Winupgro

[Zouco]

Bonjour,

 

J'ai été victime (mais je l'avais bien cherché à jouer avec une Mule) d'un programme qu'y a détruit

tous mes programmes de sécurité (Avest, ZoneAlarm, Spyboot et AdAware). et ajouté le process "winupgro"

qui ralentissait ma machine.

 

J'ai d'abord supprimé le fichier qui été à l'origine de mes problème puis après avoir parcouru votre

forum en long et en large j'ai passé:

 

- ConboFix

- Malwarebytes

- Findykill

- Antivir

 

Aujourd'hui si je repasse Malwarebytes, antivir et Kapersky online scaner je n'ai plus de message suspect

et la vitesse de ma machine est normal.

 

Pourtant Je n'arrive pas à desinstaller ZoneAlarme. et parfois Internet explorer et Firefox ne se connectent pas.

 

Je vous envoye le log de HighjackThis. Quelqu'un y voit-il quelquechose de suspect?

 

Merci pour votre aide.

 

 

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:45:24, on 30/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

C:\WINDOWS\System32\svchost.exe

c:\APPS\HIDSERVICE\HIDSERVICE.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\SPAMfighter\sfus.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

c:\APPS\Powercinema\Kernel\TV\CLSched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\SPAMfighter\SFAgent.exe

C:\Program Files\Gigaset DECT\gigaset-m34-software\skypeclient.exe

C:\Program Files\Gigaset DECT\gigaset-m34-software\appsvr.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Apps\Powercinema\PCMService.exe

C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe

C:\Program Files\Hercules\Hercules DualPix HD Webcam\CamService.exe

C:\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\apps\ABoard\ABoard.exe

C:\apps\ABoard\AOSD.exe

C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe

C:\WINDOWS\system32\ctfmon.exe

C:\apps\skype\Phone\Skype.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe

C:\Program Files\OFFICE One6.5\program\soffice.exe

C:\apps\skype\Plugin Manager\skypePM.exe

C:\Program Files\Mozilla Firefox\firefox.exe

F:\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O2 - BHO: (no name) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [skypeclient.exe] "C:\Program Files\Gigaset DECT\gigaset-m34-software\skypeclient.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -scheduler

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [HerculesCamService] C:\Program Files\Hercules\Hercules DualPix HD Webcam\CamService.exe

O4 - HKLM\..\Run: [bOOT] C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe /BOOT

O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe

O4 - HKLM\..\Run: [OoPDFSettingsv6.exe] C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [skype] "C:\apps\skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OFFICE One 6.5.lnk = C:\Program Files\OFFICE One6.5\program\quickstart.exe

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe

O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe

O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: OFFICE One Notes v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm

O15 - Trusted Zone: http://download.artevod.com

O15 - Trusted Zone: http://www.artevod.com

O15 - Trusted Zone: *.canalplay.com (HKLM)

O15 - Trusted Zone: *.canalplusactive.com (HKLM)

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E1AF091A-9F23-4059-89D7-C05EE073285D} (Canal+ Active MSWAY) - https://www.canalplay.com/cabs/msway44.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs:

O23 - Service: Service de licence ABBYY FineReader 9.0 (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

 

--

End of file - 12853 bytes

 

 

 

 

Voila

 

Encore merci.

[no.ppp]

Bonjour,

 

C'est pas super malin de jouer aux apprentis sorciers comme tu l'as fait, tu aurais pu planter ta machine complètement !

 

Envoie tous les rapports (ComboFix, Antivir, MBAM, FindyKill)

 

Télécharge Toolbar-S&D (de la Team IDN) sur ton Bureau.

• Double-clique sur le fichier téléchargé pour lancer l'installation
  Désactive toutes tes protections résidentes !
  
• Lance maintenant Toolbar-S&D.
  
• Choisis F pour Français, et valide par Entrée
  
• Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
  
• Poste le rapport généré. (C:\TB.txt)
  Réactive toutes tes protections résidentes !
  

Modifié le 31 décembre 2008 par no.ppp

[Zouco]

Bonjour, et bonne année!

 

primo le rapport ComboFix:

ComboFix 08-12-28.01 - Daniel 2008-12-29 0:05:35.1 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2047.1650 [GMT 1:00]

Lancé depuis: d:\documents and settings\Daniel\Bureau\dan.exe.exe

FW: ZoneAlarm Firewall *disabled*

* Un nouveau point de restauration a été créé

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\program files\Windows Media Player\WMPNSCFG.exe

c:\windows\system32\ban_list.txt

c:\windows\system32\mdelk.exe

c:\windows\system32\wintems.exe

d:\documents and settings\Daniel\Application Data\drivers\downld

d:\documents and settings\Daniel\Application Data\drivers\downld\101218.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\102078.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\111578.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\114890.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\115109.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\123062.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\124250.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\124296.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\124500.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\124906.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\125171.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\200250.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\244984.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\262937.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\263437.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\263515.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\276328.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\277031.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\277078.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\277343.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\284765.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\285296.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\286062.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\290296.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\291578.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\291609.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\292109.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\292812.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\294625.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\297609.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\303921.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\316250.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\316609.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\317250.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\321890.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\322843.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\323671.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\324296.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\327578.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\333359.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\333890.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\334343.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\338937.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\339421.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\339718.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\349984.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\356515.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\359828.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\360453.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\361328.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\370468.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\370984.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\371375.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\78593.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\86968.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\87031.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\91234.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\93734.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\94875.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\98218.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\98296.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\99500.exe

d:\documents and settings\Daniel\Application Data\drivers\downld\99546.exe

d:\documents and settings\Daniel\Application Data\drivers\srosa.sys

d:\documents and settings\Daniel\Application Data\drivers\srosa2.sys

d:\documents and settings\Daniel\Application Data\drivers\winupgro.exe

d:\documents and settings\Daniel\Application Data\m

d:\documents and settings\Daniel\Application Data\m\data.oct

d:\documents and settings\Daniel\Application Data\m\flec006.exe

d:\documents and settings\Daniel\Application Data\m\list.oct

d:\documents and settings\Daniel\Application Data\m\shared\0.zip

d:\documents and settings\Daniel\Application Data\m\shared\2_Nokia - SlovoEd.v1_0_CRACK.zip

d:\documents and settings\Daniel\Application Data\m\shared\A4Desk Music Player 2.07.zip

d:\documents and settings\Daniel\Application Data\m\shared\Accomplice Portable 1.2.3.zip

d:\documents and settings\Daniel\Application Data\m\shared\Adobe Photoshop Elements 7.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\Ali Landry 22 Screensaver 1.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\Amazon.com Search 1.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\AoA DVD COPY 2.8.5.zip

d:\documents and settings\Daniel\Application Data\m\shared\Aplus FLV to MOV Converter 5.48.zip

d:\documents and settings\Daniel\Application Data\m\shared\Applet FloatingMenu Builder 2005 1.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\AR Soft RAM Disk 1.20.zip

d:\documents and settings\Daniel\Application Data\m\shared\Around the Cooler 1.0.0.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\ASP huge file upload 2.1.zip

d:\documents and settings\Daniel\Application Data\m\shared\Avast!.v4.1.7.Pda.(Antivirus).zip

d:\documents and settings\Daniel\Application Data\m\shared\B-Calm Privacy 1.2.19.zip

d:\documents and settings\Daniel\Application Data\m\shared\Babya Presenter Standard 3.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\BHOList 1.5.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\Buddy2Buddy 1.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\BusinessMail Email Server + Anti Spam System 4.70.00.zip

d:\documents and settings\Daniel\Application Data\m\shared\BVCommerce 2004 Credit Card Processors 3.8.1.zip

d:\documents and settings\Daniel\Application Data\m\shared\CATVids Import Utility 4.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\CD to WMA MP3 Ripper 1.60.zip

d:\documents and settings\Daniel\Application Data\m\shared\Check Disk and Format Disk Component 1.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\Christina Applegate Screensaver2.zip

d:\documents and settings\Daniel\Application Data\m\shared\Colors of the Nature Screensaver 1.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\CompuApps DriveEraser 1.19.zip

d:\documents and settings\Daniel\Application Data\m\shared\CopyFighter 3.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\Courier Mail Server 2.06.zip

d:\documents and settings\Daniel\Application Data\m\shared\Cubic Inch Converter .a.zip

d:\documents and settings\Daniel\Application Data\m\shared\DialupMon 1.4.2.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\Digital Audio CD Burner 7.4.0.10.zip

d:\documents and settings\Daniel\Application Data\m\shared\DIGITAL ROC Professional 2.1.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\Disk Performance Analyzer for Networks 1.0.1051a.zip

d:\documents and settings\Daniel\Application Data\m\shared\drweb.for.windows.4.33.keyfile.rev.zip

d:\documents and settings\Daniel\Application Data\m\shared\Duplicate File Finder Pro 1.10.zip

d:\documents and settings\Daniel\Application Data\m\shared\DVD To WAV Converter 1.02.zip

