FORUM Tom's Hardware » Le monde de Windows » Sécurité » Virus bizarre en .dll
 

Virus bizarre en .dll

Il y a 407 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici
Ajouter une réponse



 Mot :   Pseudo :  
 
Bas de page
Auteur
 Sujet : Virus bizarre en .dll
 
Julianinho
Plus d'informations
n°193263
23-04-2008 à 22:58:27

Bonjour je n'arrives pas à me débarasser d'un virus, il revient sans cesse:  
 
http://img108.imageshack.us/img108/7408/sanstitre1oj2.jpg
 
le fichier " loeel " me parait bizarre, de plus plusieurs page web s'ouvrent toute seul,
j'ai lancé adaware, spybot et avg antispyware, ils m'ont rien trouvé,je les ai mis a jour, etrust pest patrol m'a trouvé un keylogger et nod32 m'a trouvé 12 virus qu'il a supprimé, mais apparement il en reste, voici le rapport de hijackthis:
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:38:31, on 23/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\real\IEeREAD.dll (file missing)
O2 - BHO: (no name) - {387EF957-5DB1-45F9-9617-DA9F281EDC3E} - C:\WINDOWS\system32\pmnoLbyy.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {83F35F5A-77FE-46FA-95F8-81652C61CFDB} - (no file)
O2 - BHO: {8e903171-296c-185a-9b64-576d9e5f9ff8} - {8ff9f5e9-d675-46b9-a581-c692171309e8} - C:\WINDOWS\system32\fqbloovh.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {ADF136C5-3CC8-4724-A4C4-D38C2D37B6A3} - (no file)
O2 - BHO: (no name) - {B0A8F047-8B3A-45F9-9477-425EA6E08C41} - C:\WINDOWS\system32\opnMcywu.dll
O2 - BHO: (no name) - {F50B3F5E-856E-4757-9BB1-B35D46CA7719} - C:\WINDOWS\system32\vtUnOgFx.dll
O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe"
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [BMe7d08a76] Rundll32.exe "C:\WINDOWS\system32\loeelqsj.dll",s
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE...
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - www.update.microsoft.com...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - config.zebulon.fr...
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: WEP/WPA-PMK key recovery service (WZCOOK) - Unknown owner - D:\Mes documents\Logiciels\Crack\Cracker un wifi\Windows Wifi Collection - aircrack airsnort airopeek\WinAircrackPack\WinAircrackPack\wzcook.exe
 
--
End of file - 9762 bytes
 
 
merci d'avance

Angeldark
Profil : Helper
Plus d'informations
n°193278
24-04-2008 à 12:05:59

Bonjour,
 
Désactive tes protections résidentes (antivirus, Spybot...) !
 

  • Télécharge Combofix (sUBs) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.


---------------
Prévention & Protection|Les logiciels gratuits
Julianinho
Plus d'informations
n°193291
24-04-2008 à 19:51:59

Voila le rapport, à noté qu'il ma bien supprimé des dll mais au redémarrage ils sont revenue dans msconfig:
 
ComboFix 08-04-22.5 - Administrateur 2008-04-24 18:37:00.4 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel  5.1.2600.2.1252.1.1036.18.1744 [GMT 2:00]
Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
 
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
 
(((((((((((((((((((((((((((((   Fichiers créés 2008-03-24 to 2008-04-24  ))))))))))))))))))))))))))))))))))))
.
 
