[LOGICIEL] [Centralisation] .:::: Hijackthis ::::.

[snooky]

Quel message ? Fait une capture d'écran .

[Nitry]

Quel message ? Fait une capture d'écran .

arf tu n'avais pas lu mon topic

Et bien c'est un message au boot, voici la description:

http://www.pcinpact.com/forum/index.php?showtopic=138629

Je suppose donc qu'il a sa petite clé, et qu'elle n'était pas dans les 04 mais bon, s'tout :/

[snooky]

Ouvre Regedit , puis va à cette clé >

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

Fait une capture d'écran du panneau de droite .

Tu devrais avoir quelque chose comme ça :

"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,shutdown -l -f"
"LegalNoticeCaption"="H4CK3D BY W4REZZ"
"DefaultUserName"="Admin" 
"LegalNoticeText"="Happy day!"

Lance Autoruns > http://technet.microsoft.com/en-us/sysinte...s/bb963902.aspx

Regarde dans les différents onglets ...

[Nitry]

Ouvre Regedit , puis va à cette clé >

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

Fait une capture d'écran du panneau de droite .

Tu devrais avoir quelque chose comme ça :

"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,shutdown -l -f"
"LegalNoticeCaption"="H4CK3D BY W4REZZ"
"DefaultUserName"="Admin" 
"LegalNoticeText"="Happy day!"

Lance Autoruns > http://technet.microsoft.com/en-us/sysinte...s/bb963902.aspx

Regarde dans les différents onglets ...

Voila le SS

http://img18.imageshack us/my.php?image=sanstitrethp.jpg

J'ai supprimé les deux entourées, il y en a une autre ?

[2C.LiryC]

, pas chez imageshack les images.

(regardes dans ma signature ou dans le bandeau, il y a un sujet "-- Hébergeurs d'images --". )

[Nitry]

Soit !

La revoilà

http://www.hiboox.fr/go/images-100/regedit...08d49f.jpg.html

[snooky]

Il faut supprime les " données de la valeur " en double cliquant sur chaque clé , pas la clé .

Redémarre le pc .

Lance maintenant SDFix et poste le rapport créé :

http://www.site-naheulbeuk.com/sdfix.php

[Nitry]

Le message n'apparait plus :)

Voici le rapport SDFix

SDFix: Version 1.240

Run by Ugo on 09/04/2009 at 14:33

Microsoft Windows XP [version 5.1.2600]

Running From: C:\Documents and Settings\Ugo.SN048786320173\Bureau\SDFix

Checking Services :

Restoring Default Security Values

Restoring Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-09 14:38:02

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"h0"=dword:00000000

"ujdew"=hex:be,53,e9,68,72,dd,b6,51,62,a8,79,e2,f6,b7,4f,de,75,b3,2c,73,06,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"h0"=dword:00000000

"ujdew"=hex:be,53,e9,68,72,dd,b6,51,62,a8,79,e2,f6,b7,4f,de,75,b3,2c,73,06,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"h0"=dword:00000000

"ujdew"=hex:be,53,e9,68,72,dd,b6,51,62,a8,79,e2,f6,b7,4f,de,75,b3,2c,73,06,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"h0"=dword:00000000

"ujdew"=hex:be,53,e9,68,72,dd,b6,51,62,a8,79,e2,f6,b7,4f,de,75,b3,2c,73,06,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"h0"=dword:00000000

"ujdew"=hex:be,53,e9,68,72,dd,b6,51,62,a8,79,e2,f6,b7,4f,de,75,b3,2c,73,06,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"h0"=dword:00000000

"ujdew"=hex:be,53,e9,68,72,dd,b6,51,62,a8,79,e2,f6,b7,4f,de,75,b3,2c,73,06,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"h0"=dword:00000000

"ujdew"=hex:be,53,e9,68,72,dd,b6,51,62,a8,79,e2,f6,b7,4f,de,75,b3,2c,73,06,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:baa3fce4

"s2"=dword:c4281363

"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"h0"=dword:00000000

"ujdew"=hex:be,53,e9,68,72,dd,b6,51,62,a8,79,e2,f6,b7,4f,de,75,b3,2c,73,06,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"h0"=dword:00000000

"ujdew"=hex:be,53,e9,68,72,dd,b6,51,62,a8,79,e2,f6,b7,4f,de,75,b3,2c,73,06,..