d:\documents and settings\Daniel\Application Data\m\shared\Earthquake.zip

d:\documents and settings\Daniel\Application Data\m\shared\Easy Group Mail Subscriber 2.06.zip

d:\documents and settings\Daniel\Application Data\m\shared\Email Spider Standard Edition 1.01.zip

d:\documents and settings\Daniel\Application Data\m\shared\EmotiConverter 0.9.9.3.zip

d:\documents and settings\Daniel\Application Data\m\shared\EMS Data Import for Oracle 3.1.0.7.zip

d:\documents and settings\Daniel\Application Data\m\shared\Fast Messages 1.21.zip

d:\documents and settings\Daniel\Application Data\m\shared\Favorites to HTML Pro 2.2.15.zip

d:\documents and settings\Daniel\Application Data\m\shared\FeedMU 1.5.54.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\FictionSoftware EasyShutDown 1.0.2.zip

d:\documents and settings\Daniel\Application Data\m\shared\File Compare XP 1.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\foo adpcm 0.7.zip

d:\documents and settings\Daniel\Application Data\m\shared\FreezeX Standard 1.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\FTPHoover 2.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\Fuzzy System Component 1.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\Gradient Screensaver 3.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\GSDictionary 1.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\Haali Media Splitter 1.7.401.3.zip

d:\documents and settings\Daniel\Application Data\m\shared\Home Video Converter Pro 4.7.5.299.zip

d:\documents and settings\Daniel\Application Data\m\shared\Human Pictcha 1.0.5.zip

d:\documents and settings\Daniel\Application Data\m\shared\Image Recognition Web Test Plugin 4.301.zip

d:\documents and settings\Daniel\Application Data\m\shared\Incrediback Backup 2.25.zip

d:\documents and settings\Daniel\Application Data\m\shared\InstantRecovery Personal Edition 4.1.zip

d:\documents and settings\Daniel\Application Data\m\shared\ITS Password Generator 1.0.2.zip

d:\documents and settings\Daniel\Application Data\m\shared\JoyMouse 2.4.2.zip

d:\documents and settings\Daniel\Application Data\m\shared\JPEG Optimizer 3.15.zip

d:\documents and settings\Daniel\Application Data\m\shared\Listen Later 1.2.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\ListMemoriser 1.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\LsT 1.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\Marine Life 3D Screensaver 1.1.zip

d:\documents and settings\Daniel\Application Data\m\shared\Meda MP3ToWav 1.0.1.zip

d:\documents and settings\Daniel\Application Data\m\shared\MediaDoctor 2.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\Mortgage Rescision Prequal. Software 1.0.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\Mp3 Organizer Pro 3.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\myAlbum2 2.1.2.32767.zip

d:\documents and settings\Daniel\Application Data\m\shared\Mydoom.A Remover 3.5.1.11.zip

d:\documents and settings\Daniel\Application Data\m\shared\Navigatore Satellitare Tomtom Citymaps Nokia.zip

d:\documents and settings\Daniel\Application Data\m\shared\Nebula 2 1.1.zip

d:\documents and settings\Daniel\Application Data\m\shared\NOD32_AntiVirus_v2.000.6.zip

d:\documents and settings\Daniel\Application Data\m\shared\Norton Partition Magic 8.05 + Norton Boot Magic 8 - ita+serial - 2004 - by_mikyerosy.zip

d:\documents and settings\Daniel\Application Data\m\shared\NTFSCHK 1.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\NuvaRing Reminder 1.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\PDF417 ActiveX Control 1.3.zip

d:\documents and settings\Daniel\Application Data\m\shared\PerfConsole 1.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\PfiOO 1.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\Pixel Circle 1.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\Portable Junction Link Magic 1.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\Postscript to Text Converter SDK Server License 2.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\PpSpeak 2.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\Primatte Chromakey 3.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\Pro-Care Spine Saver 1.0.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\ProjectHand 1.2.zip

d:\documents and settings\Daniel\Application Data\m\shared\PwdDoubleCheck (Passwords) 1.0.1.zip

d:\documents and settings\Daniel\Application Data\m\shared\QueryToDoc 3.6.zip

d:\documents and settings\Daniel\Application Data\m\shared\Rabih.Abou-Khalil.-.Tarab.Mp3@256.Avg.Kbps.Preset.Extreme.zip

d:\documents and settings\Daniel\Application Data\m\shared\Rain Wonder Demo Screensaver 1.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\Real2MSN 1.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\Repedo One Free 3.3.6.zip

d:\documents and settings\Daniel\Application Data\m\shared\Research Word 1.3.4.zip

d:\documents and settings\Daniel\Application Data\m\shared\Retail Screensaver 1.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\RH CPUinfo 1.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\SABnzbd 0.4.4.zip

d:\documents and settings\Daniel\Application Data\m\shared\Samplist's CD Player 1.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\Samurai App 1.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\Say What 1.1.8.zip

d:\documents and settings\Daniel\Application Data\m\shared\ScrollBar Skiner 1.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\Serials.Number.&.Generator.&.Cracks.-.Keygen.-.Symantec.Norton.Ghost.Serial.#.Creater.zip

d:\documents and settings\Daniel\Application Data\m\shared\Shape Calculator 1.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\Shareware Name Analyzer 1.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\ShortStuff 0.1.1.2.zip

d:\documents and settings\Daniel\Application Data\m\shared\Signaling Analysis and Visualization 2.5.zip

d:\documents and settings\Daniel\Application Data\m\shared\Sinai Screens 1.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\Speed-O-Meter 4.1.zip

d:\documents and settings\Daniel\Application Data\m\shared\SplitMovie 2.0.0.2.zip

d:\documents and settings\Daniel\Application Data\m\shared\Standard Logistics Icons 2008.1.zip

d:\documents and settings\Daniel\Application Data\m\shared\SurfSecret Privacy Protector 7.5.zip

d:\documents and settings\Daniel\Application Data\m\shared\Symantec.Norton.Ghost.10.2006.bootable.deutsch.german.SN.BMTG-FCDJ-JBDH-QTHY-RD28-BCPD.zip

d:\documents and settings\Daniel\Application Data\m\shared\System Monitor 1.5.zip

d:\documents and settings\Daniel\Application Data\m\shared\TaskCapture 1.02.zip

d:\documents and settings\Daniel\Application Data\m\shared\The Mystic Eye Tarot Calculator 1.2.zip

d:\documents and settings\Daniel\Application Data\m\shared\Tick Tracer 1.0.0.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\Urdu Dictionary 0.6.zip

d:\documents and settings\Daniel\Application Data\m\shared\Video Card Stability Test 1.0.0.3 Build 80416.zip

d:\documents and settings\Daniel\Application Data\m\shared\VideoResizer 1.1.zip

d:\documents and settings\Daniel\Application Data\m\shared\View From Space Screensaver.zip

d:\documents and settings\Daniel\Application Data\m\shared\vitaero (SkypeHeadset) 1.4.zip

d:\documents and settings\Daniel\Application Data\m\shared\Web-candy Digital Clock 1.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\Web Response Grabber Standard 2.5.zip

d:\documents and settings\Daniel\Application Data\m\shared\WGAL 7.09.04.zip

d:\documents and settings\Daniel\Application Data\m\shared\WinSmit 2.0.1.zip

d:\documents and settings\Daniel\Application Data\m\shared\xWords 1.0.zip

d:\documents and settings\Daniel\Application Data\m\shared\YMulti Messenger 8.x.zip

d:\documents and settings\Daniel\Application Data\m\shared\ZapMessenger 1.0.0.zip

d:\documents and settings\Daniel\Application Data\m\srvlist.oct

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_SROSA

-------\Legacy_SROSA

-------\Legacy_SK9OU0S

-------\Service_sK9Ou0s

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-28 ))))))))))))))))))))))))))))))))))))

.