2008-04-24 17:51 . 2008-04-24 18:25 <REP> d-------- C:\VundoFix Backups
2008-04-23 22:35 . 2008-04-23 23:08 1,540,617 ---hs---- C:\WINDOWS\system32\vuqgvtgb.ini
2008-04-23 21:31 . 2008-04-23 21:31 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\MSNInstaller
2008-04-23 21:03 . 2008-04-23 23:44 269 --a------ C:\WINDOWS\wininit.ini
2008-04-23 20:01 . 2008-04-23 20:01 1,540,617 ---hs---- C:\WINDOWS\system32\ibvboful.ini
2008-04-23 19:56 . 2008-04-23 19:56 0 --a------ C:\WINDOWS\BMe7d08a76.xml
2008-04-22 19:59 . 2008-04-22 20:06 <REP> d-------- C:\Program Files\real
2008-04-22 19:07 . 2008-04-22 19:07 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-04-20 12:51 . 2008-04-20 12:51 <REP> d-------- C:\Program Files\Ulead Systems
2008-04-20 12:42 . 2008-04-20 12:42 4,508 --a------ C:\WINDOWS\system32\gaeffect.sti
2008-04-20 12:42 . 2008-04-20 12:51 3,176 --a------ C:\WINDOWS\system32\gafilter.sti
2008-04-20 12:41 . 2008-04-20 12:41 <REP> d-------- C:\WINDOWS\PreviewSoft
2008-04-20 12:41 . 1999-10-15 12:50 1,056,768 --a------ C:\WINDOWS\system32\ROBOEX32.DLL
2008-04-20 12:41 . 1999-01-28 15:44 49,152 --a------ C:\WINDOWS\system32\INETWH32.dll
2008-04-20 12:41 . 2008-04-20 15:59 436 --a------ C:\WINDOWS\ULEAD32.INI
2008-04-20 12:26 . 2008-04-20 12:26 <REP> d-------- C:\WINDOWS\Vbox
2008-04-20 12:26 . 2008-04-20 12:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-04-20 12:26 . 2008-04-20 12:26 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Ulead Systems
2008-04-20 12:26 . 2008-04-20 12:38 555 --ah----- C:\WINDOWS\system32\ws073247.ocx
2008-04-20 12:26 . 2008-04-20 12:38 555 --ah----- C:\os357577.bin
2008-04-20 12:25 . 2008-04-20 12:25 <REP> d-------- C:\WINDOWS\Noslip
2008-04-19 19:55 . 2008-04-19 19:55 28 --a------ C:\WINDOWS\system\ATMAIL.AT
2008-04-19 19:55 . 2008-04-19 19:55 26 --a------ C:\WINDOWS\system\ATINFO.AT
2008-04-19 19:55 . 2008-04-19 19:55 12 --a------ C:\WINDOWS\system\ATNAME.AT
2008-04-19 10:35 . 2008-03-03 14:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg
2008-04-19 09:54 . 2008-04-19 09:54 160,288 --a------ C:\WINDOWS\nod32_v3.0.621.0_Fr Uninstaller.exe
2008-04-19 09:49 . 2008-04-23 20:09 <REP> d-------- C:\Program Files\ESET
2008-04-18 23:26 . 2008-04-18 23:26 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ESET
2008-04-17 12:35 . 2008-04-17 12:35 <REP> d-------- C:\Program Files\WinPcap
2008-04-17 11:31 . 2008-04-17 11:31 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-04-17 11:30 . 2008-04-17 11:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-16 21:30 . 2008-04-20 17:28 4,096 --ahs---- C:\VSNAP.IDX
2008-04-16 11:02 . 2008-04-16 11:02 <REP> d-------- C:\Program Files\Fichiers communs\Scanner
2008-04-16 11:02 . 2008-04-16 11:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-04-16 11:01 . 2008-04-16 11:01 <REP> d-------- C:\Program Files\CA
2008-04-15 19:06 . 2008-04-16 21:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Agnitum
2008-04-15 11:04 . 2008-04-15 11:04 13,824 --a------ C:\WINDOWS\system32\drivers\splitcam.sys
2008-04-15 11:03 . 2008-04-16 21:37 <REP> d-------- C:\Program Files\SplitCam
2008-04-15 11:03 . 2003-05-14 21:07 389,120 --a------ C:\WINDOWS\system32\actskn43.ocx
2008-04-14 12:51 . 2008-04-14 12:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-04-14 10:46 . 2008-04-17 11:30 <REP> d-------- C:\Program Files\Windows Live
2008-04-14 10:46 . 2008-04-17 12:16 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-04-14 10:34 . 2005-08-23 11:35 344,064 --a------ C:\WINDOWS\system32\MSVCR70.DLL
2008-04-13 22:08 . 2008-04-13 22:08 268 --ah----- C:\sqmdata03.sqm
2008-04-13 22:08 . 2008-04-13 22:08 244 --ah----- C:\sqmnoopt03.sqm
2008-04-01 11:19 . 2008-04-01 11:33 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2008-04-01 11:19 . 2005-10-13 22:14 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-01 11:19 . 2005-10-13 22:14 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-03-31 23:25 . 2008-03-31 23:25 831,488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 23:25 . 2008-03-31 23:25 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 23:25 . 2008-03-31 23:25 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 23:25 . 2008-03-31 23:25 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 23:25 . 2008-03-31 23:25 682,496 --a------ C:\WINDOWS\system32\DivX.dll
2008-03-31 23:25 . 2008-03-31 23:25 161,096 --a--c--- C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-29 20:07 . 2008-03-29 20:07 <REP> d-------- C:\Program Files\Virtual Earth 3D
2008-03-25 22:14 . 2008-04-16 21:37 <REP> d-------- C:\Program Files\Microsoft Bootvis
2008-03-25 18:29 . 2008-03-25 18:34 <REP> d-------- C:\Program Files\Cube
2008-03-25 18:01 . 2008-04-16 21:37 <REP> d-------- C:\Program Files\OpenAL
2008-03-25 18:01 . 2008-03-25 18:01 409,600 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-03-25 18:01 . 2008-03-25 18:01 114,688 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-03-25 15:14 . 2008-03-25 15:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\THQ
2008-03-25 15:09 . 2008-03-25 15:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-25 11:24 . 2008-03-25 11:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\RTL Winter Sports 2008
2008-03-24 21:45 . 2008-03-24 21:45 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
2008-03-24 19:03 . 2008-03-24 19:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-03-24 19:03 . 2008-03-24 19:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Switchball
2008-03-24 16:40 . 2008-04-13 21:48 <REP> d-------- C:\Program Files\Free Download Manager
 
