 01:51 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{49b1772b-23a2-11dd-a365-001a924085c8}.TMContainer00000000000000000002.regtrans-ms

2008-05-17 01:46 . 2008-05-17 07:57 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{49b1772b-23a2-11dd-a365-001a924085c8}.TMContainer00000000000000000001.regtrans-ms

2008-05-17 01:46 . 2008-05-17 07:57 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{49b1772b-23a2-11dd-a365-001a924085c8}.TM.blf

2008-05-16 18:24 . 2008-05-16 18:25 <REP> d-------- C:\ComboFix(1)

2008-05-15 13:42 . 2008-05-15 13:42 <REP> d-------- C:\ComboFix(0)

2008-05-12 12:18 . 2008-05-21 16:58 <REP> d-------- C:\Karcher

2008-05-12 11:51 . 2008-05-12 12:14 <REP> d-------- C:\Program Files\Navilog1

2008-05-11 20:45 . 2008-05-12 11:20 5,204 --a------ C:\Windows\System32\tmp.reg

2008-05-11 20:45 . 2008-05-12 11:20 0 --a------ C:\Windows\System32\tmp.MSNFix

2008-05-11 20:44 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe

2008-05-11 20:44 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe

2008-05-11 20:44 . 2008-04-24 08:10 86,528 --a------ C:\Windows\System32\VACFix.exe

2008-05-11 20:44 . 2008-04-28 08:03 82,944 --a------ C:\Windows\System32\IEDFix.exe

2008-05-11 20:44 . 2008-04-28 08:03 82,944 --a------ C:\Windows\System32\404Fix.exe

2008-05-11 20:44 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe

2008-05-11 20:44 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe

2008-05-11 15:14 . 2008-05-11 15:14 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2008-05-11 13:14 . 2008-01-19 09:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll

2008-05-11 13:13 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll

2008-05-11 13:12 . 2008-01-19 09:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll

2008-05-11 13:11 . 2008-01-19 09:36 2,588,160 --a------ C:\Windows\System32\UIHub.dll

2008-05-11 13:10 . 2008-01-19 09:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll

2008-05-11 13:09 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL

2008-05-11 13:07 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll

2008-05-11 13:07 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll

2008-05-11 13:07 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll

2008-05-11 13:06 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll

2008-05-11 13:06 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll

2008-05-11 13:06 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll

2008-05-11 13:06 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll

2008-05-11 13:06 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe

2008-05-11 13:06 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll

2008-05-11 13:05 . 2006-11-02 11:39 6,656 --a------ C:\Windows\System32\kbd106.dll

2008-05-11 09:50 . 2008-05-11 12:16 <REP> d-------- C:\Program Files\a-squared Free

2008-05-10 23:20 . 2008-05-10 23:20 <REP> d-------- C:\Program Files\Common Files\Scanner

2008-05-10 23:20 . 2002-02-21 17:56 24,576 --a------ C:\Windows\System32\msxml3a.dll

2008-05-09 13:43 . 2008-05-21 14:17 <REP> d-------- C:\Program Files\SEGA

2008-05-04 20:08 . 2008-05-10 19:05 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy

2008-05-04 20:08 . 2008-05-10 19:05 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy

2008-05-04 20:08 . 2008-05-08 15:37 <REP> d-------- C:\Program Files\Spybot - Search & Destroy

2008-05-03 17:48 . 2008-05-03 23:13 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{2f9f44ed-1928-11dd-b7fd-001a924085c8}.TMContainer00000000000000000002.regtrans-ms

2008-05-03 17:48 . 2008-05-21 15:25 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{2f9f44ed-1928-11dd-b7fd-001a924085c8}.TMContainer00000000000000000001.regtrans-ms

2008-05-03 17:48 . 2008-05-03 23:13 524,288 --ahs---- C:\Users\Azaiez\ntuser.dat{2f9f44f5-1928-11dd-b7fd-001a924085c8}.TMContainer00000000000000000002.regtrans-ms

2008-05-03 17:48 . 2008-05-21 15:24 524,288 --ahs---- C:\Users\Azaiez\ntuser.dat{2f9f44f5-1928-11dd-b7fd-001a924085c8}.TMContainer00000000000000000001.regtrans-ms

2008-05-03 17:48 . 2008-05-21 15:25 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{2f9f44ed-1928-11dd-b7fd-001a924085c8}.TM.blf

2008-05-03 17:48 . 2008-05-21 15:24 65,536 --ahs---- C:\Users\Azaiez\ntuser.dat{2f9f44f5-1928-11dd-b7fd-001a924085c8}.TM.blf

2008-05-01 18:32 . 2008-05-01 18:33 <REP> d-------- C:\Program Files\MOVAVI

2008-05-01 18:32 . 2008-05-01 18:33 <REP> d-------- C:\Program Files\ConvertMovie 5.0

2008-05-01 18:19 . 2008-05-01 18:19 <REP> d-------- C:\Program Files\Yamb

2008-05-01 18:03 . 2008-05-01 18:03 <REP> d-------- C:\videodvdmaker

2008-05-01 17:59 . 2008-05-01 17:59 <REP> d-------- C:\Program Files\Video DVD Maker

2008-05-01 17:23 . 2008-05-03 18:43 <REP> d-------- C:\0e8d4d347a10744117ffacd44f81dd

2008-04-28 15:06 . 2008-04-28 22:18 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{c97de34e-1523-11dd-96bd-001a924085c8}.TMContainer00000000000000000002.regtrans-ms

2008-04-28 15:06 . 2008-05-03 16:58 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{c97de34e-1523-11dd-96bd-001a924085c8}.TMContainer00000000000000000001.regtrans-ms

2008-04-28 15:06 . 2008-05-03 16:58 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{c97de34e-1523-11dd-96bd-001a924085c8}.TM.blf

2008-04-27 11:11 . 2008-04-27 11:11 <REP> d-------- C:\PerfLogs

2008-04-27 09:39 . 2008-04-28 16:01 <REP> d-------- C:\e8016fc4bc0b50c5d5

2008-04-24 12:43 . 2008-04-24 12:43 331 --a------ C:\Windows\doom3.ini

2008-04-24 12:32 . 2008-04-30 13:30 <REP> d-------- C:\Program Files\DOOM 3

2008-04-22 12:35 . 2008-02-12 14:45 48 --a------ C:\Users\Azaiez\readme.bat

2008-04-22 10:07 . 2008-04-23 10:23 43,520 --a------ C:\Windows\System32\CmdLineExt03.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-21 06:03 --------- d-----w C:\ProgramData\Google Updater