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crazywi|nings.c]

"*"=dword:7c000004

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crazywi|nings.c\frame]

"*"=dword:00000004

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crazywi|nings.c\www]

"*"=dword:00000004

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:Microsoft Update"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Disabled:AOL"

"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe:*:Disabled:AOL"

"C:\\APPS\\Inventime\\my.exe"="C:\\APPS\\Inventime\\my.exe:*:Enabled:INVENTIME"

"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"

"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"C:\\Program Files\\eMule\\eMule.exe"="C:\\Program Files\\eMule\\eMule.exe:*:Enabled:eMule Plus"

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"

"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console"

"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"

"C:\\Program Files\\VentSrv\\ventrilo_srv.exe"="C:\\Program Files\\VentSrv\\ventrilo_srv.exe:*:Enabled:ventrilo_srv"

"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"

"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"

"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"

"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"

"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"="C:\\Program Files\\Freeplayer\\vlc\\vlc.exe:*:Enabled:VLC media player"

"C:\\APPS\\skype\\Phone\\Skype.exe"="C:\\APPS\\skype\\Phone\\Skype.exe:*:Enabled:Skype"

"C:\\Program Files\\Mozilla Firefox 3 Beta 2\\firefox.exe"="C:\\Program Files\\Mozilla Firefox 3 Beta 2\\firefox.exe:*:Enabled:Firefox"

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

"C:\\Program Files\\Codemasters\\GRID Demo\\GRID.exe"="C:\\Program Files\\Codemasters\\GRID Demo\\GRID.exe:*:Enabled:GRID Demo"

"C:\\Program Files\\Ufasoft\\SocksChain\\SocksChain.exe"="C:\\Program Files\\Ufasoft\\SocksChain\\SocksChain.exe:*:Enabled:SocksChain GUI"

"C:\\Program Files\\Curse\\CurseClient.exe"="C:\\Program Files\\Curse\\CurseClient.exe:*:Disabled:CurseClient"

"C:\\Documents and Settings\\Evelyne\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"="C:\\Documents and Settings\\Evelyne\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"D:\\Program Files\\Steam\\steamapps\\regoma\\counter-strike source\\hl2.exe"="D:\\Program Files\\Steam\\steamapps\\regoma\\counter-strike source\\hl2.exe:*:Enabled:hl2"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"

"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"

"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

Remaining Files :

Files with Hidden Attributes :

Wed 28 Sep 2005 215 A.SHR --- "C:\BOOT.BAK"

Sun 13 Apr 2008 1,037,824 A..HR --- "C:\WINDOWS\explorer.exe"

Thu 9 Oct 2008 7 A..HR --- "C:\WINDOWS\OLD285.tmp"

Sun 13 Apr 2008 153,088 A..HR --- "C:\WINDOWS\regedit.exe"

Mon 30 Mar 2009 10,981,376 A..H. --- "C:\Documents and Settings\Ugo.SN048786320173\ntuser.tmp"

Mon 7 Nov 2005 274,432 A..H. --- "C:\Program Files\eTarget20d\AOSMTP.dll"

Wed 14 Feb 2007 331,776 A..H. --- "C:\Program Files\eTarget20d\HtmlCapture.dll"

Tue 2 May 2006 237,623 A..H. --- "C:\Program Files\eTarget20d\wab4wd.dll"

Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"

Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\Tools.dll"

Mon 18 Aug 2008 1,832,272 A.SHR --- "C:\Program Files\TeaTimer (Spybot - Search & Destroy)\TeaTimer.exe"

Sat 17 Dec 2005 56 ..SHR --- "C:\WINDOWS\system32\CA0C5790D6.sys"

Wed 29 Mar 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\Copie de DRM\DRMv1.bak"

Sun 10 Dec 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Thu 2 Apr 2009 1,599,488 ..SH. --- "C:\Documents and Settings\Ugo.SN048786320173\Mes documents\Pxy0Hs_cfdg.exe"

Sat 17 May 2008 676 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti14.tmp"

Wed 6 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Tue 31 May 2005 106,496 A..H. --- "C:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll"

Finished!

[snooky]

Pour Xème fois , désinstalle et supprime Spybot - Search & Destroy !

Clic droit , enregistrer sous ... ton bureau , renomme en Domains.inf , puis clique droit > Installer.

Supprime ensuite ce fichier.

http://snooky730.free.fr/exploreboard/inde.../DelDomains.inf

Installe Hosts de Mvps.

[Nitry]

Pour Xème fois , désinstalle et supprime Spybot - Search & Destroy !

Clic droit , enregistrer sous ... ton bureau , renomme en Domains.inf , puis clique droit > Installer.

Supprime ensuite ce fichier.

http://snooky730.free.fr/exploreboard/inde.../DelDomains.inf

Installe Hosts de Mvps.

Spybot S&D est désinstallé. Il était seulement en copie sur mon Spinpoint.