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-24 16:04 --------- d-----w C:\Program Files\PowerISO
2008-04-22 20:18 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\utorrent
2008-04-20 10:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-20 10:20 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Vso
2008-04-18 21:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-04-17 18:39 --------- d-----w C:\Program Files\eMule
2008-04-17 09:32 --------- d-----w C:\Program Files\MSN Messenger
2008-04-17 09:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-16 19:48 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-04-03 13:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited
2008-04-02 10:05 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\SystemRequirementsLab
2008-03-25 12:51 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-03-23 18:51 --------- d-----w C:\Program Files\Project64 1.6
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 -c--a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 -c--a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 -c--a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 -c--a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 -c--a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 -c--a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 21:50 55,872 ----a-w C:\WINDOWS\BS_DEF.sys
2008-03-20 20:02 --------- d-----w C:\Program Files\Trend Micro
2008-03-20 18:34 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-20 18:34 --------- d-----w C:\Program Files\ASUS
2008-03-20 07:56 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 21:35 --------- d-----w C:\Program Files\ASUSTek
2008-03-17 17:02 --------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment
2008-03-16 14:33 307,968 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-03-10 18:05 --------- d-----w C:\Program Files\Norton Ghost
2008-03-10 18:05 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-03-10 18:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-10 18:04 --------- d-----w C:\Program Files\Symantec
2008-03-09 18:51 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
2008-03-09 18:50 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-09 18:46 --------- d-----w C:\Program Files\Adobe CS3
2008-03-09 14:35 --------- d-----w C:\Program Files\ElcomSoft
2008-03-09 08:36 --------- d-----w C:\Program Files\Corel
2008-03-07 16:32 22,328 ----a-w C:\Documents and Settings\Administrateur\Application Data\PnkBstrK.sys
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-28 09:45 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\CyberLink
2008-02-27 12:15 28,416 ----a-w C:\WINDOWS\system32\uxtuneup.dll
2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-03 17:50 3,140 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-09-19 16:14 16,844,800 -c--a-w C:\WINDOWS\inf\RTHDCPL.exe
2007-09-19 15:16 4,617,728 -c--a-w C:\WINDOWS\inf\RTKHDAUD.sys
2007-09-19 15:16 4,609,536 -c--a-w C:\WINDOWS\inf\RTKHDA64.sys
2007-09-05 14:12 36,522 -c--a-w C:\WINDOWS\inf\original_inf(s).zip
2007-08-16 14:04 262,144 -c--a-w C:\WINDOWS\inf\RTCOMDLL.dll
2007-08-03 11:22 1,826,816 -c--a-w C:\WINDOWS\inf\SkyTel.exe
2007-07-26 16:06 1,363,968 -c--a-w C:\WINDOWS\inf\RtlUpd64.exe
2007-07-26 16:06 1,191,936 -c--a-w C:\WINDOWS\inf\RtlUpd.exe
2007-07-26 15:09 520,192 -c--a-w C:\WINDOWS\inf\RtlExUpd.dll
2007-06-28 22:43 356,352 -c--a-w C:\WINDOWS\inf\nvudisp.exe
2007-06-28 14:44 2,165,760 -c--a-w C:\WINDOWS\inf\MicCal.exe
2007-06-07 10:47 97,560 -c--a-w C:\WINDOWS\inf\Difx64.exe
2007-04-30 04:42 3,093,504 -c--a-w C:\WINDOWS\inf\NETw4x64.sys
2007-04-30 04:37 2,206,976 -c--a-w C:\WINDOWS\inf\NETw4x32.sys
2007-04-30 04:35 2,201,856 -c--a-w C:\WINDOWS\inf\NETw4k32.sys
2007-04-16 09:22 733,696 -c--a-w C:\WINDOWS\inf\NETw4c64.DLL
2007-04-16 09:22 2,669,056 -c--a-w C:\WINDOWS\inf\NETw4r64.DLL
2007-04-16 09:21 684,032 -c--a-w C:\WINDOWS\inf\NETw4c32.DLL
2007-04-16 09:21 2,772,992 -c--a-w C:\WINDOWS\inf\NETw4r32.DLL
2007-04-16 09:17 236,048 -c--a-w C:\WINDOWS\inf\iProdifx.EXE
2007-04-16 09:16 643,072 -c--a-w C:\WINDOWS\inf\iProdifx.dll
2007-04-05 12:39 455,600 -c--a-w C:\WINDOWS\inf\setup.exe
2007-04-05 12:36 492,032 -c--a-w C:\WINDOWS\inf\ISSetup.dll
2007-04-04 11:48 2,206,464 -c--a-w C:\WINDOWS\inf\w29n50.sys
2007-04-04 11:46 2,210,048 -c--a-w C:\WINDOWS\inf\w29n51.sys
2007-04-04 10:34 305,664 -c--a-w C:\Program Files\Couper-Recoller.exe
2007-03-26 17:48 55,808 -c--a-w C:\WINDOWS\inf\Rixdpx64.sys
2007-03-23 17:19 9,715,200 -c--a-w C:\WINDOWS\inf\RTLCPL.exe
2007-03-21 20:02 37,376 -c--a-w C:\WINDOWS\inf\Rixdptsk.sys
2007-03-19 10:09 55,808 -c--a-w C:\WINDOWS\inf\rimmpx64.sys
2007-03-07 12:59 131,072 -c--a-w C:\WINDOWS\inf\RtlCPAPI.dll
2007-02-27 14:10 53,760 -c--a-w C:\WINDOWS\inf\Rimspx64.sys
2007-02-24 12:42 39,936 -c--a-w C:\WINDOWS\inf\rimmptsk.sys
2007-02-12 10:41 2,732,032 -c--a-w C:\WINDOWS\inf\NETw2r32.DLL
2007-02-12 10:40 557,056 -c--a-w C:\WINDOWS\inf\NETw2c32.DLL
2007-01-30 07:04 845,736 -c--a-w C:\WINDOWS\inf\DPInst64.exe
2007-01-30 07:04 521,128 -c--a-w C:\WINDOWS\inf\DPInst32.EXE
2007-01-23 14:40 42,496 -c--a-w C:\WINDOWS\inf\Rimsptsk.sys
2006-12-14 13:11 7,680 -c--a-w C:\WINDOWS\inf\ATKACPI.SYS
2006-11-10 07:25 319,456 -c--a-w C:\WINDOWS\inf\difxapi.dll
2006-08-23 20:22 110,592 -c--a-w C:\WINDOWS\inf\HControl.exe
2006-08-10 20:08 2,379,776 -c--a-w C:\WINDOWS\inf\ATKOSD.exe
2006-08-01 13:02 49,152 -c--a-w C:\WINDOWS\inf\ChCfg.exe
2006-07-21 14:14 86,016 -c--a-w C:\WINDOWS\inf\SoundMan.exe
2006-05-17 22:21 385,968 -c--a-w C:\WINDOWS\inf\_Setup.dll
2006-05-08 12:57 24,576 -c--a-w C:\WINDOWS\inf\AspScal.exe
2006-05-05 13:50 36,864 -c--a-w C:\WINDOWS\inf\ASUNINST.exe
2006-05-04 17:32 45,056 -c--a-w C:\WINDOWS\inf\XPunin.exe
2006-05-04 14:26 2,808,832 -c--a-w C:\WINDOWS\inf\AlcWzrd.exe
2006-04-13 13:17 163,840 -c--a-w C:\WINDOWS\inf\ASUSNet.dll
.
 
