[Résolu] Virus svchost.exe fichier temp

[Thanos]

salut

 

Si tu as lancé ComboFix, poste le rapport généré stp: tu le trouveras dans le disque C:\ et il se nomme ComboFix.txt

[multima]

allor c'est grave docteur ? j'ai mie kaspersky en anti virus a la place de avast

 

 

ComboFix 10-01-15.05 - utilisateur 16/01/2010 17:18:45.1.2 - x86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2047.1420 [GMT 1:00]

Lancé depuis: c:\documents and settings\utilisateur\Mes documents\Téléchargements\ComboFix.exe

AV: Doctor Web Anti-Virus *On-access scanning enabled* (Updated) {3454C8F1-ECBC-4180-A6F4-04632FBA762B}

AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

ADS - WINDOWS: deleted 24 bytes in 1 streams.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\utilisateur\Application Data\BITS

c:\documents and settings\utilisateur\Application Data\BITS\BITS.ini

c:\documents and settings\utilisateur\Application Data\BITS\DHTTable.dat

c:\documents and settings\utilisateur\Application Data\BITS\ProxyList.ini

c:\documents and settings\utilisateur\Application Data\BITS\UPnP.ini

c:\windows\system32\dumphive.exe

c:\windows\system32\Process.exe

c:\windows\system32\SrchSTS.exe

c:\windows\system32\tmp.reg

c:\windows\system32\twain_32.dll

c:\windows\system32\VCCLSID.exe

c:\windows\system32\WS2Fix.exe

 

Une copie infectée de c:\windows\system32\DRIVERS\atapi.sys a été trouvée et désinfectée

Copie restaurée à partir de - Kitty ate it

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-12-16 au 2010-01-16 ))))))))))))))))))))))))))))))))))))

.

 

2010-01-16 14:31 . 2010-01-16 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-01-16 14:31 . 2010-01-16 14:41 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-01-16 14:11 . 2010-01-16 14:11 108059 ----a-w- c:\windows\system32\drivers\klin.dat

2010-01-16 14:11 . 2010-01-16 14:11 95259 ----a-w- c:\windows\system32\drivers\klick.dat

2010-01-16 14:10 . 2010-01-16 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab

2010-01-16 14:10 . 2010-01-16 14:10 -------- d-----w- c:\program files\Kaspersky Lab

2010-01-16 13:15 . 2010-01-16 13:15 -------- d-----w- c:\documents and settings\Administrateur.UTILISAT-852BD6\Application Data\Malwarebytes

2010-01-16 13:00 . 2010-01-16 13:00 -------- d-----r- c:\documents and settings\Administrateur.UTILISAT-852BD6\Mes documents

2010-01-16 12:56 . 2010-01-16 12:56 -------- d-----w- c:\documents and settings\Administrateur.UTILISAT-852BD6\Local Settings\Application Data\Mozilla

2010-01-16 00:27 . 2010-01-16 00:27 -------- d-----w- c:\program files\trend micro

2010-01-16 00:27 . 2010-01-16 00:27 -------- d-----w- C:\rsit

2010-01-15 23:04 . 2010-01-15 23:04 -------- d-----w- c:\documents and settings\utilisateur\Application Data\Malwarebytes

2010-01-15 23:04 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-15 23:04 . 2010-01-15 23:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-01-15 23:04 . 2010-01-15 23:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-15 23:04 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-13 21:55 . 2010-01-13 21:55 72192 ----a-w- c:\windows\system32\tasklist.exe

2010-01-13 18:58 . 2010-01-13 18:58 -------- d-----w- c:\program files\Alwil Software

2010-01-13 18:43 . 2009-11-16 08:06 96408 ----a-w- c:\windows\system32\drivers\epfwtdir.sys

2010-01-13 18:43 . 2009-11-16 07:56 116520 ----a-w- c:\windows\system32\drivers\eamon.sys

2010-01-13 18:43 . 2009-11-16 08:03 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys

2010-01-13 18:31 . 2010-01-13 18:31 30784 ----a-w- c:\windows\system32\drivers\vkpvnnmk.sys

2010-01-13 18:22 . 2010-01-13 18:22 30784 ----a-w- c:\windows\system32\drivers\sqpwotgm.sys

2010-01-13 18:14 . 2010-01-13 18:14 30784 ----a-w- c:\windows\system32\drivers\xsuudvqw.sys

2010-01-13 18:06 . 2010-01-13 18:07 30784 ----a-w- c:\windows\system32\drivers\mtwsiaub.sys

2010-01-13 17:58 . 2010-01-13 17:58 30784 ----a-w- c:\windows\system32\drivers\pttntfud.sys

2010-01-13 17:49 . 2010-01-13 17:49 30784 ----a-w- c:\windows\system32\drivers\dbylqfog.sys

2010-01-13 17:40 . 2010-01-13 17:40 30784 ----a-w- c:\windows\system32\drivers\wtqtcmxw.sys

2010-01-13 17:32 . 2010-01-13 17:32 30784 ----a-w- c:\windows\system32\drivers\mhspqmml.sys

2010-01-13 17:23 . 2010-01-13 17:23 30784 ----a-w- c:\windows\system32\drivers\fykrnbod.sys

2010-01-13 17:13 . 2010-01-13 17:13 30784 ----a-w- c:\windows\system32\drivers\rqowdtkf.sys

2010-01-13 17:04 . 2010-01-13 17:04 30784 ----a-w- c:\windows\system32\drivers\lpsfrqzt.sys

2010-01-13 16:54 . 2010-01-13 16:54 30784 ----a-w- c:\windows\system32\drivers\zsvlffzh.sys

2010-01-13 16:44 . 2010-01-13 16:44 30784 ----a-w- c:\windows\system32\drivers\mjhpgjdn.sys

2010-01-13 16:34 . 2010-01-13 16:34 30784 ----a-w- c:\windows\system32\drivers\ervjykus.sys

2010-01-13 16:24 . 2010-01-13 16:24 30784 ----a-w- c:\windows\system32\drivers\nnzypggj.sys

2010-01-13 16:14 . 2010-01-13 16:14 30784 ----a-w- c:\windows\system32\drivers\imxidmfq.sys

2010-01-13 16:04 . 2010-01-13 16:04 30784 ----a-w- c:\windows\system32\drivers\tfwtdelb.sys

2010-01-13 15:53 . 2010-01-13 15:54 30784 ----a-w- c:\windows\system32\drivers\zyzkdjuv.sys

2010-01-13 15:43 . 2010-01-13 15:43 30784 ----a-w- c:\windows\system32\drivers\evevsyqg.sys

2010-01-13 15:39 . 2010-01-13 15:39 30784 ----a-w- c:\windows\system32\drivers\aureylfl.sys

2010-01-13 14:35 . 2010-01-13 14:35 -------- d-----w- c:\program files\ESET

2010-01-13 14:26 . 2008-01-03 20:10 105856 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys

2010-01-07 16:29 . 2010-01-07 16:29 -------- d-----r- c:\windows\system32\config\systemprofile\Favoris

2010-01-05 19:11 . 2010-01-05 19:11 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2010-01-05 19:07 . 2010-01-05 19:07 118256 ----a-w- c:\windows\system32\E_tocSz4MLE_.exe

2010-01-05 19:06 . 2010-01-16 00:19 -------- d-sh--w- c:\documents and settings\utilisateur\.COMMgr

2010-01-04 10:57 . 2010-01-04 10:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Solidshield

2010-01-02 09:52 . 2010-01-02 09:52 -------- d-----w- C:\DriveKey

2010-01-01 15:01 . 2010-01-01 15:01 -------- d-----w- c:\documents and settings\utilisateur\Application Data\The Labyrinth Plus! Edition

2009-12-28 17:12 . 2004-03-09 10:39 8704 ----a-w- c:\windows\system32\vidccleaner.exe

2009-12-28 17:12 . 1998-07-09 19:41 217088 ----a-w- c:\windows\system32\skjpeg40.dll