2008-05-18 01:00 --------- d-----w C:\Program Files\Windows Mail

2008-05-17 20:04 --------- d-----w C:\ProgramData\McAfee

2008-05-17 20:04 --------- d-----w C:\Program Files\McAfee

2008-05-17 20:04 --------- d-----w C:\Program Files\Common Files\McAfee

2008-05-17 19:54 --------- d---a-w C:\ProgramData\TEMP

2008-05-17 18:03 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-17 18:03 --------- d-----w C:\Program Files\Microsoft Games

2008-05-17 18:03 --------- d-----w C:\Program Files\Cossacks 2 - Battle for Europe

2008-05-15 20:25 --------- d-----w C:\Program Files\Mozilla Thunderbird

2008-05-11 13:10 --------- d-----w C:\Program Files\Google

2008-05-11 12:34 174 --sha-w C:\Program Files\desktop.ini

2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Sidebar

2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Photo Gallery

2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Journal

2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Defender

2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Collaboration

2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Calendar

2008-05-11 11:44 82,432 ----a-w C:\Windows\System32\axaltocm.dll

2008-05-11 11:44 101,888 ----a-w C:\Windows\System32\ifxcardm.dll

2008-05-10 21:20 --------- d-----w C:\Program Files\Yahoo!

2008-04-23 09:06 --------- d-----w C:\Program Files\Diablo II

2008-04-21 10:54 98,304 ----a-w C:\Windows\System32\CmdLineExt.dll

2008-04-21 10:54 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys

2008-04-21 10:54 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe

2008-04-12 16:33 --------- d-----w C:\ProgramData\Media Center Programs

2008-04-12 16:25 --------- d-----w C:\Program Files\THQ

2008-04-12 06:52 21,840 ----a-w C:\Windows\System32\SIntfNT.dll

2008-04-12 06:52 17,212 ----a-w C:\Windows\System32\SIntf32.dll

2008-04-12 06:52 12,067 ----a-w C:\Windows\System32\SIntf16.dll

2008-04-12 06:45 2,829 ----a-w C:\Windows\DIIUnin.pif

2008-04-12 06:45 102,400 ----a-w C:\Windows\DIIUnin.exe

2008-04-05 10:29 --------- d-----w C:\Program Files\Hamachi

2008-04-05 10:28 25,280 ----a-w C:\Windows\system32\drivers\hamachi.sys

2008-03-23 16:15 --------- d-----w C:\Program Files\Illustrate

2008-03-23 16:14 4,230,520 ----a-w C:\Windows\System32\SpoonUninstall.exe

2008-03-22 12:50 --------- d-----w C:\ProgramData\Lavasoft

2008-03-14 15:06 52 ----a-w C:\amp.bat

2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll

2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe

2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe

2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll

2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll

2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll

2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll

2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys

2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe

2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe

2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll

2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll

2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll

2007-12-01 15:57 32 ----a-w C:\Users\All Users\ezsid.dat

2007-12-01 15:57 32 ----a-w C:\ProgramData\ezsid.dat

2007-11-18 11:17 31 ----a-w C:\Users\Azaiez\RUNME.bat

2005-03-03 20:56 16,753 ----a-w C:\Users\Azaiez\Stalker_v2.0.zip

2008-01-02 18:04 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2008-01-02 18:04 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2008-01-02 18:04 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

 

------- Sigcheck -------

 

.

((((((((((((((((((((((((((((( snapshot@2008-05-18_18.12.12.81 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-05-18 16:04:16 67,584 --s-a-w C:\Windows\bootstat.dat

+ 2008-05-21 14:53:21 67,584 --s-a-w C:\Windows\bootstat.dat

+ 2008-05-21 14:53:22 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2008-05-21 14:53:22 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2008-05-18 16:04:59 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat

+ 2008-05-21 14:55:15 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat

+ 2008-05-21 14:55:15 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2008-05-18 16:04:58 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat

+ 2008-05-21 14:56:08 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat

- 2008-05-18 13:04:01 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-05-21 14:39:25 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-05-18 13:04:01 245,760 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-05-21 14:39:25 245,760 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-05-18 13:04:01 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-05-21 14:39:25 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-05-18 15:56:30 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

+ 2008-05-21 15:07:23 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

+ 2008-05-21 15:07:23 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1

- 2008-05-18 13:14:27 101,052 ----a-w C:\Windows\System32\perfc009.dat

+ 2008-05-21 14:58:38 101,052 ----a-w C:\Windows\System32\perfc009.dat

- 2008-05-18 13:14:27 123,350 ----a-w C:\Windows\System32\perfc00C.dat

+ 2008-05-21 14:58:38 123,350 ----a-w C:\Windows\System32\perfc00C.dat

- 2008-05-18 13:14:27 586,980 ----a-w C:\Windows\System32\perfh009.dat

+ 2008-05-21 14:58:38 586,980 ----a-w C:\Windows\System32\perfh009.dat

- 2008-05-18 13:14:27 669,340 ----a-w C:\Windows\System32\perfh00C.dat

+ 2008-05-21 14:58:38 669,340 ----a-w C:\Windows\System32\perfh00C.dat

- 2008-05-18 13:11:53 15,098 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2019332051-1211254293-2383463360-1001_UserData.bin

+ 2008-05-21 14:55:24 15,304 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2019332051-1211254293-2383463360-1001_UserData.bin

- 2008-05-18 13:11:52 68,454 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-05-21 14:55:24 68,662 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-05-18 08:07:59 65,112 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-05-21 14:35:40 65,312 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E48D8FF-79FD-430B-B33F-B1F3955CF9EE}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E57E3A0-1D17-451A-B7AF-3FDA09F332F7}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C4DC08A-5C1E-4CBE-8184-BF64DC4157A0}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3448FA63-F04C-410B-8EC6-F48D50914D6B}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37BF8AAA-1672-4F3F-96DB-DA78F794C0F6}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50442F11-C5CD-4B10-8DE0-06F374A59B66}]