(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45 1052672]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2007-07-05 17:53 1040384]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-08-24 00:15 8478720]
"ATKHOTKEY"="C:\Program Files\ATK Hotkey\Hcontrol.exe" [2007-04-19 11:32 225280]
"ATKOSD2"="C:\Program Files\ATKOSD2\ATKOSD2.exe" [2007-07-03 10:48 7708672]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2004-08-19 16:10 160768]
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 15:52 44544]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUnOgFx]
 
[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Enregistrement de produit Logitech.lnk]
path=C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Enregistrement de produit Logitech.lnk
backup=C:\WINDOWS\pss\Enregistrement de produit Logitech.lnkStartup
 
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
 
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup
 
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
 
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup
 
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a--c--- 2007-10-03 19:33 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
--a--c--- 2007-08-29 22:57 1966080 C:\WINDOWS\system32\xRaidSetup.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdslTaskBar]
 
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a--c--- 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
--a--c--- 2007-10-02 21:28 37232 C:\WINDOWS\ASScrProlog.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
--a--c--- 2006-11-02 08:27 61440 C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMe7d08a76]
C:\WINDOWS\system32\dgrfydga.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaISSDT]
--a------ 2006-04-21 14:42 165416 C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a--c--- 2004-08-19 16:09 15360 C:\WINDOWS\system32\ctfmon.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a--c--- 2004-08-22 17:05 81920 C:\Program Files\D-Tools\daemon.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e4e3b9ea]
C:\WINDOWS\system32\bgtvgquv.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files\Electronic Arts\EA Downloader\Core.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eCarteBleue-BP]
-----c--- 2003-06-20 12:09 188416 C:\Program Files\e-Carte Bleue\Banque Populaire\ECB-BP.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eTrustPPAP]
--a------ 2008-04-16 11:03 258048 C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControl]
--a--c--- 2006-08-23 22:22 110592 C:\WINDOWS\ATK0100\HControl.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a--c--- 2007-07-12 16:36 178712 C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a--c--- 2007-09-26 14:42 267064 C:\Program Files\iTunes\iTunesHelper.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
--a--c--- 2007-03-20 20:36 36864 C:\WINDOWS\RaidTool\xInsIDE.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kava]
C:\WINDOWS\system32\kavo.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a--c--- 2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a--c--- 2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MultiFrame]
C:\Program Files\ASUS\ASUS MultiFrame\MultiFrame.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NB Probe]
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2007-03-01 15:57 153136 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 12.0]
--a------ 2007-03-28 21:41 2037352 C:\Program Files\Norton Ghost\Agent\VProTray.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a--c--- 2007-08-24 00:15 8478720 C:\WINDOWS\system32\NvCpl.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a--c--- 2007-08-24 00:15 81920 C:\WINDOWS\system32\NvMcTray.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a--c--- 2007-08-24 00:15 1626112 C:\WINDOWS\system32\nwiz.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
C:\Program Files\Winamp Remote\bin\OrbTray.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
--a--c--- 2007-10-05 12:33 5207368 C:\Program Files\Pando Networks\Pando\Pando.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]
C:\Program Files\PowerForPhone\PowerForPhone.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a--c--- 2007-08-07 02:05 200704 C:\Program Files\PowerISO\PWRISOVM.EXE
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2007-06-29 06:24 286720 C:\Program Files\QuickTime\QTTask.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a--c--- 2007-09-19 18:14 16844800 C:\WINDOWS\RTHDCPL.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
-ra--c--- 2006-11-22 11:31 630784 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\utorrent\\utorrent.exe"=
"D:\\Jeux\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"D:\\Jeux\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
 
S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\WINDOWS\System32\StkCSrv.exe [2007-04-19 08:42]
S2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-19 16:10]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 08:12]
S3 i740;i740;C:\WINDOWS\system32\DRIVERS\i740nt5.sys [2005-10-13 22:13]
S3 itecir;ITECIR Infrared Receiver;C:\WINDOWS\system32\DRIVERS\itecir.sys [2007-01-08 13:38]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 19:31]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS []
S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\StkCMini.sys [2007-05-30 09:23]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-16 16:33]
S3 WPSYM24;WildPackets Symbol-OEM Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\WPSYM24.sys [2003-09-24 11:26]
S3 WZCOOK;WEP/WPA-PMK key recovery service;"D:\Mes documents\Logiciels\Crack\Cracker un wifi\Windows Wifi Collection - aircrack airsnort airopeek\WinAircrackPack\WinAircrackPack\wzcook.exe"  [2005-11-12 13:00]
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
 
*Newly Created Service* - CATCHME
.
**************************************************************************
 
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-24 18:37:58
Windows 5.1.2600 Service Pack 2 NTFS
 
Balayage processus cachés ...
 