2009-12-28 17:12 . 1998-03-04 10:40 83968 ----a-w- c:\windows\system32\Skbase40.dll

2009-12-28 14:23 . 2009-12-28 14:23 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-16 15:24 . 2010-01-16 15:24 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll

2010-01-16 15:24 . 2010-01-16 15:24 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll

2010-01-16 14:07 . 2009-04-29 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files

2010-01-15 23:18 . 2009-11-14 09:07 -------- d-----w- c:\documents and settings\utilisateur\Application Data\vlc

2010-01-14 10:12 . 2009-09-29 15:29 181120 ------w- c:\windows\system32\MpSigStub.exe

2010-01-13 21:12 . 2009-04-27 19:13 -------- d-----w- c:\documents and settings\utilisateur\Application Data\Azureus

2010-01-13 18:43 . 2004-08-03 20:59 96512 ----a-w- c:\windows\system32\drivers\atapi.sys

2010-01-13 14:02 . 2009-04-28 12:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-01-13 12:53 . 2009-04-28 17:24 -------- d-----w- c:\program files\Windows Live Safety Center

2010-01-05 01:17 . 2009-05-27 20:57 -------- d-----w- c:\documents and settings\utilisateur\Application Data\dvdcss

2010-01-02 09:52 . 2009-04-27 15:38 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-01-01 23:33 . 2009-04-27 17:09 -------- d-----w- c:\program files\MSI

2009-12-31 22:35 . 2009-04-29 04:52 -------- d-----w- c:\program files\SystemRequirementsLab

2009-12-31 22:35 . 2009-12-31 22:35 138240 ----a-w- c:\documents and settings\utilisateur\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll

2009-12-31 22:35 . 2009-12-31 22:35 138240 ----a-w- c:\documents and settings\utilisateur\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll

2009-12-31 22:35 . 2009-12-31 22:35 138240 ----a-w- c:\documents and settings\utilisateur\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll

2009-12-31 22:35 . 2009-12-31 22:35 138240 ----a-w- c:\documents and settings\utilisateur\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll

2009-12-31 22:35 . 2009-04-29 04:52 -------- d-----w- c:\documents and settings\utilisateur\Application Data\SystemRequirementsLab

2009-12-28 17:13 . 2009-12-28 17:13 3781120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{BE352D89-F21A-B27D-5C5A-430FA70DDD81}-Installer.exe

2009-12-28 14:27 . 2009-07-03 07:14 -------- d-----w- c:\program files\ATI Technologies

2009-12-28 14:24 . 2009-12-28 14:24 237568 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{EA73885E-9A83-5CC6-40FA-CF30FD4FA4E5}-atiamaxx.dll

2009-12-28 14:18 . 2009-12-28 14:18 4468736 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{A82C6075-A409-514B-2515-3FADE81D2451}-InstallManagerApp.exe

2009-12-27 10:23 . 2009-12-27 10:23 418816 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{4ECA829C-7C76-59CC-B6FD-65E26A8EBB9E}-purplera1n.exe

2009-12-16 13:42 . 2009-12-26 17:26 872960 ----a-w- c:\documents and settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\roe65tu6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

2009-12-16 13:42 . 2009-12-26 17:27 43008 ----a-w- c:\documents and settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\roe65tu6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll

2009-12-16 13:42 . 2009-12-26 17:26 340480 ----a-w- c:\documents and settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\roe65tu6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll

2009-12-16 13:41 . 2009-12-26 17:26 346624 ----a-w- c:\documents and settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\roe65tu6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll

2009-12-09 07:30 . 2003-04-24 12:00 93838 ----a-w- c:\windows\system32\perfc00C.dat

2009-12-09 07:30 . 2003-04-24 12:00 532376 ----a-w- c:\windows\system32\perfh00C.dat

2009-12-09 00:45 . 2009-04-28 17:40 1234744 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2009-12-09 00:37 . 2009-12-09 00:37 -------- d-----w- c:\documents and settings\utilisateur\Application Data\Ubisoft

2009-12-09 00:29 . 2009-12-09 00:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Ubisoft

2009-12-07 18:39 . 2009-12-07 18:39 8645632 ----a-w- c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe

2009-12-07 18:35 . 2009-12-07 18:35 2287104 ----a-w- c:\windows\system32\TUKernel.exe

2009-12-06 19:45 . 2009-12-06 19:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard

2009-12-06 04:10 . 2009-12-06 04:10 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe

2009-12-06 04:10 . 2009-12-06 04:10 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys

2009-12-06 04:10 . 2009-12-06 04:10 -------- d-----w- c:\program files\EDIMAX

2009-12-05 22:12 . 2009-12-03 21:47 -------- d-----w- c:\program files\Wanadoo

2009-12-05 20:23 . 2009-12-05 20:23 -------- d-----w- c:\program files\Fichiers communs\Blizzard Entertainment

2009-12-03 23:12 . 2009-12-03 19:48 -------- d-----w- c:\documents and settings\utilisateur\Application Data\OneSwarm

2009-12-03 23:09 . 2009-12-03 19:48 -------- d-----w- c:\program files\OneSwarm

2009-12-03 22:52 . 2009-12-03 22:52 -------- d-----w- c:\program files\Fichiers communs\France Telecom

2009-12-03 19:48 . 2009-12-03 19:48 -------- d-----w- c:\program files\Ashampoo

2009-11-30 17:02 . 2009-11-30 17:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll

2009-11-30 17:02 . 2009-11-30 17:02 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe

2009-11-29 19:34 . 2009-09-02 06:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-11-28 19:46 . 2009-05-14 12:18 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software

2009-11-28 19:00 . 2009-11-28 19:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\TuneUp Software

2009-11-28 18:54 . 2009-11-28 18:54 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

2009-11-28 17:45 . 2009-11-28 17:45 -------- d-----w- c:\documents and settings\utilisateur\Application Data\Megaupload

2009-11-27 13:52 . 2009-11-27 13:52 10134 ----a-r- c:\documents and settings\utilisateur\Application Data\Microsoft\Installer\{A37A26D5-8444-4862-933B-478371D0299D}\ARPPRODUCTICON.exe

2009-11-27 13:52 . 2009-10-30 18:34 8854 ----a-r- c:\documents and settings\utilisateur\Application Data\Microsoft\Installer\{A37A26D5-8444-4862-933B-478371D0299D}\UNINST_Uninstall_C_A37A26D584444862933B478371D0299D.exe

2009-11-27 13:52 . 2009-10-30 18:34 53248 ----a-r- c:\documents and settings\utilisateur\Application Data\Microsoft\Installer\{A37A26D5-8444-4862-933B-478371D0299D}\NewShortcut11_A37A26D584444862933B478371D0299D.exe

2009-11-27 13:52 . 2009-10-30 18:34 53248 ----a-r- c:\documents and settings\utilisateur\Application Data\Microsoft\Installer\{A37A26D5-8444-4862-933B-478371D0299D}\NewShortcut1_A37A26D584444862933B478371D0299D.exe

2009-11-26 08:13 . 2009-10-29 13:38 -------- d-----w- c:\program files\TuneUp Utilities 2009

2009-11-25 03:50 . 2008-08-08 09:30 4463104 ----a-w- c:\windows\system32\drivers\ati2mtag.sys

2009-11-25 03:27 . 2009-05-16 03:39 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll

2009-11-25 03:26 . 2008-08-08 08:48 300032 ----a-w- c:\windows\system32\ati2dvag.dll

2009-11-25 03:11 . 2009-05-16 03:18 208896 ----a-w- c:\windows\system32\atipdlxx.dll

2009-11-25 03:11 . 2009-05-16 03:17 155648 ----a-w- c:\windows\system32\Oemdspif.dll

2009-11-25 03:10 . 2009-05-16 03:17 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe

2009-11-25 03:10 . 2009-05-16 03:17 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2009-11-25 03:10 . 2009-05-16 03:17 155648 ----a-w- c:\windows\system32\ati2evxx.dll

2009-11-25 03:09 . 2009-05-16 03:15 602112 ----a-w- c:\windows\system32\ati2evxx.exe