Pour ce qui est de Domains.inf je n'ai pas l'option Installer dans le menu, aussi aberrant que cela puisse paraitre

EDIT: Voici ce qui apparait (c'est le même menu pour le fichier à côté)

http://www.hiboox.fr/go/images-100/ddd,9cc...8c18a4.jpg.html

[snooky]

S'ouvre avec > sélectionne Bloc-notes ( notepad.exe dans le dossier Windows )

Recherche *.inf sur ton disque , puis regarde si tu as le menu contextuel > Installer .

Dans Options Internet > Sécutite > sites sensibles et confiance > supprime les adresses , si présentes.

[Nitry]

Toujours pas l'option "Installer" :/

[snooky]

Des adresses là ? Options Internet > Sécutite > sites sensibles et confiance

[Nitry]

Des adresses là ? Options Internet > Sécutite > sites sensibles et confiance

Oh que oui, je suis encore en train de cliquer sur supprimer, on ne peut les sélectionner qu'une par une

D'ailleurs je n'en avais que dans la catégorie 'Sensible' --> pourquoi les supprimer ?

EDIT: y a t il un moyen de les virer rapidement ? La liste est titanesque, je n'aurais jamais fini un par un :x

[snooky]

C'est sans doute Spybot qui a installé cette liste.

Réinitialiser ...

[Nitry]

Réinitialiser ...

'suis pas con tout de même ;D

Ca ne réinitialise que les options de filtrage, pas les sites

[snooky]

Ouvre Domains.inf avec le bloc-notes , puis regarde les clés ...

Ouvre regedit et rends-toi à ces clés ...

[Nitry]

Ouvre Domains.inf avec le bloc-notes , puis regarde les clés ...

Ouvre regedit et rends-toi à ces clés ...

Ya toutes les clés correspondants aux sites bloqués, on dirait en tout cas.

Je les supprime, exact ?

Et les clés indiqués:

[DelTemps]

HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"

HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"

HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"

HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"

; Recreate the keys to avoid a restart

[AddTemps]

HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"

HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"

HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"

HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges"

Qu'est ce que j'en fais ? :/

[snooky]

Supprime les sous-clés .

[Nitry]

Supprime les sous-clés .

Et bien merci pour ton aide et ta patience :)

[Ericos]

Salut,

J’ai des Fenêtres publicitaires intempestives, spybot ne trouve aucune infection.

Si quelqu’un veut bien jeter un ½il ou deux

Logfile of HijackThis v1.99.1

Scan saved at 23:58:37, on 22/04/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\DigitalPersona\Bin\DPWinLct.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe

C:\Program Files\DigitalPersona\Bin\DpHost.exe

C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Fichiers communs\AOL\1162798322\ee\AOLSoftware.exe

C:\Program Files\DigitalPersona\Bin\DPAgnt.exe

C:\Program Files\Motherboard Monitor 5\MBM5.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe

C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe

C:\Program Files\QuickTime\QTTask.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\AOL 9.0\waol.exe

C:\Program Files\Multimedia Control Center\MCC.exe

C:\EVEREST\EVEREST Ultimate Edition\everest.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\Eric.BLACKDESIGNER.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\documents and settings\eric.blackdesigner.000\local settings\application data\qokgs.exe

C:\Program Files\ATITool\ATITool.exe

C:\Program Files\e-Carte Bleue LCL\ecbl-lcl.exe

c:\program files\fichiers communs\aol\1162798322\ee\services\antiSpywareApp\ver2_0_28_1\AOLSP Scheduler.exe

c:\program files\fichiers communs\aol\1162798322\ee\aolsoftware.exe

C:\Program Files\Logitech\SetPoint\KEM.exe

C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe

C:\Program Files\PC-TV\WinManager\WinManager.exe

C:\PVSW\Bin\w3dbsmgr.exe

C:\Program Files\AOL 9.0\shellmon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?sourceid=navcli...fr&ie=UTF-8

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [CapFax] -C:\Program Files\Classic PhoneTools\CapFax.EXE

O4 - HKLM\..\Run: [AOLSAV] -C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe

O4 - HKLM\..\Run: [AOLDialer] -C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [showIcon_The Company_USB Storage Device v1.14e035] -"C:\Program Files\USB Storage Device\shwicon.exe" -t"The Company\USB Storage Device v1.14e035"

O4 - HKLM\..\Run: [LVCOMSX] -C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1162798322\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [type32] -"C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe

O4 - HKLM\..\Run: [amd_dc_opt] -C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"

O4 - HKLM\..\Run: [Wingen] -C:\WINDOWS\SYSTEM32\DRIVERS\Wingen\LSASS.exe C:\WINDOWS\SYSTEM32\DRIVERS\Wingen\service.exe C:\WINDOWS\SYSTEM32\DRIVERS\Wingen\conf.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [uVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

O4 - HKLM\..\Run: [soundMan] -SOUNDMAN.EXE

O4 - HKLM\..\Run: [setIcon] -C:\Program Files\SMSC\Seticon.exe

O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /S

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [nTrayFw] -C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