 

2008-12-28 23:31 . 2008-11-06 02:03 <REP> d-------- C:\SDFix

2008-12-28 18:03 . 2008-12-29 00:06 <REP> d--h----- d:\documents and settings\Daniel\Application Data\drivers

2008-12-28 17:18 . 2008-12-29 00:03 <REP> d-------- d:\documents and settings\Daniel\Application Data\DNA

2008-12-28 17:18 . 2008-12-28 19:22 <REP> d-------- d:\documents and settings\Daniel\Application Data\BitTorrent

2008-12-28 17:18 . 2008-12-29 00:10 <REP> d-------- c:\program files\DNA

2008-12-28 17:18 . 2008-12-28 17:18 <REP> d-------- c:\program files\BitTorrent

2008-12-21 21:07 . 2008-12-21 21:07 361,600 --a------ c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL

2008-12-17 19:20 . 2008-12-17 19:20 <REP> d-------- d:\documents and settings\Daniel\Application Data\SPAMfighter

2008-12-17 19:19 . 2008-12-29 00:09 <REP> d-------- c:\program files\SPAMfighter

2008-12-17 19:19 . 2008-12-17 19:19 <REP> d-------- c:\program files\Fichiers communs\Application

2008-12-10 22:45 . 2008-12-10 22:45 <REP> d-------- d:\documents and settings\Daniel\Application Data\Uniblue

2008-12-10 20:14 . 2008-12-10 20:14 410,984 --a------ c:\windows\system32\deploytk.dll

2008-12-05 22:58 . 2004-08-16 18:55 <REP> d--h----- d:\documents and settings\Administrateur\Voisinage réseau

2008-12-05 22:58 . 2004-08-16 18:55 <REP> d--h----- d:\documents and settings\Administrateur\Voisinage d'impression

2008-12-05 22:58 . 2005-12-14 23:14 <REP> d--h----- d:\documents and settings\Administrateur\Modèles

2008-12-05 22:58 . 2005-12-14 15:19 <REP> dr------- d:\documents and settings\Administrateur\Mes documents

2008-12-05 22:58 . 2005-12-14 23:14 <REP> dr------- d:\documents and settings\Administrateur\Menu Démarrer

2008-12-05 22:58 . 2005-12-14 15:19 <REP> dr------- d:\documents and settings\Administrateur\Favoris

2008-12-05 22:58 . 2005-12-13 09:33 <REP> dr------- d:\documents and settings\Administrateur\Bureau

2008-12-05 22:58 . 2005-12-14 23:14 <REP> d-------- d:\documents and settings\Administrateur\Application Data\You've Got Pictures Screensaver

2008-12-05 22:58 . 2005-12-13 09:25 <REP> d-------- d:\documents and settings\Administrateur\Application Data\Symantec

2008-12-05 22:58 . 2008-01-20 13:03 <REP> d-------- d:\documents and settings\Administrateur\Application Data\Apple Computer

2008-12-05 22:58 . 2008-12-05 22:58 <REP> d-------- d:\documents and settings\Administrateur

2008-12-05 21:15 . 2008-12-05 21:15 <REP> d-------- c:\program files\CCleaner

2008-12-05 11:58 . 2008-12-28 18:26 4,362,272 --ahs---- c:\windows\system32\drivers\fidbox.dat

2008-12-05 11:58 . 2008-12-28 18:26 55,328 --ahs---- c:\windows\system32\drivers\fidbox.idx

2008-12-05 11:54 . 2008-12-05 11:54 <REP> d-------- d:\documents and settings\All Users\Application Data\MailFrontier

2008-12-05 11:54 . 2008-07-09 09:05 75,248 --a------ c:\windows\zllsputility.exe

2008-12-05 11:54 . 2008-07-09 09:05 54,672 --a------ c:\windows\system32\vsutil_loc040c.dll

2008-12-05 11:54 . 2008-07-09 09:05 42,384 --a------ c:\windows\zllsputility_loc040c.dll

2008-12-05 11:54 . 2008-07-09 09:05 21,904 --a------ c:\windows\system32\imsinstall_loc040c.dll

2008-12-05 11:54 . 2008-07-09 09:05 17,808 --a------ c:\windows\system32\imslsp_install_loc040c.dll

2008-12-05 11:54 . 2004-04-27 04:40 11,264 --a------ c:\windows\system32\SpOrder.dll

2008-12-05 11:54 . 2008-12-05 11:57 4,212 ---h----- c:\windows\system32\zllictbl.dat

2008-12-05 11:53 . 2008-12-28 21:09 <REP> d-------- c:\windows\system32\ZoneLabs

2008-12-05 11:53 . 2008-07-09 09:05 1,086,952 --a------ c:\windows\system32\zpeng24.dll

2008-12-05 11:53 . 2008-12-28 12:17 358,382 --a------ c:\windows\system32\vsconfig.xml

2008-12-05 10:35 . 2008-12-28 18:04 <REP> d-------- c:\windows\Internet Logs

2008-12-05 10:35 . 2008-12-05 10:35 <REP> d-------- c:\program files\Zone Labs

2008-12-01 23:52 . 2008-12-29 00:03 <REP> d-------- d:\documents and settings\Daniel\Application Data\skypePM

2008-12-01 23:52 . 2008-12-01 23:52 <REP> d-------- c:\program files\Fichiers communs\Skype

2008-12-01 23:52 . 2008-12-01 23:52 56 --ah----- c:\windows\system32\ezsidmv.dat

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-28 22:49 --------- d-----w d:\documents and settings\Daniel\Application Data\Skype

2008-12-28 16:54 --------- d-----w c:\program files\eMule

2008-12-28 11:29 242,736 ----a-w d:\documents and settings\Daniel\Application Data\GDIPFONTCACHEV1.DAT

2008-12-21 20:07 361,600 ----a-w c:\windows\system32\drivers\TCPIP.SYS

2008-12-10 19:14 --------- d-----w c:\program files\Java

2008-12-06 15:10 --------- d-----w c:\program files\AskSBar

2008-12-06 10:39 --------- d-----w c:\program files\Spybot - Search & Destroy

2008-12-06 00:12 --------- d-----w d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2008-12-05 23:44 --------- d-----w c:\program files\Alwil Software

2008-12-05 10:40 --------- d-----w d:\documents and settings\All Users\Application Data\VadeRetro

2008-12-05 10:40 --------- d-----w c:\program files\Goto Software

2008-12-05 10:14 --------- d-----w d:\documents and settings\Daniel\Application Data\Comodo

2008-11-14 09:55 --------- d-----w c:\program files\Fichiers communs\Adobe

2008-08-30 21:02 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008083020080831\index.dat

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-06-29 66912]

 

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]

2008-06-29 17:06 66912 --a------ c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

"Skype"="c:\apps\skype\Phone\Skype.exe" [2008-11-07 21633320]

"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-28 342848]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EPSON Stylus Photo RX420 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE" [2004-04-09 98304]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-12-28 919016]

"Ulead AutoDetector v2"="c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2008-12-28 90112]

"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-12-13 180269]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-10 136600]

"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2008-12-09 325768]

"skypeclient.exe"="c:\program files\Gigaset DECT\gigaset-m34-software\skypeclient.exe" [2005-08-18 622592]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]

"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118]

"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2006-05-16 86960]

"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-05-16 213936]

"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]

"HerculesCamService"="c:\program files\Hercules\Hercules DualPix HD Webcam\CamService.exe" [2007-02-26 102400]

"BOOT"="c:\program files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe" [2002-08-16 476160]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-12-28 81000]

"ATIPTA"="c:\ati technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]

"OoPDFSettingsv6.exe"="c:\program files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe" [2003-11-20 460800]

"SkyTel"="SkyTel.EXE" [2007-04-04 c:\windows\SkyTel.exe]

"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 c:\windows\RTHDCPL.exe]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

d:\documents and settings\Mathias\Menu D‚marrer\Programmes\D‚marrage\

RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]

TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]

UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]

 

d:\documents and settings\Daniel\Menu D‚marrer\Programmes\D‚marrage\

OFFICE One 6.5.lnk - c:\program files\OFFICE One6.5\program\quickstart.exe [2004-03-08 36864]

RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]

TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]

UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]

 

d:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Acc‚l‚rateur de d‚marrage AutoCAD.lnk - c:\program files\Fichiers communs\Autodesk Shared\acstart16.exe [2005-03-05 10872]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

OFFICE One Notes v6.5.lnk - c:\program files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe [2006-02-20 559104]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm

"msacm.ulmp3acm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm

"msacm.mpegacm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm

"msvideo"= CxCap.drv

"msvideo1"= CxCap.drv

"msvideo2"= CxCap.drv

"msvideo3"= CxCap.drv

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%ProgramFiles%\\AOL 9.0\\aol.exe"=

"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=

"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\AOL 9.0\\waol.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\apps\\skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"46939:UDP"= 46939:UDP:emule UDP

 

R2 ABBYY.Licensing.FineReader.Professional.9.0;Service de licence ABBYY FineReader 9.0;"c:\program files\ABBYY FineReader 9.0\NetworkLicenseServer.exe" -service [2007-09-24 566560]

R2 SPAMfighter Update Service;SPAMfighter Update Service;"c:\program files\SPAMfighter\sfus.exe" [2008-12-09 184968]

R3 APL531;Hercules Dualpix HD Webcam;c:\windows\system32\Drivers\HDvid.sys [2008-03-09 275072]

R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l251x86.sys [2007-12-25 29696]

R3 Atkcfg;Cordless Device Configuration;c:\windows\system32\Drivers\atkcfg.sys [2005-08-18 46592]

R3 camfilt;camfilt;c:\windows\system32\Drivers\camfilt.sys [2008-03-09 24192]

R3 Gig5gu;Cordless Internet Access;c:\windows\system32\Drivers\gig5gu.sys [2005-08-18 55680]

R3 Gigsrf;Cordless Device Line Access;c:\windows\system32\Drivers\gigsrf.sys [2005-08-18 94592]

R3 Gigtnc;Cordless PC Control;c:\windows\system32\Drivers\gigtnc.sys [2005-08-18 45440]

R3 siellif;siellif;c:\windows\system32\Drivers\siellif.sys [2005-03-01 113408]

R3 Sieupapp;Cordless Device Update;c:\windows\system32\Drivers\Sieupapp.sys [2005-08-18 32128]

S1 aswSP;avast! Self Protection; []

S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys []

S3 Sieupdfu;Cordless Device in update mode;c:\windows\system32\Drivers\Sieupdfu.sys [2005-08-18 32000]

S3 USTOR;U-Storage Controller;c:\windows\system32\DRIVERS\UStork.sys [2006-02-20 20218]

S3 whmice2k;Fellowes Web Pro Optical mouse Upper Filter Driver;c:\windows\system32\DRIVERS\whmice2k.sys [2007-02-16 5797]

.