2009-11-25 03:07 . 2009-05-16 03:14 53248 ----a-w- c:\windows\system32\ATIDDC.DLL

2009-11-25 02:59 . 2009-05-16 02:51 311296 ----a-w- c:\windows\system32\atiiiexx.dll

2009-11-25 02:59 . 2008-08-08 08:25 3538496 ----a-w- c:\windows\system32\ati3duag.dll

2009-11-25 02:44 . 2009-05-16 02:55 13533184 ----a-w- c:\windows\system32\atioglxx.dll

2009-11-25 02:43 . 2008-08-08 08:13 2142848 ----a-w- c:\windows\system32\ativvaxx.dll

2009-11-25 02:42 . 2009-05-16 02:54 887724 ----a-w- c:\windows\system32\ativva6x.dat

2009-11-25 02:42 . 2009-05-16 02:54 3 ----a-w- c:\windows\system32\ativva5x.dat

2009-11-25 02:26 . 2009-05-16 02:38 65024 ----a-w- c:\windows\system32\atimpc32.dll

2009-11-25 02:26 . 2009-05-16 02:38 65024 ----a-w- c:\windows\system32\amdpcom32.dll

2009-11-25 02:21 . 2009-05-16 02:33 565248 ----a-w- c:\windows\system32\atikvmag.dll

2009-11-25 02:20 . 2009-05-16 01:35 45056 ----a-w- c:\windows\system32\aticalrt.dll

2009-11-25 02:20 . 2009-05-16 01:34 45056 ----a-w- c:\windows\system32\aticalcl.dll

2009-11-25 02:19 . 2009-05-16 02:31 176128 ----a-w- c:\windows\system32\atiadlxx.dll

2009-11-25 02:18 . 2009-05-16 02:31 17408 ----a-w- c:\windows\system32\atitvo32.dll

2009-11-25 02:18 . 2009-05-16 01:33 3612672 ----a-w- c:\windows\system32\aticaldd.dll

2009-11-25 02:18 . 2009-05-16 02:30 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2009-11-25 02:17 . 2009-05-16 02:26 397312 ----a-w- c:\windows\system32\atiok3x2.dll

2009-11-25 02:12 . 2008-08-08 07:46 638976 ----a-w- c:\windows\system32\ati2cqag.dll

2009-11-21 15:58 . 2004-08-19 14:09 471552 ----a-w- c:\windows\AppPatch\aclayers.dll

2009-11-21 08:46 . 2009-11-21 08:46 86016 ----a-w- c:\windows\system32\frapsvid.dll

2009-11-20 18:35 . 2009-11-20 18:35 10686001 ----a-w- c:\documents and settings\utilisateur\Application Data\Azureus\plugins\azump\mplayer.exe

2009-11-18 14:11 . 2009-11-18 14:11 -------- d-----w- c:\program files\Fichiers communs\ATI Technologies

2009-11-18 14:02 . 2009-11-18 14:02 -------- d-----w- c:\program files\ATI

2009-11-14 13:24 . 2009-11-14 13:24 64072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\French\setup.exe

2009-11-13 11:00 . 2009-11-28 19:47 29512 ----a-w- c:\windows\system32\TURegOpt.exe

2009-11-13 10:53 . 2009-11-28 19:47 30024 ----a-w- c:\windows\system32\uxtuneup.dll

2009-11-06 09:59 . 2009-11-06 09:59 15406728 ----a-w- c:\windows\system32\xlive.dll

2009-11-06 09:59 . 2009-11-06 09:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll

2009-10-30 07:48 . 2009-10-30 07:48 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe

2009-10-29 07:42 . 2004-08-19 14:09 916480 ----a-w- c:\windows\system32\wininet.dll

2009-10-27 19:05 . 2009-10-27 19:04 1925024 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe

2009-10-27 18:00 . 2009-10-31 08:13 85504 ----a-w- c:\windows\system32\ff_vfw.dll

2009-10-22 15:59 . 2009-04-23 19:04 196565 ----a-w- c:\windows\system32\atiicdxx.dat

2009-10-21 05:39 . 2004-08-19 14:09 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:39 . 2004-08-19 14:09 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-05-19 15:32 . 2009-05-19 15:32 24 --sha-w- c:\windows\S0A84C589.tmp

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2009-04-02 10:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

 

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

 

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-10-03 3883856]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-24 98304]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-10-20 340456]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Wireless Utility.lnk - c:\program files\EDIMAX\Common\RaUI.exe [2009-12-6 716800]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DualCoreCenter.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\DualCoreCenter.lnk

backup=c:\windows\pss\DualCoreCenter.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^utilisateur^Menu Démarrer^Programmes^Démarrage^Yahoo! Widgets.lnk]

path=c:\documents and settings\utilisateur\Menu Démarrer\Programmes\Démarrage\Yahoo! Widgets.lnk

backup=c:\windows\pss\Yahoo! Widgets.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2009-09-04 11:08 935288 ----a-r- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-10-03 03:08 35696 ----a-w- d:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

2009-01-29 22:20 57344 ----a-w- d:\program files\SlySoft\CloneCD\CloneCDTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DelReg]

2008-05-13 18:26 196608 ----a-w- c:\program files\MSI\DualCoreCenter\DelReg.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]

2009-04-29 17:55 3338240 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fraps]

2009-11-21 08:48 2234288 ----a-w- d:\fraps\fraps.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-10-28 19:21 141600 ----a-w- d:\program files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-09-04 23:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]

2007-09-02 11:58 495616 ----a-w- c:\program files\RocketDock\RocketDock.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

2008-07-10 08:22 397312 ----a-w- f:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2009-05-23 20:25 1217784 ----a-w- d:\program files\Steam\Steam.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-04-27 19:08 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2009-07-01 16:37 37888 ----a-w- d:\program files\Winamp\winampa.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe"

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" -hide

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"d:\\Program Files\\eMule\\emule.exe"=

"d:\\Program Files\\Vuze\\Azureus.exe"=

"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"f:\\Program Files\\Electronic Arts\\Burnout Paradise The Ultimate Box\\BurnoutLauncher.exe"=

"f:\\Program Files\\Electronic Arts\\Burnout Paradise The Ultimate Box\\BurnoutConfigTool.exe"=

"f:\\Program Files\\Electronic Arts\\Burnout Paradise The Ultimate Box\\BurnoutParadise.exe"=

"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

"d:\\Program Files\\Steam\\steamapps\\multima85\\team fortress 2\\hl2.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"f:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=

"f:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=

"f:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=

"d:\\Program Files\\iTunes\\iTunes.exe"=

"e:\\jeux\\WorldOfWarcraft\\Wow.exe"=

"e:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=

"e:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=

"e:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

 

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 20:18 36880]

R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [07/09/2009 20:31 234888]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [13/11/2009 11:57 1021256]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 13:42 32272]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/10/2009 18:39 19472]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 07:24 10064]

S2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe --> c:\program files\AskBarDis\bar\bin\AskService.exe [?]

S2 ppyoxhjw;Sony Ericsson Device 616 USB WMC Device Management s (WDM)Monitor;c:\windows\System32\svchost.exe -k netsvcs [19/08/2004 15:10 14336]

S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [30/04/2009 14:19 12672]

S3 Cristie Storage Engine;Cristie Storage Engine;d:\program files\Cristie\Cristie Storage Manager 4.30.1\CSE.EXE --> d:\program files\Cristie\Cristie Storage Manager 4.30.1\CSE.EXE [?]

S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [03/12/2009 20:48 406016]

S3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FlashSys.sys [02/01/2010 11:38 9216]

S3 G Data Tuner Service;G Data Tuner Service;c:\program files\G Data\TotalCare\AVKTuner\AVKTunerService.exe --> c:\program files\G Data\TotalCare\AVKTuner\AVKTunerService.exe [?]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [21/05/2009 22:51 13224]

S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [10/09/2009 14:12 28672]

S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [07/05/2009 21:15 89256]

S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [07/05/2009 21:15 15016]

S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [07/05/2009 21:15 120744]

S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [07/05/2009 21:15 114216]

S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [07/05/2009 21:15 25512]

S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [07/05/2009 21:15 110632]

S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [07/05/2009 21:15 115752]

S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [07/05/2009 21:15 86824]

S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [07/05/2009 21:15 15016]

S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [07/05/2009 21:15 114600]

S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [07/05/2009 21:15 108328]

S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [07/05/2009 21:15 26024]

S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [07/05/2009 21:15 104616]

S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [07/05/2009 21:15 109736]

S3 WZCOOK;WEP/WPA-PMK key recovery service;"c:\documents and settings\utilisateur\Bureau\aircrack-ng-1.0-win\bin\wzcook.exe" --> c:\documents and settings\utilisateur\Bureau\aircrack-ng-1.0-win\bin\wzcook.exe [?]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ppyoxhjw

UxTuneUp

.

Contenu du dossier 'Tâches planifiées'

 

2010-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

 

2010-01-16 c:\windows\Tasks\Recherche de problèmes automatique.job

- d:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-11-13 11:05]

 

2010-01-16 c:\windows\Tasks\User_Feed_Synchronization-{733F5D74-C36A-4DE0-A90D-9447AE71ABDB}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

.

.

------- Examen supplémentaire -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uStart Page = hxxp://www.orange.fr

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

IE: Convertir les liens sélectionnés en fichier Adobe PDF

IE: E&xporter vers Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Liens de téléchargement avec Mega Manager... - d:\program files\Megaupload\Mega Manager\mm_file.htm

Trusted Zone: com.tw\asia.msi

Trusted Zone: com.tw\global.msi

Trusted Zone: com.tw\www.msi

DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab

FF - ProfilePath - c:\documents and settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\roe65tu6.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=fr&q=

FF - component: c:\documents and settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\roe65tu6.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll

FF - component: c:\documents and settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\roe65tu6.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}\components\WinampPlayer.dll

FF - component: c:\documents and settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\roe65tu6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: d:\program files\Mozilla Firefox\components\flashgetXpi.dll

FF - component: d:\program files\Mozilla Firefox\extensions\{cd649e69-ef80-fdeb-8955-8a6c90ba280a}\components\2OvqxE9I-_b0qo.dll

FF - component: d:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: d:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll

FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll

FF - plugin: d:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: d:\program files\Mozilla Firefox\plugins\npyaxmpb.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- PARAMETRES FIREFOX ----

 

 

FF - user.js: content.switch.threshold - 600000

.

- - - - ORPHELINS SUPPRIMES - - - -

 

MSConfigStartUp-AppleSyncNotifier - c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

MSConfigStartUp-COM+ Manager - c:\documents and settings\utilisateur\.COMMgr\complmgr.exe

MSConfigStartUp-LiveMonitor - c:\program files\MSI\Live Update 3\LMonitor.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-16 17:29

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(1144)

c:\windows\system32\Ati2evxx.dll

 

- - - - - - - > 'explorer.exe'(3480)

d:\program files\iTunes\iTunesMiniPlayer.dll

d:\program files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll

d:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll

c:\windows\system32\eappprxy.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Microsoft Security Essentials\MsMpEng.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Windows Media Player\WMPNetwk.exe

c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe

d:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe

c:\windows\system32\wscntfy.exe

c:\windows\RTHDCPL.EXE

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

.

**************************************************************************

.

Heure de fin: 2010-01-16 17:37:19 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-01-16 16:37

 

Avant-CF: 163 835 568 128 octets libres

Après-CF: 163 834 019 840 octets libres

 

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect /usepmtimer /TUTag=H3SMKR /Kernel=TUKernel.exe

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale (TuneUp Backup)" /noexecute=optin /fastdetect /usepmtimer /TUTag=H3SMKR-BAK

 

- - End Of File - - 4DFEF381AB48538BCA43659985CA3B13

[multima]

up

[Thanos]

salut

 

Désolé pour l'attente!

Je consulte ton rapport et te laisse une réponse car il y a encore du nettoyage à faire.

j'ai mie kaspersky en anti virus a la place de avast

Kaspersky est un excellent produit et je te conseille de le prendre (si tu coptes acheter la licence), sinon, on mettra un autre antivirus gratos

[multima]

je doit faire quoi allor ?

[Thanos]

Désactive l'antivirus temporairement le temps de faire ce scan >>

 

Rend toi sur cette page afin de télécharger le fichier CFScript > http://senduit.com/4d88cd

Patiente une seconde: le téléchargement va se lancer automatiquement.

• Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
  
  
• Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!
  Ne touche à rien tant que le scan n'est pas terminé.
  
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  
• Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt
  

Note: Le script proposé est adapté au cas de multima: Vous ne devez en aucun cas l'utiliser sur votre pc!

[multima]

vue que j'ai enlever avast le script va marcher sur kaperskine et spybot ?

Modifié le 18 janvier 2010 par multima

[multima]

ComboFix 10-01-17.02 - utilisateur 18/01/2010 12:51:18.2.2 - x86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2047.1086 [GMT 1:00]

Lancé depuis: c:\documents and settings\utilisateur\Mes documents\Téléchargements\ComboFix.exe

Commutateurs utilisés :: c:\documents and settings\utilisateur\Bureau\CFScript.txt

AV: Doctor Web Anti-Virus *On-access scanning enabled* (Updated) {3454C8F1-ECBC-4180-A6F4-04632FBA762B}

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

 

FILE ::

"c:\windows\system32\drivers\aureylfl.sys"

"c:\windows\system32\drivers\dbylqfog.sys"

"c:\windows\system32\drivers\ervjykus.sys"

"c:\windows\system32\drivers\evevsyqg.sys"

"c:\windows\system32\drivers\fykrnbod.sys"

"c:\windows\system32\drivers\imxidmfq.sys"

"c:\windows\system32\drivers\lpsfrqzt.sys"

"c:\windows\system32\drivers\mhspqmml.sys"

"c:\windows\system32\drivers\mjhpgjdn.sys"

"c:\windows\system32\drivers\mtwsiaub.sys"

"c:\windows\system32\drivers\nnzypggj.sys"

"c:\windows\system32\drivers\pttntfud.sys"

"c:\windows\system32\drivers\rqowdtkf.sys"

"c:\windows\system32\drivers\sqpwotgm.sys"

"c:\windows\system32\drivers\tfwtdelb.sys"

"c:\windows\system32\drivers\vkpvnnmk.sys"

"c:\windows\system32\drivers\wtqtcmxw.sys"

"c:\windows\system32\drivers\xsuudvqw.sys"

"c:\windows\system32\drivers\zsvlffzh.sys"

"c:\windows\system32\drivers\zyzkdjuv.sys"