O4 - HKLM\..\Run: [NeroFilterCheck] -C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

O4 - HKLM\..\Run: [LogitechVideoTray] -C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [LogitechVideoRepair] -C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKLM\..\Run: [iomega Drive Icons] -C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

O4 - HKLM\..\Run: [intelliPoint] -"C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [EEventManager] -C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe

O4 - HKLM\..\Run: [eCarteBleue-CLEO] -"C:\Program Files\e-Carte Bleue\CL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe" /dontopenmycards

O4 - HKLM\..\Run: [Deskup] -C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART

O4 - HKLM\..\Run: [DAEMON Tools] -"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Corel\Corel MediaOne\Corel PhotoDownloader.exe" -startup

O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe

O4 - HKLM\..\Run: [ADUserMon] -C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] -"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [Multimedia Control Center] C:\Program Files\Multimedia Control Center\MCC.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] -"C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MSMSGS] -"C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [steam] -"D:\JEUX\hl2\Steam.exe" -silent

O4 - HKCU\..\Run: [EVEREST AutoStart] C:\EVEREST\EVEREST Ultimate Edition\everest.exe

O4 - HKCU\..\Run: [NVIDIA nTune] -"C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

O4 - HKCU\..\Run: [igndlm.exe] D:\JEUX\hl2\Download Manager\DLM.exe /windowsstart /startifwork

O4 - HKCU\..\Run: [Neuf Giga Drive] "C:\Program Files\Neuf\Neuf Giga Drive\neufGiga.exe" /delayed

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ghopppx] c:\documents and settings\eric.blackdesigner.000\local settings\application data\ghopppx.exe ghopppx

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Eric.BLACKDESIGNER.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [qokgs] "c:\documents and settings\eric.blackdesigner.000\local settings\application data\qokgs.exe" qokgs

O4 - Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\Bin\w3dbsmgr.exe

O4 - Global Startup: AOL 9.0 Icône AOL (2).lnk = C:\Program Files\AOL 9.0\aoltray.exe

O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe

O4 - Global Startup: ATITool.lnk = C:\Program Files\ATITool\ATITool.exe

O4 - Global Startup: e-Carte Bleue LCL (2).lnk = C:\Program Files\e-Carte Bleue LCL\ecbl-lcl.exe

O4 - Global Startup: e-Carte Bleue LCL.lnk = C:\Program Files\e-Carte Bleue LCL\ecbl-lcl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: SATARAID5.lnk = ?

O4 - Global Startup: WinManager.lnk = C:\Program Files\PC-TV\WinManager\WinManager.exe

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/...ns.10.6.0.6.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab

O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab

O16 - DPF: {BE71A78B-77DB-451C-A761-59B37022D544} (AOL Newport Downloader Ctrl) - http://pictures.aol.com/ap/Resources/2.0.6...ns.10.6.0.4.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {EF58E341-49C3-4156-A3C4-5FFCA7C1EAB7} (EURAS_Portal.Gateway) - http://www.euras.com/euras/EIS/plugin/euras.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{15DCC0C7-B8DF-4215-8E1F-8AFE2842601E}: NameServer = 205.188.146.145

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll

O20 - Winlogon Notify: LBTWlgn - c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - -C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Unknown owner - -C:\Program Files\Canon\CAL\CALMAIN.exe (file missing)

O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe

O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - -C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe (file missing)

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - -"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - -"C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)

O23 - Service: Iomega App Services - Unknown owner - -"C:\PROGRA~1\Iomega\System32\AppServices.exe (file missing)

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: Jana Server 2 (Janad) - Unknown owner - -C:\Program Files\Jana2\janad.exe (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - -"C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe (file missing)

O23 - Service: NBService - Unknown owner - -C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)

O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - -C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (file missing)

O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - -C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (file missing)

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - -"C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Unknown owner - -"C:\Program Files\Iomega\AutoDisk\ADService.exe (file missing)

[snooky]

Spybot , Ad-aware et Avast sont à désinstaller .

Coche et fixe toutes les lignes 04 et redémarre le pc .

Lance Clean v2.0 by FRUiT , procédure 1 et redémarre le pc .

Lance ComboFix et poste le rapport créé > http://download.bleepingcomputer.com/sUBs/ComboFix.exe

[Ericos]

Wouaa, grand ménage de printemps

Bon j'ai viré Spybot , Avast et superantispywar que j'avais installé entre temps (pas si super que ça puisqu'il n'a rien trouvé non plus) mais Ad-aware j'ai pas.