Balayage caché autostart entries ...
 
Balayage des fichiers cachés ...
 
Scan terminé avec succès
Les fichiers cachés: 0
 
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
 
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tsd32.dll
.
Temps d'accomplissement: 2008-04-24 18:38:45
ComboFix-quarantined-files.txt  2008-04-24 16:38:33
ComboFix2.txt  2008-04-24 16:18:40
ComboFix3.txt  2008-02-09 18:24:56
 
Pre-Run: 62,968,193,024 octets libres
Post-Run: 62,948,904,960 octets libres
 
344 --- E O F --- 2007-10-04 20:12:49

Angeldark
Profil : Helper
Plus d'informations
n°193294
24-04-2008 à 21:48:36

MBAM devrait s'en charger :)
 
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
 
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
 

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
 
AIDE : Tuto en images sur MBAM


---------------
Prévention & Protection|Les logiciels gratuits
Julianinho
Plus d'informations
n°193351
25-04-2008 à 19:56:19

Malwarebytes' Anti-Malware 1.11
Version de la base de données: 679
 
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 104887
Temps écoulé: 1 hour(s), 26 minute(s), 49 second(s)
 
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
 
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
 
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
 
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
 
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
 
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
 
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
 
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Angeldark
Profil : Helper
Plus d'informations
n°193354
25-04-2008 à 22:53:42

Re,
 
Désactive tes protections résidentes (antivirus...) !
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
 

File::
C:\WINDOWS\system32\vuqgvtgb.ini
C:\WINDOWS\system32\ibvboful.ini  
 
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUnOgFx]  
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMe7d08a76]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e4e3b9ea] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kava]


 
Ouvre le Bloc-notes (Démarrer>Exécuter...>notepad) puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
 
Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :
http://i266.photobucket.com/albums/ii277/sUBs_/CFScript.gif
 
Cela va relancer ComboFix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport HijackThis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.


---------------
Prévention & Protection|Les logiciels gratuits
Julianinho
Plus d'informations
n°193355
26-04-2008 à 00:38:49

ComboFix 08-04-22.5 - Administrateur 2008-04-26  0:33:01.5 - NTFSx86
Microsoft Windows XP Professionnel  5.1.2600.2.1252.1.1036.18.1463 [GMT 2:00]
Endroit: D:\Mes documents\Logiciels\Antispyware, antivirus (ect..)\ComboFix.exe
Command switches used :: D:\Mes documents\Logiciels\Antispyware, antivirus (ect..)\CFScript.txt
 * Création d'un nouveau point de restauration
 * Resident AV is active
 
 
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
 
FILE ::
C:\WINDOWS\system32\ibvboful.ini
C:\WINDOWS\system32\vuqgvtgb.ini
.
 
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\WINDOWS\system32\ibvboful.ini
C:\WINDOWS\system32\vuqgvtgb.ini
 
.
(((((((((((((((((((((((((((((   Fichiers créés 2008-03-25 to 2008-04-25  ))))))))))))))))))))))))))))))))))))
.
 