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\program files\AskBarDis

c:\program files\AskBarDis\bar\bin\askBar.dll

c:\program files\AskBarDis\bar\bin\askPopStp.dll

c:\program files\AskBarDis\bar\bin\AskSplash.exe

c:\program files\AskBarDis\bar\bin\AskTBApp.exe

c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe

c:\program files\AskBarDis\bar\bin\psvince.dll

c:\program files\AskBarDis\bar\Cache\0008CABB

c:\program files\AskBarDis\bar\Cache\0544C94E.bin

c:\program files\AskBarDis\bar\Cache\0544CE40.bin

c:\program files\AskBarDis\bar\Cache\0544D1BA.bin

c:\program files\AskBarDis\bar\Cache\0544D66D.bin

c:\program files\AskBarDis\bar\Cache\0544D8EE.bin

c:\program files\AskBarDis\bar\Cache\0544DAE2.bin

c:\program files\AskBarDis\bar\Cache\0544DDE0.bin

c:\program files\AskBarDis\bar\Cache\files.ini

c:\program files\AskBarDis\bar\History\search

c:\program files\AskBarDis\bar\Settings\AskLogo.ico

c:\program files\AskBarDis\bar\Settings\config.dat

c:\program files\AskBarDis\bar\Settings\config.dat.bak

c:\program files\AskBarDis\bar\Settings\prevcfg.htm

c:\program files\AskBarDis\bar\Settings\prevCfg2.htm

c:\program files\AskBarDis\unins000.dat

c:\program files\AskBarDis\unins000.exe

c:\windows\system32\drivers\aureylfl.sys

c:\windows\system32\drivers\dbylqfog.sys

c:\windows\system32\drivers\ervjykus.sys

c:\windows\system32\drivers\evevsyqg.sys

c:\windows\system32\drivers\fykrnbod.sys

c:\windows\system32\drivers\imxidmfq.sys

c:\windows\system32\drivers\lpsfrqzt.sys

c:\windows\system32\drivers\mhspqmml.sys

c:\windows\system32\drivers\mjhpgjdn.sys

c:\windows\system32\drivers\mtwsiaub.sys

c:\windows\system32\drivers\nnzypggj.sys

c:\windows\system32\drivers\pttntfud.sys

c:\windows\system32\drivers\rqowdtkf.sys

c:\windows\system32\drivers\sqpwotgm.sys

c:\windows\system32\drivers\tfwtdelb.sys

c:\windows\system32\drivers\vkpvnnmk.sys

c:\windows\system32\drivers\wtqtcmxw.sys

c:\windows\system32\drivers\xsuudvqw.sys

c:\windows\system32\drivers\zsvlffzh.sys

c:\windows\system32\drivers\zyzkdjuv.sys

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_ASKSERVICE

-------\Legacy_ASKUPGRADE

-------\Service_ASKService

-------\Service_ASKUpgrade

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2009-12-18 au 2010-01-18 ))))))))))))))))))))))))))))))))))))

.

 

2010-01-18 00:18 . 2010-01-18 00:18 152576 ----a-w- c:\documents and settings\utilisateur\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2010-01-18 00:18 . 2010-01-18 00:18 79488 ----a-w- c:\documents and settings\utilisateur\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2010-01-17 17:18 . 2010-01-17 17:18 -------- d-----w- C:\VundoFix Backups

2010-01-16 23:08 . 2009-12-16 13:42 872960 ----a-w- c:\documents and settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\ii8pw1qa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

2010-01-16 23:08 . 2009-12-16 13:42 43008 ----a-w- c:\documents and settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\ii8pw1qa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll

2010-01-16 23:08 . 2009-12-16 13:42 340480 ----a-w- c:\documents and settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\ii8pw1qa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll

2010-01-16 23:08 . 2009-12-16 13:41 346624 ----a-w- c:\documents and settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\ii8pw1qa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll

2010-01-16 19:38 . 2010-01-16 19:38 -------- d--h--w- c:\windows\PIF

2010-01-16 19:01 . 2009-07-15 11:35 62760 ----a-w- c:\documents and settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\ii8pw1qa.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll

2010-01-16 19:01 . 2008-09-04 22:31 45056 ----a-w- c:\documents and settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\ii8pw1qa.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}\components\WinampPlayer.dll

2010-01-16 15:24 . 2010-01-16 15:24 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll

2010-01-16 15:24 . 2010-01-16 15:24 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll

2010-01-16 14:31 . 2010-01-18 11:58 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-01-16 14:31 . 2010-01-17 09:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-01-16 14:11 . 2010-01-16 14:11 108059 ----a-w- c:\windows\system32\drivers\klin.dat

2010-01-16 14:11 . 2010-01-16 14:11 95259 ----a-w- c:\windows\system32\drivers\klick.dat

2010-01-16 14:10 . 2010-01-18 12:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab

2010-01-16 14:10 . 2010-01-16 14:10 -------- d-----w- c:\program files\Kaspersky Lab

2010-01-16 13:15 . 2010-01-16 13:15 -------- d-----w- c:\documents and settings\Administrateur.UTILISAT-852BD6\Application Data\Malwarebytes

2010-01-16 13:00 . 2010-01-16 13:00 -------- d-----r- c:\documents and settings\Administrateur.UTILISAT-852BD6\Mes documents

2010-01-16 12:56 . 2010-01-16 12:56 -------- d-----w- c:\documents and settings\Administrateur.UTILISAT-852BD6\Local Settings\Application Data\Mozilla

2010-01-16 00:27 . 2010-01-16 00:27 -------- d-----w- c:\program files\trend micro

2010-01-16 00:27 . 2010-01-16 00:27 -------- d-----w- C:\rsit

2010-01-15 23:04 . 2010-01-15 23:04 -------- d-----w- c:\documents and settings\utilisateur\Application Data\Malwarebytes

2010-01-15 23:04 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-15 23:04 . 2010-01-15 23:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-01-15 23:04 . 2010-01-15 23:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-15 23:04 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-13 21:55 . 2010-01-13 21:55 72192 ----a-w- c:\windows\system32\tasklist.exe

2010-01-13 18:58 . 2010-01-13 18:58 -------- d-----w- c:\program files\Alwil Software

2010-01-13 18:43 . 2009-11-16 08:06 96408 ----a-w- c:\windows\system32\drivers\epfwtdir.sys

2010-01-13 18:43 . 2009-11-16 07:56 116520 ----a-w- c:\windows\system32\drivers\eamon.sys

2010-01-13 18:43 . 2009-11-16 08:03 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys

2010-01-13 14:35 . 2010-01-13 14:35 -------- d-----w- c:\program files\ESET

2010-01-13 14:26 . 2008-01-03 20:10 105856 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys

2010-01-07 16:29 . 2010-01-07 16:29 -------- d-----r- c:\windows\system32\config\systemprofile\Favoris

2010-01-05 19:11 . 2010-01-05 19:11 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2010-01-05 19:07 . 2010-01-05 19:07 118256 ----a-w- c:\windows\system32\E_tocSz4MLE_.exe

2010-01-05 19:06 . 2010-01-16 00:19 -------- d-sh--w- c:\documents and settings\utilisateur\.COMMgr

2010-01-04 10:57 . 2010-01-04 10:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Solidshield

2010-01-02 09:52 . 2010-01-02 09:52 -------- d-----w- C:\DriveKey

2010-01-01 15:01 . 2010-01-01 15:01 -------- d-----w- c:\documents and settings\utilisateur\Application Data\The Labyrinth Plus! Edition

2009-12-31 22:35 . 2009-12-31 22:35 138240 ----a-w- c:\documents and settings\utilisateur\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll

2009-12-31 22:35 . 2009-12-31 22:35 138240 ----a-w- c:\documents and settings\utilisateur\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll

2009-12-31 22:35 . 2009-12-31 22:35 138240 ----a-w- c:\documents and settings\utilisateur\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll

2009-12-31 22:35 . 2009-12-31 22:35 138240 ----a-w- c:\documents and settings\utilisateur\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll

2009-12-28 17:12 . 2004-03-09 10:39 8704 ----a-w- c:\windows\system32\vidccleaner.exe

2009-12-28 17:12 . 1998-07-09 19:41 217088 ----a-w- c:\windows\system32\skjpeg40.dll

2009-12-28 17:12 . 1998-03-04 10:40 83968 ----a-w- c:\windows\system32\Skbase40.dll

2009-12-28 14:23 . 2009-12-28 14:23 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-18 09:19 . 2009-04-27 15:38 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-01-18 08:39 . 2009-04-27 19:13 -------- d-----w- c:\documents and settings\utilisateur\Application Data\Azureus

2010-01-18 00:19 . 2009-04-27 19:08 -------- d-----w- c:\program files\Java

2010-01-17 23:57 . 2009-11-14 09:07 -------- d-----w- c:\documents and settings\utilisateur\Application Data\vlc

2010-01-16 19:44 . 2009-04-29 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files

2010-01-14 10:12 . 2009-09-29 15:29 181120 ------w- c:\windows\system32\MpSigStub.exe

2010-01-13 18:43 . 2004-08-03 20:59 96512 ------w- c:\windows\system32\drivers\atapi.sys

2010-01-13 14:02 . 2009-04-28 12:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-01-13 12:53 . 2009-04-28 17:24 -------- d-----w- c:\program files\Windows Live Safety Center

2010-01-05 01:17 . 2009-05-27 20:57 -------- d-----w- c:\documents and settings\utilisateur\Application Data\dvdcss

2010-01-01 23:33 . 2009-04-27 17:09 -------- d-----w- c:\program files\MSI

2009-12-31 22:35 . 2009-04-29 04:52 -------- d-----w- c:\program files\SystemRequirementsLab

2009-12-31 22:35 . 2009-04-29 04:52 -------- d-----w- c:\documents and settings\utilisateur\Application Data\SystemRequirementsLab

2009-12-28 14:27 . 2009-07-03 07:14 -------- d-----w- c:\program files\ATI Technologies

2009-12-09 07:30 . 2003-04-24 12:00 93838 ----a-w- c:\windows\system32\perfc00C.dat

2009-12-09 07:30 . 2003-04-24 12:00 532376 ----a-w- c:\windows\system32\perfh00C.dat

2009-12-09 00:45 . 2009-04-28 17:40 1234744 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2009-12-09 00:37 . 2009-12-09 00:37 -------- d-----w- c:\documents and settings\utilisateur\Application Data\Ubisoft

2009-12-09 00:29 . 2009-12-09 00:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Ubisoft

2009-12-07 18:39 . 2009-12-07 18:39 8645632 ----a-w- c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe

2009-12-07 18:35 . 2009-12-07 18:35 2287104 ----a-w- c:\windows\system32\TUKernel.exe

2009-12-06 19:45 . 2009-12-06 19:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard

2009-12-06 04:10 . 2009-12-06 04:10 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe

2009-12-06 04:10 . 2009-12-06 04:10 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys

2009-12-06 04:10 . 2009-12-06 04:10 -------- d-----w- c:\program files\EDIMAX

2009-12-05 22:12 . 2009-12-03 21:47 -------- d-----w- c:\program files\Wanadoo

2009-12-05 20:23 . 2009-12-05 20:23 -------- d-----w- c:\program files\Fichiers communs\Blizzard Entertainment

2009-12-03 23:12 . 2009-12-03 19:48 -------- d-----w- c:\documents and settings\utilisateur\Application Data\OneSwarm

2009-12-03 23:09 . 2009-12-03 19:48 -------- d-----w- c:\program files\OneSwarm

2009-12-03 22:52 . 2009-12-03 22:52 -------- d-----w- c:\program files\Fichiers communs\France Telecom

2009-11-30 17:02 . 2009-11-30 17:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll

2009-11-30 17:02 . 2009-11-30 17:02 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe

2009-11-29 19:34 . 2009-09-02 06:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-11-28 19:46 . 2009-05-14 12:18 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software

2009-11-28 19:00 . 2009-11-28 19:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\TuneUp Software

2009-11-28 18:54 . 2009-11-28 18:54 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

2009-11-28 17:45 . 2009-11-28 17:45 -------- d-----w- c:\documents and settings\utilisateur\Application Data\Megaupload

2009-11-27 13:52 . 2009-11-27 13:52 10134 ----a-r- c:\documents and settings\utilisateur\Application Data\Microsoft\Installer\{A37A26D5-8444-4862-933B-478371D0299D}\ARPPRODUCTICON.exe

2009-11-27 13:52 . 2009-10-30 18:34 8854 ----a-r- c:\documents and settings\utilisateur\Application Data\Microsoft\Installer\{A37A26D5-8444-4862-933B-478371D0299D}\UNINST_Uninstall_C_A37A26D584444862933B478371D0299D.exe

2009-11-27 13:52 . 2009-10-30 18:34 53248 ----a-r- c:\documents and settings\utilisateur\Application Data\Microsoft\Installer\{A37A26D5-8444-4862-933B-478371D0299D}\NewShortcut11_A37A26D584444862933B478371D0299D.exe

2009-11-27 13:52 . 2009-10-30 18:34 53248 ----a-r- c:\documents and settings\utilisateur\Application Data\Microsoft\Installer\{A37A26D5-8444-4862-933B-478371D0299D}\NewShortcut1_A37A26D584444862933B478371D0299D.exe

2009-11-26 08:13 . 2009-10-29 13:38 -------- d-----w- c:\program files\TuneUp Utilities 2009

2009-11-25 03:50 . 2008-08-08 09:30 4463104 ----a-w- c:\windows\system32\drivers\ati2mtag.sys

2009-11-25 03:27 . 2009-05-16 03:39 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll

2009-11-25 03:26 . 2008-08-08 08:48 300032 ----a-w- c:\windows\system32\ati2dvag.dll

2009-11-25 03:11 . 2009-05-16 03:18 208896 ----a-w- c:\windows\system32\atipdlxx.dll

2009-11-25 03:11 . 2009-05-16 03:17 155648 ----a-w- c:\windows\system32\Oemdspif.dll

2009-11-25 03:10 . 2009-05-16 03:17 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe

2009-11-25 03:10 . 2009-05-16 03:17 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2009-11-25 03:10 . 2009-05-16 03:17 155648 ----a-w- c:\windows\system32\ati2evxx.dll

2009-11-25 03:09 . 2009-05-16 03:15 602112 ----a-w- c:\windows\system32\ati2evxx.exe

2009-11-25 03:07 . 2009-05-16 03:14 53248 ----a-w- c:\windows\system32\ATIDDC.DLL

2009-11-25 02:59 . 2009-05-16 02:51 311296 ----a-w- c:\windows\system32\atiiiexx.dll

2009-11-25 02:59 . 2008-08-08 08:25 3538496 ----a-w- c:\windows\system32\ati3duag.dll

2009-11-25 02:44 . 2009-05-16 02:55 13533184 ----a-w- c:\windows\system32\atioglxx.dll

2009-11-25 02:43 . 2008-08-08 08:13 2142848 ----a-w- c:\windows\system32\ativvaxx.dll

2009-11-25 02:42 . 2009-05-16 02:54 887724 ----a-w- c:\windows\system32\ativva6x.dat

2009-11-25 02:42 . 2009-05-16 02:54 3 ----a-w- c:\windows\system32\ativva5x.dat

2009-11-25 02:26 . 2009-05-16 02:38 65024 ----a-w- c:\windows\system32\atimpc32.dll

2009-11-25 02:26 . 2009-05-16 02:38 65024 ----a-w- c:\windows\system32\amdpcom32.dll

2009-11-25 02:21 . 2009-05-16 02:33 565248 ----a-w- c:\windows\system32\atikvmag.dll

2009-11-25 02:20 . 2009-05-16 01:35 45056 ----a-w- c:\windows\system32\aticalrt.dll

2009-11-25 02:20 . 2009-05-16 01:34 45056 ----a-w- c:\windows\system32\aticalcl.dll

2009-11-25 02:19 . 2009-05-16 02:31 176128 ----a-w- c:\windows\system32\atiadlxx.dll

2009-11-25 02:18 . 2009-05-16 02:31 17408 ----a-w- c:\windows\system32\atitvo32.dll

2009-11-25 02:18 . 2009-05-16 01:33 3612672 ----a-w- c:\windows\system32\aticaldd.dll

2009-11-25 02:18 . 2009-05-16 02:30 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2009-11-25 02:17 . 2009-05-16 02:26 397312 ----a-w- c:\windows\system32\atiok3x2.dll

2009-11-25 02:12 . 2008-08-08 07:46 638976 ----a-w- c:\windows\system32\ati2cqag.dll

2009-11-21 15:58 . 2004-08-19 14:09 471552 ----a-w- c:\windows\AppPatch\aclayers.dll

2009-11-21 08:46 . 2009-11-21 08:46 86016 ----a-w- c:\windows\system32\frapsvid.dll

2009-11-20 18:35 . 2009-11-20 18:35 10686001 ----a-w- c:\documents and settings\utilisateur\Application Data\Azureus\plugins\azump\mplayer.exe