Contenu du dossier 'Tâches planifiées'

 

2007-09-23 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

 

2008-12-28 c:\windows\Tasks\User_Feed_Synchronization-{E768AF4F-5A65-45BE-B28D-9D887499861F}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]

 

2008-12-28 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

.

- - - - ORPHELINS SUPPRIMES - - - -

 

HKCU-Run-WMPNSCFG - c:\program files\Windows Media Player\WMPNSCFG.exe

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe

HKLM-Run-UStorag - c:\program files\u-storage tool2.9\ustorage.exe

HKLM-Run-AzMixerSel - c:\program files\Realtek\InstallShield\AzMixerSel.exe

 

 

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.be/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

Trusted Zone: *.canalplay.com

Trusted Zone: *.canalplusactive.com

 

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

 

c:\windows\Downloaded Program Files\msway.dll - O16 -: {E1AF091A-9F23-4059-89D7-C05EE073285D}

hxxps://www.canalplay.com/cabs/msway44.cab

c:\windows\Downloaded Program Files\msway.inf

FF - ProfilePath - d:\documents and settings\Daniel\Application Data\Mozilla\Firefox\Profiles\7v9wn3gd.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vdio5&p=

FF - plugin: c:\program files\Fichiers communs\fluxDVD\APIX\NPAPIX.dll

FF - plugin: c:\program files\Fichiers communs\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll

FF - plugin: c:\program files\Fichiers communs\mpDRM\NPMPDRM.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAPIX.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMPDRM.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll

FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-29 00:09:47

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(812)

c:\windows\system32\Ati2evxx.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe

c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe

c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe

c:\apps\HIDSERVICE\HidService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

c:\apps\Powercinema\Kernel\TV\CLSched.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\Gigaset DECT\gigaset-m34-software\appsvr.exe

c:\apps\ABOARD\AOSD.EXE

c:\windows\system32\msiexec.exe

c:\program files\OFFICE One6.5\program\soffice.exe

c:\apps\skype\Plugin Manager\skypePM.exe

.

**************************************************************************

.

Heure de fin: 2008-12-29 0:14:38 - La machine a redémarré

ComboFix-quarantined-files.txt 2008-12-28 23:14:35

 

Avant-CF: 5,501,235,200 octets libres

Après-CF: 5,189,898,240 octets libres

 

478 --- E O F --- 2008-12-17 21:40:13

 

 

Puis Malwarebytes.

 

Malwarebytes' Anti-Malware 1.31

Version de la base de données: 1563

Windows 5.1.2600 Service Pack 3

 

29/12/2008 01:05:16

mbam-log-2008-12-29 (01-05-16).txt

 

Type de recherche: Examen complet (C:\|D:\|)

Eléments examinés: 177768

Temps écoulé: 32 minute(s), 53 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 4

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 12

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP17\A0004239.sys (Worm.Bagel) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP18\A0004358.sys (Worm.Bagel) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP18\A0004388.sys (Worm.Bagel) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP18\A0004421.sys (Worm.Bagel) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP19\A0004473.sys (Worm.Bagel) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP19\A0004524.sys (Worm.Bagel) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP20\A0004579.sys (Worm.Bagel) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP20\A0004856.sys (Worm.Bagel) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP20\A0004890.sys (Worm.Bagel) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP20\A0004925.sys (Worm.Bagel) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP21\A0005031.sys (Worm.Bagel) -> Quarantined and deleted successfully.

D:\Téléchargement internet\emule\EvID4226Patch.exe (Adware.Agent) -> Quarantined and deleted successfully.

 

Puis comme je n'avais toujours pas d'accées à Zone Alarme et à avast, j'ai relancé ComboFix.

 

ComboFix 08-12-28.03 - Daniel 2008-12-29 13:34:02.2 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2047.1463 [GMT 1:00]

Lancé depuis: d:\documents and settings\Daniel\Bureau\tralala.exe.exe

* Un nouveau point de restauration a été créé

.

 

((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-29 ))))))))))))))))))))))))))))))))))))

.

 

2008-12-29 10:44 . 2008-12-29 10:44 <REP> d-------- d:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files

2008-12-29 08:50 . 2008-12-29 08:50 <REP> d-------- d:\documents and settings\Administrateur\Application Data\Malwarebytes

2008-12-29 08:45 . 2008-12-29 08:45 47,614 --a------ C:\log-kapersky.html

2008-12-29 01:23 . 2008-12-29 01:23 <REP> d-------- c:\windows\system32\Kaspersky Lab

2008-12-29 01:09 . 2008-12-29 01:09 <REP> d-------- C:\dan.exe

2008-12-29 00:23 . 2008-12-29 00:23 <REP> d-------- d:\documents and settings\Daniel\Application Data\Malwarebytes

2008-12-29 00:23 . 2008-12-29 00:23 <REP> d-------- d:\documents and settings\All Users\Application Data\Malwarebytes

2008-12-29 00:23 . 2008-12-29 00:23 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-12-29 00:23 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-12-29 00:23 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-12-28 18:03 . 2008-12-29 13:18 <REP> d--h----- d:\documents and settings\Daniel\Application Data\drivers

2008-12-28 17:18 . 2008-12-29 13:24 <REP> d-------- d:\documents and settings\Daniel\Application Data\DNA

2008-12-28 17:18 . 2008-12-28 19:22 <REP> d-------- d:\documents and settings\Daniel\Application Data\BitTorrent

2008-12-28 17:18 . 2008-12-29 13:27 <REP> d-------- c:\program files\DNA

2008-12-28 17:18 . 2008-12-28 17:18 <REP> d-------- c:\program files\BitTorrent

2008-12-21 21:07 . 2008-12-21 21:07 361,600 --a------ c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL

2008-12-17 19:20 . 2008-12-17 19:20 <REP> d-------- d:\documents and settings\Daniel\Application Data\SPAMfighter

2008-12-17 19:19 . 2008-12-29 13:28 <REP> d-------- c:\program files\SPAMfighter

2008-12-17 19:19 . 2008-12-17 19:19 <REP> d-------- c:\program files\Fichiers communs\Application

2008-12-10 22:45 . 2008-12-10 22:45 <REP> d-------- d:\documents and settings\Daniel\Application Data\Uniblue

2008-12-10 20:14 . 2008-12-10 20:14 410,984 --a------ c:\windows\system32\deploytk.dll

2008-12-05 22:58 . 2004-08-16 18:55 <REP> d--h----- d:\documents and settings\Administrateur\Voisinage réseau

2008-12-05 22:58 . 2004-08-16 18:55 <REP> d--h----- d:\documents and settings\Administrateur\Voisinage d'impression

2008-12-05 22:58 . 2005-12-14 23:14 <REP> d--h----- d:\documents and settings\Administrateur\Modèles

2008-12-05 22:58 . 2005-12-14 15:19 <REP> dr------- d:\documents and settings\Administrateur\Mes documents

2008-12-05 22:58 . 2005-12-14 23:14 <REP> dr------- d:\documents and settings\Administrateur\Menu Démarrer

2008-12-05 22:58 . 2005-12-14 15:19 <REP> dr------- d:\documents and settings\Administrateur\Favoris

2008-12-05 22:58 . 2008-12-29 10:49 <REP> dr------- d:\documents and settings\Administrateur\Bureau

2008-12-05 22:58 . 2005-12-14 23:14 <REP> d-------- d:\documents and settings\Administrateur\Application Data\You've Got Pictures Screensaver

2008-12-05 22:58 . 2005-12-13 09:25 <REP> d-------- d:\documents and settings\Administrateur\Application Data\Symantec

2008-12-05 22:58 . 2008-01-20 13:03 <REP> d-------- d:\documents and settings\Administrateur\Application Data\Apple Computer

2008-12-05 22:58 . 2008-12-05 22:58 <REP> d-------- d:\documents and settings\Administrateur

2008-12-05 21:15 . 2008-12-05 21:15 <REP> d-------- c:\program files\CCleaner

2008-12-05 11:58 . 2008-12-28 18:26 4,362,272 --ahs---- c:\windows\system32\drivers\fidbox.dat

2008-12-05 11:58 . 2008-12-28 18:26 55,328 --ahs---- c:\windows\system32\drivers\fidbox.idx

2008-12-05 11:54 . 2008-12-05 11:54 <REP> d-------- d:\documents and settings\All Users\Application Data\MailFrontier