2008-04-25 22:40 . 2008-04-25 22:40 354,560 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-04-25 22:40 . 2008-04-04 14:51 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-04-24 22:59 . 2008-04-24 22:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-24 22:59 . 2008-04-24 22:59 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-04-24 21:53 . 2008-04-24 21:53 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-24 18:43 . 2008-04-24 18:44 <REP> d-------- C:\Program Files\SpywareBlaster
2008-04-24 18:43 . 2008-04-24 18:45 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-24 18:43 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-04-23 21:31 . 2008-04-23 21:31 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\MSNInstaller
2008-04-23 21:03 . 2008-04-23 23:44 269 --a------ C:\WINDOWS\wininit.ini
2008-04-23 19:56 . 2008-04-23 19:56 0 --a------ C:\WINDOWS\BMe7d08a76.xml
2008-04-22 19:59 . 2008-04-22 20:06 <REP> d-------- C:\Program Files\real
2008-04-20 12:51 . 2008-04-20 12:51 <REP> d-------- C:\Program Files\Ulead Systems
2008-04-20 12:42 . 2008-04-20 12:42 4,508 --a------ C:\WINDOWS\system32\gaeffect.sti
2008-04-20 12:42 . 2008-04-20 12:51 3,176 --a------ C:\WINDOWS\system32\gafilter.sti
2008-04-20 12:41 . 2008-04-20 12:41 <REP> d-------- C:\WINDOWS\PreviewSoft
2008-04-20 12:41 . 1999-10-15 12:50 1,056,768 --a------ C:\WINDOWS\system32\ROBOEX32.DLL
2008-04-20 12:41 . 1999-01-28 15:44 49,152 --a------ C:\WINDOWS\system32\INETWH32.dll
2008-04-20 12:41 . 2008-04-20 15:59 436 --a------ C:\WINDOWS\ULEAD32.INI
2008-04-20 12:26 . 2008-04-20 12:26 <REP> d-------- C:\WINDOWS\Vbox
2008-04-20 12:26 . 2008-04-20 12:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-04-20 12:26 . 2008-04-20 12:26 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Ulead Systems
2008-04-20 12:26 . 2008-04-20 12:38 555 --ah----- C:\WINDOWS\system32\ws073247.ocx
2008-04-20 12:26 . 2008-04-20 12:38 555 --ah----- C:\os357577.bin
2008-04-20 12:25 . 2008-04-20 12:25 <REP> d-------- C:\WINDOWS\Noslip
2008-04-19 19:55 . 2008-04-19 19:55 28 --a------ C:\WINDOWS\system\ATMAIL.AT
2008-04-19 19:55 . 2008-04-19 19:55 26 --a------ C:\WINDOWS\system\ATINFO.AT
2008-04-19 19:55 . 2008-04-19 19:55 12 --a------ C:\WINDOWS\system\ATNAME.AT
2008-04-19 10:35 . 2008-03-03 14:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg
2008-04-19 09:54 . 2008-04-19 09:54 160,288 --a------ C:\WINDOWS\nod32_v3.0.621.0_Fr Uninstaller.exe
2008-04-19 09:49 . 2008-04-23 20:09 <REP> d-------- C:\Program Files\ESET
2008-04-18 23:26 . 2008-04-18 23:26 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ESET
2008-04-17 12:35 . 2008-04-17 12:35 <REP> d-------- C:\Program Files\WinPcap
2008-04-17 11:31 . 2008-04-17 11:31 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-04-17 11:30 . 2008-04-17 11:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-16 21:30 . 2008-04-25 23:42 4,096 --ahs---- C:\VSNAP.IDX
2008-04-16 11:02 . 2008-04-16 11:02 <REP> d-------- C:\Program Files\Fichiers communs\Scanner
2008-04-16 11:02 . 2008-04-16 11:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-04-16 11:01 . 2008-04-16 11:01 <REP> d-------- C:\Program Files\CA
2008-04-15 19:06 . 2008-04-16 21:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Agnitum
2008-04-15 11:04 . 2008-04-15 11:04 13,824 --a------ C:\WINDOWS\system32\drivers\splitcam.sys
2008-04-15 11:03 . 2008-04-16 21:37 <REP> d-------- C:\Program Files\SplitCam
2008-04-15 11:03 . 2003-05-14 21:07 389,120 --a------ C:\WINDOWS\system32\actskn43.ocx
2008-04-14 12:51 . 2008-04-14 12:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-04-14 10:46 . 2008-04-17 11:30 <REP> d-------- C:\Program Files\Windows Live
2008-04-14 10:46 . 2008-04-17 12:16 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-04-14 10:34 . 2005-08-23 11:35 344,064 --a------ C:\WINDOWS\system32\MSVCR70.DLL
2008-04-13 22:08 . 2008-04-13 22:08 268 --ah----- C:\sqmdata03.sqm
2008-04-13 22:08 . 2008-04-13 22:08 244 --ah----- C:\sqmnoopt03.sqm
2008-04-01 11:19 . 2008-04-01 11:33 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2008-04-01 11:19 . 2005-10-13 22:14 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-01 11:19 . 2005-10-13 22:14 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-03-31 23:25 . 2008-03-31 23:25 831,488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 23:25 . 2008-03-31 23:25 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 23:25 . 2008-03-31 23:25 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 23:25 . 2008-03-31 23:25 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 23:25 . 2008-03-31 23:25 682,496 --a------ C:\WINDOWS\system32\DivX.dll
2008-03-31 23:25 . 2008-03-31 23:25 161,096 --a--c--- C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-29 20:07 . 2008-03-29 20:07 <REP> d-------- C:\Program Files\Virtual Earth 3D
2008-03-25 22:14 . 2008-04-16 21:37 <REP> d-------- C:\Program Files\Microsoft Bootvis
2008-03-25 18:29 . 2008-03-25 18:34 <REP> d-------- C:\Program Files\Cube
2008-03-25 18:01 . 2008-04-16 21:37 <REP> d-------- C:\Program Files\OpenAL
2008-03-25 18:01 . 2008-03-25 18:01 409,600 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-03-25 18:01 . 2008-03-25 18:01 114,688 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-03-25 15:14 . 2008-03-25 15:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\THQ
2008-03-25 15:09 . 2008-03-25 15:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-25 11:24 . 2008-03-25 11:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\RTL Winter Sports 2008
 