2009-11-14 13:24 . 2009-11-14 13:24 64072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\French\setup.exe

2009-11-13 11:00 . 2009-11-28 19:47 29512 ----a-w- c:\windows\system32\TURegOpt.exe

2009-11-13 10:53 . 2009-11-28 19:47 30024 ----a-w- c:\windows\system32\uxtuneup.dll

2009-11-06 09:59 . 2009-11-06 09:59 15406728 ----a-w- c:\windows\system32\xlive.dll

2009-11-06 09:59 . 2009-11-06 09:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll

2009-10-30 07:48 . 2009-10-30 07:48 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe

2009-10-29 07:42 . 2004-08-19 14:09 916480 ------w- c:\windows\system32\wininet.dll

2009-10-27 19:05 . 2009-10-27 19:04 1925024 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe

2009-10-27 18:00 . 2009-10-31 08:13 85504 ----a-w- c:\windows\system32\ff_vfw.dll

2009-10-22 15:59 . 2009-04-23 19:04 196565 ----a-w- c:\windows\system32\atiicdxx.dat

2009-10-21 05:39 . 2004-08-19 14:09 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:39 . 2004-08-19 14:09 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 18:34 . 2009-10-20 18:34 219664 ----a-w- c:\windows\system32\klogon.dll

2009-10-20 16:20 . 2004-08-03 21:00 265728 ----a-w- c:\windows\system32\drivers\http.sys

2009-05-19 15:32 . 2009-05-19 15:32 24 --sha-w- c:\windows\S0A84C589.tmp

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-10-03 3883856]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-24 98304]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-10-20 340456]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Wireless Utility.lnk - c:\program files\EDIMAX\Common\RaUI.exe [2009-12-6 716800]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DualCoreCenter.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\DualCoreCenter.lnk

backup=c:\windows\pss\DualCoreCenter.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^utilisateur^Menu Démarrer^Programmes^Démarrage^Yahoo! Widgets.lnk]

path=c:\documents and settings\utilisateur\Menu Démarrer\Programmes\Démarrage\Yahoo! Widgets.lnk

backup=c:\windows\pss\Yahoo! Widgets.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2009-09-04 11:08 935288 ----a-r- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-10-03 03:08 35696 ----a-w- d:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

2009-01-29 22:20 57344 ----a-w- d:\program files\SlySoft\CloneCD\CloneCDTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DelReg]

2008-05-13 18:26 196608 ----a-w- c:\program files\MSI\DualCoreCenter\DelReg.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]

2009-04-29 17:55 3338240 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fraps]

2009-11-21 08:48 2234288 ----a-w- d:\fraps\fraps.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-10-28 19:21 141600 ----a-w- d:\program files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-09-04 23:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]

2007-09-02 11:58 495616 ----a-w- c:\program files\RocketDock\RocketDock.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

2008-07-10 08:22 397312 ----a-w- f:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2009-05-23 20:25 1217784 ----a-w- d:\program files\Steam\Steam.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2009-07-01 16:37 37888 ----a-w- d:\program files\Winamp\winampa.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"d:\\Program Files\\eMule\\emule.exe"=

"d:\\Program Files\\Vuze\\Azureus.exe"=

"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"f:\\Program Files\\Electronic Arts\\Burnout Paradise The Ultimate Box\\BurnoutLauncher.exe"=

"f:\\Program Files\\Electronic Arts\\Burnout Paradise The Ultimate Box\\BurnoutConfigTool.exe"=

"f:\\Program Files\\Electronic Arts\\Burnout Paradise The Ultimate Box\\BurnoutParadise.exe"=

"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

"d:\\Program Files\\Steam\\steamapps\\multima85\\team fortress 2\\hl2.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"f:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=

"f:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=

"f:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=

"d:\\Program Files\\iTunes\\iTunes.exe"=

"e:\\jeux\\WorldOfWarcraft\\Wow.exe"=

"e:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=

"e:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=

"e:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

"f:\\Program Files\\Ubisoft\\James Cameron's AVATAR - THE GAME\\bin\\Avatar.exe"=

"f:\\Program Files\\Ubisoft\\James Cameron's AVATAR - THE GAME\\bin\\AvatarLauncher.exe"=

 

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 20:18 36880]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [13/11/2009 11:57 1021256]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 13:42 32272]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/10/2009 18:39 19472]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 07:24 10064]

S2 ppyoxhjw;Sony Ericsson Device 616 USB WMC Device Management s (WDM)Monitor;c:\windows\System32\svchost.exe -k netsvcs [19/08/2004 15:10 14336]

S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [30/04/2009 14:19 12672]

S3 Cristie Storage Engine;Cristie Storage Engine;d:\program files\Cristie\Cristie Storage Manager 4.30.1\CSE.EXE --> d:\program files\Cristie\Cristie Storage Manager 4.30.1\CSE.EXE [?]

S3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FlashSys.sys [02/01/2010 11:38 9216]

S3 G Data Tuner Service;G Data Tuner Service;c:\program files\G Data\TotalCare\AVKTuner\AVKTunerService.exe --> c:\program files\G Data\TotalCare\AVKTuner\AVKTunerService.exe [?]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [21/05/2009 22:51 13224]

S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [10/09/2009 14:12 28672]

S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [07/05/2009 21:15 89256]

S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [07/05/2009 21:15 15016]

S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [07/05/2009 21:15 120744]

S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [07/05/2009 21:15 114216]

S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [07/05/2009 21:15 25512]

S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [07/05/2009 21:15 110632]

S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [07/05/2009 21:15 115752]

S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [07/05/2009 21:15 86824]

S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [07/05/2009 21:15 15016]

S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [07/05/2009 21:15 114600]

S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [07/05/2009 21:15 108328]

S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [07/05/2009 21:15 26024]

S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [07/05/2009 21:15 104616]

S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [07/05/2009 21:15 109736]

S3 WZCOOK;WEP/WPA-PMK key recovery service;"c:\documents and settings\utilisateur\Bureau\aircrack-ng-1.0-win\bin\wzcook.exe" --> c:\documents and settings\utilisateur\Bureau\aircrack-ng-1.0-win\bin\wzcook.exe [?]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ppyoxhjw

UxTuneUp

.

Contenu du dossier 'Tâches planifiées'

 

2010-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

 

2010-01-18 c:\windows\Tasks\Recherche de problèmes automatique.job

- d:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-11-13 11:05]

 

2010-01-18 c:\windows\Tasks\User_Feed_Synchronization-{733F5D74-C36A-4DE0-A90D-9447AE71ABDB}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

.

.

------- Examen supplémentaire -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uStart Page = hxxp://www.orange.fr

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

IE: Convertir les liens sélectionnés en fichier Adobe PDF

IE: E&xporter vers Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Liens de téléchargement avec Mega Manager... - d:\program files\Megaupload\Mega Manager\mm_file.htm

Trusted Zone: com.tw\asia.msi

Trusted Zone: com.tw\global.msi

Trusted Zone: com.tw\www.msi

DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab

FF - ProfilePath - c:\documents and settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\ii8pw1qa.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=fr&q=

FF - component: c:\documents and settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\ii8pw1qa.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll

FF - component: c:\documents and settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\ii8pw1qa.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}\components\WinampPlayer.dll

FF - component: c:\documents and settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\ii8pw1qa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: d:\program files\Mozilla Firefox\components\flashgetXpi.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: d:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll

FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll

FF - plugin: d:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: d:\program files\Mozilla Firefox\plugins\npyaxmpb.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- PARAMETRES FIREFOX ----

 

 

FF - user.js: content.switch.threshold - 1000000

.

- - - - ORPHELINS SUPPRIMES - - - -

 

AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe

 

 

 

**************************************************************************

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés:

 

**************************************************************************

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(1280)

c:\windows\system32\Ati2evxx.dll

 

- - - - - - - > 'explorer.exe'(2720)

d:\program files\iTunes\iTunesMiniPlayer.dll

d:\program files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll

d:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll

c:\windows\system32\eappprxy.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll

c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

d:\program files\Megaupload\Mega Manager\MegaIEMn.dll

c:\program files\Fichiers communs\Microsoft Shared\Windows Live\msidcrl40.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Windows Media Player\WMPNetwk.exe

c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe

d:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe

c:\windows\system32\wscntfy.exe

c:\windows\RTHDCPL.EXE

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

d:\program files\Mozilla Firefox\firefox.exe

.