J'ai fixé les 04 et lancé clean v2.0 comme tu as dit snooky

Voici le rapport de combofix :

ComboFix 09-04-23.A3 - Ericos 24/04/2009 0:40.1 - NTFSx86

Microsoft Windows XP Professionnel [GMT 2:00]

Lancé depuis: m:\telechargement\ComboFix.exe

FW: NVIDIA Firewall *enabled*

* Un nouveau point de restauration a été créé

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Eric.BLACKDESIGNER.000\Application Data\Microsoft\SystemCertificates\Request

c:\documents and settings\Eric.BLACKDESIGNER.000\Local Settings\Application Data\qokgs.dat

c:\documents and settings\Eric.BLACKDESIGNER.000\Local Settings\Application Data\qokgs.exe

c:\documents and settings\Eric.BLACKDESIGNER.000\Local Settings\Application Data\qokgs_nav.dat

c:\documents and settings\Eric.BLACKDESIGNER.000\Local Settings\Application Data\qokgs_navps.dat

c:\program files\Internet Explorer\fxavx.ini

C:\WA6P

c:\windows\patch.exe

c:\windows\system\msvbvm60.dll

c:\windows\system32\Cache

c:\windows\system32\skinboxer43.dll

c:\windows\system32\wmvdmoe.dll

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-05-23 au 2009-4-23 ))))))))))))))))))))))))))))))))))))

.

2009-04-23 22:40 . 2009-04-23 22:40 3282 ----a-w c:\windows\system32\PerfStringBackup.TMP

2009-04-23 22:26 . 2008-12-02 10:35 254604 ----a-w C:\clean.cmd

2009-04-23 22:14 . 2009-04-23 22:27 58 ----a-w C:\SCRIPT.CLN

2009-04-23 07:12 . 2009-04-23 07:12 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com

2009-04-23 07:11 . 2009-04-23 21:39 -------- d-----w c:\documents and settings\Eric.BLACKDESIGNER.000\Application Data\SUPERAntiSpyware.com

2009-04-23 07:11 . 2009-04-23 21:39 -------- d-----w c:\program files\SUPERAntiSpyware

2009-04-15 23:11 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe

2009-04-15 23:11 . 2009-03-06 14:20 286720 -c----w c:\windows\system32\dllcache\pdh.dll

2009-04-15 23:11 . 2009-02-09 11:23 111104 -c----w c:\windows\system32\dllcache\services.exe

2009-04-15 23:11 . 2009-02-09 10:53 735744 -c----w c:\windows\system32\dllcache\lsasrv.dll

2009-04-15 23:11 . 2009-02-09 10:53 739840 -c----w c:\windows\system32\dllcache\ntdll.dll

2009-04-15 23:11 . 2009-02-09 10:53 685568 -c----w c:\windows\system32\dllcache\advapi32.dll

2009-04-15 23:11 . 2009-02-09 10:53 473600 -c----w c:\windows\system32\dllcache\fastprox.dll

2009-04-15 23:11 . 2009-02-09 10:53 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll

2009-04-15 23:11 . 2009-02-09 10:53 401408 -c----w c:\windows\system32\dllcache\rpcss.dll

2009-04-15 23:09 . 2008-12-16 12:31 354304 -c----w c:\windows\system32\dllcache\winhttp.dll

2009-04-15 23:08 . 2009-03-27 06:54 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb

2009-04-15 23:08 . 2008-04-21 21:15 219136 -c----w c:\windows\system32\dllcache\wordpad.exe

2009-04-10 22:12 . 2009-04-23 21:16 -------- d-----w c:\documents and settings\Eric.BLACKDESIGNER.000\Application Data\live-player

2009-03-25 23:07 . 2009-03-25 23:07 -------- d-----w c:\program files\HD Tune

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-23 22:34 . 2009-04-23 22:27 640303 ----a-w C:\Clean.log

2009-04-23 22:31 . 2008-12-02 01:32 -------- d-----w c:\program files\PuTTY

2009-04-23 22:31 . 2008-01-08 00:38 -------- d-----w c:\program files\Mozilla Thunderbird

2009-04-23 22:31 . 2006-10-30 00:41 -------- d-----w c:\program files\Classic PhoneTools

2009-04-23 22:31 . 2007-03-24 13:35 -------- d-----w c:\program files\Windows Live Toolbar

2009-04-23 22:31 . 2007-02-13 14:54 -------- d-----w c:\program files\RouesHydro

2009-04-23 22:31 . 2007-02-09 09:28 -------- d-----w c:\program files\SlimBrowser

2009-04-23 22:31 . 2007-01-22 08:34 -------- d-----w c:\program files\myphotobook

2009-04-23 22:31 . 2006-10-30 02:23 -------- d-----w c:\program files\USB Storage Device

2009-04-23 22:31 . 2006-10-30 00:43 -------- d-----w c:\program files\AOL 9.0

2009-04-23 22:17 . 2008-03-17 10:35 -------- d-----w c:\program files\Hijackthis Version Française

2009-04-23 21:49 . 2006-10-30 00:43 -------- d-----w c:\program files\Fichiers communs\aolshare

2009-04-23 21:49 . 2006-10-30 00:43 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\AOL

2009-04-23 21:39 . 2006-10-30 02:23 -------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard

2009-04-23 21:34 . 2008-03-18 22:42 -------- d-----w c:\program files\Spybot - Search & Destroy

2009-04-23 21:34 . 2008-03-18 22:42 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy

2009-04-23 20:55 . 2008-04-15 14:07 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater

2009-04-17 08:18 . 2008-11-05 16:05 -------- d-----w c:\program files\Yahoo!

2009-04-13 23:48 . 2006-10-30 00:42 -------- d-----w c:\program files\Fichiers communs\AOL

2009-04-13 09:11 . 2006-10-30 00:28 -------- d-----w c:\program files\Java

2009-03-16 21:10 . 2006-10-30 00:28 -------- d--h--w c:\program files\InstallShield Installation Information

2009-03-14 09:22 . 2006-12-01 12:06 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\NVIDIA

2009-03-09 03:19 . 2008-12-04 12:56 410984 ----a-w c:\windows\system32\deploytk.dll

2009-03-09 00:11 . 2009-03-09 00:11 47172 ---ha-w c:\windows\system32\mlfcache.dat

2009-03-09 00:03 . 2007-07-30 17:35 -------- d-----w c:\documents and settings\Eric.BLACKDESIGNER.000\Application Data\Apple Computer

2009-03-09 00:03 . 2009-03-09 00:03 -------- d-----w c:\program files\Safari

2009-03-09 00:03 . 2009-03-09 00:02 -------- d-----w c:\program files\QuickTime

2009-03-09 00:02 . 2009-03-09 00:02 -------- d-----w c:\program files\Fichiers communs\Apple

2009-03-09 00:02 . 2007-07-16 22:30 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer

2009-03-06 14:20 . 2004-08-04 00:54 286720 ----a-w c:\windows\system32\pdh.dll

2009-03-03 00:13 . 2004-08-04 00:54 826368 ----a-w c:\windows\system32\wininet.dll

2009-02-26 11:50 . 2008-12-29 10:27 -------- d-----w c:\program files\Microsoft Silverlight

2009-02-20 17:10 . 2004-08-04 00:54 78336 ----a-w c:\windows\system32\ieencode.dll

2009-02-16 22:17 . 2007-12-05 18:28 453152 ----a-w c:\windows\system32\NVUNINST.EXE

2009-02-09 14:05 . 2004-08-04 00:45 1846912 ----a-w c:\windows\system32\win32k.sys

2009-02-09 11:23 . 2004-08-04 00:48 2025984 ----a-w c:\windows\system32\ntkrnlpa.exe

2009-02-09 11:23 . 2004-08-04 00:49 2147328 ----a-w c:\windows\system32\ntoskrnl.exe

2009-02-09 11:23 . 2004-08-04 00:55 111104 ----a-w c:\windows\system32\services.exe

2009-02-09 10:53 . 2004-08-04 00:54 735744 ----a-w c:\windows\system32\lsasrv.dll

2009-02-09 10:53 . 2004-08-04 00:54 401408 ----a-w c:\windows\system32\rpcss.dll

2009-02-09 10:53 . 2004-08-04 00:54 685568 ----a-w c:\windows\system32\advapi32.dll

2009-02-09 10:53 . 2004-08-04 00:54 739840 ----a-w c:\windows\system32\ntdll.dll

2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll

2009-02-06 10:39 . 2001-08-24 14:00 35328 ----a-w c:\windows\system32\sc.exe

2009-02-03 19:58 . 2004-08-04 00:54 56832 ----a-w c:\windows\system32\secur32.dll

2009-01-12 12:50 . 2007-03-06 15:42 64824 ----a-w c:\documents and settings\Eric.BLACKDESIGNER.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2006-11-30 20:54 . 2006-11-17 12:50 278528 ----a-w c:\program files\Fichiers communs\FDEUnInstaller.exe

2005-09-10 00:00 . 2006-11-12 20:35 1455358 ----a-w c:\program files\pompe arreté.wav

2004-04-10 08:47 . 2006-12-02 11:01 24576 ----a-w c:\documents and settings\dll\mbmio.dll

2002-09-25 11:45 . 2006-12-02 11:01 47616 ----a-w c:\documents and settings\dll\MBM5ASPI.dll

2006-05-03 09:06 . 2008-12-29 12:46 163328 --sh--r c:\windows\system32\flvDX.dll

2007-02-21 10:47 . 2008-12-29 12:46 31232 --sh--r c:\windows\system32\msfDX.dll

2008-03-16 12:30 . 2008-12-29 12:46 216064 --sh--r c:\windows\system32\nbDX.dll

2008-09-08 09:08 . 2008-09-08 09:08 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008090820080909\index.dat

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DPWLN ]

2004-09-08 14:45 102400 ----a-w c:\windows\system32\DPWLEvHd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 00:42 72208 ----a-w c:\program files\fichiers communs\logitech\bluetooth\LBTWLgn.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32

"wave7"= serwvdrv.dll

"wave8"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Unreal Tournament 3 Demo\\Binaries\\UT3Demo.exe"=

"m:\\eMule\\emule.exe"=

"c:\\PVSW\\Bin\\w3dbsmgr.exe"=

"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=

"c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=

"c:\\Program Files\\Visicom Media\\FTP Expert 3\\FTPxpert3.exe"=

"c:\\Program Files\\AOL 9.0\\waol.exe"=

"m:\\Prog\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=

"d:\\JEUX\\hl2\\SteamApps\\common\\crysis warhead\\Bin32\\Crysis.exe"=

"d:\\JEUX\\hl2\\SteamApps\\common\\attack on pearl harbor demo\\Setup.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"127:UDP"= 127:UDP:emule

R0 NVStrap;NVStrap; [x]

R2 Janad;Jana Server 2; [x]

R3 alcan5ln;SpeedTouch USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\DRIVERS\alcan5ln.sys [2003-12-08 36256]

R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\everest\EVEREST Ultimate Edition\kerneld.wnt [2006-10-18 20760]

R3 SNXSTOR_CFSD;SONIX USB READER CFSD;c:\windows\system32\DRIVERS\SNX_USB2k.sys [2001-12-19 19456]

R3 SNXSTOR_SD;SONIX USB READER SD;c:\windows\system32\DRIVERS\SNX_USB2kSD.SYS [2001-12-19 19456]

R3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\DRIVERS\sonyhcs.sys [2001-11-05 299923]

R3 USBSNXSTOR;USB Mass Storage driver ; [x]

S0 ppa;Pilote de filtre de port parallèle Iomega;c:\windows\system32\DRIVERS\ppa.sys [2001-08-17 17792]

S0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\DRIVERS\sonyhcb.sys [2001-11-05 6097]

S3 dpK0Bx01;Pilote supérieur de lecteur d'empreintes digitales;c:\windows\system32\DRIVERS\dpK0Bx01.sys [2004-08-04 32640]

S3 PhilCam8116_XP;Logitech QuickCam Pro 3000(PID_08B1);c:\windows\system32\DRIVERS\CamDrL20.sys [2004-05-21 245760]

S3 UDTT2BDA;Twinhan USB2 DVB-T receiver;c:\windows\system32\Drivers\UDTT2BDA.sys [2004-07-22 36736]

S3 UDTT2HID;UDTT2HID - USB 2.0 HID Driver;c:\windows\system32\drivers\UDTT2HID.sys [2006-06-28 16128]

S3 UsbdpFP;Pilote de classe Lecteur d'empreintes digitales;c:\windows\system32\DRIVERS\UsbdpFP.sys [2004-08-04 34560]

.

Contenu du dossier 'Tâches planifiées'

2009-04-23 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-15 23:53]

2009-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1004336348-725345543-1003.job

- c:\documents and settings\Eric.BLACKDESIGNER.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-05 22:13]

2009-04-23 c:\windows\Tasks\User_Feed_Synchronization-{9E417311-126D-4650-B99B-7B0C89ABE6D1}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 10:58]

.

- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Explorer_Run-NT Security Service - NTSecurity.exe

Notify-WgaLogon - (no file)

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8

mStart Page = hxxp://fr.yahoo.com

uInternet Settings,ProxyOverride = localhost

uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

LSP: %SYSTEMROOT%\system32\nvappfilter.dll

Trusted Zone: ubuntu.com\help

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab

DPF: {BE71A78B-77DB-451C-A761-59B37022D544} - hxxp://pictures.aol.com/ap/Resources/2.0.6.7/cab/aolpPlugins.10.6.0.4.cab

FF - ProfilePath - c:\documents and settings\Eric.BLACKDESIGNER.000\Application Data\Mozilla\Firefox\Profiles\651atb9n.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/firefox?client=firefox-a&rls=org.mozilla:fr:official

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=

FF - plugin: c:\documents and settings\Eric.BLACKDESIGNER.000\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPEU32.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - plugin: d:\jeux\hl2\Download Manager\npfpdlm.dll

---- PARAMETRES FIREFOX ----

FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-24 00:43

Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès

Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]

"ImagePath"="\??\c:\everest\EVEREST Ultimate Edition\kerneld.wnt"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ForcewareWebInterface]

"ImagePath"="-\"c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe\" -k runservice"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDriverT]

"ImagePath"="-\"c:\program files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]

"ImagePath"="\"\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega App Services]

"ImagePath"="-\"c:\progra~1\Iomega\System32\AppServices.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Macromedia Licensing Service]

"ImagePath"="-\"c:\program files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WMPNetworkSvc]

"ImagePath"="-\"c:\program files\Windows Media Player\WMPNetwk.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\_IOMEGA_ACTIVE_DISK_SERVICE_]

"ImagePath"="-\"c:\program files\Iomega\AutoDisk\ADService.exe\""

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,dd,d0,b9,a9,fc,

d5,7d,19,e2,63,26,f1,3f,c8,ff,68,41,78,54,6b,cb,25,73,5e,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,e7,f1,54,2f,da,

23,ba,11,6a,9c,d6,61,af,45,84,18,38,bb,d5,45,c2,68,70,5c,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,ef,b9,94,fc,46,

b3,d9,6a,ff,7c,85,e0,43,d4,0e,fe,e7,38,ef,42,95,63,97,c3,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,d9,e8,c4,15,92,

de,de,35,86,8c,21,01,be,91,eb,e7,ba,33,a5,03,1a,41,48,16,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,30,c7,2c,f9,7e,

c1,03,69,f5,1d,4d,73,a8,13,5c,05,1d,83,69,e8,ac,fb,66,38,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,1e,7f,a5,c7,c6,

e4,5f,d4,df,20,58,62,78,6b,cf,c8,4e,9e,52,48,ec,c0,a7,1c,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,42,8a,0f,57,4a,

e9,5f,50,fb,a7,78,e6,12,2f,9a,ea,e2,c6,0d,83,3a,45,f8,77,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,6e,4b,4c,1a,80,

73,14,6d,01,3a,48,fc,e8,04,4a,f1,82,29,83,2f,7d,40,7b,d2,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,eb,60,65,64,1e,

1b,a7,8a,f6,0f,4e,58,98,5b,89,c9,25,df,65,00,2e,63,32,b1,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,e0,f3,58,ce,f9,

6d,c2,99,3d,ce,ea,26,2d,45,aa,78,37,32,9f,41,5c,1f,78,77,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,d9,30,3d,17,d7,

fd,6c,d5,2a,b7,cc,b5,b9,7f,41,e7,8b,2c,6d,d9,31,77,a6,50,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,ee,c8,98,43,c1,

32,f9,c4,6c,43,2d,1e,aa,22,2f,9c,92,e1,1e,0f,d6,06,73,36,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(920)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\DPWLEvHd.dll

c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll

c:\program files\fichiers communs\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(976)

c:\windows\DPPWDFLT.dll

c:\windows\system32\nvappfilter.dll

- - - - - - - > 'explorer.exe'(2808)

c:\windows\system32\eappprxy.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll

c:\program files\WinSCP\DragExt.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\DigitalPersona\Bin\DPWinLct.exe

c:\program files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe

c:\program files\DigitalPersona\Bin\DpHost.exe

c:\program files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\NVIDIA Corporation\nTune\nTuneService.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\PSIService.exe

c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

c:\program files\DigitalPersona\Bin\DPFUSMgr.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Heure de fin: 2009-04-23 0:47 - La machine a redémarré

ComboFix-quarantined-files.txt 2009-04-23 22:47

Avant-CF: 9 820 790 784 octets libres

Après-CF: 9 701 646 336 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

;

;Warning: Boot.ini is used on Windows XP and earlier operating systems.

;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.

;

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel OverClocker" /NOEXECUTE=OPTIN /FASTDETECT /USEPMTIMER

329 --- E O F --- 2009-04-16 01:31

[snooky]

Pour supprimer ComboFix , tape ceci dans Exécuter :

combofix /u

Lance ensuite MBAM et poste le rapport créé ( analyse complète )

[Ericos]

Voilà :

Malwarebytes' Anti-Malware 1.36

Version de la base de données: 1945

Windows 5.1.2600 Service Pack 3

24/04/2009 10:45:34

mbam-log-2009-04-24 (10-45-34).txt

Type de recherche: Examen complet (C:\|D:\|E:\|M:\|)

Eléments examinés: 591741

Temps écoulé: 1 hour(s), 12 minute(s), 11 second(s)

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 1

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 1

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\URLSearchHook.SoftomateURLSearchHook (Adware.SoftMate) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

Fichier(s) infecté(s):

C:\clean.cmd (Trojan.Agent) -> Quarantined and deleted successfully.