C:\Users\Azaiez\AppData\Local\Temp\kHaYsQHW.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54F2ACD2-9CA0-4102-B33A-79F5792A081A}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5634198B-233F-480A-9FD2-F91EEA177054}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{65C462BD-5AFF-4C7E-AAFC-650870C31F02}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A45DFF1-8E12-4AFE-B2E4-45420E21A9EC}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E2B2EB3-01CA-47CD-BD13-6893635D67C4}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{735AADA2-84F3-4948-9CBC-B107015DA08B}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7CC623B7-37E2-4D28-BF77-3FBDDDC45DB7}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F0B207C-4359-49D7-8325-5F1CA915F90C}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8FCB72CC-5DC9-47A2-B0A2-C90EFB78D577}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1A59E3C-2A70-4314-9156-4CA2C70E1868}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6125F9D-98D6-4BB7-8238-01DAD9279F82}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D0022941-9470-46FF-87E2-D4C331042A58}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D62CC015-D348-4AEC-A838-47582647FE43}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D9F2F557-5237-4BD6-BF4C-E53364E916F2}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E240FF4E-3005-44C2-9B34-B7C4EB7887D8}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E3387251-B171-48A6-8487-375CD7B25434}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF222A11-9687-4127-BE91-96882A6CE14E}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-01-19 13:49 4670968]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-03-05 21:10 36904]

"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]

"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="" []

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= C:\Program Files\ffdshow\ffdshow.ax

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Outil de mise à jour Google.lnk]

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Outil de mise à jour Google.lnk

backup=C:\Windows\pss\Outil de mise à jour Google.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrayMin700.exe.lnk]

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TrayMin700.exe.lnk

backup=C:\Windows\pss\TrayMin700.exe.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\444ce99b]

C:\Users\Azaiez\AppData\Local\Temp\urpwyqgc.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM477fda07]

C:\Users\Azaiez\AppData\Local\Temp\vvvxsnyg.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

--a------ 2008-01-19 09:33 125952 C:\Windows\ehome\ehTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2006-12-10 22:52 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]

--a------ 2006-09-28 15:42 65536 c:\hp\support\hpsysdrv.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

--a------ 2007-04-19 18:11 151552 C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

--a------ 2005-08-11 16:30 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

--a------ 2005-08-11 16:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]

--a------ 2006-12-08 17:16 65536 C:\HP\KBD\KbdStub.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

--a------ 2006-01-17 14:12 135168 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRT]

--a------ 2008-05-09 23:35 16863864 C:\Windows\system32\MRT.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]

C:\Users\Azaiez\AppData\Local\Temp\qoMfgGay.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phc700]

C:\Windows\system32\vphc700.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-06-10 19:52 282624 C:\Program Files\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

--a------ 2006-11-09 12:57 3784704 C:\Windows\RtHDVCpl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

--a------ 2008-01-19 09:33 1233920 C:\Program Files\Windows Sidebar\sidebar.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

--a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]

--a------ 2006-12-27 17:53 73840 C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2007-04-03 11:12 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2007-09-13 20:17 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]

--a------ 2008-04-01 18:35 3587120 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]

--a------ 2006-04-29 15:21 94208 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]

%windir%\WindowsMobile\wmdSync.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

--a------ 2008-01-19 09:33 202240 C:\Program Files\Windows Media Player\WMPNSCFG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{DA8BDA47-26ED-4C80-838E-25ADEB4B0958}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM

"{C1C62C23-E5F3-43BB-83E1-2A3CBD7E3EC7}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM

"{C8322D34-B73D-43A8-8F4D-76DD8C1A03D4}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server

"{93AF1CAD-8DEB-4F11-BE69-673E70E14631}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server

"{43264955-0B3F-4EB9-AD54-92A8D46582C3}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service

"{A241423A-F794-4707-952E-7B3FD534A06A}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service

"{5F0BEC45-5D2C-49A8-AF8B-A9B29B3C62F8}"= TCP:9442:127.0.0.1:Intel® Viiv Media Server Discovery

"{ED41B33F-BAC2-4820-8E98-61E60AECFF70}"= TCP:1900:LocalSubnet:LocalSubnet:Intel® Viiv Media Server UPnP Discovery

"{256BA5C8-B3C2-4983-B454-600F5AA8EF44}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"{F13EBF44-AC10-4297-A3A6-E98E7FF39142}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"{949EB903-E835-407E-8458-7DFBAD448F4A}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server

"{AF4A4330-02B4-49C0-A57B-A0F8A4EB5F23}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server

"{BDAD8392-DB41-4FE1-AF5C-52336A815283}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"{13E444D6-7964-4755-95D5-0E16810C26EC}"= UDP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR

"{83196E5D-01B0-4BDD-B8B0-8AD4D0CAE330}"= TCP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR

"{A06AEA53-5BE3-4509-9D10-E9958DAA34FA}"= UDP:C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II

"{C601AB94-43E4-47F4-BDE0-3DCD42A61A02}"= TCP:C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II

"{7C0C3818-357F-4905-B387-A33165FE3CBD}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent

"{B5833123-362D-4854-BB11-BE7023FE159E}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent

"{2B3D521F-A6E0-4842-92BB-95198A03F4EA}"= UDP:C:\Program Files\Sierra\FEARCombat\FEARMP.exe:FEAR Combat

"{2A500327-BEB5-4E90-AACE-C2144583C98C}"= TCP:C:\Program Files\Sierra\FEARCombat\FEARMP.exe:FEAR Combat

"{5ACF4C4E-B744-4915-94A8-FE551EF4FB4E}"= UDP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander

"{22B3CACF-01A3-4266-8CC4-CAE6FA5EA637}"= TCP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander

"{2B6E05FA-C8EE-4D94-9842-F04D26407943}"= UDP:C:\Program Files\Microsoft Games\Halo 2\halo2.exe:Halo 2

"{59C6B8EA-0F55-4E6A-8DC8-9DE740FA1AF2}"= TCP:C:\Program Files\Microsoft Games\Halo 2\halo2.exe:Halo 2

"{CD3BE5CD-DC83-4A27-932D-4928D9E7C3C6}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{7A944F5E-2707-4492-9BD0-BD7CDC8019AD}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{8F864C4F-AF6E-4B55-9AA5-C069F6A37222}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{F0C1F55C-8761-4E20-B839-336234AD619E}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{42C127B6-D7A5-4C19-A38F-6751D6B786D7}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars Demo\etqw.exe:Enemy Territory - QUAKE Wars Demo

"{CC8AD5EA-69A9-44D6-9BD5-0A6E4F34EF26}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars Demo\etqw.exe:Enemy Territory - QUAKE Wars Demo

"{377A1038-5E4A-4209-ABD1-FF869D76D2FE}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars Demo\etqwded.exe:etqwded.exe

"{F7BEBBE5-0181-433B-BC68-3C5D606FC42C}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars Demo\etqwded.exe:etqwded.exe

"{94C474BD-D001-4CD6-A305-18E702F57D5F}"= UDP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo

"{1F70259E-0512-4805-9D15-3B2A5340B6B9}"= TCP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo

"{17F8443B-4CED-459B-848B-F6D43AB4EF2E}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)

"{9282BF41-EC99-4676-8DF7-3A2C61A17DEC}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)

"{546D4843-3B34-4324-AF2E-93EEA1E1D888}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)

"{4F9F1B32-BA6A-4849-B7C1-12260F6808F5}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)

"{49AFF427-17E1-4697-988A-D71B331B4BE7}"= UDP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance

"{F8682EBE-6FCB-42C3-87BD-DB92E1853499}"= TCP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance

"{06C39CC5-E266-485B-B9AB-4A4A90F72CFC}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance

"{1111940A-44B6-40C8-88C4-1FD18CECAD57}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance

"{5D5A6AEC-006B-4637-9F24-4FD9F5A304C9}"= UDP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3

"{EB636B46-D5BD-4223-AD5E-E51B507B5FD3}"= TCP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3

"{39215C1D-0978-461A-A572-E62B5B058808}"= UDP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts

"{0AC844D3-C5A6-4933-B479-C3F0F4830148}"= TCP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts

"{6A2977D8-4B21-416A-9A9B-F70715D459B9}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype

"{EB9DAB2F-8D8E-493C-AFF3-14530287BBAB}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype

 

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 11:05]

R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2006-09-03 11:32]

R2 RapiMgr;Connectivité de l'appareil Windows Mobile;C:\Windows\system32\svchost.exe [2008-01-19 09:33]

R2 WcesComm;Connectivité de l'appareil Windows Mobile 2003;C:\Windows\system32\svchost.exe [2008-01-19 09:33]

R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-10-20 23:47]

R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-18 04:01]

R3 camdrv41;Philips SPC 900NC PC Camera;C:\Windows\system32\DRIVERS\camdrv41.sys [2007-04-23 14:44]

R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2006-11-06 11:14]

S2 IntelDHSvcConf;Intel DH Service;"C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [2006-05-10 10:13]

S3 3xHybrid;ASUSTek SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2006-09-19 18:57]

S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\Windows\system32\DRIVERS\fbxusb32.sys [2004-10-20 15:23]

S3 GOGA;GOGA;C:\Users\Azaiez\AppData\Local\Temp\GOGA.exe []

S3 JATLCW;JATLCW;C:\Users\Azaiez\AppData\Local\Temp\JATLCW.exe []

S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-18 04:01]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d93cbb4-52d5-11dc-935a-001a924085c8}]

\shell\AutoRun\command - RAVMON.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f19dff4-00b5-11dd-b98e-001a924085c8}]

\shell\AutoRun\command - G:\PMB_P.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0550188-4d9f-11dc-b50a-001a924085c8}]

\shell\AutoRun\command - RAVMON.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6f66148-0920-11dd-a4b4-001a924085c8}]

\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7679cde-2085-11dc-9bf4-001a924085c8}]

\shell\AutoRun\command - F:\blank.exe

 

.

Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

"2007-05-13 05:38:46 C:\Windows\Tasks\McDefragTask.job"

- c:\program files\mcafee\mqc\QcConsol.exe'

"2007-05-13 05:38:46 C:\Windows\Tasks\McQcTask.job"

- c:\program files\mcafee\mqc\QcConsol.exe

"2008-05-21 15:09:59 C:\Windows\Tasks\User_Feed_Synchronization-{48D2F123-9750-4DB6-815B-983FB705A8CB}.job"

- C:\Windows\system32\msfeedssync.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-21 17:11:26

Windows 6.0.6001 Service Pack 1 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

 

**************************************************************************

.

--------------------- DLLs a chargé sous des processus courants ---------------------

 

PROCESS: C:\Windows\Explorer.exe

-> C:\Program Files\SiteAdvisor\6253\saHook.dll

-> ?:\Windows\system32\iertutil.dll

.

Temps d'accomplissement: 2008-05-21 17:14:15

ComboFix-quarantined-files.txt 2008-05-21 15:13:10

ComboFix2.txt 2008-05-18 16:13:26

ComboFix3.txt 2008-05-17 17:23:33

ComboFix4.txt 2008-05-14 16:34:43

ComboFix5.txt 2008-05-14 16:15:36

 

Pre-Run: 177,821,474,816 octets libres

Post-Run: 177,785,389,056 octets libres

 

415 --- E O F --- 2008-05-21 08:01:50

 

 

 

Merci

[pear]

Bonsoir,

 

Voici donc le rapport Combofix (bien que je ne sois pas sur a 100% que le tranfert est marché):

 

Moi, nonplus.

 

Dans Hijackthis, cochez ces lignes puis clic sur Fix checked:

 

O2 - BHO: (no name) - {1E48D8FF-79FD-430B-B33F-B1F3955CF9EE} - (no file)

O2 - BHO: (no name) - {1E57E3A0-1D17-451A-B7AF-3FDA09F332F7} - (no file)

O2 - BHO: (no name) - {2C4DC08A-5C1E-4CBE-8184-BF64DC4157A0} - (no file)

O2 - BHO: (no name) - {3448FA63-F04C-410B-8EC6-F48D50914D6B} - (no file)

O2 - BHO: (no name) - {37BF8AAA-1672-4F3F-96DB-DA78F794C0F6} - (no file)

O2 - BHO: (no name) - {50442F11-C5CD-4B10-8DE0-06F374A59B66} - C:\Users\Azaiez\AppData\Local\Temp\kHaYsQHW.dll (file missing)

O2 - BHO: (no name) - {54F2ACD2-9CA0-4102-B33A-79F5792A081A} - (no file)

O2 - BHO: (no name) - {5634198B-233F-480A-9FD2-F91EEA177054} - (no file)

O2 - BHO: (no name) - {65C462BD-5AFF-4C7E-AAFC-650870C31F02} - (no file)

O2 - BHO: (no name) - {6A45DFF1-8E12-4AFE-B2E4-45420E21A9EC} - (no file)

O2 - BHO: (no name) - {6E2B2EB3-01CA-47CD-BD13-6893635D67C4} - (no file)

O2 - BHO: (no name) - {735AADA2-84F3-4948-9CBC-B107015DA08B} - (no file)

O2 - BHO: (no name) - {7CC623B7-37E2-4D28-BF77-3FBDDDC45DB7} - (no file)

O2 - BHO: (no name) - {7F0B207C-4359-49D7-8325-5F1CA915F90C} - (no file)

O2 - BHO: (no name) - {8FCB72CC-5DC9-47A2-B0A2-C90EFB78D577} - (no file)

O2 - BHO: (no name) - {C1A59E3C-2A70-4314-9156-4CA2C70E1868} - (no file)

O2 - BHO: (no name) - {C6125F9D-98D6-4BB7-8238-01DAD9279F82} - (no file)

O2 - BHO: (no name) - {D0022941-9470-46FF-87E2-D4C331042A58} - (no file)

O2 - BHO: (no name) - {D62CC015-D348-4AEC-A838-47582647FE43} - (no file)

O2 - BHO: (no name) - {D9F2F557-5237-4BD6-BF4C-E53364E916F2} - (no file)

O2 - BHO: (no name) - {E240FF4E-3005-44C2-9B34-B7C4EB7887D8} - (no file)

O2 - BHO: (no name) - {E3387251-B171-48A6-8487-375CD7B25434} - (no file)

O2 - BHO: (no name) - {EF222A11-9687-4127-BE91-96882A6CE14E} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll => Yahoo

Companion!

 

 

Videz vos fichiers temporaires.

 

Lancez Toolscleaner pour désinstaller tous les outils.

Il le fait automatiquement.

 

Réinstallez Combofix et postez les 2 rapports, svp.

[Nizar89]

Bonjour,

Dans Hijacthis, d'autres ligne du type "O2 - BHO: (no name) - {EF222A11-9687-4127-BE91-96882A6CE14E} - (no file)" été apparut. Dans le doute, je ne les ait pas supprimé, mais ais-je bien fais?

 

Vous me demandiez de postez deux rapports, mais quelle est le deuxième rapport? celui d'Hijacthis?

 

Voice le rapport Combofix:

 

ComboFix 08-05-21.3 - Azaiez 2008-05-24 9:43:15.3 - NTFSx86

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1010 [GMT 2:00]

Endroit: C:\Users\Azaiez\Desktop\ComboFix.exe

* Création d'un nouveau point de restauration

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Program Files\Google\googletoolbar1.dll

 

.

((((((((((((((((((((((((((((( Fichiers créés 2008-04-24 to 2008-05-24 ))))))))))))))))))))))))))))))))))))

.

 

2008-05-21 17:07 . 2008-05-24 09:42 <REP> d-------- C:\327882R2FWJFW

2008-05-21 14:52 . 2008-05-21 14:52 <REP> d-------- C:\Programme

2008-05-17 22:01 . 2008-05-17 22:10 96,645 --a------ C:\Windows\System32\drivers\klin.dat

2008-05-17 22:01 . 2008-05-17 22:10 87,941 --a------ C:\Windows\System32\drivers\klick.dat

2008-05-17 22:00 . 2008-05-24 07:47 <REP> d-------- C:\Users\All Users\Kaspersky Lab

2008-05-17 22:00 . 2008-05-24 07:47 <REP> d-------- C:\ProgramData\Kaspersky Lab

2008-05-17 22:00 . 2008-05-17 22:00 <REP> d-------- C:\Program Files\Kaspersky Lab

2008-05-17 22:00 . 2008-05-24 09:45 119,580,192 --ahs---- C:\Windows\System32\drivers\fidbox.dat

2008-05-17 22:00 . 2008-05-24 05:39 1,572,632 --ahs---- C:\Windows\System32\drivers\fidbox.idx

2008-05-17 21:34 . 2008-05-17 21:34 <REP> d-------- C:\Windows\4DCA27399D164B55808CE72CD70A5BD3.TMP

2008-05-17 21:32 . 2008-05-17 21:32 <REP> d-------- C:\Users\All Users\Kaspersky Lab Setup Files

2008-05-17 21:32 . 2008-05-17 21:32 <REP> d-------- C:\ProgramData\Kaspersky Lab Setup Files

2008-05-17 20:19 . 2008-05-17 20:19 208 --a------ C:\Windows\System32\MRT.INI

2008-05-17 19:41 . 2008-05-17 19:41 <REP> d-------- C:\ComboFix(2)

2008-05-16 18:24 . 2008-05-16 18:25 <REP> d-------- C:\ComboFix(1)

2008-05-15 13:42 . 2008-05-15 13:42 <REP> d-------- C:\ComboFix(0)

2008-05-12 12:18 . 2008-05-24 09:39 <REP> d-------- C:\Karcher

2008-05-11 20:45 . 2008-05-12 11:20 5,204 --a------ C:\Windows\System32\tmp.reg

2008-05-11 20:45 . 2008-05-12 11:20 0 --a------ C:\Windows\System32\tmp.MSNFix

2008-05-11 20:44 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe

2008-05-11 20:44 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe

2008-05-11 20:44 . 2008-04-24 08:10 86,528 --a------ C:\Windows\System32\VACFix.exe

2008-05-11 20:44 . 2008-04-28 08:03 82,944 --a------ C:\Windows\System32\IEDFix.exe

2008-05-11 20:44 . 2008-04-28 08:03 82,944 --a------ C:\Windows\System32\404Fix.exe

2008-05-11 20:44 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe

2008-05-11 20:44 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe

2008-05-11 15:14 . 2008-05-11 15:14 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2008-05-11 13:14 . 2008-01-19 09:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll

2008-05-11 13:13 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll

2008-05-11 13:12 . 2008-01-19 09:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll

2008-05-11 13:11 . 2008-01-19 09:36 2,588,160 --a------ C:\Windows\System32\UIHub.dll

2008-05-11 13:10 . 2008-01-19 09:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll

2008-05-11 13:09 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL

2008-05-11 13:07 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll

2008-05-11 13:07 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll

2008-05-11 13:07 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll

2008-05-11 13:06 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll

2008-05-11 13:06 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll

2008-05-11 13:06 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll

2008-05-11 13:06 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll

2008-05-11 13:06 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe

2008-05-11 13:06 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll

2008-05-11 13:05 . 2006-11-02 11:39 6,656 --a------ C:\Windows\System32\kbd106.dll

2008-05-11 09:50 . 2008-05-11 12:16 <REP> d-------- C:\Program Files\a-squared Free

2008-05-10 23:20 . 2008-05-10 23:20 <REP> d-------- C:\Program Files\Common Files\Scanner

2008-05-10 23:20 . 2002-02-21 17:56 24,576 --a------ C:\Windows\System32\msxml3a.dll

2008-05-09 13:43 . 2008-05-21 14:17 <REP> d-------- C:\Program Files\SEGA

2008-05-04 20:08 . 2008-05-10 19:05 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy

2008-05-04 20:08 . 2008-05-10 19:05 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy

2008-05-04 20:08 . 2008-05-08 15:37 <REP> d-------- C:\Program Files\Spybot - Search & Destroy

2008-05-01 18:32 . 2008-05-01 18:33 <REP> d-------- C:\Program Files\MOVAVI

2008-05-01 18:32 . 2008-05-01 18:33 <REP> d-------- C:\Program Files\ConvertMovie 5.0

2008-05-01 18:19 . 2008-05-01 18:19 <REP> d-------- C:\Program Files\Yamb

2008-05-01 18:03 . 2008-05-01 18:03 <REP> d-------- C:\videodvdmaker

2008-05-01 17:59 . 2008-05-01 17:59 <REP> d-------- C:\Program Files\Video DVD Maker

2008-05-01 17:23 . 2008-05-03 18:43 <REP> d-------- C:\0e8d4d347a10744117ffacd44f81dd

2008-04-27 11:11 . 2008-04-27 11:11 <REP> d-------- C:\PerfLogs

2008-04-27 09:39 . 2008-04-28 16:01 <REP> d-------- C:\e8016fc4bc0b50c5d5

2008-04-24 12:43 . 2008-04-24 12:43 331 --a------ C:\Windows\doom3.ini

2008-04-24 12:32 . 2008-04-30 13:30 <REP> d-------- C:\Program Files\DOOM 3

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-24 07:43 --------- d-----w C:\Program Files\Google

2008-05-23 12:52 --------- d-----w C:\ProgramData\Google Updater

2008-05-22 04:41 --------- d-----w C:\Program Files\SiteAdvisor

2008-05-18 01:00 --------- d-----w C:\Program Files\Windows Mail

2008-05-17 20:04 --------- d-----w C:\ProgramData\McAfee

2008-05-17 20:04 --------- d-----w C:\Program Files\McAfee

2008-05-17 20:04 --------- d-----w C:\Program Files\Common Files\McAfee

2008-05-17 19:54 --------- d---a-w C:\ProgramData\TEMP

2008-05-17 18:03 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-17 18:03 --------- d-----w C:\Program Files\Microsoft Games

2008-05-17 18:03 --------- d-----w C:\Program Files\Cossacks 2 - Battle for Europe

2008-05-15 20:25 --------- d-----w C:\Program Files\Mozilla Thunderbird

2008-05-11 12:34 174 --sha-w C:\Program Files\desktop.ini

2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Sidebar

2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Photo Gallery

2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Journal

2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Defender

2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Collaboration

2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Calendar

2008-05-11 11:44 82,432 ----a-w C:\Windows\System32\axaltocm.dll

2008-05-11 11:44 101,888 ----a-w C:\Windows\System32\ifxcardm.dll

2008-05-10 21:20 --------- d-----w C:\Program Files\Yahoo!

2008-04-23 09:06 --------- d-----w C:\Program Files\Diablo II

2008-04-23 08:23 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll

2008-04-21 10:54 98,304 ----a-w C:\Windows\System32\CmdLineExt.dll

2008-04-21 10:54 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys

2008-04-21 10:54 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe

2008-04-12 16:33 --------- d-----w C:\ProgramData\Media Center Programs

2008-04-12 16:25 --------- d-----w C:\Program Files\THQ

2008-04-12 06:52 21,840 ----a-w C:\Windows\System32\SIntfNT.dll

2008-04-12 06:52 17,212 ----a-w C:\Windows\System32\SIntf32.dll

2008-04-12 06:52 12,067 ----a-w C:\Windows\System32\SIntf16.dll

2008-04-12 06:45 2,829 ----a-w C:\Windows\DIIUnin.pif

2008-04-12 06:45 102,400 ----a-w C:\Windows\DIIUnin.exe

2008-04-05 10:29 --------- d-----w C:\Program Files\Hamachi

2008-04-05 10:28 25,280 ----a-w C:\Windows\system32\drivers\hamachi.sys

2008-03-23 16:14 4,230,520 ----a-w C:\Windows\System32\SpoonUninstall.exe

2008-03-14 15:06 52 ----a-w C:\amp.bat

2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll

2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe

2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe

2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll

2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll

2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll

2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll

2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys

2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe

2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe

2008-02-12 12:45 48 ----a-w C:\Users\Azaiez\readme.bat

2007-12-01 15:57 32 ----a-w C:\Users\All Users\ezsid.dat

2007-12-01 15:57 32 ----a-w C:\ProgramData\ezsid.dat

2007-11-18 11:17 31 ----a-w C:\Users\Azaiez\RUNME.bat

2005-03-03 20:56 16,753 ----a-w C:\Users\Azaiez\Stalker_v2.0.zip

2008-01-02 18:04 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2008-01-02 18:04 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2008-01-02 18:04 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

 

------- Sigcheck -------

 

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50442F11-C5CD-4B10-8DE0-06F374A59B66}]

C:\Users\Azaiez\AppData\Local\Temp\kHaYsQHW.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-01-19 13:49 4670968]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-03-05 21:10 36904]

"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="" []

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= C:\Program Files\ffdshow\ffdshow.ax

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Outil de mise à jour Google.lnk]

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Outil de mise à jour Google.lnk

backup=C:\Windows\pss\Outil de mise à jour Google.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrayMin700.exe.lnk]

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TrayMin700.exe.lnk

backup=C:\Windows\pss\TrayMin700.exe.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\444ce99b]

C:\Users\Azaiez\AppData\Local\Temp\urpwyqgc.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM477fda07]

C:\Users\Azaiez\AppData\Local\Temp\vvvxsnyg.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

--a------ 2008-01-19 09:33 125952 C:\Windows\ehome\ehTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2006-12-10 22:52 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]

--a------ 2006-09-28 15:42 65536 c:\hp\support\hpsysdrv.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

--a------ 2007-04-19 18:11 151552 C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

--a------ 2005-08-11 16:30 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

--a------ 2005-08-11 16:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]

--a------ 2006-12-08 17:16 65536 C:\HP\KBD\KbdStub.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

--a------ 2006-01-17 14:12 135168 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRT]

--a------ 2008-05-09 23:35 16863864 C:\Windows\system32\MRT.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]

C:\Users\Azaiez\AppData\Local\Temp\qoMfgGay.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phc700]

C:\Windows\system32\vphc700.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-06-10 19:52 282624 C:\Program Files\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

--a------ 2006-11-09 12:57 3784704 C:\Windows\RtHDVCpl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

--a------ 2008-01-19 09:33 1233920 C:\Program Files\Windows Sidebar\sidebar.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

--a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]

--a------ 2006-12-27 17:53 73840 C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2007-04-03 11:12 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2007-09-13 20:17 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]

--a------ 2008-04-01 18:35 3587120 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]

--a------ 2006-04-29 15:21 94208 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]

%windir%\WindowsMobile\wmdSync.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

--a------ 2008-01-19 09:33 202240 C:\Program Files\Windows Media Player\WMPNSCFG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{DA8BDA47-26ED-4C80-838E-25ADEB4B0958}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM

"{C1C62C23-E5F3-43BB-83E1-2A3CBD7E3EC7}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM

"{C8322D34-B73D-43A8-8F4D-76DD8C1A03D4}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server

"{93AF1CAD-8DEB-4F11-BE69-673E70E14631}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server

"{43264955-0B3F-4EB9-AD54-92A8D46582C3}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service

"{A241423A-F794-4707-952E-7B3FD534A06A}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service

"{5F0BEC45-5D2C-49A8-AF8B-A9B29B3C62F8}"= TCP:9442:127.0.0.1:Intel® Viiv Media Server Discovery

"{ED41B33F-BAC2-4820-8E98-61E60AECFF70}"= TCP:1900:LocalSubnet:LocalSubnet:Intel® Viiv Media Server UPnP Discovery

"{256BA5C8-B3C2-4983-B454-600F5AA8EF44}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"{F13EBF44-AC10-4297-A3A6-E98E7FF39142}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"{949EB903-E835-407E-8458-7DFBAD448F4A}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server

"{AF4A4330-02B4-49C0-A57B-A0F8A4EB5F23}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server

"{BDAD8392-DB41-4FE1-AF5C-52336A815283}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"{13E444D6-7964-4755-95D5-0E16810C26EC}"= UDP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR

"{83196E5D-01B0-4BDD-B8B0-8AD4D0CAE330}"= TCP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR

"{A06AEA53-5BE3-4509-9D10-E9958DAA34FA}"= UDP:C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II

"{C601AB94-43E4-47F4-BDE0-3DCD42A61A02}"= TCP:C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II

"{7C0C3818-357F-4905-B387-A33165FE3CBD}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent

"{B5833123-362D-4854-BB11-BE7023FE159E}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent

"{2B3D521F-A6E0-4842-92BB-95198A03F4EA}"= UDP:C:\Program Files\Sierra\FEARCombat\FEARMP.exe:FEAR Combat

"{2A500327-BEB5-4E90-AACE-C2144583C98C}"= TCP:C:\Program Files\Sierra\FEARCombat\FEARMP.exe:FEAR Combat

"{5ACF4C4E-B744-4915-94A8-FE551EF4FB4E}"= UDP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander

"{22B3CACF-01A3-4266-8CC4-CAE6FA5EA637}"= TCP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander

"{2B6E05FA-C8EE-4D94-9842-F04D26407943}"= UDP:C:\Program Files\Microsoft Games\Halo 2\halo2.exe:Halo 2

"{59C6B8EA-0F55-4E6A-8DC8-9DE740FA1AF2}"= TCP:C:\Program Files\Microsoft Games\Halo 2\halo2.exe:Halo 2

"{CD3BE5CD-DC83-4A27-932D-4928D9E7C3C6}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{7A944F5E-2707-4492-9BD0-BD7CDC8019AD}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{8F864C4F-AF6E-4B55-9AA5-C069F6A37222}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{F0C1F55C-8761-4E20-B839-336234AD619E}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{42C127B6-D7A5-4C19-A38F-6751D6B786D7}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars Demo\etqw.exe:Enemy Territory - QUAKE Wars Demo

"{CC8AD5EA-69A9-44D6-9BD5-0A6E4F34EF26}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars Demo\etqw.exe:Enemy Territory - QUAKE Wars Demo

"{377A1038-5E4A-4209-ABD1-FF869D76D2FE}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars Demo\etqwded.exe:etqwded.exe

"{F7BEBBE5-0181-433B-BC68-3C5D606FC42C}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars Demo\etqwded.exe:etqwded.exe

"{94C474BD-D001-4CD6-A305-18E702F57D5F}"= UDP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo

"{1F70259E-0512-4805-9D15-3B2A5340B6B9}"= TCP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo

"{17F8443B-4CED-459B-848B-F6D43AB4EF2E}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)

"{9282BF41-EC99-4676-8DF7-3A2C61A17DEC}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)

"{546D4843-3B34-4324-AF2E-93EEA1E1D888}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)

"{4F9F1B32-BA6A-4849-B7C1-12260F6808F5}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)

"{49AFF427-17E1-4697-988A-D71B331B4BE7}"= UDP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance

"{F8682EBE-6FCB-42C3-87BD-DB92E1853499}"= TCP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance

"{06C39CC5-E266-485B-B9AB-4A4A90F72CFC}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance

"{1111940A-44B6-40C8-88C4-1FD18CECAD57}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance

"{5D5A6AEC-006B-4637-9F24-4FD9F5A304C9}"= UDP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3

"{EB636B46-D5BD-4223-AD5E-E51B507B5FD3}"= TCP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3

"{39215C1D-0978-461A-A572-E62B5B058808}"= UDP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts

"{0AC844D3-C5A6-4933-B479-C3F0F4830148}"= TCP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts

"{6A2977D8-4B21-416A-9A9B-F70715D459B9}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype

"{EB9DAB2F-8D8E-493C-AFF3-14530287BBAB}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype

 

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 11:05]

R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2006-09-03 11:32]

R2 RapiMgr;Connectivité de l'appareil Windows Mobile;C:\Windows\system32\svchost.exe [2008-01-19 09:33]

R2 WcesComm;Connectivité de l'appareil Windows Mobile 2003;C:\Windows\system32\svchost.exe [2008-01-19 09:33]

R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-10-20 23:47]

R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-18 04:01]

R3 camdrv41;Philips SPC 900NC PC Camera;C:\Windows\system32\DRIVERS\camdrv41.sys [2007-04-23 14:44]

R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2006-11-06 11:14]

S2 IntelDHSvcConf;Intel DH Service;"C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [2006-05-10 10:13]

S3 3xHybrid;ASUSTek SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2006-09-19 18:57]

S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\Windows\system32\DRIVERS\fbxusb32.sys [2004-10-20 15:23]

S3 GOGA;GOGA;C:\Users\Azaiez\AppData\Local\Temp\GOGA.exe []

S3 JATLCW;JATLCW;C:\Users\Azaiez\AppData\Local\Temp\JATLCW.exe []

S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-18 04:01]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d93cbb4-52d5-11dc-935a-001a924085c8}]

\shell\AutoRun\command - RAVMON.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f19dff4-00b5-11dd-b98e-001a924085c8}]

\shell\AutoRun\command - G:\PMB_P.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0550188-4d9f-11dc-b50a-001a924085c8}]

\shell\AutoRun\command - RAVMON.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6f66148-0920-11dd-a4b4-001a924085c8}]

\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7679cde-2085-11dc-9bf4-001a924085c8}]

\shell\AutoRun\command - F:\blank.exe

 

.

Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

"2007-05-13 05:38:46 C:\Windows\Tasks\McDefragTask.job"

- c:\program files\mcafee\mqc\QcConsol.exe'

"2007-05-13 05:38:46 C:\Windows\Tasks\McQcTask.job"

- c:\program files\mcafee\mqc\QcConsol.exe

"2008-05-24 07:45:00 C:\Windows\Tasks\User_Feed_Synchronization-{48D2F123-9750-4DB6-815B-983FB705A8CB}.job"

- C:\Windows\system32\msfeedssync.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-24 09:46:09

Windows 6.0.6001 Service Pack 1 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

 

**************************************************************************

.

Temps d'accomplissement: 2008-05-24 9:48:43

ComboFix-quarantined-files.txt 2008-05-24 07:47:39

ComboFix2.txt 2008-05-21 15:14:16

 

Pre-Run: 178,900,504,576 octets libres

Post-Run: 178,861,457,408 octets libres

 

329 --- E O F --- 2008-05-23 12:44:47

 

 

 

 

 

 

 

Merci.

[Nizar89]

N'ayant pas recut de reponse, je me permet de upper ^^

[pear]

Bonsoir,

 

Désolé de vous avoir imposé cette attente, mais j'ai dû m'absenter quelque temps.

 

je vous demande de lancer Combofix sans les protections, comme indiqué dès le début.

Le rapport en sera plus lisible.

]

 

Fermez ou désactivez tous les programmes Antivirus, Antispyware, ainsi que tout pare-feu en cours d'exécution car ils pourraient perturber le fonctionnement de ComboFix.

Cela est absolument nécessaire au succès de la procédure.

Bien évidemment, vous les rétablirez ensuite.

 

*Double cliquer sur combofix.exe pour le lancer.

Ne pas fermer la fenêtre qui vient de s'ouvrir , le bureau serait vide et cela pourrait entraîner un plantage du programme!

1)Certaines infections (Rootkit en Mbr)ne peuvent être traitées qu'en utilisant la Console de Récupération,

Nous allons d'abord installer la Console de Récupération sur le pc .

Cela permettra de réparer le système au cas ou le pc ne redémarrerait plus suite à la désinfection.

Si c'est déjà fait, passez au point 2).

* Après avoir cliqué sur le lien correspondant à votre version de Windows, vous serez dirigé sur une page:

cliquez sur le bouton Télécharger afin de récupérer le package d'installation sur leBureau:

Ne modifiez pas le nom du fichier

Windows XP Service Pack 2 (SP2) > Microsoft Windows XP Professionnel SP2

* Faites un glisser/déposer de ce fichier sur le fichier ComboFix.exe comme sur la capture >

http://i261.photobucket.com/albums/ii49/Ma...te/CFScript.gif

* Suivre les indications à l'écran pour lancer ComboFix et lorsqu'on le demande, accepter le Contrat de Licence d'Utilisateur Final pour installer la Console de Récupération Microsoft.

* Lorsque ce sera terminé, un message disant que la Console a bien été installée apparait, puis un rapport nommé CF_RC.txt va s'afficher:

postez en le contenu .

 

Si pour une raison quelconque, Vista par exemple, combofix ne se lançait pas,

Démarrez en mode sans échec, choisissez le compte Administrateur, lancez Combofix

2)

* Taper sur la touche 1 pour démarrer le scan.

Lorsque ComboFix tourne, ne touchez plus du tout à votre ordinateur, vous risqueriez de planter le programme.

* Lorsque le scan sera terminé,( cela pourrait prendre un certain temps),un rapport sera généré : postez en le contenu dans un prochain message.

* Si le rapport est trop long, postez le en deux fois.

Il se trouve à c:\combofix.txt

L'autre rapport demandé était bien sûr, Hijackthis, pour vérifier si les 02 sont parties.