**************************************************************************

.

Heure de fin: 2010-01-18 13:03:47 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-01-18 12:03

 

Avant-CF: 163 617 153 024 octets libres

Après-CF: 163 715 010 560 octets libres

 

- - End Of File - - 6BDFE42E28F394F09667488FB84DDE74

[Thanos]

re!

 

désolé je n'ai pas lu ta réponse de suite

 

Le scan avec ComboFix a fonctionné et supprimé les fichiers infectés.

Un élément douteux qu'on va vérifier >>

 

Télécharge RegSearch.exe (Registry Search de Bobbi Flekman)

• dézippe dans un répertoire dédié tel que C:\Program Files
  
• double clique sur RegSearch.exe
  
• copie colle les entrées en bleu dans les lignes de la zone de recherche:
   
  ppyoxhjw
   
   
  
• rien dans la ligne "Enter string to exclude from results" et clique sur "OK".
  
• après recherche, le bloc-notes ouvre une fenêtre "RegSearch.txt" avec toutes les instances trouvées
  
• le fichier est en outre sauvegardé dans le même répertoire que celui de RegSearch
  
• copie-colle le contenu de la fenêtre dans un post, ici
  
• ferme le bloc-notes et ferme RegSearch par Cancel
  
• Si la manipulation ne marche pas, entre les éléments un par un.
  

Note: le résultat de Regsearch risque d'être long!! aussi utilise deux posts pour le coller s'il le faut (en entier).

[multima]

Windows Registry Editor Version 5.00

 

; Registry Search 2.0 by Bobbi Flekman © 2005

; Version: 2.0.6.0

 

; Results at 18/01/2010 23:28:29 for strings:

; 'ppyoxhjw'

; Strings excluded from search:

; (None)

; Search in:

; Registry Keys Registry Values Registry Data

; HKEY_LOCAL_MACHINE HKEY_USERS

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]

; Contents of value:

; 6to4

; AppMgmt

; AudioSrv

; Browser

; CryptSvc

; DMServer

; DHCP

; ERSvc

; ppyoxhjw

; EventSystem

; FastUserSwitchingCompatibility

; HidServ

; Ias

; Iprip

; Irmon

; LanmanServer

; LanmanWorkstation

; Messenger

; Netman

; Nla

; Ntmssvc

; NWCWorkstation

; Nwsapagent

; Rasauto

; Rasman

; Remoteaccess

; Schedule

; Seclogon

; SENS

; Sharedaccess

; SRService

; Tapisrv

; Themes

; TrkWks

; UxTuneUp

; W32Time

; WZCSVC

; Wmi

; WmdmPmSp

; winmgmt

; wscsvc

; xmlprov

; BITS

; wuauserv

; ShellHWDetection

; helpsvc

; WmdmPmSN

; napagent

; hkmsvc

;

"netsvcs"=hex(7):36,00,74,00,6f,00,34,00,00,00,41,00,70,00,70,00,4d,00,67,00,\

6d,00,74,00,00,00,41,00,75,00,64,00,69,00,6f,00,53,00,72,00,76,00,00,00,42,\

00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,43,00,72,00,79,00,70,00,74,00,\

53,00,76,00,63,00,00,00,44,00,4d,00,53,00,65,00,72,00,76,00,65,00,72,00,00,\

00,44,00,48,00,43,00,50,00,00,00,45,00,52,00,53,00,76,00,63,00,00,00,70,00,\

70,00,79,00,6f,00,78,00,68,00,6a,00,77,00,00,00,45,00,76,00,65,00,6e,00,74,\

00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,61,00,73,00,74,00,55,00,\

73,00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,69,00,6e,00,67,00,43,\

00,6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,00,69,00,74,00,79,00,\

00,00,48,00,69,00,64,00,53,00,65,00,72,00,76,00,00,00,49,00,61,00,73,00,00,\

00,49,00,70,00,72,00,69,00,70,00,00,00,49,00,72,00,6d,00,6f,00,6e,00,00,00,\

4c,00,61,00,6e,00,6d,00,61,00,6e,00,53,00,65,00,72,00,76,00,65,00,72,00,00,\

00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,\

61,00,74,00,69,00,6f,00,6e,00,00,00,4d,00,65,00,73,00,73,00,65,00,6e,00,67,\

00,65,00,72,00,00,00,4e,00,65,00,74,00,6d,00,61,00,6e,00,00,00,4e,00,6c,00,\

61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,00,00,00,4e,00,57,00,43,\

00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,\

4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,00,74,00,00,00,52,00,61,\

00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,73,00,6d,00,61,00,6e,00,\

00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,00,63,00,65,00,73,00,73,\

00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,00,00,53,00,65,00,\

63,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,53,00,45,00,4e,00,53,00,00,00,53,\

00,68,00,61,00,72,00,65,00,64,00,61,00,63,00,63,00,65,00,73,00,73,00,00,00,\

53,00,52,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,54,00,61,00,70,\

00,69,00,73,00,72,00,76,00,00,00,54,00,68,00,65,00,6d,00,65,00,73,00,00,00,\

54,00,72,00,6b,00,57,00,6b,00,73,00,00,00,55,00,78,00,54,00,75,00,6e,00,65,\

00,55,00,70,00,00,00,57,00,33,00,32,00,54,00,69,00,6d,00,65,00,00,00,57,00,\

5a,00,43,00,53,00,56,00,43,00,00,00,57,00,6d,00,69,00,00,00,57,00,6d,00,64,\

00,6d,00,50,00,6d,00,53,00,70,00,00,00,77,00,69,00,6e,00,6d,00,67,00,6d,00,\

74,00,00,00,77,00,73,00,63,00,73,00,76,00,63,00,00,00,78,00,6d,00,6c,00,70,\

00,72,00,6f,00,76,00,00,00,42,00,49,00,54,00,53,00,00,00,77,00,75,00,61,00,\

75,00,73,00,65,00,72,00,76,00,00,00,53,00,68,00,65,00,6c,00,6c,00,48,00,57,\

00,44,00,65,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,68,00,65,00,\

6c,00,70,00,73,00,76,00,63,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,\

00,4e,00,00,00,6e,00,61,00,70,00,61,00,67,00,65,00,6e,00,74,00,00,00,68,00,\

6b,00,6d,00,73,00,76,00,63,00,00,00,00,00

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_PPYOXHJW]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_PPYOXHJW\0000]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_PPYOXHJW\0000]

"Service"="ppyoxhjw"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_PPYOXHJW\0000\Control]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_PPYOXHJW\0000\Control]

"ActiveService"="ppyoxhjw"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ppyoxhjw]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ppyoxhjw\Parameters]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ppyoxhjw\Enum]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ppyoxhjw\Enum]

"0"="Root\\LEGACY_PPYOXHJW\\0000"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_PPYOXHJW]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_PPYOXHJW\0000]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_PPYOXHJW\0000]

"Service"="ppyoxhjw"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ppyoxhjw]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ppyoxhjw\Parameters]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_PPYOXHJW]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_PPYOXHJW\0000]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_PPYOXHJW\0000]

"Service"="ppyoxhjw"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ppyoxhjw]

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ppyoxhjw\Parameters]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PPYOXHJW]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PPYOXHJW\0000]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PPYOXHJW\0000]

"Service"="ppyoxhjw"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PPYOXHJW\0000\Control]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PPYOXHJW\0000\Control]

"ActiveService"="ppyoxhjw"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ppyoxhjw]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ppyoxhjw\Parameters]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ppyoxhjw\Enum]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ppyoxhjw\Enum]

"0"="Root\\LEGACY_PPYOXHJW\\0000"

 

; End Of The Log...