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-25 20:40 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-04-25 20:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-25 20:12 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\utorrent
2008-04-24 20:21 --------- d-----w C:\Program Files\eMule
2008-04-24 17:22 --------- d-----w C:\Program Files\Trend Micro
2008-04-24 16:04 --------- d-----w C:\Program Files\PowerISO
2008-04-20 10:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-20 10:20 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Vso
2008-04-18 21:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-04-17 09:32 --------- d-----w C:\Program Files\MSN Messenger
2008-04-13 19:48 --------- d-----w C:\Program Files\Free Download Manager
2008-04-03 13:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited
2008-04-02 10:05 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\SystemRequirementsLab
2008-03-25 12:51 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-03-24 17:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-03-24 17:03 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Switchball
2008-03-23 18:51 --------- d-----w C:\Program Files\Project64 1.6
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 -c--a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 -c--a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 -c--a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 -c--a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 -c--a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 -c--a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 21:50 55,872 ----a-w C:\WINDOWS\BS_DEF.sys
2008-03-20 18:34 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-20 18:34 --------- d-----w C:\Program Files\ASUS
2008-03-20 07:56 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 21:35 --------- d-----w C:\Program Files\ASUSTek
2008-03-17 17:02 --------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment
2008-03-10 18:05 --------- d-----w C:\Program Files\Norton Ghost
2008-03-10 18:05 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-03-10 18:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-10 18:04 --------- d-----w C:\Program Files\Symantec
2008-03-09 18:51 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
2008-03-09 18:50 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-09 18:46 --------- d-----w C:\Program Files\Adobe CS3
2008-03-09 14:35 --------- d-----w C:\Program Files\ElcomSoft
2008-03-09 08:36 --------- d-----w C:\Program Files\Corel
2008-03-07 16:32 22,328 ----a-w C:\Documents and Settings\Administrateur\Application Data\PnkBstrK.sys
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-28 09:45 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\CyberLink
2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-03 17:50 3,140 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-09-19 16:14 16,844,800 -c--a-w C:\WINDOWS\inf\RTHDCPL.exe
2007-09-19 15:16 4,617,728 -c--a-w C:\WINDOWS\inf\RTKHDAUD.sys
2007-09-19 15:16 4,609,536 -c--a-w C:\WINDOWS\inf\RTKHDA64.sys
2007-09-05 14:12 36,522 -c--a-w C:\WINDOWS\inf\original_inf(s).zip
2007-08-16 14:04 262,144 -c--a-w C:\WINDOWS\inf\RTCOMDLL.dll
2007-08-03 11:22 1,826,816 -c--a-w C:\WINDOWS\inf\SkyTel.exe
2007-07-26 16:06 1,363,968 -c--a-w C:\WINDOWS\inf\RtlUpd64.exe
2007-07-26 16:06 1,191,936 -c--a-w C:\WINDOWS\inf\RtlUpd.exe
2007-07-26 15:09 520,192 -c--a-w C:\WINDOWS\inf\RtlExUpd.dll
2007-06-28 22:43 356,352 -c--a-w C:\WINDOWS\inf\nvudisp.exe
2007-06-28 14:44 2,165,760 -c--a-w C:\WINDOWS\inf\MicCal.exe
2007-06-07 10:47 97,560 -c--a-w C:\WINDOWS\inf\Difx64.exe
2007-04-30 04:42 3,093,504 -c--a-w C:\WINDOWS\inf\NETw4x64.sys
2007-04-30 04:37 2,206,976 -c--a-w C:\WINDOWS\inf\NETw4x32.sys
2007-04-30 04:35 2,201,856 -c--a-w C:\WINDOWS\inf\NETw4k32.sys
2007-04-16 09:22 733,696 -c--a-w C:\WINDOWS\inf\NETw4c64.DLL
2007-04-16 09:22 2,669,056 -c--a-w C:\WINDOWS\inf\NETw4r64.DLL
2007-04-16 09:21 684,032 -c--a-w C:\WINDOWS\inf\NETw4c32.DLL
2007-04-16 09:21 2,772,992 -c--a-w C:\WINDOWS\inf\NETw4r32.DLL
2007-04-16 09:17 236,048 -c--a-w C:\WINDOWS\inf\iProdifx.EXE
2007-04-16 09:16 643,072 -c--a-w C:\WINDOWS\inf\iProdifx.dll
2007-04-05 12:39 455,600 -c--a-w C:\WINDOWS\inf\setup.exe
2007-04-05 12:36 492,032 -c--a-w C:\WINDOWS\inf\ISSetup.dll
2007-04-04 11:48 2,206,464 -c--a-w C:\WINDOWS\inf\w29n50.sys
2007-04-04 11:46 2,210,048 -c--a-w C:\WINDOWS\inf\w29n51.sys
2007-04-04 10:34 305,664 -c--a-w C:\Program Files\Couper-Recoller.exe
2007-03-26 17:48 55,808 -c--a-w C:\WINDOWS\inf\Rixdpx64.sys
2007-03-23 17:19 9,715,200 -c--a-w C:\WINDOWS\inf\RTLCPL.exe
2007-03-21 20:02 37,376 -c--a-w C:\WINDOWS\inf\Rixdptsk.sys
2007-03-19 10:09 55,808 -c--a-w C:\WINDOWS\inf\rimmpx64.sys
2007-03-07 12:59 131,072 -c--a-w C:\WINDOWS\inf\RtlCPAPI.dll
2007-02-27 14:10 53,760 -c--a-w C:\WINDOWS\inf\Rimspx64.sys
2007-02-24 12:42 39,936 -c--a-w C:\WINDOWS\inf\rimmptsk.sys
2007-02-12 10:41 2,732,032 -c--a-w C:\WINDOWS\inf\NETw2r32.DLL
2007-02-12 10:40 557,056 -c--a-w C:\WINDOWS\inf\NETw2c32.DLL
2007-01-30 07:04 845,736 -c--a-w C:\WINDOWS\inf\DPInst64.exe
2007-01-30 07:04 521,128 -c--a-w C:\WINDOWS\inf\DPInst32.EXE
2007-01-23 14:40 42,496 -c--a-w C:\WINDOWS\inf\Rimsptsk.sys
2006-12-14 13:11 7,680 -c--a-w C:\WINDOWS\inf\ATKACPI.SYS
2006-11-10 07:25 319,456 -c--a-w C:\WINDOWS\inf\difxapi.dll
2006-08-23 20:22 110,592 -c--a-w C:\WINDOWS\inf\HControl.exe
2006-08-10 20:08 2,379,776 -c--a-w C:\WINDOWS\inf\ATKOSD.exe
2006-08-01 13:02 49,152 -c--a-w C:\WINDOWS\inf\ChCfg.exe
2006-07-21 14:14 86,016 -c--a-w C:\WINDOWS\inf\SoundMan.exe
2006-05-17 22:21 385,968 -c--a-w C:\WINDOWS\inf\_Setup.dll
2006-05-08 12:57 24,576 -c--a-w C:\WINDOWS\inf\AspScal.exe
2006-05-05 13:50 36,864 -c--a-w C:\WINDOWS\inf\ASUNINST.exe
2006-05-04 17:32 45,056 -c--a-w C:\WINDOWS\inf\XPunin.exe
2006-05-04 14:26 2,808,832 -c--a-w C:\WINDOWS\inf\AlcWzrd.exe
.
 