2008-12-05 11:54 . 2008-07-09 09:05 75,248 --a------ c:\windows\zllsputility.exe

2008-12-05 11:54 . 2008-07-09 09:05 54,672 --a------ c:\windows\system32\vsutil_loc040c.dll

2008-12-05 11:54 . 2008-07-09 09:05 42,384 --a------ c:\windows\zllsputility_loc040c.dll

2008-12-05 11:54 . 2008-07-09 09:05 21,904 --a------ c:\windows\system32\imsinstall_loc040c.dll

2008-12-05 11:54 . 2008-07-09 09:05 17,808 --a------ c:\windows\system32\imslsp_install_loc040c.dll

2008-12-05 11:54 . 2004-04-27 04:40 11,264 --a------ c:\windows\system32\SpOrder.dll

2008-12-05 11:54 . 2008-12-05 11:57 4,212 ---h----- c:\windows\system32\zllictbl.dat

2008-12-05 11:53 . 2008-12-28 21:09 <REP> d-------- c:\windows\system32\ZoneLabs

2008-12-05 11:53 . 2008-07-09 09:05 1,086,952 --a------ c:\windows\system32\zpeng24.dll

2008-12-05 11:53 . 2008-12-28 12:17 358,382 --a------ c:\windows\system32\vsconfig.xml

2008-12-05 10:35 . 2008-12-28 18:04 <REP> d-------- c:\windows\Internet Logs

2008-12-05 10:35 . 2008-12-05 10:35 <REP> d-------- c:\program files\Zone Labs

2008-12-01 23:52 . 2008-12-29 08:41 <REP> d-------- d:\documents and settings\Daniel\Application Data\skypePM

2008-12-01 23:52 . 2008-12-01 23:52 <REP> d-------- c:\program files\Fichiers communs\Skype

2008-12-01 23:52 . 2008-12-01 23:52 56 --ah----- c:\windows\system32\ezsidmv.dat

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-29 12:35 --------- d-----w d:\documents and settings\Daniel\Application Data\Skype

2008-12-28 16:54 --------- d-----w c:\program files\eMule

2008-12-28 11:29 242,736 ----a-w d:\documents and settings\Daniel\Application Data\GDIPFONTCACHEV1.DAT

2008-12-21 20:07 361,600 ----a-w c:\windows\system32\drivers\TCPIP.SYS

2008-12-21 20:07 361,600 ----a-w c:\windows\system32\dllcache\TCPIP.SYS

2008-12-16 18:33 1,500,160 ----a-w c:\windows\Internet Logs\xDB1.tmp

2008-12-13 06:37 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll

2008-12-10 19:14 --------- d-----w c:\program files\Java

2008-12-06 15:10 --------- d-----w c:\program files\AskSBar

2008-12-06 10:39 --------- d-----w c:\program files\Spybot - Search & Destroy

2008-12-06 00:12 --------- d-----w d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2008-12-05 23:44 --------- d-----w c:\program files\Alwil Software

2008-12-05 10:40 --------- d-----w d:\documents and settings\All Users\Application Data\VadeRetro

2008-12-05 10:40 --------- d-----w c:\program files\Goto Software

2008-12-05 10:14 --------- d-----w d:\documents and settings\Daniel\Application Data\Comodo

2008-11-14 09:55 --------- d-----w c:\program files\Fichiers communs\Adobe

2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys

2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll

2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll

2008-10-16 13:12 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll

2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe

2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll

2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll

2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll

2008-10-15 16:35 337,408 ------w c:\windows\system32\dllcache\netapi32.dll

2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe

2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll

2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll

2008-10-03 10:03 247,326 ------w c:\windows\system32\dllcache\strmdll.dll

2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll

2008-08-30 21:02 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008083020080831\index.dat

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-06-29 66912]

 

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]

2008-06-29 17:06 66912 --a------ c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

"Skype"="c:\apps\skype\Phone\Skype.exe" [2008-11-07 21633320]

"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-28 342848]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EPSON Stylus Photo RX420 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE" [2004-04-09 98304]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-12-28 919016]

"Ulead AutoDetector v2"="c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2008-12-28 90112]

"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-12-13 180269]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-10 136600]

"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2008-12-09 325768]

"skypeclient.exe"="c:\program files\Gigaset DECT\gigaset-m34-software\skypeclient.exe" [2005-08-18 622592]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]

"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118]

"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2006-05-16 86960]

"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-05-16 213936]

"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]

"HerculesCamService"="c:\program files\Hercules\Hercules DualPix HD Webcam\CamService.exe" [2007-02-26 102400]

"BOOT"="c:\program files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe" [2002-08-16 476160]

"ATIPTA"="c:\ati technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]

"OoPDFSettingsv6.exe"="c:\program files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe" [2003-11-20 460800]

"SkyTel"="SkyTel.EXE" [2007-04-04 c:\windows\SkyTel.exe]

"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 c:\windows\RTHDCPL.exe]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

d:\documents and settings\Mathias\Menu D‚marrer\Programmes\D‚marrage\

RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]

TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]

UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]

 

d:\documents and settings\Daniel\Menu D‚marrer\Programmes\D‚marrage\

OFFICE One 6.5.lnk - c:\program files\OFFICE One6.5\program\quickstart.exe [2004-03-08 36864]

RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]

TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]

UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]

 

d:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Acc‚l‚rateur de d‚marrage AutoCAD.lnk - c:\program files\Fichiers communs\Autodesk Shared\acstart16.exe [2005-03-05 10872]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

OFFICE One Notes v6.5.lnk - c:\program files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe [2006-02-20 559104]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm

"msacm.ulmp3acm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm

"msacm.mpegacm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm

"msvideo"= CxCap.drv

"msvideo1"= CxCap.drv

"msvideo2"= CxCap.drv

"msvideo3"= CxCap.drv

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%ProgramFiles%\\AOL 9.0\\aol.exe"=

"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=

"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\AOL 9.0\\waol.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\apps\\skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"46939:UDP"= 46939:UDP:emule UDP

 

R2 ABBYY.Licensing.FineReader.Professional.9.0;Service de licence ABBYY FineReader 9.0;"c:\program files\ABBYY FineReader 9.0\NetworkLicenseServer.exe" -service [2007-09-24 566560]

R2 SPAMfighter Update Service;SPAMfighter Update Service;"c:\program files\SPAMfighter\sfus.exe" [2008-12-09 184968]

R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l251x86.sys [2007-12-25 29696]

R3 Atkcfg;Cordless Device Configuration;c:\windows\system32\Drivers\atkcfg.sys [2005-08-18 46592]

R3 Gig5gu;Cordless Internet Access;c:\windows\system32\Drivers\gig5gu.sys [2005-08-18 55680]

R3 Gigsrf;Cordless Device Line Access;c:\windows\system32\Drivers\gigsrf.sys [2005-08-18 94592]

R3 Gigtnc;Cordless PC Control;c:\windows\system32\Drivers\gigtnc.sys [2005-08-18 45440]

R3 siellif;siellif;c:\windows\system32\Drivers\siellif.sys [2005-03-01 113408]

R3 Sieupapp;Cordless Device Update;c:\windows\system32\Drivers\Sieupapp.sys [2005-08-18 32128]

S3 APL531;Hercules Dualpix HD Webcam;c:\windows\system32\Drivers\HDvid.sys [2008-03-09 275072]

S3 camfilt;camfilt;c:\windows\system32\Drivers\camfilt.sys [2008-03-09 24192]

S3 Sieupdfu;Cordless Device in update mode;c:\windows\system32\Drivers\Sieupdfu.sys [2005-08-18 32000]

S3 USTOR;U-Storage Controller;c:\windows\system32\DRIVERS\UStork.sys [2006-02-20 20218]

S3 whmice2k;Fellowes Web Pro Optical mouse Upper Filter Driver;c:\windows\system32\DRIVERS\whmice2k.sys [2007-02-16 5797]

.

Contenu du dossier 'Tâches planifiées'

 

2007-09-23 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

 

2008-12-28 c:\windows\Tasks\User_Feed_Synchronization-{E768AF4F-5A65-45BE-B28D-9D887499861F}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]

 

2008-12-29 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

.

- - - - ORPHELINS SUPPRIMES - - - -

 

HKLM-Run-UStorag - c:\program files\u-storage tool2.9\ustorage.exe

 

 

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.be/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

Trusted Zone: download.artevod.com

Trusted Zone: www.artevod.com

Trusted Zone: *.axa.be

Trusted Zone: *.canalplay.com

Trusted Zone: *.canalplusactive.com

 

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

 

c:\windows\Downloaded Program Files\msway.dll - O16 -: {E1AF091A-9F23-4059-89D7-C05EE073285D}

hxxps://www.canalplay.com/cabs/msway44.cab

c:\windows\Downloaded Program Files\msway.inf

FF - ProfilePath - d:\documents and settings\Daniel\Application Data\Mozilla\Firefox\Profiles\7v9wn3gd.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vdio5&p=

FF - plugin: c:\program files\Fichiers communs\fluxDVD\APIX\NPAPIX.dll

FF - plugin: c:\program files\Fichiers communs\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll

FF - plugin: c:\program files\Fichiers communs\mpDRM\NPMPDRM.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAPIX.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMPDRM.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll

FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-29 13:35:35

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(804)

c:\windows\system32\Ati2evxx.dll

.

Heure de fin: 2008-12-29 13:36:19

ComboFix-quarantined-files.txt 2008-12-29 12:36:17

ComboFix2.txt 2008-12-28 23:14:40

 

Avant-CF: 7 140 270 080 octets libres

Après-CF: 7,112,318,976 octets libres

 

281 --- E O F --- 2008-12-17 21:40:13

 

Puis j'ai passé Findykill car je n'était pas sur pas sur du résultat

 

 

 

 

----------------- FindyKill V4.710 ------------------

 

* User : Daniel - PackardBell

* executed from : C:\Program Files\FindyKill

* Update on 21/12/08 par Chiquitine29

* Start at 14:44:17 the 29/12/2008

* Windows XP - Internet Explorer 7.0.5730.11

 

 

((((((((((((((( *** deleting *** ))))))))))))))))))

 

 

--------------- [ Active Processes ] ----------------

 

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\logonui.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

--------------- [ Infected files / folders ] ----------------

 

 

»»»» Supression files in C:

 

 

»»»» Supression files in C:\WINDOWS

 

 

»»»» Supression files in C:\WINDOWS\Prefetch

 

 

»»»» Supression files in C:\WINDOWS\system32

 

 

»»»» Supression files in C:\WINDOWS\system32\config\systemprofile\AppData\Roaming

 

 

»»»» Supression files in C:\WINDOWS\system32\drivers

 

 

»»»» Supression files in D:\Documents and Settings\Daniel\Application Data

 

Deleted ! - "D:\Documents and Settings\Daniel\Application Data\drivers"

 

»»»» Supression files in D:\DOCUME~1\Daniel\LOCALS~1\Temp

 

 

»»»» Supression files in D:\Documents and Settings\Daniel\Local Settings\Temporary Internet Files\Content.IE5

 

 

--------------- [ Registry / Infected keys ] ----------------

 

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA

Deleted ! - HKEY_CURRENT_CONFIG\System\CurrentControlSet\Enum\ROOT\LEGACY_SROSA

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S

Deleted ! - HKEY_USERS\S-1-5-21-680497321-1473223302-1440570685-1006\Software\Local AppWizard-Generated Applications\keygen

Deleted ! - HKEY_USERS\S-1-5-21-680497321-1473223302-1440570685-1006\Software\Local AppWizard-Generated Applications\winupgro

 

--------------- [ States / Restarting of services ] ----------------

 

 

 

+- Services : [ Auto=2 / Request=3 / Disable=4 ]

 

Ndisuio - Type of startup = 3

 

EapHost - Type of startup = 2

 

Ip6Fw - Type of startup = 2

 

SharedAccess - Type of startup = 2

 

wuauserv - Type of startup = 2

 

wscsvc - Type of startup = 2

 

 

--------------- [ Cleaning removable drives ] ----------------

 

+- Informations :

 

C: - Lecteur fixe

 

D: - Lecteur fixe

 

F: - Lecteur amovible

 

 

+- deleting files :

 

 

--------------- [ Registry / Mountpoint2 ] ----------------

 

 

-> Not found !

 

 

--------------- [ Searching Cracks / Keygen ] ----------------

 

D:\Documents and Settings\Daniel\Recent\KEYGEN.lnk

 

 

---------------- ! End of report ! ------------------

 

 

Puis j'ai passée Antivir deux fois de suite.

 

 

 

Avira AntiVir Personal

Report file date: lundi 29 décembre 2008 16:17

 

Scanning for 1038808 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 3) [5.1.2600]

Boot mode: Save mode with network

Username: Administrateur

Computer name: PackardBell

 

Version information:

BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00

AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:26

AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40

LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19

LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36

ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 16:57:13

ANTIVIR2.VDF : 7.1.0.89 221184 Bytes 16/11/2008 16:16:47

ANTIVIR3.VDF : 7.1.0.97 45056 Bytes 17/11/2008 16:38:59

Engineversion : 8.2.0.31

AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 10:05:56

AESCRIPT.DLL : 8.1.1.15 332156 Bytes 11/11/2008 14:00:07

AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 15:06:41

AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:38

AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 09:41:39

AEOFFICE.DLL : 8.1.0.30 196986 Bytes 07/11/2008 15:06:41

AEHEUR.DLL : 8.1.0.71 1487222 Bytes 07/11/2008 15:06:41

AEHELP.DLL : 8.1.1.3 119157 Bytes 07/11/2008 15:06:41

AEGEN.DLL : 8.1.1.0 319859 Bytes 07/11/2008 15:06:41

AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56

AECORE.DLL : 8.1.4.1 172405 Bytes 07/11/2008 15:06:41

AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56

AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05

AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01

AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:15

AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40

AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49

SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40

NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07

RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, D:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: on

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: lundi 29 décembre 2008 16:17

 

Starting search for hidden objects.

The driver could not be initialized.

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

14 processes with 14 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '53' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\' <HDD>

C:\pagefile.sys

[WARNING] The file could not be opened!

Begin scan in 'D:\' <DATA>

D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip

[DETECTION] Contains suspicious code GEN/PwdZIP

[NOTE] The detection was classified as suspicious.

[NOTE] The file was moved to '49afffd1.qua'!

D:\Téléchargement internet\audacity_audacity_1.3.4_beta_anglais_10372.exe

[WARNING] The file could not be opened!

D:\Téléchargement internet\BitTorrent-6.0.3.exe

[WARNING] The file could not be opened!

D:\Téléchargement internet\registryboosterplc.exe

[WARNING] The file could not be opened!

D:\Téléchargement internet\Setup_FreeConverter.exe

[WARNING] The file could not be opened!

D:\Téléchargement internet\antispam\spamfighter_web.exe

[WARNING] The file could not be opened!

D:\Téléchargement internet\antispam\vaderetro.EXE

[WARNING] The file could not be opened!

D:\Téléchargement internet\Avast\aswclear.exe

[WARNING] The file could not be opened!

D:\Téléchargement internet\Avast\avast_avast_4.8.1201_francais_anglais_11113.exe

[WARNING] The file could not be opened!

D:\Téléchargement internet\Avast\setupfre.exe

[WARNING] The file could not be opened!

D:\Téléchargement internet\Banque\installcptfree.exe

[WARNING] The file could not be opened!

D:\Téléchargement internet\cc_cleaner\ccsetup214.exe

[WARNING] The file could not be opened!

D:\Téléchargement internet\Finereader\FineReader9PRO-trial-FR.exe

[WARNING] The file could not be opened!

D:\Téléchargement internet\Firewall\Comodo_XP_Vista_x32.exe

[WARNING] The file could not be opened!

D:\Téléchargement internet\Firewall\zaSetup_fr.exe

[WARNING] The file could not be opened!

 

 

End of the scan: lundi 29 décembre 2008 17:57

Used time: 1:39:57 Hour(s)

 

The scan has been done completely.

 

9423 Scanning directories

585121 Files were scanned

0 viruses and/or unwanted programs were found

1 Files were classified as suspicious:

0 files were deleted

0 files were repaired

1 files were moved to quarantine

0 files were renamed

15 Files cannot be scanned

585105 Files not concerned

7564 Archives were scanned

15 Warnings

1 Notes

 

Comme le contenu du répertoir "Telechargement internet" n'était pas accessible, je l'ai supprimé.

 

Voici le Log du deuxieme antivir

 

 

 

Avira AntiVir Personal

Report file date: lundi 29 décembre 2008 18:04

 

Scanning for 1038808 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 3) [5.1.2600]

Boot mode: Normally booted

Username: SYSTEM

Computer name: PackardBell

 

Version information:

BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00

AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:26

AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40

LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19

LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36

ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 16:57:13

ANTIVIR2.VDF : 7.1.0.89 221184 Bytes 16/11/2008 16:16:47

ANTIVIR3.VDF : 7.1.0.97 45056 Bytes 17/11/2008 16:38:59

Engineversion : 8.2.0.31

AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 10:05:56

AESCRIPT.DLL : 8.1.1.15 332156 Bytes 11/11/2008 14:00:07

AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 15:06:41

AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:38

AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 09:41:39

AEOFFICE.DLL : 8.1.0.30 196986 Bytes 07/11/2008 15:06:41

AEHEUR.DLL : 8.1.0.71 1487222 Bytes 07/11/2008 15:06:41

AEHELP.DLL : 8.1.1.3 119157 Bytes 07/11/2008 15:06:41

AEGEN.DLL : 8.1.1.0 319859 Bytes 07/11/2008 15:06:41

AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56

AECORE.DLL : 8.1.4.1 172405 Bytes 07/11/2008 15:06:41

AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56

AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05

AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01

AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:15

AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40

AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49

SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40

NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07

RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, D:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: on

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: lundi 29 décembre 2008 18:04

 

Starting search for hidden objects.

'65417' objects were checked, '0' hidden objects were found.

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'wuauclt.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'msconfig.exe' - '1' Module(s) have been scanned

Scan process 'E_FATI9CE.EXE' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

24 processes with 24 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '53' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\' <HDD>

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\pagefile.sys

[WARNING] The file could not be opened!

Begin scan in 'D:\' <DATA>

 

 

End of the scan: lundi 29 décembre 2008 18:40

Used time: 35:48 Minute(s)

 

The scan has been done completely.

 

10169 Scanning directories

603135 Files were scanned

0 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

603133 Files not concerned

7888 Archives were scanned

2 Warnings

0 Notes

65417 Objects were scanned with rootkit scan

0 Hidden objects were found

 

Puis de nouveau MalwareBytes

 

 

Malwarebytes' Anti-Malware 1.31

Version de la base de données: 1563

Windows 5.1.2600 Service Pack 3

 

29/12/2008 20:26:20

mbam-log-2008-12-29 (20-26-20).txt

 

Type de recherche: Examen complet (C:\|D:\|)

Eléments examinés: 172699

Temps écoulé: 35 minute(s), 1 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

 

 

Et enfin aujourd'hui Toolbar SD

 

 

 

-----------\\ ToolBar S&D 1.2.8 XP/Vista

 

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3

X86-based PC ( Multiprocessor Free : Intel® Pentium® D CPU 2.80GHz )

BIOS : BIOS Date: 08/01/07 09:47:33 Ver: 08.00.10

USER : Daniel ( Administrator )

BOOT : Normal boot

Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Not Activated)

Firewall : ZoneAlarm Firewall 7.0.483.000 (Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:29 Go (Free:11 Go)

D:\ (Local Disk) - NTFS - Total:195 Go (Free:182 Go)

E:\ (CD or DVD)

 

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )

Option : [1] ( 01/01/2009|10:53 )

 

-----------\\ Recherche de Fichiers / Dossiers ...

 

C:\Program Files\AskSBar

C:\Program Files\AskSBar\SrchAstt

C:\Program Files\AskSBar\SrchAstt\1.bin

C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

C:\Program Files\Dealio

C:\Program Files\Dealio\kb127

C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com

C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\searchsettingsplugin.js

C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\searchsettingsplugin.xul

C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US\searchsettingsplugin.dtd

C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US\searchsettingsplugin.properties

C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS\SearchSettingsFF.dll

C:\Program Files\Search Settings

C:\Program Files\Search Settings\kb127

C:\Program Files\Search Settings\SearchSettings.exe

C:\Program Files\Search Settings\kb127\res

C:\Program Files\Search Settings\kb127\SearchSettings.dll

C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll

C:\Program Files\Search Settings\kb127\temp

C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"Start Page"="http://www.google.be/"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"

 

 

--------------------\\ Recherche d'autres infections

 

--------------------\\ Cracks & Keygens ..

 

D:\DOCUME~1\Daniel\Recent\KEYGEN.lnk

 

 

 

1 - "C:\ToolBar SD\TB_1.txt" - 01/01/2009|10:55 - Option : [1]

 

-----------\\ Fin du rapport a 10:55:02,92

 

 

 

Voila,

 

Comme je le disais, la vitesse de la machine est normal.

j'ai enlevé Avast, Spyboot et ADware. installé Antivir et activé le firewall windows.

 

Par contre je n'ai aucun accéss à ZoneAlarme et je n'arrive pas à le désinstaller.

Internet Explorer et Filezilla se connectent à internet mais après un certain temps je ne peux plus navigué (Délais d'attente dépassé) pourtant la liaison et bonne puisque SKYPE marche correctement.

 

 

Encore merci pour ton aide.

[no.ppp]

Bonjour,

 

:P :P Mollo !

 

Ta connexion Internet a pris un sacré coup dans les dents forcément : http://www.bleepingcomputer.com/combofix/f...iliser-combofix (Réparer manuellement la connexion Internet)

 

Une partie de la procédure se faisant en Mode Sans Échec, je t'invite vivement à sauvegarder la page dans un fichier car tu n'auras pas accès à Internet. Tu peux également l'enregistrer dans un fichier .txt ou l'imprimer. L'enregistrement de la page Web reste la meilleure solution car tu garderas la mise en forme du texte.

 

• Ouvre ton navigateur.
  
• Clique sur Fichier > Enregistrer sous
  
• Dans Type, choisis : Archive web, fichier seul (*.mht) ou Page Web, complète selon que tu utilises Internet Explorer ou FireFox
  
• Clique sur Enregistrer
  

 

Redémarre en mode sans échec (tapote F8 au démarrage)

• Relance Toolbar-S&D
  
• Choisis 2 puis valide en appuyant par Entrée
  Ne ferme pas la fenêtre pendant le scan !
  
• Un rapport sera généré, poste son contenu ici.
  

[Zouco]

Hello

 

Le log de toolbarSD

 

 

-----------\\ ToolBar S&D 1.2.8 XP/Vista

 

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3

X86-based PC ( Multiprocessor Free : Intel® Pentium® D CPU 2.80GHz )

BIOS : BIOS Date: 08/01/07 09:47:33 Ver: 08.00.10

USER : Daniel ( Administrator )

BOOT : Fail-safe boot

Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)

Firewall : ZoneAlarm Firewall 7.0.483.000 (Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:29 Go (Free:13 Go)

D:\ (Local Disk) - NTFS - Total:195 Go (Free:182 Go)

E:\ (CD or DVD)

 

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )

Option : [2] ( 01/01/2009|15:47 )

 

-----------\\ SUPPRESSION

 

Supprime! - C:\Program Files\AskSBar\SrchAstt

Supprime! - C:\Program Files\Dealio\kb127

Supprime! - C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com

Supprime! - C:\Program Files\Search Settings\kb127

Supprime! - C:\Program Files\Search Settings\SearchSettings.exe

Supprime! - C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll

Supprime! - C:\Program Files\AskSBar

Supprime! - C:\Program Files\Dealio

Supprime! - C:\Program Files\Search Settings

 

-----------\\ Recherche de Fichiers / Dossiers ...

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"Start Page"="http://www.google.be/"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://www.msn.com/"

 

 

--------------------\\ Recherche d'autres infections

 

--------------------\\ Cracks & Keygens ..

 

D:\DOCUME~1\Daniel\Recent\KEYGEN.lnk

 

 

 

1 - "C:\ToolBar SD\TB_1.txt" - 01/01/2009|10:55 - Option : [1]

2 - "C:\ToolBar SD\TB_2.txt" - 01/01/2009|15:50 - Option : [2]

 

-----------\\ Fin du rapport a 15:50:18,07

 

 

Par contre la réparation de la liaison internet n'a rien solutioné.

Ce qui est étrange c'est que je n'ai pas de soucis avec Skype par contre j'ai le même problème avec MSN

 

 

[Zouco]

Ca y est j'ai résolue mes problème de connexion internet.

 

En fait en voulant re-installer zone alarme (qui ne marchait toujours pas) j'ai du arrêter manuellement le service "TrueVector".

 

Suite à ça j'ai récupérer ma connexion et pu installer Zone Alarme.

 

Voila si ça peu aider certain!!!

 

 

 

Petite question au passage, puis-avoir confiance en zone alarme est il fiable?

 

quelqu'un pourrait-il me conseiller un spyware?

 

Merci

[no.ppp]

Hello,

 

C'est bagle qui t'a pwned tes logiciels de protection, fallait pas télécharger de crack

 

Kaspersky

• Fais un scan en ligne Kaspersky avec Internet Explorer
  
• Clique sur Démarrer Online Scanner
  
• Clique maintenant sur J'accepte.
  
• Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
  
• Patiente pendant l'installation des Mises à jour.
  
• Choisis par la suite l'analyse du Poste de travail
  
• Sauvegarde puis colle le rapport généré en fin d'analyse
  

 

NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée",

Vas dans Ajout/Suppression de programmes, puis désinstalle "On-Line Scanner".

Ensuite, reconnecte-toi sur le site de Kaspersky pour retenter le scan en ligne.

[Zouco]

Bonsoir

 

Voici le Log de Kaspersky.

 

-------------------------------------------------------------------------------

KASPERSKY ON-LINE SCANNER REPORT

Friday, January 02, 2009 8:33:26 PM

Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 3 (Build 2600)

Kaspersky On-line Scanner version : 5.0.84.2

Dernière mise à jour de la base antivirus Kaspersky : 2/01/2009

Enregistrements dans la base antivirus Kaspersky : 1386078

-------------------------------------------------------------------------------

 

Paramètres d'analyse:

Analyser avec la base antivirus suivante: standard

Analyser les archives: vrai

Analyser les bases de messagerie: vrai

 

Cible de l'analyse - Poste de travail:

A:\

C:\

D:\

E:\

F:\

 

Statistiques de l'analyse:

Total d'objets analysés: 123696

Nombre de virus trouvés: 0

Nombre d'objets infectés: 0 / 0

Nombre d'objets suspects: 0

Durée de l'analyse: 01:59:59

 

Nom de l'objet infecté / Nom du virus / Dernière action

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP5\change.log L'objet est verrouillé ignoré

C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré

C:\WINDOWS\Internet Logs\fwdbglog.txt L'objet est verrouillé ignoré

C:\WINDOWS\Internet Logs\fwpktlog.txt L'objet est verrouillé ignoré

C:\WINDOWS\Internet Logs\IAMDB.RDB L'objet est verrouillé ignoré

C:\WINDOWS\Internet Logs\PackardBell.ldb L'objet est verrouillé ignoré

C:\WINDOWS\Internet Logs\tvDebug.log L'objet est verrouillé ignoré

C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré

C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb L'objet est verrouillé ignoré

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log L'objet est verrouillé ignoré

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb L'objet est verrouillé ignoré

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré

C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré

C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré

C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\drivers\etc\Hosts.bak L'objet est verrouillé ignoré

C:\WINDOWS\system32\drivers\fidbox.dat L'objet est verrouillé ignoré

C:\WINDOWS\system32\drivers\fidbox.idx L'objet est verrouillé ignoré

C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré

C:\WINDOWS\Temp\Perflib_Perfdata_7a4.dat L'objet est verrouillé ignoré

C:\WINDOWS\Temp\ZLT013e3.TMP L'objet est verrouillé ignoré

C:\WINDOWS\Temp\ZLT063b9.TMP L'objet est verrouillé ignoré

C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré

C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré

C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré

D:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp L'objet est verrouillé ignoré

D:\Documents and Settings\All Users\DRM\drmstore.hds L'objet est verrouillé ignoré

D:\Documents and Settings\Daniel\Application Data\Skype\lesroyalistes\call256.dbb L'objet est verrouillé ignoré

D:\Documents and Settings\Daniel\Application Data\Skype\lesroyalistes\callmember256.dbb L'objet est verrouillé ignoré

D:\Documents and Settings\Daniel\Application Data\Skype\lesroyalistes\chat512.dbb L'objet est verrouillé ignoré

D:\Documents and Settings\Daniel\Application Data\Skype\lesroyalistes\chatmember256.dbb L'objet est verrouillé ignoré

D:\Documents and Settings\Daniel\Application Data\Skype\lesroyalistes\chatmsg1024.dbb L'objet est verrouillé ignoré

D:\Documents and Settings\Daniel\Application Data\Skype\lesroyalistes\chatmsg256.dbb L'objet est verrouillé ignoré

D:\Documents and Settings\Daniel\Application Data\Skype\lesroyalistes\chatmsg512.dbb L'objet est verrouillé ignoré

D:\Documents and Settings\Daniel\Application Data\Skype\lesroyalistes\contactgroup256.dbb L'objet est verrouillé ignoré

D:\Documents and Settings\Daniel\Application Data\Skype\lesroyalistes\dyncontent\bundle.dat L'objet est verrouillé ignoré

D:\Documents and Settings\Daniel\Application Data\Skype\lesroyalistes\index2.dat L'objet est verrouillé ignoré

D:\Documents and Settings\Daniel\Application Data\Skype\lesroyalistes\main.lock L'objet est verrouillé ignoré

D:\Documents and Settings\Daniel\Application Data\Skype\lesroyalistes\profile256.dbb L'objet est verrouillé ignoré

D:\Documents and Settings\Daniel\Application Data\Skype\lesroyalistes\user1024.dbb L'objet est verrouillé ignoré

D:\Documents and Settings\Daniel\Application Data\Skype\lesroyalistes\user256.dbb L'objet est verrouillé ignoré

D:\Documents and Settings\Daniel\Application Data\Skype\lesroyalistes\voicemail256.dbb L'objet est verrouillé ignoré

D:\Documents and Settings\Daniel\Application Data\SPAMfighter\Logs\Agent.log.txt L'objet est verrouillé ignoré

D:\Documents and Settings\Daniel\Application Data\SPAMfighter\Logs\sfoe0001.log.txt L'objet est verrouillé ignoré

D:\Documents and Settings\Daniel\Application Data\user60.rdb L'objet est verrouillé ignoré

D:\Documents and Settings\Daniel\Cookies\index.dat L'objet est verrouillé ignoré

D:\Documents and Settings\Daniel\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré

D:\Documents and Settings\Daniel\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb L'objet est verrouillé ignoré

D:\Documents and Settings\Daniel\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

D:\Documents and Settings\Daniel\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

D:\Documents and Settings\Daniel\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré

D:\Documents and Settings\Daniel\Local Settings\Historique\History.IE5\MSHist012009010220090103\index.dat L'objet est verrouillé ignoré

D:\Documents and Settings\Daniel\Local Settings\temp\~DFCD33.tmp L'objet est verrouillé ignoré

D:\Documents and Settings\Daniel\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré

D:\Documents and Settings\Daniel\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

D:\Documents and Settings\Daniel\NTUSER.DAT L'objet est verrouillé ignoré

D:\Documents and Settings\Daniel\ntuser.dat.LOG L'objet est verrouillé ignoré

D:\Documents and Settings\Daniel\UserData\index.dat L'objet est verrouillé ignoré

D:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré

D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

D:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré

D:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat L'objet est verrouillé ignoré

D:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat L'objet est verrouillé ignoré

D:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat L'objet est verrouillé ignoré

D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

D:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré

D:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré

D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

D:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré

D:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré

D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré

D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP5\change.log L'objet est verrouillé ignoré

 

Analyse terminée.

 

That's all Falk

 

Merci encore pour ton aide No PPP

 

En faite qu'est ce que ça veut dire No.PPP?

[no.ppp]

Re,

 

That's all Falk icon_razz.gif

C'est "That's all Folks"

 

no.ppp, ça veut diiiiirrreeeee...j'en sais rien en fait

 

Suppression des points de restauration :

1.Ouvre le Menu Démarrer

2.Clique-droit sur Poste de travail

3.Clique sur Propriétés

4.Positionne-toi dans l'onglet Restauration du système

5.Coche Désactiver la restauration système

6.Valide par Ok

7.Redémarre

8.Reproduis les manipulations 1 à 3

9.Décoche Désactiver la restauration système

10.Valide par Ok

 

Mise à jour :

• Rends-toi sur Secunia pour mettre à jour tes programmes
  
  1. Clique sur "Start scanner"
     
  2. Clique sur "Start"
     
  3. Coche "Enable through system inspection"
     
  4. Suis, éventuellement, les directives si besoin est
     

Comme tu peux le remarquer, un système d'exploitation, ça se tient à jour. Ce qui inclut tes logiciels, les services pack etc..

 

Je t'invite à avoir une attitude plus prudente sur le net. En effet, ne clique pas n'importe où et sur n'importe quoi. N'ouvre pas n'importe quel fichier venant d'une personne inconnue.

Évite les sites de cracks, les sites à caractère pornographique, le P2P, les cracks etc.

 

Télécharge ATF-Cleaner

Double clique sur le programme

Coche "Select All" et clique sur le bouton "Empty Selected"

Si tu utilises le navigateur Firefox :

• Clique "Firefox" en haut et coche : "Select All"
  
• Clique sur "Empty Selected"
  

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :

• Clique "Opera" en haut et coche : "Select All"
  
• Clique sur "Empty Selected"
  

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Clique sur "Exit" du menu prinicipal pour fermer le programme.

 

 

Supprime tous les outils utilisés.

 

Démarrer > Exécuter > Tape combofix /u

 

Supprime tous les raccourcis d'outils présents sur ton Bureau

 

Rends-toi sur MawareComplaints pour faire condamner les auteurs des malwares. Nous nous devons d'être nombreux pour être vu !

> Règles de Malware-Complaints

Enregistre-toi sur le forum à partir du bouton "Register" :

-- Si tu as plus de 13 ans, clique sur : "I Agree to these terms and am over or exactly 13 years of age"

-- Si tu as moins, clique sur : "I Agree to these terms and am under 13 years of age"

 

Une fois enregistré, tu as toutes les infections (LOP, NaviPromo ..) : http://www.malwarecomplaints.info/viewforu...e115fda8cee41a4

 

Si ton infection ne fait pas partie d'une telle liste, créé un nouveau message dans le sujet "Autres infections" conforme aux règles du forum (âge, ville, département etc..) : http://www.malwarecomplaints.info/viewtopic.php?t=123

 

 

Pour finir, et si tu le souhaites, tu peux lire ceci, c'est assez long il est vrai mais c'est très enrichissant. Ils reprennent plus ou moins mes propos ci-haut.

• Un compte limité, pour plus de sécurité !
  
• Comment éviter bien des infections ?
   
  Dîtes NON aux infections ! > Clique sur la bannière :
  
   
  
• Le P2P en 10 points !
  

[Zouco]

Bonjour,

 

 

 

Toute cette histoire!!!

ça m'apprendra à vouloir faire le malin

 

Sur tes conseils, Je me suis inscrit sur Malware-complaints.

 

Merci encore No.PPP