(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45 1052672]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2007-07-05 17:53 1040384]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-08-24 00:15 8478720]
"ATKHOTKEY"="C:\Program Files\ATK Hotkey\Hcontrol.exe" [2007-04-19 11:32 225280]
"ATKOSD2"="C:\Program Files\ATKOSD2\ATKOSD2.exe" [2007-07-03 10:48 7708672]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 15:52 44544]
 
[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Enregistrement de produit Logitech.lnk]
path=C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Enregistrement de produit Logitech.lnk
backup=C:\WINDOWS\pss\Enregistrement de produit Logitech.lnkStartup
 
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
 
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup
 
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
 
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup
 
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a--c--- 2007-10-03 19:33 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
--a--c--- 2007-08-29 22:57 1966080 C:\WINDOWS\system32\xRaidSetup.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdslTaskBar]
 
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a--c--- 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
--a--c--- 2007-10-02 21:28 37232 C:\WINDOWS\ASScrProlog.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
--a--c--- 2006-11-02 08:27 61440 C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaISSDT]
--a------ 2006-04-21 14:42 165416 C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a--c--- 2004-08-19 16:09 15360 C:\WINDOWS\system32\ctfmon.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a--c--- 2004-08-22 17:05 81920 C:\Program Files\D-Tools\daemon.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e4e3b9ea]
C:\WINDOWS\system32\bgtvgquv.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files\Electronic Arts\EA Downloader\Core.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eCarteBleue-BP]
-----c--- 2003-06-20 12:09 188416 C:\Program Files\e-Carte Bleue\Banque Populaire\ECB-BP.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eTrustPPAP]
--a------ 2008-04-16 11:03 258048 C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControl]
--a--c--- 2006-08-23 22:22 110592 C:\WINDOWS\ATK0100\HControl.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a--c--- 2007-07-12 16:36 178712 C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a--c--- 2007-09-26 14:42 267064 C:\Program Files\iTunes\iTunesHelper.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
--a--c--- 2007-03-20 20:36 36864 C:\WINDOWS\RaidTool\xInsIDE.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kava]
C:\WINDOWS\system32\kavo.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a--c--- 2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a--c--- 2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MultiFrame]
C:\Program Files\ASUS\ASUS MultiFrame\MultiFrame.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NB Probe]
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2007-03-01 15:57 153136 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 12.0]
--a------ 2007-03-28 21:41 2037352 C:\Program Files\Norton Ghost\Agent\VProTray.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a--c--- 2007-08-24 00:15 8478720 C:\WINDOWS\system32\NvCpl.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a--c--- 2007-08-24 00:15 81920 C:\WINDOWS\system32\NvMcTray.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a--c--- 2007-08-24 00:15 1626112 C:\WINDOWS\system32\nwiz.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
C:\Program Files\Winamp Remote\bin\OrbTray.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
--a--c--- 2007-10-05 12:33 5207368 C:\Program Files\Pando Networks\Pando\Pando.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]
C:\Program Files\PowerForPhone\PowerForPhone.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a--c--- 2007-08-07 02:05 200704 C:\Program Files\PowerISO\PWRISOVM.EXE
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2007-06-29 06:24 286720 C:\Program Files\QuickTime\QTTask.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a--c--- 2007-09-19 18:14 16844800 C:\WINDOWS\RTHDCPL.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
-ra--c--- 2006-11-22 11:31 630784 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\utorrent\\utorrent.exe"=
"D:\\Jeux\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"D:\\Jeux\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
 
R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe [2004-08-19 16:10]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\WINDOWS\System32\StkCSrv.exe [2007-04-19 08:42]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-19 16:10]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 08:12]
R3 itecir;ITECIR Infrared Receiver;C:\WINDOWS\system32\DRIVERS\itecir.sys [2007-01-08 13:38]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\StkCMini.sys [2007-05-30 09:23]
S3 i740;i740;C:\WINDOWS\system32\DRIVERS\i740nt5.sys [2005-10-13 22:13]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 19:31]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-25 22:40]
S3 WPSYM24;WildPackets Symbol-OEM Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\WPSYM24.sys [2003-09-24 11:26]
S3 WZCOOK;WEP/WPA-PMK key recovery service;"D:\Mes documents\Logiciels\Crack\Cracker un wifi\Windows Wifi Collection - aircrack airsnort airopeek\WinAircrackPack\WinAircrackPack\wzcook.exe"  [2005-11-12 13:00]
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
 
.
**************************************************************************
 
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-26 00:34:20
Windows 5.1.2600 Service Pack 2 NTFS
 
Balayage processus cachés ...
 
Balayage caché autostart entries ...
 
Balayage des fichiers cachés ...
 
Scan terminé avec succès
Les fichiers cachés: 0
 
**************************************************************************
 
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp"
.
Temps d'accomplissement: 2008-04-26  0:35:08
ComboFix-quarantined-files.txt  2008-04-25 22:35:05
 
Pre-Run: 63,562,121,216 octets libres
Post-Run: 63,560,900,608 octets libres
 
346 --- E O F --- 2007-10-04 20:12:49
 
 
 
 
 
 
Hyjackthis
 
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:38:39, on 26/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkCSrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TuneUp Utilities 2008\RegistryCleaner.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\Scanner.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =